Tell sphinx not to process the "options" dir, those files
are not to be published.
Context: websearching for podman volume info, I stumbled upon:
https://docs.podman.io/en/latest/markdown/options/volume.html
...and panicked because I saw '<<container|pod>>', the options
include-file syntax that should never be seen by users. I thought
the filter script was broken.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The newly introduced `idmap` section of rootfs lacked a header
(comparable to Overlay Rootfs Mounts), had odd formatting, and
wording that differed from other instances of idmap, e.g., the
one in the --volume section. This commits addresses those issues.
Signed-off-by: Peter Whittaker <PeterWhittaker@SphyrnaSecurity.com>
Podman farm update allows users to update a farm by addig
connections, removing connections, or changing the default farm.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The podman farm create command allows users to create
farms from the avaiable podman system connections.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Podman should ignore failures to find a cidfile when stoping the
container if the user specified --ignore
Fixes: https://github.com/containers/podman/issues/19546
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Compat api for containers/stop should take -1 value
Add support for `podman stop --time -1`
Add support for `podman restart --time -1`
Add support for `podman rm --time -1`
Add support for `podman pod stop --time -1`
Add support for `podman pod rm --time -1`
Add support for `podman volume rm --time -1`
Add support for `podman network rm --time -1`
Fixes: https://github.com/containers/podman/issues/17542
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Adds support for --add-compression which accepts multiple compression
formats and when used it will add all instances in a manifest list with
requested compression formats.
Signed-off-by: Aditya R <arajan@redhat.com>
Currently, due to sphinx smart quote features being enabled, fancy quotes are used in the commands. This means the docs are harder to use as the commands cannot be copy/pasted into a terminal.
Wrapping the code in code blocks fixes this. An alternative would be to disable smart quotes entirely, but this seems over-the-top (especially considering wrapping commands in code blocks harmonises this page with most of the other documentation)
Signed-off-by: Adam Jones <domdomegg+git@gmail.com>
Forcing users to set --rm when setting --rmi is just bad UI.
If I want the image to be removed, it implies that I want the
container removed that I am creating.
Fixes: https://github.com/containers/podman/issues/15640
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently the CIDFile is not removed with podman --remote run --rm
if the client and server are on different machines.
[NO NEW TESTS NEEDED] i
There is currently a test for this that does not fail because the client
and server are on the same machine.
If we run these tests on a MAC or Windows platform, they would start
failing.
Fixes: https://github.com/containers/podman/issues/19420
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The intention of --read-only-tmpfs=fals when in --read-only mode was to
not allow any processes inside of the container to write content
anywhere, unless the caller also specified a volume or a tmpfs. Having
/dev and /dev/shm writable breaks this assumption.
Fixes: https://github.com/containers/podman/issues/12937
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
HPC Community asked for this support specifically for using GPUs
within containers. Nvidia requires the correct shared library to
to be present in the directory that matches the device mounted
into the container. These libraries have random suffixes based
on versions of the installed libraries on the host.
podman run --mount type=glob:src=/usr/lib64/nvidia\*:ro=true. This helps
quadlets be more portable for this use case.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a new "healthy" sdnotify policy that instructs Podman to send the
READY message once the container has turned healthy.
Fixes: #6160
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
**podman compose** is a thin wrapper around an external compose provider
such as docker-compose or podman-compose. This means that `podman
compose` is executing another tool that implements the compose
functionality but sets up the environment in a way to let the compose
provider communicate transparently with the local Podman socket. The
specified options as well the command and argument are passed directly
to the compose provider.
The default compose providers are `docker-compose` and `podman-compose`.
If installed, `docker-compose` takes precedence since it is the original
implementation of the Compose specification and is widely used on the
supported platforms (i.e., Linux, Mac OS, Windows).
If you want to change the default behavior or have a custom installation
path for your provider of choice, please change the `compose_provider`
field in `containers.conf(5)`. You may also set the
`PODMAN_COMPOSE_PROVIDER` environment variable.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Only use the word "please" in these situations:
- reader is asked to do something inconvenient
- reader is asked for permission
- reader is asked for forgiveness
Remove other uses of the word "please" to
make the language more efficient.
[NO NEW TESTS NEEDED]
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
I am working on running android auto in a quadlet.
