Commit Graph

4334 Commits

Author SHA1 Message Date
Giuseppe Scrivano 88b62d2c27
vendor: update c/common
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-03-20 13:37:19 +01:00
openshift-merge-bot[bot] 5c9fd29808
Merge pull request #25617 from giuseppe/use-securejoin-openinroot
container: replace code with securejoin.OpenInRoot()
2025-03-19 13:37:37 +00:00
Giuseppe Scrivano 51ca839c14
libpod: fix handling of additional gids in exec
change the behavior to match what Docker does.

Docker always adds the specified additional gids, no matter the user
specified to exec.

Instead the additional gids read from the /etc/group file are added
only when there is not an explicit group specified in the exec
userspec.

➜ docker run -d --name container-with-groups --group-add mail --group-add news --group-add cron --group-add ftp --rm alpine top
c4190928097f64cabb83af7cac6ec10041a9e74de359433dfd3e5b9d8a7dce1a
➜ docker exec container-with-groups id -G
0 1 2 3 4 6 10 11 12 13 16 20 21 26 27
➜ docker exec --user root container-with-groups id -G
0 1 2 3 4 6 10 11 12 13 16 20 21 26 27
➜ docker exec --user nobody container-with-groups id -G
65534 12 13 16 21
➜ docker exec --user nobody:nobody container-with-groups id -G
65534 12 13 16 21
➜ docker exec --user root:root container-with-groups id -G
0 12 13 16 21
➜ docker exec --user root:root container-with-groups id -G
0 12 13 16 21

Closes: https://github.com/containers/podman/issues/25610

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-03-19 12:56:27 +01:00
Giuseppe Scrivano c0627de21d
container: replace code with securejoin.OpenInRoot()
when the code was first added, there was no securejoin.OpenInRoot().
Since there is a function already provided by a dependency and already
used in libpod, replace the custom code with securejoin.OpenInRoot().

The new version does not report a symlink that points outside the
root, but it is still resolved relative to the specified mountpoint,
since that is the openat2 semantic.  It does not affect the security
of the function.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-03-19 09:32:47 +01:00
Matt Heon 687fe08f42 Fix a potential deadlock during `podman cp`
Have one function without a `defer lock.unlock()` as one of the
commands in it calls a function that also takes the same lock,
so the unlock has to happen prior to function completion.
Unfortunately, this is prone to errors, like the one here: I
missed a case, and we could return without unlocking, causing a
deadlock later in the cleanup code as we tried to take the same
lock again.

Refactor the command to use `defer unlock()` to simplify and
avoid any further errors of this type.

Introduced by e66b788a51 - this
should be included in any backports of that commit.

Fixes #25585

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-03-14 10:37:59 -04:00
openshift-merge-bot[bot] d1d8f3334f
Merge pull request #25520 from Honny1/fix-hc-inf-log
Fix HealthCheck log destination, count, and size defaults
2025-03-13 18:59:34 +00:00
openshift-merge-bot[bot] 79e05ca199
Merge pull request #25575 from giuseppe/test-not-safe-for-parallel
libpod: improve createRootlessContainer
2025-03-13 17:35:40 +00:00
Giuseppe Scrivano a2953dad10
libpod: improve createRootlessContainer
do not run the expensive pmount.GetMounts() function if it is not
needed.

As a follow-up for commit c9c44d400c, do
not restore the propagation flag for the parent mount to shared unless
it was changed to slave first.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-03-13 16:55:11 +01:00
Paul Holzinger a1008a1294
libpod: add missing return in WaitForConditionWithInterval()
AS pointed out by Valentin on #25491, it is not an actual bug but this
is makes it more clear how it works and should not confuse readers why
this case has no return.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-03-13 14:10:33 +01:00
Jan Rodák fff42ac232
Fix HealthCheck log destination, count, and size defaults
GoLang sets unset values to the default value of the type. This means that the destination of the log is an empty string and the count and size are set to 0. However, this means that size and count are unbounded, and this is not the default behavior.

Fixes: https://github.com/containers/podman/issues/25473
Fixes: https://issues.redhat.com/browse/RHEL-83262

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-03-12 21:27:00 +01:00
Paul Holzinger 9e94dc53b2
add new artifact mount type
Add a new option to allow for mounting artifacts in the container, the
syntax is added to the existing --mount option:
type=artifact,src=$artifactName,dest=/path[,digest=x][,title=x]

This works very similar to image mounts. The name is passed down into
the container config and then on each start we lookup the artifact and
the figure out which blobs to mount. There is no protaction against a
user removing the artifact while still being used in a container. When
the container is running the bind mounted files will stay there (as the
kernel keeps the mounts active even if the bind source was deleted).
On the next start it will fail to start as if it does not find the
artifact. The good thing is that this technically allows someone to
update the artifact with the new file by creating a new artifact with
the same name.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-03-12 19:42:14 +01:00
Paul Holzinger b232ea3d18
create artifact store in the libpod runtime
Instead of duplicating the NewArtifactStore() call in many places and
having to make sure we always pass the same path to it define it as
function on the runtime. This allows any caller with access to the
libpod runtime to create the store easily.

