Although storage is more human-readable when expressed in SI units,
IEC/JEDEC (Bytes) units are more pertinent for memory-related values
(and match the format of the --memory* command-line options).
(To prevent possible compatibility issues, the default SI display is
left unchanged)
See https://github.com/containers/podman/issues/8945
Signed-off-by: Stuart Shelton <stuart@shelton.me>
Docker does not support this, and it is confusing what to do if
the image has more then one tag. We are dropping support for this
in podman 3.0
Fixes: https://github.com/containers/podman/issues/7387
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The libpod/define code should not import any large dependencies,
as it is intended to be structures and definitions only. It
included the libpod/driver package for information on the storage
driver, though, which brought in all of c/storage. Split the
driver package so that define has the struct, and thus does not
need to import Driver. And simplify the driver code while we're
at it.
Signed-off-by: Matthew Heon <mheon@redhat.com>
`staticcheck` is a golang code analysis tool. https://staticcheck.io/
This commit fixes a lot of problems found in our code. Common problems are:
- unnecessary use of fmt.Sprintf
- duplicated imports with different names
- unnecessary check that a key exists before a delete call
There are still a lot of reported problems in the test files but I have
not looked at those.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
This creates error objects for runtime errors that might come from the
runtime. Thus, indicating to users that the place to debug should be in
the security attributes of the container.
When creating a container with a SELinux label that doesn't exist, we
get a fairly cryptic error message:
```
$ podman run --security-opt label=type:my_container.process -it fedora bash
Error: OCI runtime error: write file `/proc/thread-self/attr/exec`: Invalid argument
```
This instead handles any errors coming from LSM's `/proc` API and
enhances the error message with a relevant indicator that it's related
to the container's security attributes.
A sample run looks as follows:
```
$ bin/podman run --security-opt label=type:my_container.process -it fedora bash
Error: `/proc/thread-self/attr/exec`: OCI runtime error: unable to assign security attribute
```
With `debug` log level enabled it would be:
```
Error: write file `/proc/thread-self/attr/exec`: Invalid argument: OCI runtime error: unable to assign security attribute
```
Note that these errors wrap ErrOCIRuntime, so it's still possible to to
compare these errors with `errors.Is/errors.As`.
One advantage of this approach is that we could start handling these
errors in a more efficient manner in the future.
e.g. If a SELinux label doesn't exist (yet), we could retry until it
becomes available.
Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
instead of opening directly the UNIX socket path, grab a reference to
it through a O_PATH file descriptor and use the fixed size string
"/proc/self/fd/%d" to open the UNIX socket. In this way it won't hit
the 108 chars length limit.
Closes: https://github.com/containers/podman/issues/8798
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This PR takes the settings from containers.conf and uses
them. This works on the podman local but does not fix the
issue for podman remote or for APIv2. We need a way
to specify optionalbooleans when creating containers.
Fixes: https://github.com/containers/podman/issues/8843
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
In 2.2.x, we moved `play kube` to use the Start() API for pods,
which reported errors in a different way (all containers are
started in parallel, and then results reported as a block). The
migration attempted to preserve compatibility by returning only
one error, but that's not really a viable option as it can
obscure the real reason that a pod is failing. Further, the code
was not correctly handling the API's errors - Pod Start() will,
on any container error, return a map of container ID to error
populated for all container errors *and* return ErrPodPartialFail
for overall error - the existing code did not handle the partial
failure error and thus would never return container errors.
Refactor the `play kube` API to include a set of errors for
containers in each pod, so we can return all errors that occurred
to the frontend and print them for the user, and correct the
backend code so container errors are actually forwarded.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Adding another check in the `podman search --list-tags --format json` test case.
Replacing an anonymous struct by \`listEntryTag\` struct.
Signed-off-by: Alexandre Fourcat <afourcat@gmail.com>
`podman ps --format {{.Networks}}` will show all connected networks for
this container. For `pod ps` it will show the infra container networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Allow to filter on the network name or full id.
For pod ps it will filter on the infra container networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Currently if server is not connected, we return an error message that
is confusing users on Mac and Windows boxes. The hope here is to make
it a little easier to discover that a Podman service is required.
This message is similar to what Docker puts out so people might under
stand it better.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Restore correct API endpoint payloads including reclaimed space numbers
* Include tests for API prune endpoints
* Clean up function signatures with unused parameters
* Update swagger for /networks/prune
Fixes#8891
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Due to various reasons, CI results (esp. testing tasks) are completely
ignored for builds triggered by a new tag-push. Additionally, since
many of the automation scripts are in the repo., any related
failures/flakes would require code changes (therefore a new tag).
Resolve this by skipping every testing-type task for builds triggered by
tag-push. Only retain tasks which build things intended for consumption
associated with a possible official release.
Signed-off-by: Chris Evich <cevich@redhat.com>
zhangguanzhang
Stuart Shelton
OpenShift Merge Robot
Daniel J Walsh
Ed Santiago
Matthew Heon
Paul Holzinger
Juan Antonio Osorio Robles
Giuseppe Scrivano
Chris Evich
Valentin Rothberg
Matthew Heon
dependabot-preview[bot]
Alexandre Fourcat
unknown
Jhon Honce