It turns out, after iterating over rows, we need to check for errors. It
also turns out that we did not do that at all.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Commit f131eaa74a changed restart to a stop+start motivated by
comments in the systemd man pages that restart behaves different than
stop+start, for instance, that it keeps certain resources open and
treats timers differently. Yet, the actually fix for #17607 in the very
same commit was dealing with an ENOENT of the CID file on container
removal.
As it turns out in in #18926, changing to stop+start regressed on
restarting dependencies when auto updating a systemd unit. Hence, move
back to using restart to make sure that dependent systemd units are
restarted as well.
An alternative could be recommending to use `BindsTo=` in Quadlet files
but this seems less common than `Requires=` and hence more risky to
cause issues on user sites.
Fixes: #18926
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add support for `--imagestore` in podman which allows users to split the filesystem of containers vs image store, imagestore if configured will pull images in image storage instead of the graphRoot while keeping the other parts still in the originally configured graphRoot.
This is an implementation of
https://github.com/containers/storage/pull/1549 in podman.
Signed-off-by: Aditya R <arajan@redhat.com>
The "removed" condition mapped to an undefined state which ultimately
rendered the wait endpoint to return an incorrect exit code. Instead,
map "removed" to "exited" to make sure Podman returns the expected
exit code.
Fixes: #18889
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
- [service_destinations] should be [engine.service_destinations]
- service_destinations does not read from
`/usr/share/containers/containers.conf` because podman uses config.ReadCustomConfig().
Fixes: #15615
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
For tests that use '--ip XX', random IP allocation is not
working well. Switch instead to a deterministic algorithm
with CPU affinity and a fudge factor for CNI.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The code was moved to c/common so use that instead. Also add tests for
the new pasta_options config field. However there is one outstanding
problem[1]: pasta rejects most options when set more than once. Thus it is
impossible to overwrite most of them on the cli. If we cannot fix this
in pasta I need to make further changes in c/common to dedup the
options.
[1] https://archives.passt.top/passt-dev/895dae7d-3e61-4ef7-829a-87966ab0bb3a@redhat.com/
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit creates a new command `podmansh` command which can be used by
administrators to provide a confined shell to their users.
The user will only have access to the volumes and capabilities for that
user.
Co-authored-by: Paul Holzinger <pholzing@redhat.com>
Co-authored-by: Daniel Walsh <dwalsh@redhat.com>
Co-authored-by: Petr Lautrbach <lautrbach@redhat.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Conmon very early dups the std streams with /dev/null, therefore all
errors it reports go nowhere. When you run podman with debug level we
set --syslog and we can see the error in the journal. This should be
the default. We have a lot of weird failures in CI that could be caused
by conmon and we have access to the journal in the cirrus tasks so that
should make debugging much easier.
Conmon still uses the same logging level as podman so it will not spam
the journal and only log warning and errors by default.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a section to the troubleshooting guide describing how to get secret
mounts working in an environment with nosuid-mounted file systems and
runc, such as RHEL8, as discussed in
https://github.com/containers/buildah/issues/4228.
Signed-off-by: Philipp Wagner <phw@ibm.com>
Remove code duplication and use the new FilterID function from
c/common. Also remove the duplicated ComputeUntilTimestamp in podman use
the one from c/common as well.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When an e2e test fails in AfterEach, ginkgo "helpfully" adds
a heading in that test log block:
TOP-LEVEL [AfterEach]
/path/to/source.go
Podman Desc Blah
That TOP-LEVEL line screws up our in-page links. Ignore it
both in the heading and in the bottom failure-summary lines.
Add test, including tests for bottom-summary.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We no longer allow to match ids in the middle, this makes no realy
sense. ID matches should always be by prefix.
https://github.com/containers/podman/issues/18471
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Remote clients only support the docker transport which is mentioned in
the destination table below. So drop the redundant text on supported
transports from the main description to avoid confusion.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Valentin Rothberg