Per Adrian Reber, the aarch64 kernel doesn't support the soft dirty bit
and support isn't expected anytime soon.
Ref: https://github.com/checkpoint-restore/criu/issues/2676
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
When using `docker compose run --entrypoint ''`, docker sends
`"Entrypoint": []` in the JSON. Podman currently treats that
as `nil` and fallback to default image entrypoint.
This is not what is expected by the user. Instead, it should
not use any entrypoint.
This commit fixes it by properly propagating the `[]` downstream
to libpod.
Fixes: #26078
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
When a container has no image, i.e. using rootfs like our new infra
containers then the Image function crashed trying to show the first 12
image ID chars. If there is no image simply show nothing there.
Fixes: #26224
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Specifically, this does two things:
1. Turn on case-sensitive LIKE queries. Technically, this is not
specific to volumes, as it will also affect container and pod
lookups - but there, it only affects IDs. So `podman rm abc123`
will not be the same as `podman rm ABC123` but I don't think
anyone was manually entering uppercase SHA256 hash IDs so it
shouldn't matter.
2. Escape the _ and % characters in volume lookup queries. These
are SQLite wildcards, and meant that `podman volume rm test_1`
would also match `podman volume rm testa2` (or any character in
place of the underscore). This isn't done with pod and container
lookups, but again those just use LIKE for IDs - so technically
`podman volume rm abc_123` probably works and removes containers
with an ID matching that pattern... I don't think that matters
though.
Fixes#26168
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
After the system reboot, the Rootfs for infra-container can
be removed. This can happen when it is stored on tmpfs.
This commit recreates the infra-container directory which is
used for Rootfs for infra-container before mounting it.
Fixes: #26190
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The e2e tests for device access involving /dev/kmsg could fail
intermittently. This was due to a race condition where concurrent
writes to the kernel log buffer by other processes, while the test
was reading from /dev/kmsg, could cause the read to fail with ESPIPE.
Fixes: https://github.com/containers/podman/issues/23882
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
getAllDependencies() skips recursing into dependencies that are already
running, but BuildContainerGraph() expects a *complete* set of inputs
and returns an error if any are missing. Thus, podman will fail to start
a container with already-running direct dependencies that, in turn, have
their own dependencies.
None of the other callers of BuildContainerGraph() omit anything from
their list of containers, so follow the same approach here, and just
let startNode figure out if a start is actually needed.
Fixes: containers/podman-compose#921
Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
Hard coding to none without checking containers.conf is not a good idea
as users who liked the previous behavior and the podman default behavior
of keeping the hosts entries can no longer do that.
With this commit they can set base_hosts_file = "/etc/hosts" to restore
the previous behavior.
Fixes: https://issues.redhat.com/browse/RHEL-92995
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Access to the cpuset cgroup controller is needed to run these tests.
Configuration on the CI workers prevents access to this controller
for rootless pods.
Signed-off-by: François Poirotte <clicky@erebot.net>
This commit adds two new annotations named
io.podman.annotations.cpuset/$ctrname and
io.podman.annotations.memory-nodes/$ctrname
The first one allows restricting a container's execution to specific
CPU cores while the second restricts memory allocations to specific
NUMA memory nodes. They are also added automatically when the
--cpuset-cpus and --cpuset-mems options are used.
Fixes: containers#26172
Signed-off-by: François Poirotte <clicky@erebot.net>
A recent change[1] in netavark makes it so we no longer set the default
dns.podman search domain. As such we must no longer test for it.
Follow up to 254ab3b90f ("test/system: do not check dns.podman")
[1] https://github.com/containers/netavark/pull/1214
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When podman restarts config values within the Engine are lost.
Add --hook-dirs arguments as appropriate to the cleanup command
so that hooks are preserved on restarts due to the on-restart setting
Tests: add a check that prestart/poststop hooks ran every time after 2
restarts.
`wait_for_restart_count` was re-used to wait for restarts and moved to
helpers file.
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Fixes: #17935
Previously, the HealthCheck exec session would not terminate on timeout, allowing the healthcheck to run indefinitely.
