validate that a "podman generate" and "podman play" cycle restores the
specified user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
layers restored from a tarball won't be converted to composefs so
disable the cache when using composefs.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
the condition is based on the fact that podman save|podman load
doesn't recreate the same digest, thus it would fail if the image in
the additional store was pulled with a simple "podman pull".
The same sequence of commands would fail using podman manually after a
"podman pull alpine".
Ignore the cache and use only the images that were pulled in the main
store.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This contains a fix for a gvproxy crash on macos on fast connections
with heavy network load.
This should fix https://github.com/containers/podman/issues/23114
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
The tests didn't check anything actually because default_ifname requires
an ip version argument to work. Thus pasta_iface was empty, add new
checks to prevent this kind of error again.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The test assumes that if more than 1 ip on the host we should be able to
set host.containers.internal. This however is not how the logic works in
the code. What it actually does is to check all ips in the
rootless-netns and then it knows that it cannot use any of these ips.
This includes any podman bridge ips.
You can reproduce the error when you have only one ipv4 on the host then
run a container as root in the background and run the test:
hack/bats --rootless 505:host.containers.internal
So the failure here was that there was already a podman container
running as root on the default bridge thus the test saw 2 ips but then
the rootless run also uses the same subnet for its bridge and the code
knew that ip would not work either. I could have made another special
condition in test but the better way to work around it is to create a
new network. A new network will make sure there are no conflicting
subnets assigned so the test will pass.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
currently there is no way to specify the mappings, so at least treat a
private user namespace as "auto".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
if there is an annotation that specifies the user namespace for the
infra container, then make sure it is used for the entire pod.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The pod spec HostUsers boolean only specifies whether a user namespace
is used or not. Hene, the podman specific annotation must have a
higher precedence since it defines how the user namespace is created.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Continuing efforts on making system tests parallel-safe by
using unique names for containers and pods.
Signed-off-by: Ed Santiago <santiago@redhat.com>
"/my-alpine" is also being used by tests in search_test.go;
use unique names to make sure we are trying to pull the encrypted
images created in the test.
Purely to avoid doubt, this should not actually change (test) behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Two tests failing in gating but never CI; add some debug
instrumentation to make it possible to find out what
is going on
Signed-off-by: Ed Santiago <santiago@redhat.com>
This adds generic utility to convert file system path into URL structure.
Instead of string manipulation it uses URL parsing and building routines.
Appending absolute path to `unix:///` URL out of the box correctly
handles URL format on Windows platform, where filepath should be prepended
by additional `/` before drive letter.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
Plus, I think my ampersand-quot change earlier this month
caused problems for firefox. We no longer need it (pull-option
does not need the funky double-quoted curly-brace string),
so, remove it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Users do not realize that the entire context directory is being copied
into the podman machine when doing a podman --remote build.
Adding information about the context directory might help them
understand this.
Improves: https://github.com/containers/podman/issues/23287
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
These tests are flaking for unknown reasons. One problem could be ncat
did not bound the port before we connect to it. Simple fix do not use
ncat and just use the golang API to listen on the port without the
extra ncat process. This should be race free in theory.
Also do not run the nc container in the background, we want to see the
errors from the ncat process in the container.
And because both tests do the same thing deduplicate them into one that
just uses a loop to create both tests.
Fixes#23263
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
openshift-merge-bot[bot]
Giuseppe Scrivano
renovate[bot]
Daniel J Walsh
Christophe Fergeau
Paul Holzinger
Ed Santiago
Miloslav Trmač
Arthur Sengileyev