[Container]
AddDevice=/dev/dri/renderD128
AddDevice=/dev/kvm
DropCapability=all
Environment=PULSE_SERVER=$XDG_RUNTIME_DIR/pulse/native
Environment=WAYLAND_DISPLAY=wayland-0
Environment=XDG_RUNTIME_DIR
Image=quay.io/slopezpa/qemu-aaos
ContainerName=Android
PodmanArgs=--shm-size=5g
SecurityLabelDisable=true
Volume=$XDG_RUNTIME_DIR:$XDG_RUNTIME_DIR
And I need to be able to set the --shm-size option.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
`podman system service` + TCP is not a configuration we should be
recommending. There was already language about this in the
manpages, but it was not sufficient in explaining how bad of an
idea this is. Expand the manpage warnings, add a dedicated
heading so people notice, and add a warning every time the
service starts with a TCP URL that directs people to the manpage
to see that explanation.
Signed-off-by: Matt Heon <mheon@redhat.com>
Add key for Quadlet to set WorkingDirectory to the directory of the YAML or Unit file
Add Doc
Add E2E tests
Add System test
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Adds support for `since` as a valid filter option for `podman volume ls`
and `podman volume prune`.
Implements: #19228
Initially suggested from: #19119
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Fixes a bug where `podman volume ls` with multiple `label` filters would
return volumes that matched *any* of the filters, not *all* of them.
Adapts generating volume filter functions to be more in
line with how it is done for containers and pods.
Fixes: #19219
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Adds an `--podman-only` flag to `podman generate kube` to allow for
reserved annotations to be included in the generated YAML file.
Associated with: #19102
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Fixes an error in the `podman container prune` docs that provides an
example of how to use the `--filter until=` flag/filter in an incorrect
way.
Fixes: #19119
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
When using --internal for macvlan/ipvlan networks we simply do not add a
default gateway/route. Make this clear in the docs.
Fixes#18914
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Reorder the table with --userns options to match the description below.
Also, reformat the Markdown to be better readable in source form.
Signed-off-by: Philipp Wagner <phw@ibm.com>
Adds a `--no-trunc` flag to `podman kube generate` preventing the
annotations from being trimmed at 63 characters. However, due to
the fact the annotations will not be trimmed, any annotation that is
longer than 63 characters means this YAML will no longer be Kubernetes
compatible. However, these YAML files can still be used with `podman
kube play` due to the addition of the new flag below.
Adds a `--no-trunc` flag to `podman kube play` supporting YAML files with
annotations that were not truncated to the Kubernetes maximum length of
63 characters.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
This commit extends `Volume` and `Network` unit definitions with two
additional parameters, `VolumeName` and `NetworkName`, which will,
respectively, set a user-defined name for the corresponding volume and
network. This is similar to how the `ContainerName` directive currently
works, and should allow for smoother transitions to Quadlet-managed
resources.
Closes: #19003
Signed-off-by: Alex Palaistras <alex@deuill.org>
Previous tests have worked by pure chance since the client and server
ran on the same host; the server picked up the credentials created by
the client login.
Extend the gating tests and add a new integration test which is further
capable of exercising the remote code.
Note that fixing authentication support requires adding a new
`--authfile` CLi flag to `manifest inspect`. This will at least allow
for passing an authfile to be bindings. Username and password are not
yet supported.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This ended up more complicated then expected. Lets start first with the
problem to show why I am doing this:
Currently we simply execute ps(1) in the container. This has some
drawbacks. First, obviously you need to have ps(1) in the container
image. That is no always the case especially in small images. Second,
even if you do it will often be only busybox's ps which supports far
less options.
Now we also have psgo which is used by default but that only supports a
small subset of ps(1) options. Implementing all options there is way to
much work.
Docker on the other hand executes ps(1) directly on the host and tries
to filter pids with `-q` an option which is not supported by busybox's
ps and conflicts with other ps(1) arguments. That means they fall back
to full ps(1) on the host and then filter based on the pid in the
output. This is kinda ugly and fails short because users can modify the
ps output and it may not even include the pid in the output which causes
an error.
So every solution has a different drawback, but what if we can combine
them somehow?! This commit tries exactly that.
We use ps(1) from the host and execute that in the container's pid
namespace.
There are some security concerns that must be addressed:
- mount the executable paths for ps and podman itself readonly to
prevent the container from overwriting it via /proc/self/exe.
- set NO_NEW_PRIVS, SET_DUMPABLE and PDEATHSIG
- close all non std fds to prevent leaking files in that the caller had
open
- unset all environment variables to not leak any into the contianer
Technically this could be a breaking change if somebody does not
have ps on the host and only in the container but I find that very
unlikely, we still have the exec in container fallback.
Because this can be insecure when the contianer has CAP_SYS_PTRACE we
still only use the podman exec version in that case.