This is suing a sync.OnceValues() function so the store is initialized
only once and only when actually needed.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-03-12 19:42:13 +01:00
openshift-merge-bot[bot] 47003f76db
Merge pull request #25528 from giuseppe/fix-mount-leak
update c/storage
2025-03-11 13:05:35 +00:00
Giuseppe Scrivano c9c44d400c
libpod: do not cover idmapped mountpoint
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-03-11 11:03:41 +01:00
Yuri Timenkov eed5f9ee4a libpod: race in WaitForConditionWithInterval()
There are multiple concurrent goroutinces which produce result and they
race agains each other, while producing different results.

This commit addresses at least a part of the problem - producing
different results for competing "sources".

Fixes: #25479

Signed-off-by: Yuri Timenkov <yuri@timenkov.pro>
2025-03-06 12:40:43 +00:00
Yuri Timenkov d0efd0e278 libpod: race in WaitForExit() with autoremove
When waiting for container to be not-running, sometimes wait retuns code
-1 with an empty error instead of actual exit code.

It turned out that syncContainer returns ErrCtrRemoved for a removed
container instead of ErrNoSuchCtr, while data can still be pulled from
the database.

This fixes the issue by taking into account both codes.

Fixes: #25479

Signed-off-by: Yuri Timenkov <yuri@timenkov.pro>
2025-03-06 12:37:47 +00:00
Paul Holzinger 47a743bba2
report healthcheck start errors
When starting a container consider healthcheck errors fatal. That way
user know when systemd-run failed to setup the timer to run the
healthcheck and we don't get into a state where the container is running
but not the healthcheck.

This also fixes the broken error reporting from the systemd-run exec, if
the binary could not be run the output was just empty leaving the users
with no idea what failed.

Fixes #25034

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-03-04 16:48:50 +01:00
Jan Rodák 511d912685
Add stopped status for HealthCheck
If the container is stopped and the ongoing HealthCheck has no chance to complete the check is evaluated as stopped.

Fixes: https://issues.redhat.com/browse/RUN-2520
Fixes: https://github.com/containers/podman/issues/25276

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-03-03 17:09:30 +01:00
openshift-merge-bot[bot] efe8e165d8
Merge pull request #25417 from mheon/fix_25368
Fix volume quota assignment
2025-03-01 15:11:06 +00:00
Jan Kaluza 20523152f8 Add "create" and "remove" events for secrets.
This commit adds the "secret" Event type and emits
"create" and "remove" events for this Event type
when Secret is created or removed.

This can be used for example by podman interfaces to
view and manage secrets.

Fixes: #24030

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
2025-02-28 16:58:06 +01:00
Matt Heon f71067d710 Create quota before _data dir for volumes
This resolves an ordering issue that prevented quotas from being
applied. XFS quotas are applied recursively, but only for
subdirectories created after the quota is applied; if we create
`_data` before the quota, and then use `_data` for all data in
the volume, the quota will never be used by the volume.

Also, add a test that volume quotas are working as designed using
an XFS formatted loop device in the system tests. This should
prevent any further regressions on basic quota functionality,
such as quotas being shared between volumes.

Fixes #25368

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-02-28 09:52:55 -05:00
Giuseppe Scrivano 4695564730
oci: report empty exec path as ENOENT
unify the error codes returned by runc and crun.

Fix the tests to work with both runtimes, as well as the
https://github.com/containers/crun/pull/1672 changes in progress for
crun.

Follow-up for https://github.com/containers/podman/pull/25340

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-02-18 22:01:08 +01:00
openshift-merge-bot[bot] e88ccec7ed
Merge pull request #25311 from mheon/fix_25289
Add SyncMap package and use it for graph stop/remove
2025-02-18 13:22:42 +00:00
Giuseppe Scrivano c65bb903b6
test: adapt tests new crun error messages
Needed-by: https://github.com/containers/crun/pull/1672

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-02-17 20:47:43 +01:00
Matt Heon 0f443f22ca Add syncmap package and use it for graph stop/remove
This greatly simplifies the locking around these two functions,
and things end up looking a lot more elegant. This should prevent
the race flakes we were seeing before.

