This is the same as what --squash-all is doing, and we already support
--squash with --layers=true since this is the default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
add information about pasta and how its behaviour changes the way a user needs to think about inter-container connections, as without configuration they aren't able to reach each other (assuming single interface)
Signed-off-by: marinmo <bugzilla@marinmo.org>
Update rootless.md
Co-authored-by: Paul Holzinger <45212748+Luap99@users.noreply.github.com>
Signed-off-by: marinmo <bugzilla@marinmo.org>
Update rootless.md
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: marinmo <bugzilla@marinmo.org>
Update rootless.md
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: marinmo <bugzilla@marinmo.org>
If a container was stopped and we try to start it before we called
cleanup it tried to reuse the network which caused a panic as the pasta
code cannot deal with that. It is also never correct as the netns must
be created by the runtime in case of custom user namespaces used. As
such the proper thing is to clean the netns up first.
Also change a e2e test to report better errors. It is not directly
related to this chnage but it failed on v1 of this patch so we noticed
the ugly error message it produced. Thanks to Ed for the fix.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When running with "log-level=debug" and libkrun as machine provider,
spawn a Terminal to execute "krunkit" to enable users to have full
access to the VMs console for debugging purposes.
Users obtain an interactive, text console with scrollback. It's possible
to interact with both the kernel and GRUB2. To obtain even additional
debugging information, users can add "console=hvc0" to the linux kernel
command line through GRUB2 (it may be worth considering extending the
initial configuration of the VM to add that argument by default).
Signed-off-by: Sergio Lopez <slp@redhat.com>
Add the following targets in winmake.ps1:
- `installer`: builds the Windows installer
- `docs`: builds the documentation HTML pages
- `validatepr`: runs the Linux Makefile `.valiatepr`
target using podman.
- `lint`: faster validation that runs linter locally
Update of `build_windows.md`:
- removed every reference to the MSYS2 platform
- added instructions to build the installer and linters
Fix https://github.com/containers/podman/issues/21821 and https://github.com/containers/podman/issues/21911
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
This avoids dereferencing c.config.Spec.Linux if it is nil, which is the
case on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This fixes a regression added in commit 4fd84190b8, because the name was
overwritten by the createTimer() timer call the removeTransientFiles()
call removed the new timer and not the startup healthcheck. And then
when the container was stopped we leaked it as the wrong unit name was
in the state.
A new test has been added to ensure the logic works and we never leak
the system timers.
Fixes#22884
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is a bit weird and I admit I don't understand exactly how the init
value is used but this seems wrong. When podman reexec itself it then
gets the wrong init value and because rootless_uid() will be 0 the
init() function in rootless_linux.go will not set it either because of
that. Thus the first reexec has the wrong env.
Now that I make use of it in c/common[1] this turns out top be a real
issue and is failing all first podman commands. To reproduce make sure
to kill the pause process then just run any podman command with the new
c/common vendor and without this patch.
[1] https://github.com/containers/common/pull/2020
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The buildah buil kill trick is bad as we have to sleep and wait to aboid
flakes which takes time. Instead it is possible to redo this build part
manually with buildah commands. It is not trival and harder to
understand but it safes 2-3s so I think it is worth it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
First, as root don't wait 5s for the timeout, 1s is enough. Also switch
to use the curl --max-time option instead, that way we know we do not
kill curl before it had the chance to do anything possibly.
Second, combine podman inspect commands into one. This makes the test
faster by over one second as we safe a bunch of podman commands.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Another case of contianer does not exit with SIGTERM so we waste 10s.
Now because our contianer reacts to sigterm and exits 0 the systemd unit
status changed to inactive from failed.
And most importantly add Notify=yes because the socat call always failed
as the default is to not leak the notify socket into the container.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is not clear at all why the count of 30 was choosen, this seems a
lot and of course takes quite a while. The test takes over 16s in CI.
To speed it up reduce the count to 10. I think this should still be good
enough to ensure there are no races IMO.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
openshift-merge-bot[bot]
Lokesh Mandvekar
renovate[bot]
Daniel J Walsh
Paul Holzinger
Mario Loriedo
marinmo
Ed Santiago
Sergio Lopez
Doug Rabson