When container is being removed, podman iterates
through its exec sessions and checks whether exec
session pid is still alive.
The problem is that the pid can be reused for other processes,
so that it may not belong to exec session.
In this scenario podman may kill another process
This commit prevents it by doing following changes:
- Adds the PIDData string to ExecSession struct. This string
is used to store additional context for a PID to later verify
that the PID killed by the podman is really the one started by
it.
- Adds new package called pidhandle which implements the methods
generating the PIDData, and killing the PID with the PIDData
ensuring the right PID is killed by verifying the metadata.
The new code uses pidfd_open and name_to_handle_at when available.
It fallbacks to process start-time get using the gopsutil package.
Fixes: #25104
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Create GitHub action to automatically bump to a -dev version after a release is tagged.
On a branch:
- The bump will always be a z bump on branches
- If the bump is to an RC, then the bump will be back down to dev (ie, 9.9.0-rc1 to 9.9.0-dev)
- If the bump is not an RC, the bump wil be up to dev (ie, 9.9.0 to 9.9.1-dev)
On main:
- If the X.Y version on main is smaller than the X.Y on the release tag, this action will open a PR to bump the version on main to the release tag's X.Y+1
- Major version (X) dev bumps will still need to be manual
Signed-off-by: Ashley Cui <acui@redhat.com>
Winmake could only build amd64 artifacts (podman-remote, gvproxy,
win-sshproxy, podman.msi and podman-setup.exe).
This commit makes the necessary change to winmake so that it:
1) builds arm64 artifacts when executed on arm64
2) cross-compiles to arm64/amd64 with the `-architecture` parameter
It depends on https://github.com/containers/podman/pull/26023 that
removes the need to build `check.c` code (that is not used anyway).
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
This commit introduces TMT test jobs triggered via packit to run system
tests on testing-farm infrastructure. Tests are run for
Fedora 41, 42 and rawhide on x86_64. The same
test plan will be reused by Fedora for bodhi, zuul and fedora-ci gating
tests. Packit will handle syncing of test plan and sources from upstream
to downstream.
Packit failure notification has also been updated to be less noisy and
let people know they are free to ignore any failures.
TODO:
1. Enable jobs for CentOS Stream and aarch64 envs.
2. Enable separate set of jobs for release branches as they need to be
tested with official distro packages, not with bleeding-edge
packages.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Get the timezone off the localtime symlink like systemd does it.
It is more efficient then fork/exec another command for it that may or
may not exits and the /etc/timezone files doesn't exist on most distros
so that is not a great fallback.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If you run timedatectl inside it will not show the correct timezone, it
seems systemd really wants a relative link which is also documented by
coreos[1]. Also we can just use path.Join() directly and don't have to
convert the path again on windows.
[1] https://docs.fedoraproject.org/en-US/fedora-coreos/time-zone/#_setting_the_time_zone_via_ignition
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It makes no sense to forward it, SIGSTOP cannot be handled by
userspace (like SIGKILL) and it didn't do anything before so this just
makes it more explicit.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Instead of catching all signals and then ignoring them inside the loop
again just don't register them in Notify() to begin with.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Lokesh Mandvekar
openshift-merge-bot[bot]
renovate[bot]
Stuart Cardall
Ygal Blum
Jan Kaluza
Giuseppe Scrivano
Ashley Cui
Mario Loriedo
Paul Holzinger