This commit adds unzip and python3-yaml to the Dockerfile, which are
needed to run the tests in contrib/cirrus/packer within the libpod
container image.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
When generating headers for search, we unconditionally
access element 0 of an array, and I saw this segfault in our CI.
There's no reason we have to do this, we're just going through it
to get field names with reflect, so just make a new copy of the
struct in question.
Also, move this code, which is only for CLI display, into
cmd/podman from libpod/image.
Signed-off-by: Matthew Heon <mheon@redhat.com>
When running as a user, the order of removal is database ID dependent.
This results in this test randomly failing. This condition was
very difficult to debug and the test was missing two critical checks.
One to confirm an expected error message was produced, and another
to verify the expected running container, remains running.
Fix the container and missing error-message checks, and vastly improve
the debug-ability of this test. Fixing the random-failures requires
intensive fixes in other areas, so that task will be left up to future
work.
Signed-off-by: Chris Evich <cevich@redhat.com>
We'd need to join multiple container's user namespaces, which is
not possible for now. The rootless single userns patches under
development by Giuseppe will fix this, but won't land in 1.2.x.
For now, disable --size as rootless.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
the remote client now can run the diff command to report changes,
modifications, and deletions in an image or container.
Signed-off-by: baude <bbaude@redhat.com>
Previously libpod CI was fairly straight-forward, run unit and
integration tests in a standard set of 3 VMs. Off on the side was a
single special case of running tests as an ordinary user. There is a
desire to stop using the PAPR system to support testing inside of a
container.
Since having two special cases potentially invites more
down the road, make provisions to handle them more gracefully. This
commit introduces an environment variable: ``$SPECIALMODE``. It's
value has the following meanings within the CI scripts:
Mode 'none': Nothing special, business as usual (default)
Mode 'rootless': Rootless testing
Mode 'in_podman': Build container, run integration tests in it.
This will make adding additional special-cases later easier, as well as
extending the special cases in a Matrix across multiple OS's.
Signed-off-by: Chris Evich <cevich@redhat.com>
simplify the rootless implementation to use a single user namespace
for all the running containers.
This makes the rootless implementation behave more like root Podman,
where each container is created in the host environment.
There are multiple advantages to it: 1) much simpler implementation as
there is only one namespace to join. 2) we can join namespaces owned
by different containers. 3) commands like ps won't be limited to what
container they can access as previously we either had access to the
storage from a new namespace or access to /proc when running from the
host. 4) rootless varlink works. 5) there are only two ways to enter
in a namespace, either by creating a new one if no containers are
running or joining the existing one from any container.
Containers created by older Podman versions must be restarted.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
in the few places where we care about skipping the storage
initialization, we can simply use the process effective UID, instead
of relying on a global boolean flag.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Cursory examination of man pages shows a number of typos:
- missing hyphens
- missing blank line
- longer option should precede shorter option
This is not an extensive fix, there's still a lot that could
be cleaned up.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
libpod.conf defaults to /usr/share/containers/libpod.conf.
Clarify how administrators can override it and the location
of the users version for rootless mode.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
--trace, --help and --version were not capatilized like the rest of the
global options. This patch fixes this problem.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Docker's upstream name validation regex has two major differences
from ours that we pick up in this PR.
The first requires that the first character of a name is a letter
or number, not a special character.
The second allows periods in names.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Sascha Grunert
OpenShift Merge Robot
Matthew Heon
Chris Evich
Matthew Heon
baude
Giuseppe Scrivano
Robert P. J. Day
Daniel J Walsh
TomSweeneyRedHat