It's not necessary to fill in state immediately, as we'll be
overwriting it on any API call accessing it thanks to
syncContainer(). It is also causing races when we fetch it
without holding the container lock (which syncContainer() does).
As such, just don't retrieve the state on initial pull from the
database with Bolt.
Also, refactor some Linux-specific netns handling functions out
of container_internal_linux.go into boltdb_linux.go.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1186
Approved by: rhatdan
When removing an image via varlink, we should always return the
ID of the image even in the case where the image has multiple
repository names and one was only untagged.
Reported by jhonce during integration testing.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1191
Approved by: jwhonce
This is the second round of performance improvements for out
integration tests.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1190
Approved by: rhatdan
due to how cstorage is designed, we were spewing thousands of fds when
we restored cached images causing unwieldy rlimits. we now use podman
load to restore the images thereby not tripping the issue.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1188
Approved by: baude
The auto decompression functionality was already vendored in
with containers/image. Adding a test for it.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1137
Approved by: rhatdan
Stop all containers with a zero timeout prior to trying to rm -fa. This results
in quicker teardown times by not waiting for timeouts.
Also, with wait tests, no need to wait the full 10 second sleep. 1 will do.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1181
Approved by: rhatdan
Because our tests are getting so long, we want to be able to audit which tests are taking
the longest to complete. This may indicate a bad test, bad CI, bad code, etc and therefore
should be auditable.
Also, make speed improvements to tests by making sure we only unpack caches images that
actually get used.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1178
Approved by: mheon
update to version 956a1971694f18fd602b1203c0a2d192e2cc88a1
inherit support for IDs shifting when fuse-overlayfs is used.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1177
Approved by: mheon
* Some of the pedantic errors were not corrected
* Clean up prep for porting to MacOS and PyPi hosting
* Fix broken unittest
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1159
Approved by: rhatdan
If an image is created from another and it is deleted,
only delete the actual image and not the parent images
if the parent images have names/references.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1174
Approved by: mheon
Added Pause() and Unpause() to libpod/pod.go
Added man pages, tests and completions
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1126
Approved by: rhatdan
There is a compiler warning that has been fixed in the
upstream, so I figured we should update to fix.
Also vendor in latest buildah to get better support for running builds in rootless
mode.
Vendor in latest containers/image to allow daemon support to be pluggable.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1169
Approved by: mheon
Now, for commands that have --latest and --all, the context flags are checked, and pods are grabbed in a single function
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1161
Approved by: rhatdan
The CNI plugins upstream removed their network namespace creation
code, making it a test package only. Copy it into our repository
and slightly modify it for our use (most notably, use MNT_DETACH
when unmounting namespaces).
This new CNI code splits closing and unmounting network
namespaces, which allows us to greatly reduce the number of
occasions on which we call teardownNetwork() and make more errors
in that function fatal instead of warnings. Instead, we can call
Close() and just close the open file descriptor in cases where
the namespace has already been cleaned up.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1165
Approved by: baude
We need to pick up changes to the netns packages that are not yet
in a released tag.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1165
Approved by: baude
Currently, getRuntimeSpec always fails on non-Linux because
spec.CreateConfigToOCISpec always fails, because the podman CLI
sets up a seccomp path, and processing that on non-Linux is not supported. This
breaks testing of entirely unrelated options.
We can either skip the tests on non-Linux, or explicitly disable seccomp
inside the tests. Linux testing matters much more than other platforms,
and the tests are more reliable when they don't change supposedly
unrelated options; so, skip the tests on non-Linux.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
This just muves the Linux implementation, unchanged, to the
platform-agnostic file. Should not change behavior on Linux.
On non-Linux platforms, reading containers from BoltDB now works
(and rejects containers with namespace data). The checkRuntimeConfig
validation ensures that each BoltDB database is only used on one platform,
so network namespaces should never exist in non-Linux BoltDB files.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
This is the actual platform-specific part of getContainerFromDB.
Factor it out, unchanged, on Linux. On other platforms, introduce
a stub which fails if any data exists; this stub is not yet called.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
On macOS NewImageRuntimeFromOptions fails with chown EPERM because the
"vfs" driver tries to chown its home to root:root 0700; in fact running
as root seems to be a generic requirement. So, skip the tests if not
running as root.
(This could maybe benefit from an extra state, maybe an environment
variable like RUNNING_IN_CI, to make sure the tests are actually
run often enough.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
(make localunit) complains about the unbuildable subpackage; silence that.
Actually, I can't find any user of checkseccomp in this repo; maybe
it is entirely unused?
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
None of the functions are used within the package, and it does not build
on non-Linux systems.
(Similar code continues to exist in pkg/chrootuser, and is unaffected.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Closes: #1115
Approved by: rhatdan
Moved contents of RestartWithTimeout to restartWithTimeout in container_internal to be able to call restart without locking in function.
Refactored startNode to be able to either start or restart a node.
Built pod Restart() with new startNode with refresh true.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1152
Approved by: rhatdan
Per https://www.sqlite.org/src/artifact/c230a7a24?ln=994-1081,
POSIX file advisory locks are unsafe to use within a single
process if multiple file descriptors are open for the same file.
Unfortunately, this has a strong potential to happen for
multithreaded usage of libpod, and could result in DB corruption.
To prevent this, wrap all access to BoltDB within a single
libpod instance in a mutex to ensure concurrent access cannot
occur.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
If more than one volume was mounted using the --volume flag in
podman run, the second and onwards volumes were picking up options
of the previous volume mounts defined. Found out that the options were
not be cleared out after every volume was parsed.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1142
Approved by: mheon
* Some of the pedantic errors were not corrected
* Clean up prep for porting to MacOS and PyPi hosting
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #1155
Approved by: baude
Better explain the inner workings of both state types in comments
to make reviews and changes easier.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Matthew Heon
Giuseppe Scrivano
baude
Daniel J Walsh
umohnani8
Jhon Honce
haircommander
Miloslav Trmač
Valentin Rothberg