Fixes: https://issues.redhat.com/browse/RHEL-86096
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This fixes an issue where multiple paths separated by a colon were
treated as a single path, contrary to what docs say and unlike how mask
option works.
Test was updated with a case that fails without this commit.
Signed-off-by: Šimon Škoda <ver4a@uncontrol.me>
This commit introduces TMT test jobs triggered via packit to run system
tests on testing-farm infrastructure. Tests are run for
Fedora 41, 42 and rawhide on x86_64. The same
test plan will be reused by Fedora for bodhi, zuul and fedora-ci gating
tests. Packit will handle syncing of test plan and sources from upstream
to downstream.
Packit failure notification has also been updated to be less noisy and
let people know they are free to ignore any failures.
TODO:
1. Enable jobs for CentOS Stream and aarch64 envs.
2. Enable separate set of jobs for release branches as they need to be
tested with official distro packages, not with bleeding-edge
packages.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The tests for device I/O limits were using `/dev/zero`,
which is not a block device suitable for these cgroup
controls.
Update the tests to use `/dev/nullb0` if it exists.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The tests were incorrectly using `/dev/zero`. These options are
intended to set I/O limits on specific block devices.
The test already sets up a loopback device, so reuse it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Cgroup block I/O limits cannot be applied to character devices.
Ignore character devices in the inspect output.
Update the API tests to use the null block device `/dev/nullb0` (if
available) instead of `/dev/zero` for testing I/O limits.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The JSON decoder correctly cannot decode (overflow) negative values (e.g., `-1`) for fields of type `uint64`, as `-1` is used to represent `max` in `POSIXRlimit`. To handle this, we use `tmpSpecGenerator` to decode the request body. The `tmpSpecGenerator` replaces the `POSIXRlimit` type with a `tmpRlimit` type that uses the `json.Number` type for decoding values. The `tmpRlimit` is then converted into the `POSIXRlimit` type and assigned to the `SpecGenerator`.
This approach ensures compatibility with the Podman CLI and remote API, which already handle `-1` by casting it to `uint64` (`uint64(-1)` equals `MaxUint64`) to signify `max`.
Fixes: https://issues.redhat.com/browse/RUN-2859
Fixes: https://github.com/containers/podman/issues/24886
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
The Docker `-XDELETE image/$name?force=true` endpoint only removes
containers using an image if they are in a non running state.
In Podman, when forcefully removing images we also forcefully delete
containers using the image including running containers.
This patch changes the Docker image force delete compat API to act like the
Docker API while maintaining commands like `podman rmi -f $imagename`
It also corrects the API return code returned when an image is requested
to be deleted with running containers using it.
Fixes: https://github.com/containers/podman/issues/25871
Signed-off-by: Lewis Roy <lewis@redhat.com>
This looks like debug leftover, in any case this is not an error so
simply remove the line.
Fixes#25965
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The backstory for this is that runc 1.2 (opencontainers/runc#3967)
fixed a long-standing bug in our mount flag handling (a bug that crun
still has). Before runc 1.2, when dealing with locked mount flags that
user namespaced containers cannot clear, trying to explicitly clearing
locked flags (like rw clearing MS_RDONLY) would silently ignore the rw
flag in most cases and would result in a read-only mount. This is
obviously not what the user expects.
What runc 1.2 did is that it made it so that passing clearing flags
like rw would always result in an attempt to clear the flag (which was
not the case before), and would (in all cases) explicitly return an
error if we try to clear locking flags. (This also let us finally fix a
bunch of other long-standing issues with locked mount flags causing
seemingly spurious errors).
The problem is that podman sets rw on all mounts by default (even if
the user doesn't specify anything). This is actually a no-op in
runc 1.1 and crun because of a bug in how clearing flags were handled
(rw is the absence of MS_RDONLY but until runc 1.2 we didn't correctly
track clearing flags like that, meaning that rw would literally be
handled as if it were not set at all by users) but in runc 1.2 leads to
unfortunate breakages and a subtle change in behaviour (before, a ro
mount being bind-mounted into a container would also be ro -- though
due to the above bug even setting rw explicitly would result in ro in
most cases -- but with runc 1.2 the mount will always be rw even if
the user didn't explicitly request it which most users would find
surprising). By the way, this "always set rw" behaviour is a departure
from Docker and it is not necesssary.
