When no name arg is given to Podman machine commands, Podman assumes the machine name is podman-machine-default. Document this behavior.
Signed-off-by: Ashley Cui <acui@redhat.com>
The `--network-cmd-path` CLI option only affects rootless networks using `slirp4netns(1)`, not `pasta(1)`. Following #18568 Podman should rather use the more generic `r.config.FindHelperBinary()` method (and therefore honour the `helper_binaries_dir` config) to find the path to the `slirp4netns` binary and deprecate the misleading `--network-cmd-path` CLI option. However, since this wasn't implemented yet we can't deprecate `--network-cmd-path` as of now. Adding a note anyway.
Fixes#18560
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
RHEL release-branches potentially need to be maintained for a very long
time. Improve reliability and CI-speed by skipping tasks which are not
needed for RHEL. For example, there will (likely) never be RHEL
releases of the MacOS or Windows versions of podman-remote. Also,
relocate the `win_installer_task` in the config. to better reflect it's
sequence among CI tasks.
Signed-off-by: Chris Evich <cevich@redhat.com>
There is no reason to define the same code every time in each file, just
use global nodes. This diff should speak for itself.
CleanupSecrets()/Volume() no longer call Cleanup() directly, as the
global AfterEach node will always call Cleanup() this is no longer
necessary. If one AfterEach() node fails it will still run the others.
Also always unset the CONTAINERS_CONF env vars. This prevents people
from forgetting to unset it. And fix the special CONTAINERS_CONF logic
in the system connection tests, we do not want to preserve
CONTAINERS_CONF anyway so just remove this logic.
Ginkgo orders the BeforeEach and AfterEach nodes. They will be executed
from the outer-most defined to inner-most. This means our global
BeforeEach is always first. Only then the inner one (in the Describe()
function in each file). For AfterEach it is inverted, from the inner to
the outer.
Also see https://onsi.github.io/ginkgo/#organizing-specs-with-container-nodes
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make sure that the directory formats are not just substituted with their
archive counterparts but actually tar'ed up directories. Also make sure
that the clients don't get chown errors by setting rootless user and
group ID instead of O when running in the user namespace.
Fixes: #15897
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
These annotations can have security implications - crun, for
example, allows rootless containers to preserve the user's groups
through an annotation. We absolutely should not include
annotations from an untrusted image off the internet by default.
We may consider whitelisting some annotations (e.g. the legacy
WASM annotations), but given that there is now a more explicit
way of specifying an image uses the WASM runtime in the OCI image
spec, I'm just tearing this out entirely for now.
Signed-off-by: Matt Heon <mheon@redhat.com>
Read the entire YAML file in case of a multi-doc file
Adjust the unit test
Add a system test
Add comment in the man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Several tweaks to see if we can track down #17216, the unlinkat-ebusy
flake:
- teardown(): if a cleanup command fails, display it and its
output to the debug channel. This should never happen, but
it can and does (see #18180, dependent containers). We
need to know about it.
- selinux tests: use unique pod names. This should help when
scanning journal logs.
- many tests: add "-f -t0" to "pod rm"
And, several unrelated changes caught by accident:
- images-commit-with-comment test: was leaving a stray image
behind. Clean it up, and make a few more readability tweaks
- podman-remote-group-add test: add an explicit skip()
when not remote. (Otherwise, test passes cleanly on
podman local, which is misleading)
- lots of container cleanup and/or adding "--rm" to run commands,
to avoid leaving stray containers
Signed-off-by: Ed Santiago <santiago@redhat.com>
Mention that using `su` does not establish a proper login session
required for running rootless Podman. It is a common and reoccurring
issue. Mentioning that in the issue template may guide users into
resolving the issue before opening an issue.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Yet another case of missing podman-wait. In these two, I see
no reason to run containers detached, so I just removed "-d"
Signed-off-by: Ed Santiago <santiago@redhat.com>
Another low-hanging fruit: test flake because podman-remote
trying to contact a server that hadn't come up.
Fixes: #17940
Signed-off-by: Ed Santiago <santiago@redhat.com>
With -p, ginkgo emits timing information on the first line
after dashes. Without -p, it's at the end.
Most tests use -p. Podman-machine does not. Deal with that.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Fixes: #18139
Removing the Dependabot configuration file is a required prerequisite to
stopping it from opening update PRs. Once this commit is merged, the
`Dependabot security updates` repo. setting may also be disabled. Note:
The `Dependabot alerts` setting should remain enabled, this provides
security-data to renovate for opening important vulnerability fix PRs.
Signed-off-by: Chris Evich <cevich@redhat.com>
OpenShift Merge Robot
Ashley Cui
Daniel Rudolf
Chris Evich
Paul Holzinger
Valentin Rothberg
Jason T. Greene
Daniel J Walsh
Matt Heon
dependabot[bot]
Ygal Blum
Ed Santiago
Tony Duan
Miloslav Trmač
renovate[bot]
Dawid Kulikowski