Fixes #25289

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-02-17 14:32:34 -05:00
openshift-merge-bot[bot] 24e2e9c69b
Merge pull request #25003 from Honny1/no-db-healtcheck-exec
Run HealthCheck without saving the `ExecSession` to the database
2025-02-13 10:14:28 +00:00
openshift-merge-bot[bot] 62cde17193
Merge pull request #25297 from mheon/fix_25291
Remove persist directory when cleaning up Conmon files
2025-02-11 21:09:46 +00:00
Matt Heon ce8813dc8d Remove persist directory when cleaning up Conmon files
This seems to have been added as part of the cleanup of our
handling of OOM files, but code was never added to remove it, so
we leaked a single directory with an exit file and OOM file per
container run. Apparently have been doing this for a while - I'd
guess since March of '23 - so I'm surprised more people didn't
notice.

Fixes #25291

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-02-11 14:51:34 -05:00
openshift-merge-bot[bot] 4a0b230610
Merge pull request #24775 from mheon/fix_24738
In SQLite state, use defaults for empty-string checks
2025-02-11 15:43:09 +00:00
Jan Rodák ad9839ac55
Run HealthCheck without creating and removing the ExecSession in the database
Fixes: https://issues.redhat.com/browse/RHEL-69970

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-02-11 13:59:00 +01:00
openshift-merge-bot[bot] e943a2b064
Merge pull request #25275 from dfr/freebsd-hascapresource
libpod: make hasCapSysResource platform-specific
2025-02-10 19:01:07 +00:00
Matt Heon cb53abca28 In SQLite state, use defaults for empty-string checks
As part of our database init, we perform a check of the current
values for a few fields (graph driver, graph root, static dir,
and a few more) to validate that Libpod is being started with a
sane & sensible config, and the user's containers can actually be
expected to work. Basically, we take the current runtime config
and compare against values cached in the database from the first
time Podman was run.

We've had some issues with this logic before this year around
symlink resolution, but this is a new edge case. Somehow, the
database is being loaded with the empty string for some fields
(at least graph driver) which is causing comparisons to fail
because we will never compare against "" for those fields - we
insert the default value instead, assuming we have one.

Having a value of "" in the database largely invalidates the
check so arguably we could just drop it, but what BoltDB did -
and what SQLite does after this patch - is to use the default
value for comparison instead of "". This should still catch some
edge cases, and shouldn't be too harmful.

What this does not do is identify or solve the reason that we are
seeing the empty string in the database at all. From my read on
the logic, it must mean that the graph driver is explicitly set
to "" in the c/storage config at the time Podman is first run and
I'm not precisely sure how that happens.

Fixes #24738

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-02-10 12:42:11 -05:00
openshift-merge-bot[bot] a475083bff
Merge pull request #25169 from mheon/graph_stop
Add graph-based pod stop
2025-02-10 17:00:19 +00:00
Doug Rabson ab0410948a libpod: make hasCapSysResource platform-specific
I'm not sure if there is an equivalent to CAP_SYS_RESOURCE on FreeBSD
but for now, I have added a no-op stub which returns false.

Signed-off-by: Doug Rabson <dfr@rabson.org>
2025-02-10 14:52:10 +00:00
Matt Heon 46d874aa52 Refactor graph traversal & use for pod stop
First, refactor our existing graph traversal code to improve code
sharing. There still isn't much sharing between inward traversal
(stop, remove) and outward traversal (start) but stop and remove
are sharing most of their code, which seems a positive.

Second, add a new graph-traversal function to stop containers.
We already had start and remove; stop uses the newly-refactored
inward-traversal code which it shares with removal.

Third, rework the shared stop/removal inward-traversal code to
add locking. This allows parallel execution of stop and removal,
which should improve the performance of `podman pod rm` and
retain the performance of `podman pod stop` at about what it is
right now.

Fourth and finally, use the new graph-based stop when possible
to solve unordered stop problems with pods - specifically, the
infra container stopping before application containers, leaving
those containers without a working network.

Fixes https://issues.redhat.com/browse/RHEL-76827

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-02-06 18:28:12 -05:00
openshift-merge-bot[bot] 39becc2f05
Merge pull request #24781 from ashley-cui/builtfor
Add BuildOrigin field to podman info
2025-02-04 20:13:27 +00:00
Matt Heon 06fa617f61 Lock pod while starting and stopping containers
The intention behind this is to stop races between
`pod stop|start` and `container stop|start` being run at the same
time. This could result in containers with no working network
(they join the still-running infra container's netns, which is
then torn down as the infra container is stopped, leaving the
container in an otherwise unused, nonfunctional, orphan netns.