Signed-off-by: rcmadhankumar <madhankumar.chellamuthu@suse.com>
To have consistency with other podman commands like `ps` and `images`,
`volume ls` should output its headers even when there are no volumes.
Fixes: https://github.com/containers/podman/issues/25911
Signed-off-by: Brent Baude <bbaude@redhat.com>
The README.md in test/buildah-bud had the old directory name for the
apply-podman-deltas file. This change removes the `/` and adds a `-`
in that file name.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
in #25884, it was pointed out that the standard detection used to
determine the artifact's file type can be wrong. in those cases, it
would be handy for the user to be able to override the media type of the
layer. as such, added a new option called `--file-type`, which is
optional, and allows users to do just that.
`podman artifact add --file-type text/yaml
quay.io/artifact/config:latest ./config.yaml `
Fixes: #25884
Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit removes the code to build a local pause
image from the Containerfile. It is replaced with
code to find the catatonit binary and include it in
the Rootfs.
This removes the need to build a local pause container
image.
The same logic is also applied to createServiceContainer
which is originally also based on the pause image.
Fixes: #23292
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
When using a custom --root it will not have the image present and as
such cause a pull. We can however use our own local cache if present to
avoid the pull if we give the right podman options via
_PODMAN_TEST_OPTS.
I saw the volume quota test fail during the pull in openQA thus I
noticed this issue.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Somehow the files do not match sometimes, I like to get data on the
/etc/hosts file on the host looks to see if this would explain anything.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is failing a lot, on the issue (#24571) there is a 100% reproducer
so we don't need to gather more data this is simply broken.
Reduce our flakes by skiping this until the main issue gets resolved.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This reverts commit d633824a95.
The issue has been fixed in commit 9a0c0b2eef and I have not seen it
since so remove this special case.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Sinc v5.0 pasta is the default and if it would not be installed a ton of
tests would already fail. As such these conditional checks are
pointless and can be removed to simplify the tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This `--config` option was initially added here:
4e4c3e3dbf
Under the hood this simply modifies env to set DOCKER_CONFIG=<passed
in string>
The DOCKER_CONFIG env var is used as a directory that contains
multiple config files... of which podman and container libs probably
only use `$DIR/config.json`.
See: https://docs.docker.com/reference/cli/docker/#environment-variables
The old CMD and help text was misleading... if we point the at a
regular file we can see errors like:
```
$ touch /tmp/foo/tmpcr9zrx71
$ /bin/podman --config /tmp/foo/tmpcr9zrx71 build -t foobar:latest
Error: creating build container: initializing source docker://quay.io/centos/centos:stream9: getting username and password: reading JSON file "/tmp/foo/tmpcr9zrx71/config.json": open /tmp/foo/tmpcr9zrx71/config.json: not a directory
```
^^ In this case we had created `/tmp/foo/tmpcr9zrx71` as a regular file.
Signed-off-by: Ian Page Hands <iphands@gmail.com>
Clarify that system test specifc configuration must be done via config
files and not via ad hoc environment variables like in test/e2e.
Also not that we only run the tests with crun so other runtimes may not
work but we accept patches to make them work with runc, e.g. Suse folks
currently run them with runc and contribute patches for them.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Lokesh Mandvekar
Jan Kaluza
openshift-merge-bot[bot]
Paul Holzinger
Matthew Heon
Giuseppe Scrivano
renovate[bot]
Ryan Gonzalez
François Poirotte
Patrick Barrett
Nicola Sella
Dominique Martinet
Jan Rodák
Ygal Blum
Šimon Škoda
Lewis Roy
Cesar Goncalves
flouthoc
Robin Heinemeier
rcmadhankumar
Brent Baude
tomsweeneyredhat
Inshal Khan
Ricardo Branco
Ian Page Hands