Issue #15923 should have never happened: the problem should've
been autodetected. Make it so henceforth (and fix another
existing discrepancy)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Changes since 2022-09-09:
- man page: add --skip-unused-stages (buildah 4249)
- man page: bring in new Note for --cache-ttl (4248)
- system tests: de-stutter (4205)
- (internal): in skip() applier: escape asterisk, otherwise
the "bud with --dns* flags" sed expression never applies.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
At the time of this commit, there's no easier way to detect this using
`golangci-lint` or the go tool (that I could find). A future update
to the `go list` command may support detection, for now use a CI script.
Signed-off-by: Chris Evich <cevich@redhat.com>
Some users are still on f35, so we need to account for that for some
time.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This allows tools like Cockpit to know that the pod in question
has also been updated, so they can refresh the list of containers
in the pod.
Fixes#15408
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We added the concept of image volumes in 2.2.0, to support
inspecting an image from within a container. However, this is a
strictly read-only mount, with no modification allowed.
By contrast, the new `image` volume driver creates a c/storage
container as its underlying storage, so we have a read/write
layer. This, in and of itself, is not especially interesting, but
what it will enable in the future is. If we add a new command to
allow these image volumes to be committed, we can now distribute
volumes - and changes to them - via a standard OCI image registry
(which is rather new and quite exciting).
Future work in this area:
- Add support for `podman volume push` (commit volume changes and
push resulting image to OCI registry).
- Add support for `podman volume pull` (currently, we require
that the image a volume is created from be already pulled; it
would be simpler if we had a dedicated command that did the
pull and made a volume from it)
- Add support for scratch images (make an empty image on demand
to use as the base of the volume)
- Add UOR support to `podman volume push` and
`podman volume pull` to enable both with non-image volume
drivers
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
According to https://systemd.io/CONTAINER_INTERFACE/, systemd will try take
control over /dev/ttyN if exported, which can cause conflicts with the host's tty
in privileged containers. Thus we will not expose these to privileged containers
in systemd mode, as this is a bad idea according to systemd's maintainers.
Additionally, this commit adds a bats regression test to check that no /dev/ttyN
are present in a privileged container in systemd mode
This fixes https://github.com/containers/podman/issues/15878
Signed-off-by: Dan Čermák <dcermak@suse.com>
Background: in order to add aarch64 tests, we had to add
emergency skips to a lot of failing tests. No attempt was
ever made to understand why they were failing.
Fast forward to today, I filed #15888 just to see if tests
are still failing. Looks like a number of them are fixed.
(Yes, magically). Remove those skips.
See: #15074, #15277
Signed-off-by: Ed Santiago <santiago@redhat.com>
Allow overwrite of the signature-policy file
by passing signature-policy flag to podman save command
Closes: https://github.com/containers/podman/issues/15869
Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
Add --label/-l label flag to secret create, and show labels when
inspecting secrets. Also allow labeling secrets via libpod/compat API.
Signed-off-by: Ashley Cui <acui@redhat.com>
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37. Fortunately, functionality identical
replacements are provided by the packages `io` and `os`. Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.
Signed-off-by: Chris Evich <cevich@redhat.com>
This also moves the logic for resolving paths in running and stopped
containers tp container_copy_linux.go.
On FreeBSD, we can execute the function argument to joinMountAndExec
directly using host-relative paths since the host mount namespace
includes all the container mounts.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
The logic that treats running containers differently from stopped
containers is not needed on FreeBSD where the container mounts live in
a global mount namespace.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Baby steps toward merging #14046: document Go format options
for podman events.
This is deliberately imperfect. I am not the right person
to document these. I am simply the person who is getting
a skeleton framework in place.
Signed-off-by: Ed Santiago <santiago@redhat.com>
OpenShift Merge Robot
Ed Santiago
Erik Sjölund
Daniel J Walsh
Chris Evich
Sam Morris
Lokesh Mandvekar
Matthew Heon
Ashley Cui
Dan Čermák
😎Mostafa Emami
Boaz Shuster
Doug Rabson