This updates the docs accordingly, note that podman pod top never falls
back to executing ps in the container as this makes no sense with
multiple containers so I fixed the docs there as well.
Fixes#19001
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2215572
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Users may want to replace the secret used within containers, without
destroying the secret and recreating it.
Partial fix for https://github.com/containers/podman/issues/18667
Make sure podman --remote secret inspect and podman secret inspect
return the same error message.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The markdown-to-manpage sequence interprets
_from_uid_ and *from_uid* differently.
Use the latter syntax to get the expected result.
Fixes: https://github.com/containers/podman/issues/19171
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Regarding "The command does not support more than one listening socket for the API service."
See this Podman source code: (a permalink into the main branch as of 2 July 2023)
539be58163/cmd/podman/system/service_abi.go (L48-L50)
Move up the paragraph "The REST API provided ...".
Move up the sentence "Note: The default systemd ...".
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Previously podman was using "MB" and "GB" (binary) for input but
"MB" and "GB" (decimal) for output, which was causing confusion.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
The --authfile flag has been ignored. Fix that and add a test to make
sure we won't regress another time. Requires a new --tls-verify flag
to actually test the code.
Also bump c/common since common/pull/1538 is required to correctly check
for updates. Note that I had to use the go-mod-edit-replace trick on
c/common as c/buildah would otherwise be moved back to 1.30.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2218315
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Better document which value `podman run --userns` has if no default
value is specified. Also improve documentation of "host" being an alias
for "".
Fixes#15764
Signed-off-by: Philipp Wagner <phw@ibm.com>
The markdown-to-manpage sequence needs a long row of dashes,
not a single dash. A single dash, as used in this one option,
generates unreadable *roff.
Also, some tool somewhere doesn't like too-long columns. Shrtn thm.
Also, verify that there are no more three-or-fewer-dash columns:
$ ack '\|\s+-{1,3}\s' docs/source/markdown
Fixes: #19086
Signed-off-by: Ed Santiago <santiago@redhat.com>
It is pretty complicated to display the secret on the host, but is
not really secured. This patch makes it easier to examine the secret.
Partial fix for https://github.com/containers/podman/issues/18667
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Support two new wait conditions, "healthy" and "unhealthy". This
further paves the way for integrating sdnotify with health checks which
is currently being tracked in #6160.
Fixes: #13627
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
While reading the code I found the man page to be lacking some
information that I found worth mentioning and clarifying.
In particular, how the command behaves with respect to exit codes and
when more than one condition is specified.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add support for `--imagestore` in podman which allows users to split the filesystem of containers vs image store, imagestore if configured will pull images in image storage instead of the graphRoot while keeping the other parts still in the originally configured graphRoot.
This is an implementation of
https://github.com/containers/storage/pull/1549 in podman.
Signed-off-by: Aditya R <arajan@redhat.com>
The backend allows for any start/end ip in the subnet. There is no
reason to limit the cli to only CIDR subnets. This allows for much more
flexibility.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- [service_destinations] should be [engine.service_destinations]
- service_destinations does not read from
`/usr/share/containers/containers.conf` because podman uses config.ReadCustomConfig().
Fixes: #15615
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
This commit creates a new command `podmansh` command which can be used by
administrators to provide a confined shell to their users.
The user will only have access to the volumes and capabilities for that
user.
Co-authored-by: Paul Holzinger <pholzing@redhat.com>
Co-authored-by: Daniel Walsh <dwalsh@redhat.com>
Co-authored-by: Petr Lautrbach <lautrbach@redhat.com>
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Remote clients only support the docker transport which is mentioned in
the destination table below. So drop the redundant text on supported
transports from the main description to avoid confusion.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
podman info prints the network information about binary path,
package version, program version and DNS information.
Fixes: #18443
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
One feature needed for podmansh is the ability to set the default
homedir to be the workingdir when you login.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
add routes using the --route flag.
the no_default_route option in --opt prevents a default route from
getting added automatically.
Signed-off-by: Jan Hendrik Farr <github@jfarr.cc>
The Sysctl=name=value entry can be used to set --sysctl=name=value
directly without the need to use PodmanArgs=--sysctl=name=value.
Signed-off-by: Laurenz Kruty <git@laurenzkruty.de>
For filter=id=XXX (containers, pods) and =ctr-ids=XXX (pods):
if XXX is only hex characters, treat it as a PREFIX
otherwise, treat it as a REGEX
Add tests. Update documentation. And fix an incorrect help message.