Locking the pod (if present) in the public container start and
stop APIs should be sufficient to stop this.

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-02-03 11:19:20 -05:00
Paul Holzinger f0ef791808
podman exec: correctly support detaching
podman exec support detaching early via the detach key sequence. In that
case the podman process should exit successfully but the container exec
process keeps running.

Now I wrote automated test for both podman run and exec detach but this
uncovered several larger issues:
 - detach sequence parsing is broken[1]
 - podman-remote exec detach is broken[2]
 - detach in general seems to be buggy/racy, seeing lot of flakes that
   fail to restore the terminal and get an EIO instead, i.e.
   "Unable to restore terminal: input/output error"

Thus I cannot add tests for now but this commit should at least fix the
obvoius case as reported by the user so I like to get this in regardless
and I will work through the other issues once I have more time.

Fixes #24895

[1] https://github.com/containers/common/pull/2302
[2] https://github.com/containers/podman/issues/25089

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-01-31 13:29:04 +01:00
Paul Holzinger 3eb0e1e8ac
libpod: remove unused ExecStartAndAttach()
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-01-31 13:28:01 +01:00
Ashley Cui d3706bcad1 Add BuildOrigin field to podman info
BuildOrigin is a field that can be set at build time by packagers. This helps us trace how and where the binary was built and installed from, allowing us to see if the issue is due to a specfic installation or a general podman bug. This field shows up in podman version and in podman info when populated. Note that podman info has a new field, Client, that only appears when running podman info using the remote client.

Automatically set the BuildOrigin field when building the macOS pkginstaller to pkginstaller.

Usage: make podman-remote BUILD_ORIGIN="mypackaging"

Signed-off-by: Ashley Cui <acui@redhat.com>
2025-01-30 14:48:30 -05:00
Jan Rodák 511c8b249d
Remove timer for HealthCheck when container is paused.
If is unpaused then new timer for  HealthCheck is created.

Fixes: https://issues.redhat.com/browse/RUN-2468

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-01-29 13:34:26 +01:00
Jan Rodák 81eb84fdaa
Clean up after unexpectedly terminated build
The `podman system prune` command is able to remove build containers that were created during the build, but were not removed because the build terminated unexpectedly.

By default, build containers are not removed to prevent interference with builds in progress. Use the **--build** flag when running the command to remove build containers as well.

Fixes: https://issues.redhat.com/browse/RHEL-62009

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-01-27 14:21:27 +01:00
Matt Heon cfeefb3219 Remove JSON tag from UseImageHosts in ContainerConfig
This did not have a JSON tag prior to being added by #25008. By
adding one we risk a breaking change in the DB (particularly
given the change in case - useImageHosts vs UseImageHosts) which
we should try to avoid.

Remove the tag given this.

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-01-20 13:43:51 -05:00
Florian Apolloner 805e78c2aa Set network ID if available during container inspect
Fixes #24910

Signed-off-by: Florian Apolloner <florian@apolloner.eu>
2025-01-20 15:55:26 +01:00
openshift-merge-bot[bot] d4fce5178f
Merge pull request #24974 from rhatdan/quadlet
Switch all calls of assert.Nil to assert.NoError
2025-01-20 14:34:13 +00:00
Daniel J Walsh 3fb37c588d
Switch all calls of assert.Nil to assert.NoError
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-01-15 07:08:27 -05:00
Daniel J Walsh 6565bde6e8
Add --no-hostname option
Fixes: https://github.com/containers/podman/issues/25002

Also add the ability to inspect containers for
UseImageHosts and UseImageHostname.

Finally fixed some bugs in handling of --no-hosts for Pods,
which I descovered.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-01-15 06:51:32 -05:00
openshift-merge-bot[bot] 0798f54e94
Merge pull request #24655 from mheon/fix_volume_perms_cp
Mount volumes before copying into a container
2025-01-08 14:51:46 +00:00
Paul Holzinger e9fb805522
update golangci/golangci-lint to v1.63.4
Fix new issues found by usetesting, mainly we should use t.TempDir() in
test which makes the code better as this will be removed on test end
automatically so no need for defer or any error checking.
Also fix issues reported by exptostd, these mainly show where we can
switch the imports to the std maps/slices packages instead of the
golang.org/x/exp/... packages.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-01-07 15:48:53 +01:00
openshift-merge-bot[bot] b4ef95590b
Merge pull request #24868 from rhatdan/kube
Kube volumes can not contain _
2025-01-07 01:23:05 +00:00