When trying to reproduce #4704 I noticed that the named volumes
from the Postgres containers in the reproducer weren't being
removed by `podman pod rm -f` saying that the container they were
attached to was still in use. This was rather odd, considering
they were only in use by one container, and that container was in
the process of being removed with the pod.
After a bit of tracing, I realized that the cause is the ordering
of container removal when we remove a pod. Normally, it's done
in removeContainer() before volume removal (which is the last
thing in that function). However, when we are removing a pod, we
remove containers all at once, after removeContainer has already
finished - meaning the container still exists when we try to
remove its volumes, and thus the volume can't be removed.
Solution: collect a list of all named volumes in use by the pod,
and remove them all at once after every container in the pod is
gone. This ensures that there are no dependency issues.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Finding systemd devel packages using libsystemd does not work as
in RHEL based distro the package name is systemd-devel and for
deb/ubunutu it is libsystemd. It is also giving false result when
podman rpm is built with systemd but hack/systemd_tag.sh does not
return anything.
Install systemd-devel package in build_rpm.sh script
Moving to systemd/sd-daemon.h header files which comes from devel
packages fixes the issue.
Signed-off-by: Chandan Kumar (raukadah) <raukadah@gmail.com>
The earlier attempt to re-add config migration only worked with
user-specified configs (podman run --config). This version works
more in line with that we want - the first rootless config file
will be changed from runc to crun.
Verified on my system after an F31 migration - everything seems
to be working well.
Signed-off-by: Matthew Heon <mheon@redhat.com>
While building the spec file on fedora, in rpmbuild log,
.sh: No such file or directory error is shown as full path of
hack directory is not resolved leading to file not found error.
Appending the builddir and libpod path with hack will fix the issue.
Signed-off-by: Chandan Kumar (raukadah) <raukadah@gmail.com>
We currently rely on exec sessions being removed from the state
by the Exec() API itself, on detecting the session stopping. This
is not a reliable method, though. The Podman frontend for exec
could be killed before the session ended, or another Podman
process could be holding the lock and prevent update (most
notable in `run --rm`, when a container with an active exec
session is stopped).
To resolve this, add a function to reap active exec sessions from
the state, and use it on cleanup (to clear sessions after the
container stops) and remove (to do the same when --rm is passed).
This is a bit more complicated than it ought to be because Kata
and company exist, and we can't guarantee the exec session has a
PID on the host, so we have to plumb this through to the OCI
runtime.
Fixes#4666
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The env variable `LDFLAGS` belongs to the gcc linker, while the Makefile
currently expects these to be valid go compiler flags. Move them to
`-extldflags` as appropriate. The equivalent flag in go is
`CGO_LDFLAGS`.
Ensure test files are also using `LDFLAGS_PODMAN` instead of `LDFLAGS`.
Signed-off-by: Morten Linderud <morten@linderud.pw>
c/psgo added a new `stime` descriptor. Mention that in the man page and
refer to podman-top(1) in podman-pod-top(1) to avoid redundancy.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
to make things more effecient for the api work we are doing, we should
process image filters internally (as opposed to in main). this allows
for better api responses and more closely affiliated functions.
Signed-off-by: baude <bbaude@redhat.com>
In the process, make everything in the config omitempty in TOML.
We're seeing issues (notably [1]) where, after rewriting
libpod.conf, fields that were not previously populated are
written - and, because they were not previously written, they are
included as empty. This is unfortunately different from not
included at all - it means that we need to assume the user
explicitly unset the value, and we can't use defaults. Setting
omitempty prevents us from writing things that should not be
written as they were not set originally.
[1] https://github.com/containers/libpod/issues/4210
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Currently, we return a runtime directory of the form
`/run/user/<uid>`, even when running as root. Depending on configuration,
that directory may be deleted when the user logs out, which is quite
awkward when the container is started as a systemd service and then
someone logs in and out as root.
This patch fixes the problem by returning an empty runtime directory if the
container is being started by root. The runtime should automatically use
the default runtime directory (`/run/crun` when crun is used), which should
be accessible to root.
Tested in Fedora 31 by running containers under both root and a regular
user. State for root containers is stored in `/run/crun`, while state for
rootless containers is in `/run/user/<uid>/crun`.
Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
Return types had to change a bit for this, but since we can wrap
the old v1.ImageConfig, changes are overall not particularly bad.
At present, I believe this only works with commit, not import.
This matches how things were before we changed to the new parsing
so I think this is fine.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
It turns out we had two independent parsing impkementations for
Dockerfile instructions out of --change. My previous commit fixed
the one used in --change, but as I discovered to my dismay,
commit used a different implementation. Remove that and use the
new parsing implementation instead.
While we're at it, fix some bugs in the current commit code. The
addition of anonymous named volumes to Libpod recently means we
can now include those in the image config when committing. Some
changes (VOLUME, ENV, EXPOSE, LABEL) previously cleared the
config of the former image when used; Docker does not do this, so
I removed that behavior.
Still needs fixing: the new implementation does not support
ONBUILD, while the old one did.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
See https://github.com/containers/buildah/pull/1955
I've confirmed that this test fails under podman-1.6.2-2.fc30
and passes under current master.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Matthew Heon
OpenShift Merge Robot
Chandan Kumar (raukadah)
Sascha Grunert
nitrocode
Matthew Heon
Morten Linderud
baude
Valentin Rothberg
dependabot-preview[bot]
Jonathan Dieter
Marco Vedovati
Ed Santiago