Somehow the options/secret.md file generated corrupt md which
then generated corrupt .man files. Fix, and add a Makefile
check to prevent this from happening again.
Signed-off-by: Ed Santiago <santiago@redhat.com>
we were previously using an experimental feature in crun, but we lost
this capability once we moved to using the OCI runtime spec to specify
the volume mappings in fdcc2257df.
Add the same feature to libpod, so that we can support relative
positions for the idmaps.
Closes: https://github.com/containers/podman/issues/17517
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Podman machine os apply takes a takes a OCI image with container native ostree functionality and rebases the machine os on that image.
Currently, this requires the guest os inside the vm to use rpm-ostree.
When specifying an image, any container transport may be specified. If a
container transport is not specified, OS apply will attempt to search
the local containers-storage for the image, and if it is not found, it
will then attempt to use the Docker transport to pull from a remote
registry.
The architecture of OS apply is as follows:
podman machine os apply ssh's into the machine and calls podman machine os
apply. on the secondary call to podman machine os apply, apply
recognizes that it is inside the machine and does image operations, and
finally calls rpm-ostree rebase.
Tests are written but commented out, due to the chicken-and-egg problem.
Signed-off-by: Ashley Cui <acui@redhat.com>
Followup to #17486: stricter checks on --format.
* If a subcommand offers autocompletion for templates,
it must also offer a '--format json' option.
* If a subcommand has a --format option that DOES NOT
offer autocompletion for templates, it must be listed
in a hardcoded grandparented-in table of commands
where that's not applicable. (Mostly commands
like build, commit, save, where "format" is used
in the context of "oci/docker").
Only likely to trigger on PRs which add new subcommands,
and is intended to catch oversights.
Also, test for alphanumeric order in man page tables.
Sort all existing tables.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* add tests
* add documentation for --shm-size-systemd
* add support for both pod and standalone run
Signed-off-by: danishprakash <danish.prakash@suse.com>
command tables are chock full of duplication, hence they break.
Look for inconsistencies between the displayed man page name
and the actual man page name:
| foo | [podman-foo(1)](podman-cmd-foo.1.md) | ...
^^^
Inspired by #17474.
We can't actually check the subcommand name (the plain "foo")
because there are many existing subcommands whose name does
not match the man page: rmi vs image-rm, list vs podman-ps.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Very belated successor to #14046.
I don't know why this is so important to me. Probably because we're
doing a halfhearted sloppy job of documenting, and new options get
added, and not documented, and that's just wrong.
I've given up on documenting internal structs. This iteration
has a $Format_Exceptions table defined at the top of the xref
script, enumerating a hardcoded defined set of podman commands
and fields that should remain undocumented.
This iteration also forgives completely-undocumented formats.
If podman-foo has a --format, but podman-foo.1.md does not
list *any* valid fields, the script warns but does not fail.
This at least is better than documenting a random mix of fields.
This version of the xref script is much slower: 10s vs 4. I
think we can live with that in a CI-only script.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Document the identifiers used in the journald events backend. Those can
be used to filter Podman events with journalctl and I need them to be
documented for a blog I am writing at the moment.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
- Don't order the container unit before local-fs.target as that creates
an ordering cycle that triggers other issues.
- Use the example network in the container unit
- Only use groups that exists by default for the volume
Signed-off-by: Timothée Ravier <tim@siosm.fr>
Add support for disabeling SELinux process separation in the container.
Add support for setting the process type of the container.
Add support for setting the process MCS level of the container.
Add support for setting the file type of the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently we are shipping no data about quadlet, since the
podman-systemd.unit file is not shipped. Also want to add the
quadlet name to the description of the man page so that
man -k quadlet
will help users find the man page.
Also add a link file such that if the user types in
man quadlet
man will show the podman-systemd.unit file.
Also eliminate the subpackage podman-quadlet
Fixes: https://github.com/containers/podman/issues/17349
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
copy the current mapping into a new user namespace, and run into a
separate user namespace.
Closes: https://github.com/containers/podman/issues/17337
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When multiple files are specified buildah considers `FROM` instruction
from the last file specified and so does `buildkit` and `docker` so lets
specify that in docs.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Similar to: https://github.com/containers/buildah/pull/4546
Signed-off-by: Aditya R <arajan@redhat.com>
issues.redhat.com/browse/RHELBU-1918 is mentioning the podman-events man
page which are lacking notes on the verbose create events added by
commit 71f92d263c.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
(podman push) and (podman manifest push) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.
That notably adds support for Fulcio and Rekor signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We had a number of references, mostly in docs, to the word master that
can now be changed to main. This PR does that and makes the project a
bit more inclusive.
[NO NEW TESTS NEEDED]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
The Device, Type, Copy and Options keys are now supported in
quadlet .volume files. This allows users to create filesystem
based volumes with quadlets .volume files.
Signed-off-by: Ingo Becker <ingo@orgizm.net>
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Where the terms CNI and cni are used in documentation like man pages,
readme's, and tutorials, we have begun to add deprecation notices where
applicable. In cases where netavark cannot do what CNI can, those have
been left alone.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Reserved annotations are used internally by Podman and would effect
nothing when run with Kubernetes so we should not be generating these
annotations.
Fixes: https://github.com/containers/podman/issues/17105
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Users need to know about this side effect.