Fixes: #18471
Signed-off-by: Ed Santiago <santiago@redhat.com>
Short description in man pages:
* Use imperative form
Command help (cobra.Command.Short):
* Capitalize first letter
* Use imperative form
* Remove ending full stop when the short description
only contains one sentence without any commas
Command help (cobra.Command.Long):
* Capitalize first letter unless the sentence starts
with a command "podman command ..."
* Use imperative form when the long description is
identical or almost identical to the short description.
This modification was only done in a few places.
Command tables:
* Use imperative form in the "Description" column
[NO NEW TESTS NEEDED]
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
Work around a go-md2man bug, and add a check script to make sure
this doesn't hit us again.
Background: go-md2man can't deal with a left-hand column > 31 chars.
It produces man pages that look like:
| Something With >31 Character | |
| | ..description |
(should be all on one row). It also has trouble when the vertical
bars are misaligned: it completely removes the right-hand side.
There's almost certainly a better solution: fix go-md2man, or
use a different conversion tool, or maybe even pre/postprocess.
But this is a quick interim solution.
Sorry for the perl. This could be done in bash/sed/awk/grep,
but not with any sort of sane error messages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add a new field `ExitCodePropagation` field to allow for configuring the
newly added functionality of controlling how the main PID of a kube
service exits.
Jira: issues.redhat.com/browse/RUN-1776
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Implement means for reflecting failed containers (i.e., those having
exited non-zero) to better integrate `kube play` with systemd. The
idea is to have the main PID of `kube play` exit non-zero in a
configurable way such that systemd's restart policies can kick in.
When using the default sdnotify-notify policy, the service container
acts as the main PID to further reduce the resource footprint. In that
case, before stopping the service container, Podman will lookup the exit
codes of all non-infra containers. The service will then behave
according to the following three exit-code policies:
- `none`: exit 0 and ignore containers (default)
- `any`: exit non-zero if _any_ container did
- `all`: exit non-zero if _all_ containers did
The upper values can be passed via a hidden `kube play
--service-exit-code-propagation` flag which can be used by tests and
later on by Quadlet.
In case Podman acts as the main PID (i.e., when at least one container
runs with an sdnotify-policy other than "ignore"), Podman will continue
to wait for the service container to exit and reflect its exit code.
Note that this commit also fixes a long-standing annoyance of the
service container exiting non-zero. The underlying issue was that the
service container had been stopped with SIGKILL instead of SIGTERM and
hence exited non-zero. Fixing that was a prerequisite for the exit-code
propagation to work but also improves the integration of `kube play`
with systemd and hence Quadlet with systemd.
Jira: issues.redhat.com/browse/RUN-1776
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Make sure to look for the container's exit code when it's in stopped
state. With `--restart=always`, the container seems to stay in the
stopped state which led the wait logic to loop until the 20 seconds
timeout for the cleanup process to have finished kicks in.
Also defensively make sure to loop when the container is in stopped
state but no exit code has been written yet.
Add a regression test to make sure Podman doesn't wait more than 20
seconds. Even on a CI machine under high load I expect it to take much
much much less than that, so I do not expect this test to flake in the
future.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
the combination --pod and --userns is already blocked. Ignore the
PODMAN_USERNS variable when a pod is used, since it would cause to
create a new user namespace for the container.
Ideally a container should be able to do that, but its user namespace
must be a child of the pod user namespace, not a sibling. Since
nested user namespaces are not allowed in the OCI runtime specs,
disallow this case, since the end result is just confusing for the
user.
Closes: https://github.com/containers/podman/issues/18580
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
'make docs' has been spitting out these warnings:
WARNING: go-md2man does not handle node type HTMLSpan
Warnings suck, they cost us important time and attention.
This warning is always caused by left-angle-brackets in markdown
but they are very hard to find. I've found them and fixed them.
Warnings are now gone.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When no name arg is given to Podman machine commands, Podman assumes the machine name is podman-machine-default. Document this behavior.
Signed-off-by: Ashley Cui <acui@redhat.com>
The `--network-cmd-path` CLI option only affects rootless networks using `slirp4netns(1)`, not `pasta(1)`. Following #18568 Podman should rather use the more generic `r.config.FindHelperBinary()` method (and therefore honour the `helper_binaries_dir` config) to find the path to the `slirp4netns` binary and deprecate the misleading `--network-cmd-path` CLI option. However, since this wasn't implemented yet we can't deprecate `--network-cmd-path` as of now. Adding a note anyway.
