This is taking time on every podman call, and provide limited
protection. Versioning should be handled in the packaging system
and this is an unlikely to happen.
Every exec done by container tools hurts us as we try to get container
startup team to absolute minimal amounts.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Podman and Buildah do not use this field, and I
know of no users of it, remove it from docs and
the default conf file, so users will not expect
it to do anything.
Leaving implementation in the slight chance someone
has used it in a non containers project.
Fixes: https://github.com/containers/podman/issues/16562
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Containers.conf now supports `platform_to_oci_runtime` which allows end
users to map variant of OCI runtime for a particular platform.
Most ideal use-case of this feature is switching to crun's variant when
platform string is `wasm32/wasi`.
Example
```toml
[engine.platform_to_oci_runtime]
"wasi/wasm" = "crun-wasm"
"wasm/wasm32" = "crun-wasm"
"wasm/wasm64" = "crun-wasm"
```
Signed-off-by: Aditya R <arajan@redhat.com>
Another experimental OCI runtime for FreeBSD, similar to runj but with
a focus on podman/buildah compatiblity.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Used `go fmt` rules to migrate away from deprecated functions, for
instance `gofmt -w -s -r 'ioutil.TempDir(a, b) -> os.MkdirTemp(a, b)'`
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
this ensures that podman machine will still work (until we want to make this mandatory). I made the call back function more verbose so we know what is happening from now on.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
This should make it easier to locate helper binaries relative to where the main
binary was installed, which should be useful in installations such as Homebrew
which install packages under a versioned directory.
Use a `$BINDIR` magic token as a prefix in the helper path to indicate it should
be relative to the directory where the binary is located. This is somewhat familiar
to the syntax used in the shell and Makefile and is still quite explicit about the
behavior (as opposed to, say, making all relative paths be relative to the directory
of the binary.)
Tested: After updating the Darwin config to include a `$BINDIR/../libexec/podman`
directory, updated vendored package in podman, built it with `podman-remote`,
copied `gvproxy` to a `libexec/podman` at the same level as `bin/podman` and
confirmed that `podman machine start` worked as expected. Also confirmed that
having the `podman` in search path be a symlink to a binary elsewhere works as
expected, the searched `../libexec/podman` directory is relative to the actual
binary and not the symlink (which matches the Homebrew use case.)
Signed-off-by: Filipe Brandenburger <filbranden@gmail.com>
Allow distributions to specify the location of the podman image VM
images in the form of URIs with $ARCH and $OS specified. This would
allow a distribution to pull the image based on the current OS and Arch.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Adds the conmon-rs paths so Podman can find the right conmon-rs binary
when making a new runtime.
I also slightly modified the `FindConmon` function so that the code
could be shared with the `FindConmonRs` function that I added.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
initial implementation of the ssh package including:
- nativeConnectionCreate() / golangConnectionCreate()
- n/a / golangConnectionDial()
- nativeConnectionScp() / golangConnectionScp()
- nativeConnectionExec() / golangConnectionExeC()
the way this works, is there are publicly accessible functions Create, Exec, Dial and Scp. podman will have a new global flag --ssh` that will allow users to choose native or golang based ssh functions. The functionality in containers/common (here) also checks if you have the necessary binaries installed
closes#1091
Signed-off-by: Charlie Doern <cdoern@redhat.com>
`github.com/pkg/errors` is deprecated since quite some time so we now
use the native error wrapping for more idiomatic golang.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
This commit allows using aardvark with an alternate port as per
implementation in containers/netavark#323
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
gofumpt is more opinionated version of gofmt. One can use it from their
$EDITOR, or IDE, or gopls to better format the source code.
Previously, commit b951b72412 already formatted all the code with
gofumpt, but since then a couple of things crept in.
Fix these (with gofumpt v0.3.1) and enable the gofumpt linter.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
unparam and exportloopref already work without changes.
