Add a new `pod_exit_policy` field to the containers.conf's engine table.
A pod's exit policy determines the behaviour when the last container of
a pod exits.
Required-in: containers/podman/pull/13859
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
base_hosts_file can be used to overwrite the default base host file
/etc/hosts which is used to copy hosts entries from this file into the
containers /etc/hosts file. As special value "image" can be used to copy
the entries from the image hosts file or "none" to not use a base file
at all. IF the value is empty we should use /etc/hosts as default.
Ref https://github.com/containers/podman/issues/13277
Ref https://github.com/containers/podman/issues/13748
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Slirp4netns options were changed to always default to ipv6 so it does
not need the extra setting. Update the documentation to reflect this.
see https://github.com/containers/podman/pull/13929
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Changing the value for events_logfile_max_size from 0 to 1048576. This allows
up to 10,000 events to be written to the events log file before rotation occurs.
Also adding new values to default.go
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
This will allow users to specify which volumes they want podman machine
to automatically mount into the machine. These volumes can later be used
to volume mount into containers.
Environment variables like $HOME can be used and are translated at the
time of machine start.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
gofumpt is a stricter version of gofmt, basically making the code more
readable, and fixing the gocritic's octalLiterar warnings like this one:
pkg/util/util_supported.go:26:17: octalLiteral: use new octal literal style, 0o722 (gocritic)
return (perm & 0722) == 0700
^
Generated by gofumpt -w .
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Docker defined --ipc=private to mean that the container's IPC Namespace
can NOT be shared with another container. While --ipc=shareable can,
which is our current default. Docker also defines "none" which means
the container runs in a IPC namespace but does NOT mount a /dev/shm.
"Host" means the container runs in the host namespace, and
container:UUID means run new container in other containers namespace.
ns:PATH means run in the namepsace designated in PATH.2
This Patch, fixes containers/common to reflect the correct default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We cannot use /var/tmp on windows, instead use the temp var which is
defined on windows, of fall back to appdata.
Fixescontainers/podman#13434
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Different packaging for different distributions have their own prefix for where helper binaries should live. additionalHelperBinariesDir is a variable that can be set during link-time so that a packager can change the location without having to carry patches for their default location.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
This patch adds unit tests for the function `probeConmon` as well as
fixes a bug where a `nil` error got wrapped always to `nil`.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Add a new field to set the default subnet pools. They can be used to
change the subnet which is automatically allocated by podman network
create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This field was only needed for machine to force cni, however you can set
netns="bridge" in the config to have the same effect. This is already
done in the machine setup.
The field was more of a hack and just creates confusion for users so we
remove it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Since the network namespace is shared for all rootful libpod instances
we also need to make sure to use the same network config dir and run dir
to ensure that we do not use the same subnet or ip for more than one
container.
Also update the documentation about the network_config_dir field.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the network backend is unset in the config we have to to figure out
if we need CNI or netavark. New installs should use netavark while
existing installs should continue to use CNI to prevent breaking
systems.
We use the following conditions to determine what backend to use:
1. read ${graphroot}/defaultNetworkBackend
2. find netavark binary (if not installed use CNI)
3. check containers, images and CNI networks and if there are some
we have an existing install and should continue to use CNI
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add an option to containers.conf as a knob to enforce short-name
resolution to Docker Hub in Podman's compatibility REST API.
By popular request, turn it on by default.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This field determines whether CNI or netavark will be used to
create container networks. Default presently set to "cni".
Signed-off-by: Matthew Heon <mheon@redhat.com>
Add machine teable to configure podman machine options. Move machine_image to the machine table, and add cups, disk size, and memory to the machine table.
Signed-off-by: Ashley Cui <acui@redhat.com>
If you use this field in rootless mode, it will blow up,
since rootless mode can not use the host user namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow users to set the default location for the temporary files used
during image pulls and pushes.
Defaults to /var/tmp;
Overridden via "TMPDIR" environment variable.
Allow special flag "storage" to indicate the the storage should use
the tmp directory in containers/storage/tmp.
Needed to fix: https://github.com/containers/podman/issues/11107
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This field contains a list of directories which should be used to store
some helper binaries, e.g. gvproxy.
Also add a FindHelperBinary method to the config struct to get the full
path to a helper binary.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The default path should be empty in order for podman to distinguish
between a path the was explicitly or to use the default (in memory)
profile.
Fixes: containers/podman#10556
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The default netns must be empty. Podman should decide what the default
option is. While podman also defaults to slirp4netns as rootless and
bridge as root, there are also other defaults for `podman run --pod ...`
and `podman pod create --infra=false` where it defaults to the pods
netns. This config field was always ignored by podman and trying to
make it work requires this patch since the default values are incorrect
for podman.
Buildah does not seem to use it either.
Also move the rootless_networking field in the default config file to
the correct containers stanza.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Currently we have users failing to run containers within containers
or on systems without systemd support. This change will give us
better defaults on these systems.
Fixes: https://github.com/containers/common/issues/580
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We were hardcoding Slirp4netns as the only valid option for
rootless when "private" networking was selected. We shouldn't be
doing that - the default networking selection in Podman itself is
smart enough to figure out what to do, c/common should not decide
for us.
Signed-off-by: Matthew Heon <mheon@redhat.com>
This reverts commit 352073be9e as it's
causing a regression as it overwrites any custom OCI runtime with either
rucc, crun or kata. See the Podman CI failure below:
```
[+0383s] not ok 95 podman build - set runtime
[+0383s] # (from function `die' in file test/system/helpers.bash, line 412,
[+0383s] # from function `run_podman' in file test/system/helpers.bash, line 220,
[+0383s] # in test file test/system/070-build.bats, line 70)
```
I currently do not have the time for a proper fix but the next commit
attempting to address the warnings must include tests.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Doug Rabson
Valentin Rothberg
OpenShift Merge Robot
Paul Holzinger
Niall Crowe
Daniel J Walsh
Kir Kolyshkin
Ashley Cui
Rover van der Noort
Sascha Grunert
Jason T. Greene
Valentin Rothberg
Matthew Heon
Frederic Crozat
unknowndevQwQ
openshift-ci[bot]
Matej Vasek
Tino Rusch
Paul Holzinger
Brent Baude