When certain directories, like /tmp, get mounted over, FCOS/Linux can
act in unexpected ways. Added a sanity check for a list of directories
think might be impacted by this. Also, moved the volume parsing earlier
in the init process so we can catch problems before the expensive
decompression of machine images.
The following destinations are forbidden for volumes:
`/bin`, `/boot`, `/dev`, `/etc`, `/home`, `/proc`, `/root`, `/run`, `/sbin`, `/sys`, `/tmp`, `/usr`, and `/var`. Subdirectories
Fixes: #18230
Signed-off-by: Brent Baude <bbaude@redhat.com>
... to validate that the manifests match expected digests, if any.
Do this everywhere, even where we read local storage which is
mostly trusted, because it is cheap enough and being consistent
makes it less likely for the code to be copied into other
contexts shere the sources are not trusted.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add a new `podman machine cp` subcommand to allow users to copy files or
directories between a running Podman Machine and their host.
Tests cover the following cases:
- Copy a file from the host machine to the VM
- Copy a directory from the host machine to the VM
- Copy a file from the VM to the host machine
- Copy a directory from the VM to the host machine
- Copy a file to a directory
- Copy a directory to a file
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Allow the user to provide an Ansible playbook file on init which will
then be run on boot.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>
As issue #25112 points out, it was possible to start a machine on one of the darwin providers and then switch providers and start another one with a different name. This PR firstly prevents that use which is a forbidden use case.
Secondarily, performed some minor cleanup on the error messages being used so that the error would be specific to this condition.
This bug fix is for darwin only. In the case of Windows, we probably need to answer the question I raised in #24067 first, which is whether we want to stop allowing WSL to run multiple machines.
Fixes#25112
Signed-off-by: Brent Baude <bbaude@redhat.com>
The Kind() exported function is unused in our code; moreover, the function cannot be accurate because in the case of darwin, applehv and libkrun use the same config in the struct and therefore, we cannot identify the provider via that method.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The behavior of function `path/filepath.EvalSymlinks()` has
changed in Go v1.23:
- https://go-review.googlesource.com/c/go/+/565136
- https://go.dev/doc/go1.23#minor_library_changes
- https://tip.golang.org/doc/godebug
As a consequences, starting with Podman 5.3.0, when installing
on Windows (WSL) using scoop, Podman fails to start because it
fails to find helper binaries. Scoop copies Podman binaries in
a folder of type Junction and `EvalSymlinks` returns an error.
The problem is described in #24557.
To address this problem we are checking if a path is a `Symlink`
before calling `EvalSymlinks` and, if it's not (hardlinks, mount
points or canonical files), we are calling `path/filepath.Clean`
for consistency. In fact `path/filepath.EvalSymlinks`, after
evaluating a symlink target, calls `Clean` too.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
The regex match would return a horrible error message and is way more
complicated then it should be. Simply check that .exe is not part of the
output.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The test pulls a big disk image every time which is slow. I see no good
way around that. Let's try to use /dev/null as image as we do not have
to run the VM at all and just can pass a NOP file to make the init
command happy.
That pull of that image seems to take over 2m so we safe quite a lot.
Also update the matcher for the slice. BeTrue() produces horrible
errors.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Leo Liu <silver886@users.noreply.github.com>
Add comment
In shell completion, there is `.exe` suffix on Windows and this does not provide same experience across platforms, #16499
Signed-off-by: Leo Liu <silver886@users.noreply.github.com>
Create unit test for `.exe` suffix removal
Signed-off-by: Leo Liu <11664880+silver886@users.noreply.github.com>
Update comments
Signed-off-by: Leo Liu <11664880+silver886@users.noreply.github.com>
Fix new issues found by usetesting, mainly we should use t.TempDir() in
test which makes the code better as this will be removed on test end
automatically so no need for defer or any error checking.
Also fix issues reported by exptostd, these mainly show where we can
switch the imports to the std maps/slices packages instead of the
golang.org/x/exp/... packages.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use filepath utility instead of generic string replace to convert path
on Windows. This also separates OS specific implementations to separate
compilation sources and removes redundant check for virtualization
provider on Windows platform.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
When we alreadty get a full URL with user, port and identity then we
should not read the config file just to overwrite them with wrong
values. This is a bad regression for user using * wildcard in their
ssh_config as it makes podman machine unusable.
Fixes: #24567
Fixes: e523734ab6 ("Add support for ssh_config for connection")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fix the issue where podman machine init does not create
all the necessary machine files when ignition-path is used. Fixes: #23544
Signed-off-by: Graceson Aufderheide <gracesonphoto@gmail.com>
- fix issues found by recvcheck
- skip k8s files from recvcheck
- remove two removed linters gomnd and execinquery
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This function is not used, we pull actual container images for testing
now. This allows us to remove github.com/coreos/stream-metadata-go.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit disables ssh port forwarding on WSL by passing -1 to the -ssh-port flag of gvproxy. Port forwarding is not required on WSL and disabling it prevents port conflict with CRC.
Fixes: https://github.com/containers/podman/issues/20327
Signed-off-by: Gunjan Vyas <vyasgun20@gmail.com>
Nobody is looking into this anyway and it just clutters the logs and
will cause confusion for readers. If some day someone wants to fix the
macos IO bugs they can add this back.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Recently was trying to start podman machine with krunkit and got:
Error: krunkit exited unexpectedly with exit code 1
which isn't very descriptive. Although this doesn't solve the
issue, it increases the debugability of this error.
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
Modifies the "Remove machine" test to verify the system connections are
handled properly on removal.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Modify `RemoveConnections` to verify the new default system connection's
rootful state matches the rootful-ness of the podman machine it is associated
with.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Takes the code inside the closure in the function `RemoveConnections`
and makes it a separate function to increase readability.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Moves the `DefaultMachineName` constant out of `pkg/machine` and into
`pkg/machine/define`.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Instead of ErrVMAlreadyRunning use a more appropriate error.
Also improve the message a little bit.
Fixes: https://github.com/containers/podman/issues/23436
Signed-off-by: Nicola Sella <nsella@redhat.com>
The `RemoveFilesAndConnections` function is not being used, so its safe
to remove it and not carry unnecessary code that we need to maintain.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Adds the function `GetAllMachinesAndRootfulness` which creates a map of
all podman machines, of any supported provider, on the system and
whether it is rootful or not.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Many dependencies started using go 1.22 which means we have to follow in
order to update.
Disable the now depracted exportloopref linter as it was replaced by
copyloopvar as go fixed the loop copy problem in 1.22[1]
Another new chnage in go 1.22 is the for loop syntax over ints, the
intrange linter chacks for this but there a lot of loops that have to be
converted so I didn't do it here and disable th elinter for now, th eold
syntax is still fine.
[1] https://go.dev/blog/loopvar-preview
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Brent Baude
Miloslav Trmač
Jake Correnti
Paul Holzinger
Mario Loriedo
openshift-merge-bot[bot]
Daniel J Walsh
Leo Liu
Arthur Sengileyev
Graceson Aufderheide
Gunjan Vyas
ThaddeusTreloar
Eric Curtin
Sergio Lopez
Nicola Sella
Mikel Olasagasti Uranga