For revive I had to silence many naming issues. I decided to silence them
instead of changing the name because I didn't want to break any code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new `pod_exit_policy` field to the containers.conf's engine table.
A pod's exit policy determines the behaviour when the last container of
a pod exits.
Required-in: containers/podman/pull/13859
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
machine.IsPodmanMachine replaces MachineEnabled
machine.MachineHostType informs the type unknown, qemu, wsl, etc
machine.IsGvProxyBased used to make specific determinations re gvproxy
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Set the ip for the host.containers.internal entry in the containers /etc/hosts
file. This can be set to "none" to disable adding this entry. By default it
will automatically choose the host ip.
Also add a function to get the correct host.containers.internal ip. This
should be used by podman and buildah and then passed to the New()
function.
Ref https://github.com/containers/podman/issues/13224
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
base_hosts_file can be used to overwrite the default base host file
/etc/hosts which is used to copy hosts entries from this file into the
containers /etc/hosts file. As special value "image" can be used to copy
the entries from the image hosts file or "none" to not use a base file
at all. IF the value is empty we should use /etc/hosts as default.
Ref https://github.com/containers/podman/issues/13277
Ref https://github.com/containers/podman/issues/13748
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Changing the value for events_logfile_max_size from 0 to 1048576. This allows
up to 10,000 events to be written to the events log file before rotation occurs.
Also adding new values to default.go
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
This will allow users to specify which volumes they want podman machine
to automatically mount into the machine. These volumes can later be used
to volume mount into containers.
Environment variables like $HOME can be used and are translated at the
time of machine start.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
gofumpt is a stricter version of gofmt, basically making the code more
readable, and fixing the gocritic's octalLiterar warnings like this one:
pkg/util/util_supported.go:26:17: octalLiteral: use new octal literal style, 0o722 (gocritic)
return (perm & 0722) == 0700
^
Generated by gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Number types must use omitzero otherwise they are included in the toml
file when it is written and the value is 0, see commit 6c61942524.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new option to the `[engine]` table in containers.conf
for specifying the maximum size of `events_logfile_path`.
Once exceeded, Podman will rotate the logfile and delete
the old one.
Also add tests to make sure we're not regressing in the future.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Add a new field to set the default subnet pools. They can be used to
change the subnet which is automatically allocated by podman network
create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This field was only needed for machine to force cni, however you can set
netns="bridge" in the config to have the same effect. This is already
done in the machine setup.
The field was more of a hack and just creates confusion for users so we
remove it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Since the network namespace is shared for all rootful libpod instances
we also need to make sure to use the same network config dir and run dir
to ensure that we do not use the same subnet or ip for more than one
container.
Also update the documentation about the network_config_dir field.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add an option to containers.conf as a knob to enforce short-name
resolution to Docker Hub in Podman's compatibility REST API.
By popular request, turn it on by default.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The Engine.Env needs to be set very early in the setup process
to make sure no one attempts to use the environment.
Fixes: https://github.com/containers/podman/issues/12296
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When searching for helpers, check $CONTAINERS_HELPER_BINARY_DIR.
If it points at an existing directory, prepend it to the
search path for binaries.
Intention is to use this for developer testing: a way to run make
(e.g. in podman) then use the locally-built rootlessport and pause
images
Signed-off-by: Ed Santiago <santiago@redhat.com>
This field determines whether CNI or netavark will be used to
create container networks. Default presently set to "cni".
Signed-off-by: Matthew Heon <mheon@redhat.com>
Daniel J Walsh
Aditya R
Doug Rabson
Valentin Rothberg
Charlie Doern
OpenShift Merge Robot
Filipe Brandenburger
Matthew Heon
Jake Correnti
openshift-ci[bot]
Sascha Grunert
Dominique Martinet
Kir Kolyshkin
Paul Holzinger
Jason T. Greene
Niall Crowe
Rover van der Noort
Ondra Machacek
Giuseppe Scrivano
Valentin Rothberg
Ed Santiago
Matthew Heon
Jacob Emmert-Aronson