Fixes: 5a2405ae1b ("Don't mount /dev/tty* inside privileged...")
Fixes: f4c81b0aa5 ("Only prevent VTs to be mounted inside ...")
Signed-off-by: Martin Roukala (né Peres) <martin.roukala@mupuf.org>
Move the handling of Publish key to a method
use --publish instead of -p
Use the new method for both .container and .kube files
Adjust .container tests
Add .kube tests
Update the man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Add a new flag --publish
Remote - Pass PublishPorts as a string array
ABI - translate the string array to Ports and merge with the ports in the spec
Add e2e tests
Add option to man doc
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
The man-page cross-reference script checks the SEE ALSO section
to confirm that all references are to existing man pages (#12258).
However, it's a little too forgiving: it allows aliases, the
short '.so' files under the 'links/' subdirectory. That means
we could link to non-default command names, and were doing so.
As of this PR, we no longer allow that. Any podman command
referenced in SEE ALSO must be the canonical command name
(and man page). Fix existing non-canonical names, and
remove the exception so we don't allow this again.
See #16848 for discussion of context.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add the new keys to the supported keys list for the Container group
Pass the list of EnvironmentFile values while maintaining the order
Quadlet e2e test framework: Add support for checking regex in Podman args
Add relevant tests
Update man
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Added the functionality for a user to update the PIDs limit for a
container.
Fixes: #16543
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Users are surprised when chowning large volumes how long it can take
to relabel of chown the entire directory tree. This PR updates the
documentation to explain this fact to the user.
Fixes: https://github.com/containers/podman/issues/16575
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
False is the assumed value, and inspect and podman generate kube are
being cluttered with a ton of annotations that indicate nothing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Support .network file to create a systemd service that runs podman network create
Support networks with .network suffix in Container and Kube to link with Quadlet created networks
Add E2E Tests
Add man doc
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
In the recent past, I met the frequent need to wait for a container to
exist that, at the same time, may get removed (e.g., system tests in [1]).
Add an `--ignore` option to podman-wait which will ignore errors when a
specified container is missing and mark its exit code as -1. Also
remove ID fields from the WaitReport. It is actually not used by
callers and removing it makes the code simpler and faster.
Once merged, we can go over the tests and simplify them.
[1] github.com/containers/podman/pull/16852
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Also update vendor of containers/storage and image
Cleanup display of added/dropped capabilties as well
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add --ignore flag to the command line
Add a new parameter to the NetworkCreate interface in pkg/domain for CreateOptions
Add a new API Network CreateWithOptions in pkg/bindings
Remote API - Add a query parameter to set the ignore flag
Kube - use the IgnoreIfExists flag when creating the default network instead of handling the failure
Add e2e tests
Update man page for podman-network-create
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
On Mac machines security model none works, while "mapped-xattr"
causes symlinks to not work.
Update docs/source/markdown/podman-machine-init.1.md
[NO NEW TESTS NEEDED]
Related: https://github.com/containers/podman/discussions/16102
Co-authored-by: Tom Sweeney <tsweeney@redhat.com>
Signed-off-by: Sorin Sbarnea <sorin.sbarnea@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Now that the OCI runtime specs have support for idmapped mounts, let's
use them instead of relying on the custom annotation in crun.
Also add the mechanism to specify the mapping to use. Pick the same
format used by crun so it won't be a breaking change for users that
are already using it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Just like podman-remote run users should still be able to set volumes,
of course the source must be on the server machine but this is already
the case for podman machine for example.
Fixes#16694
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The remote client should be allowed to specify if the container should
be run with the proxy env vars. It will still use the proxy vars from
the server process and not the client. This makes podman-remote more
consistent with the local version and easier to use in environments
where a proxy is required.
Fixes#16520
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This changes references to `/etc/containers/storage.conf` (and similar) to
links to `containers-storage.conf(5)`, as there are alternative locations
for this file.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This just calls GC on the local storage, which will remove any leftover
directories from previous containers that are not in the podman db anymore.
This is useful primarily for transient store mode, but can also help in
the case of an unclean shutdown.
Also adds some e2e test to ensure prune --external works.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This handles the transient store options from the container/storage
configuration in the runtime/engine.
Changes are:
* Print transient store status in `podman info`
* Print transient store status in runtime debug output
* Add --transient-store argument to override config option
* Propagate config state to conmon cleanup args so the callback podman
gets the same config.
Note: This doesn't really change any behaviour yet (other than the changes
in containers/storage).
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Startup healthchecks are similar to K8S startup probes, in that
they are a separate check from the regular healthcheck that runs
before it. If the startup healthcheck fails repeatedly, the
associated container is restarted.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Ed Santiago
Giuseppe Scrivano
OpenShift Merge Robot
Ashley Cui
danishprakash
Erik Sjölund
salevdns
Daniel J Walsh
Ygal Blum
Claudio Nave
Valentin Rothberg
Timothée Ravier
Aditya R
Miloslav Trmač
tomsweeneyredhat
Daniel Lublin
Ingo Becker
Martin Jackson
Brent Baude
Martin Roukala (né Peres)
Jake Correnti
James Pace
Luís Henrique Faria
Sorin Sbarnea
Alexander Larsson
Ben Boeckel
Paul Holzinger
Chris Evich
Matthew Heon