Users coming e.g. from Docker do not always read the manual and
expect podman to not require sudo or uidmap, for them the default
message is not very helpful:
Error: Cannot connect to the Podman socket, make sure there is a Podman REST API service running.:
cannot find newuidmap: exec: "newuidmap": executable file not found in $PATH
Adding a bit more context to this would help to nudge them into the
right direction and tell them what to look for in the documentation:
command required for rootless mode with multiple IDs: exec: "newuidmap": executable file not found in $PATH
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
[NO TESTS NEEDED]
when deciding to create a user namespace, check for CAP_SYS_ADMIN
instead of looking at the euid.
[NO TESTS NEEDED] Needs nested Podman
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when creating a user namespace, attempt to create it first by copying
the current mappings and then fallback to the other methods:
1) use newidmap tools and ...
2) create a user namespace with a single user mapped.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add machine-enabled=true into /etc/containers/containers.conf when
initing a VM. This field should tell Podman it's being run in a
podman-machine and it will be used in future to tell podman to set up
other necessary machine stuff such as networking
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
This option allows users to specify the maximum amount of time to run
before conmon sends the kill signal to the container.
Fixes: https://github.com/containers/podman/issues/6412
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
It is possible that a container is removed between fetching the
initial list of containers and the second access during conversion.
Closes#10120
[NO TESTS NEEDED]
Signed-off-by: Jakob Ahrer <jakob@ahrer.dev>
In libpod/image.Image.Remove(), if the attempt to find the image's
parent fails for any reason, log a warning and proceed as though it
didn't have one instead of failing, which would leave us unable to
remove the image without resetting everything.
In libpod/Runtime.RemoveImage(), if we can't determine if an image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
In pkg/domain/infra/abi.ImageEngine.Remove(), when attempting to remove
all images, if we encounter an error checking if a given image has
children, log a warning, and assume that it doesn't have any instead of
failing, which would leave us unable to remove the image without
resetting everything.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
- Persist CDIDevices in container config
- Add e2e test
- Log HasDevice error and add additional condition for safety
Signed-off-by: Sebastian Jug <seb@stianj.ug>
Add a new --ip flag to podman play kube. This is used to specify a
static IP address which should be used for the pod. This option can be
specified several times because play kube can create more than one pod.
Fixes#8442
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Distro builds on Fedora and Kubic projects use GO111MODULE=off
by default which are currently failing. This commit fixes it and
going forward, podman CI will also indicate failures in rpm builds.
The additional LDFLAGS have been removed from the spec file
which is not ideal. But, currently we only use the spec file
to check if the rpm builds fine. We can fix the LDFLAGS in a
later commit when we're working on packit integration.
conmon build has also been removed from podman.spec.in because the COPR
for which it was provided has been discontinued.
[NO TESTS NEEDED]
Fixes: #10009
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The --log-driver flag was silently ignored by podman play kube. This
regression got introduced during the play kube rework.
Unfortunately the test for this was skipped for no good reason.
Fixes#10015
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
This time we are checking if the function actually succeeded,
otherwise we will report an error.
Also if we did not get the id, report unexpected failure.
[NO TESTS NEEDED] Still no good way to test this, but manually.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When our multierror contains just one error, don't extract its text only
to rewrap it, because doing so discards any stack trace information that
might have been added closer to where the error actually originated.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We have a race condition where podman build can fail
but still return an exit code of 0. This PR ensures
that as soon as the build fails, the failed flag is set
eliminating the race.
Fixes: https://github.com/containers/podman/issues/10029
[NO TESTS NEEDED] Tests of failed builds are already in place, and
the elimination of the race should be enough.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We originally added this in the *very early* days of Podman,
before a proper persistent state was written, so we had something
to test with. It was retained after the original SQLite state
(and current BoltDB state) were written so it could be used for
testing Libpod in unit tests with no requirement for on-disk
storage. Well, such unit tests never materialized, and if we were
to write some now the requirement to have a temporary directory
for storing data on disk is not that bad. I can basically
guarantee there are no users of this in the wild because, even if
you managed to figure out how to configure it when we don't
document it, it's completely unusable with Podman since all your
containers and pods will disappear every time Podman exits.
Given all this, and since it's an ongoing maintenance burden I no
longer wish to deal with, let's just remove it.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Swagger documentation reported that the API endpoint /pods/create
returned 200 while the as-built code returned 201. 201 is more
correct so documentation updated.
Tests already checked for 201 so no updated needed.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add validation for manifest name
* Always return an array for manifests even if empty
* Add missing return in df handler when returning error. Caused an
additional null to be written to client crashing python decoder.
When c/image is refactored to include manifests, manifest endpoints should
be revisited.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
[NO TESTS NEEDED]
force bitsSize==64 so that the string is always parsed to a uint64
instead of using the native int size, that could be not big enough on
32 bits arches.
Closes: https://github.com/containers/podman/issues/9979
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
OpenShift Merge Robot
Daniel J Walsh
Andrej Shadura
Giuseppe Scrivano
flouthoc
Ashley Cui
SoMuchForSubtlety
Nalin Dahyabhai
Sebastian Jug
Eduardo Vega
Paul Holzinger
wuhua.ck
Jakub Guzik
Lokesh Mandvekar
zhangguanzhang
Matthew Heon
Jhon Honce