copy the current mapping into a new user namespace, and run into a
separate user namespace.
Closes: https://github.com/containers/podman/issues/17337
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Just like buildkit buildah must allow cleaning the buildcache and cache generated on host by --mount=type=cache just like buildkit's prune command.
See: https://github.com/moby/buildkit#cache
Signed-off-by: Aditya R <arajan@redhat.com>
In the remote environment, this test will be failed,
because an error message is different from the local environment.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Also update to c/image after https://github.com/containers/image/pull/1821 ,
so that we don't ship two versions of the package simultaneously.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Create the containers with a custom network. It has an impact on the
speed of container creation.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
One of the tmpfiles was not uniquely named, resulting in
conflicts with parallel 'make docs'. Fix that.
A better solution would be to run only one instance of the
preprocess script, but the Makefile incantation for that
is beyond me. This approach is CPU-wasteful but good enough.
Fixes: #17322
Signed-off-by: Ed Santiago <santiago@redhat.com>
quadlet tests were using 'systemctl show -P', a shortcut
that doesn't exist on RHEL8. Translate to old-systemd
language.
And, minor tweaks to make future test diagnosing easier.
This is a frontport of #17311; bringing from release branch
to main. Except that was an emergency, so it was a one-line
fix. This is a better long-term fix, not as trivial to review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Image content hasn't changed much, the biggest thing here is the
$IMAGE_SUFFIX value. This new schema is also fully manageable by
renovate. Allowing a tag-push to c/automation_images to create image
update PRs in all repos automatically.
ref: https://github.com/containers/automation_images/pull/247
Also, cleanup a few comments and remove a disused testing task.
Signed-off-by: Chris Evich <cevich@redhat.com>
http.Get() could not recognize no_proxy with "ginkgo -nodes <any>".
Therefore, we set http.Client not to use a proxy instead of os.Setenv().
Fixes#17135
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
When multiple files are specified buildah considers `FROM` instruction
from the last file specified and so does `buildkit` and `docker` so lets
specify that in docs.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Similar to: https://github.com/containers/buildah/pull/4546
Signed-off-by: Aditya R <arajan@redhat.com>
The function which generates and assigns a random
port number for the --publish-all functionality
was not properly marking some ports as "used".
In very rare occasions this can cause a randomly
"generated" port to be used twice creating an
impossible container configuration.
Signed-off-by: telday <ellis.wright@cyberark.com>
Ha ha. This was supposed to be a trivial little followup to #17174:
https://github.com/containers/podman/pull/17174#discussion_r1085963780
(safer username check when --userns=keep-id)
It got complicated. TL;DR we need to use User.Username, not User.Name.
The latter is GECOS! Tests were working because, on Fedora, GECOS
for root is "root". Found and fixed all 'u.Name' instances, but
if there are any references with a variable other than 'u', they
still need looking into.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This should never happen with a consistent client/server,
and we are seeing this show up with some hard-to-diagnose flakes.
So, log details about failures. After we find the cause, we might remove
this extra logging again.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add a script with reproducers for bugzilla.redhat.com/show_bug.cgi?id=2162111.
The results are not much different compared to the already existing
scripts. Podman is faster despite for container removal.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Do not save the container each for changing the state and for removing
running exec sessions. Saving the container is expensive and avoiding
the redundant save makes `container rm` 1.2 times faster on my
workstation.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
OpenShift Merge Robot