--remote pre-check was providing usage context, which was also being
provided by the root podman command.
Fixes#7273
Signed-off-by: Jhon Honce <jhonce@redhat.com>
it allows to customize the options passed down to the OCI runtime for
setting up the /proc mount.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
correct small typo that sets the path on windows via the msi xml.
in the remote client, prompt for SSH password when no identity or alternate means of authentication are provided.
Signed-off-by: Brent Baude <bbaude@redhat.com>
instead of hiding the latest options for podman-remote or catching an error if podman --remote <cmd> -l is used, we no longer add the latest option to any remote command. podman will error with a "unknown flag" option.
Fixes: #7127
Signed-off-by: Brent Baude <bbaude@redhat.com>
Refactor the processing of Repository and Tag fields to default to <none>
when printing via --format flag. Previously, the default format would
print <none> but --format {{.Tag}} would not in some cases.
Fixes#7123
Signed-off-by: Jhon Honce <jhonce@redhat.com>
This matches Docker behavior, and seems to make sense - the CMD
may have been specific to the original entrypoint and probably
does not make sense if it was changed.
While we're in here, greatly simplify the logic for populating
the SpecGen's Command. We create the full command when making the
OCI spec, so the client should not be doing any more than setting
it to the Command the user passed in, and completely ignoring
ENTRYPOINT.
Fixes#7115
Signed-off-by: Matthew Heon <mheon@redhat.com>
Use cobra.Command.FParseErrWhitelist to no longer require --remote to be
the first argument in flags when using CLI
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Allow to create a devpts mount.
This is useful for containers that bind mount /dev/ from the host but
at the same time want to create a terminal.
It can be used as:
podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ...
Closes: https://github.com/containers/podman/issues/6804
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Docker and CNI have very different ideas of what 0.0.0.0 means.
Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4
address on the host. CNI (and, thus, root Podman) take it to mean
the literal IP 0.0.0.0. Instead, CNI interprets the empty string
("") as "bind to all IPs".
We could ask CNI to change, but given this is established
behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and
turn it into "" when we parse ports.
Fixes#7014
Signed-off-by: Matthew Heon <mheon@redhat.com>
Documentation and unit files call for a millisecond timeout while the
code was using a second resolution. Code change is smaller given
varlink has been deprecated.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
When you execute podman create/run with the --pod new:<name> syntax
the pod was created but the namespaces where not shared and
therefore containers could not communicate over localhost.
Add the default namespaces and pass the network options to the
pod create options.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Currently if you give a bogus flag to --format it will crash
the formatter. With this change we will get a nice error.
podman images --format '{{ bogus }}'
Error: template: list:1: function "bogus" not defined
versus
/bin/podman.old images --format '{{ bogus }}'
panic: template: list:1: function "bogus" not defined
goroutine 1 [running]:
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
For some reason we were overwriting memory when handling both
--pid=host and --ipc=host. Simplified the code to handle this
correctly, and add test to make sure it does not happen again.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When copying from a URL, podman will download and create a context
directory in a temporary file. The problem was that this directory
was being removed as soon as the function that created it was returned.
Later the build code would look for content in the temporary directory
and fail to find it, blowing up the build.
By pulling the extraction code back into the build function, we keep the
temporary directory around until the build completes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
There are many use cases where you want to just mount an image
without creating a container on it. For example you might want
to just examine the content in an image after you pull it for
security analysys. Or you might want to just use the executables
on the image without running it in a container.
The image is mounted readonly since we do not want people changing
images.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We should default to the user name unmount rather then the internal
name of umount.
Also User namespace was not being handled correctly. We want to inform
the user that if they do a mount when in rootless mode that they have
to be first in the podman unshare state.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently some commands use the html/template package.
This can lead to invalid output.
e.g. `system df --verbose` will print `<none>`
instead of `<none>` with an untaged image.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Somewhere in the Podman v2 rewrite, we allowed
`podman start --attach` to print the container ID of the started
container after exiting from the attach session (via detach key
or the container exiting naturally). We should never print the ID
when `--attach` is given, which makes the fix simple - make the
print statement conditional on `--attach` not being present.
Wierdly, this only happened with `--interactive` was given to
`podman start`. I don't know why that is, but this resolves the
issue without having to dig any deeper, so I'm content.
Fixes#7055
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Currently you can not apply an ApparmorProfile if you specify
--privileged. This patch will allow both to be specified
simultaniosly.
By default Apparmor should be disabled if the user
specifies --privileged, but if the user specifies --security apparmor:PROFILE,
with --privileged, we should do both.
Added e2e run_apparmor_test.go
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
--umask sets the umask inside the container
Defaults to 0022
Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Ashley Cui <acui@redhat.com>
People who use docker scripts with Podman see failures
if they use disable-content-trust flag. This flag already
existed for podman build, adding it to pull/push/create/run.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Qi Wang
Jhon Honce
Giuseppe Scrivano
OpenShift Merge Robot
Brent Baude
zhangguanzhang
Matthew Heon
Daniel J Walsh
Paul Holzinger
Ashley Cui
Anthony Sottile
Matthew Heon