In case something other than a block device is supplied, podman proceeds
to apply settings for a block device with the same minor:major.
For example, "--blkio-weight-device /dev/zero:123" (alas, this is taken
literally from podman-update(1) EXAMPLES section) sets blkio weight
for /dev/ram5. Instead, it should error out since /dev/zero is not a
block device.
Add an appropriate check.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Refactor these functions to
- avoid repetition of common code (mostly stat of block device path);
- perform early return if nothing is to be done;
- remove some excessive nesting.
It also improves some error messages.
This is a preparation for the next commit.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
changing the validate-in-container make target to use
quay.io/libpod/validatepr:latest. this allows `make validate` to run to
completion doing linting, ed's perl checks, and pre-commit.]
The image is now based on F42 `awk` is not part of the base image, so I added `awk`.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The prior version talked about potential access to DBus, but this is a
bogus warning: default OS setups do not bind DBus to localhost or to an
abstract Unix socket. It is possible that the original author was
thinking of CVE-2020–15257, which affected containerd's abstract Unix
socket; they fixed it by switching to a named socket, just as DBus
always (?) has done.
Signed-off-by: Warren Young <wyoung@tangentsoft.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Starting with [1] we now build and publish the wsl image from the
machine-os repo, as such this special case is no longer needed.
[1] https://github.com/containers/podman-machine-os/pull/142
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This script is no longer used as the device mapper storage driver was
removed over a year ago.
Commit 60692ca already removed the build tag reference but not this
script which set a buildtag for it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Dynamically link sqlite3 when installed, the main motivation is that we
reduce the podman binary size with that. I see about 2.5 MB savings.
But also dynamically linking it means if there a vulnerabilities only
the sqlite3 distro package needs updating and we don't have to make a
new podman release with the vendored update.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The local-cross Make target has superceeded this old Make target and the
warning to not use it has been in place now for 4+ years.
Removing it to clean up the Makefile slightly.
Signed-off-by: Lewis Roy <lewis@redhat.com>
This exclusion has been there since the make target was added[1]. I wasn't
able to find the reason but this runs on Darwin today and is useful to
be able to run when you are developing bindings on a Mac.
[1] https://github.com/containers/podman/pull/8956
Signed-off-by: Lewis Roy <lewis@redhat.com>
It has not been in use since commit f218f8430a and should have been
removed there. It seems somehow it is causing a bug since our env file
is empty. In that case it triggers a segfault and since that happens
from within pam we are unable to login in any way.
I reported the issue[1] but because we don't need this just remove it so
we don't have to wait for a fix.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2370858
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Do not write /etc/environment.d files, something is broken in the new
image that causes the boot to fail when any basic var is set there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Users of WSL images currently get podman from the copr rpm on the
release PR with Epoch: 102. This is a problem if the user is looking to
update the image with packages from official Fedora repos.
This commit limits Epoch: 102 to only the podman rpms on
rhcontainerbot/podman-next copr. All other rpms, including other copr
rpms, will use the default Epoch.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
podman system check --quick currently only skips layer contents, but
practically it's not much quicker than without the flag.
This changes the flag to also skip checking layer digests which speed up
the check significantly.
In some cases, it is useful to opt for a quicker check if we prioritize
detecting and fixing severe corruption and can tolerate minor damage.
The check option is derived from CRI-O's internal repair:
9e4d86d823/internal/lib/container_server.go (L860)
Signed-off-by: Sonny Sasaka <sonnysasaka@gmail.com>
Two incomptable changes, they removed the BridgeNfIP6tables
and BridgeNfIptables fields so we must drop them. As they are not
important ones that should not cause problems.
Second, they moved to using DockerOCIImageConfig from another new module.
The json format did not chnage so this is not an external API break.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
this patch changes how the detection of wsl works.
The old way of using wsl --status command output to detect some missing features required by WSL is not fully reliable.
WSL checks if the wsl feature is enabled and if the vmcompute service do exist. However, this is not enough to identify if the virtual machine platform feature is enabled. The vmcompute service could exist because it has been installed by other tools or it could exist but being stopped.
The way proposed by this patch is to try execute the import command and,
if it fails, check the error and if it is related to the Host Compute
Service try to install all features required by WSL.
The flow is the same as before, the user is asked to execute the podman
machine init command with elevated privileges. Eventually, after
enabling WSL and VMP features, the user is asked to reboot the machine.
When the machine restarts, the powershell gets invoked again and execute
the command init.
The code also fixes some issues that could cause misbehaviors when
invoking recursively the elevated shell, like an unreleased lock, or a
missing file.
Signed-off-by: lstocchi <lstocchi@redhat.com>
Kir Kolyshkin
openshift-merge-bot[bot]
renovate[bot]
Brent Baude
Warren Young
Paul Holzinger
Lewis Roy
Erik Sjölund
Lokesh Mandvekar
Hiếu Lê
Ashley Cui
Sonny Sasaka
Nalin Dahyabhai
lstocchi