This commit adds new annotation called:
io.podman.annotations.pids-limit/$ctrname
This annotation is used to define the PIDsLimit for
a particular pod. It is also automatically defined
when newly added --pids-limit option is used.
Fixes: #24418
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit adds new Retry= and RetryDelay= options
to quadlet.go which result in --retry and --retry-delay
usage in podman run, image and build commands.
This allows configuring the retry logic in the systemd
files.
Fixes: #25109
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
When we do a release, we need to ensure that machine images are built before the release PR can merge.
This GitHub action is triggered on version bumps, waits for our COPR builds to finish, and then opens a PR on the podman-machine-os repo to build the required machine-os images there. Note that dev bumps, unless on main, will not open a PR
Signed-off-by: Ashley Cui <acui@redhat.com>
Trying to generate a Pod yaml file when we are using --mount with
SubPath does not generate a VolumeMount with SubPath. This patch fixes
that.
Note that kube play does support SubPath since 95cc7e052, see:
https://github.com/containers/podman/pull/16803
Signed-off-by: Victor Toso <victortoso@redhat.com>
Following test needs unique cache in TMPDIR so cache of this test does
not conflicts with other tests however for this specific test there is
no convenient way to pass custom TMPDIR.
Skipping this test similar to this already exists in tests/bud.bats but
covers `--mount=type=cache,sharing=locked`
Read more discussion here: https://github.com/containers/podman/issues/25414
Closes: https://github.com/containers/podman/issues/25414
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
The current max size is defined as `maxSecretSize = 512000` in
`github.com/containers/common/blob/main/pkg/secrets/secrets.go`.
Signed-off-by: Alexander Gramiak <agrambot@gmail.com>
The alpine_nginx image is a static amd64 only image, just yesterday our
CI broke because the rosetta emulation stopped working. All these tests
should have no need to test emulation and should just run on native arch
here. This should also make them faster.
If we want to test emulation work it should be done in the
podman-machine-os tests instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The --env is used to add new environment variable to container or
override the existing one. The --unsetenv is used to remove
the environment variable.
It is done by sharing "env" and "unsetenv" flags between both
"update" and "create" commands and later handling these flags
in the "update" command handler.
The list of environment variables to add/remove is stored
in newly added variables in the ContainerUpdateOptions.
The Container.Update API call is refactored to take
the ContainerUpdateOptions as an input to limit the number of its
arguments.
The Env and UnsetEnv lists are later handled using the envLib
package and the Container is updated.
The remote API is also extended to handle Env and EnvUnset.
Fixes: #24875
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
when the code was first added, there was no securejoin.OpenInRoot().
Since there is a function already provided by a dependency and already
used in libpod, replace the custom code with securejoin.OpenInRoot().
The new version does not report a symlink that points outside the
root, but it is still resolved relative to the specified mountpoint,
since that is the openat2 semantic. It does not affect the security
of the function.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Includes one minor test fix as the line number reported as error was
changed, it seems to be actually correct now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Giuseppe Scrivano
Jan Rodák
Jan Kaluza
openshift-merge-bot[bot]
Ashley Cui
Victor Toso
flouthoc
Alexander Gramiak
renovate[bot]
Paul Holzinger
Martin Glatzle
Brent Baude
Raniere Silva