Fixes#18560
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
Read the entire YAML file in case of a multi-doc file
Adjust the unit test
Add a system test
Add comment in the man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
If there's a container defined in multiple directories use the following
precedence:
$XDG_CONFIG_HOME/containers/systemd/ or ~/.config/containers/systemd/
takes precedence over /etc/containers/systemd/users/$(UID) and this
takes precedence over /etc/containers/systemd/users/
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
I would like to allow admin to control quadlet containers
in users homedirs.
If an admin sets a quadlet in
/etc/containers/systemd/users, then all users will run these
quadlet services when they login.
If an admin places a quadlet in /etc/containers/systemd/users/$(USERNAME)
then only the USERNAME will execute this quadlet service when
they login.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add Restarts column to the podman pod ps output to show the total number
of times the containers in a pod were restarted. This is the same as the
restarts column displayed by kubernetes with kubectl get pods. This will
only be displayed when --format={{.Restarts}}.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add Restarts column to the podman ps output to show how many times a
container was restarted based on its restart policy. This column will be
displayed when --format={{.Restarts}}.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Add --restart flag to pod create to allow users to set the
restart policy for the pod, which applies to all the containers
in the pod. This reuses the restart policy already there for
containers and has the same restart policy options.
Add "never" to the restart policy options to match k8s syntax.
It is a synonym for "no" and does the exact same thing where the
containers are not restarted once exited.
Only the containers that have exited will be restarted based on the
restart policy, running containers will not be restarted when an exited
container is restarted in the same pod (same as is done in k8s).
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Found a typo today while reading documentation.
Simple enough change :-)
Signed-off-by: Mike Eisemann <me@michaeleisemann.com>
Signed-off-by: AndroidKitKat <me@michaeleisemann.com>
system reset it says it will delete containers, images, networks, etc...
However it will also delete the graphRoot and runRoot directories.
Normally this is not an issue, however in same cases these directories
were set to the users home directory or some other important system
directory.
As first step simply show the directories that are configured and thus
will be deleted by reset. As future step we could implement some
safeguard will will not delete some known important directories however
I tried to keep it simple for now.
[NO NEW TESTS NEEDED]
see #18349 and #18295
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Highlight that existing user and system services may be overridden if
they have same name as the Quadlet file. Also point the user to
systemctl and how to list existing files.
Closes: #18275
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Wire in support for writing the digest of the pushed image to a
user-specified file. Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.
Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Update e2e tests not to expect the flag
System tests - explicitly set the log driver to be able to parse the output
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Commands like podman-create(1), podman-run(1), podman-inspect(1),
podman-ps(1) will emit formatted output upon success. This allows
the output from commands to be emitted directly to a file and
can supersede the --noout parameter by using /dev/null. An issue
with --noout was also remedied.
This closes issue #18120.
Signed-off-by: Ali Rizvi-Santiago <arizvisa@gmail.com>
- add information about netavark plugins
- add missing arguments to options the require an arg
- document that container dns is only supported with bridge
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow users to customize the network_interface option is the network
config. For bridge this allows users to change the bridge name and for
maclvan it will be the same as `--opt parent=...`.
However the main reason for this option is to allow netavark plugins to
make use of it. I demoed the host-device plugin which makes use of this
as an example. While we could let users set them via --opt it is more
natural to just use the field which is designed for that purpose.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Bump containers/(storage, common, buildah and image)
Changes since 2023-01-01:
- skip mount-cache-selinux-long-name test under remote, with
a FIXME requesting that someone see if it can be made to work.
- skip six tests that fail under rootless-remote
- add new --build-arg-file option:
- update man page
Squash of:
* cf56eb1865
* 561f082772
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
The `UserNS` key will replace the `RemapGid`, `RemapUid`, `RemapUidSize`
and `RemapUsers` options which are therefore marked as deprecated by
this commit.
Closes#17984
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
...mostly just test code that wasn't doing the required waits.
My first approach in the kube-play test was to add "--wait".
Bit mistake! The --wait flag, counterintuitively and counter to
documentation, actually destroys all pods+containers+everything
on exit. (Or tries -- see #17803). Since this violates POLA
and is undocumented, I include here a fix to the man page.
Despite my best intentions, I can't reasonably check every single
test for missing waits, especially in kube-play where failing
containers will get retried forever so we can't wait. We'll
just have to fix flakes as we see them.
Fixes: #17958Fixes: #18071
Signed-off-by: Ed Santiago <santiago@redhat.com>
Mention that specified credentials are only used to authenticate against
target registries (e.g., during `pull` or `build`) and are not used to
authenticat against mirrors etc.
Closes: #17185
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This commit adds an quadlet option `Tmpfs` which can be used to mount a
tmpfs in the container.
Closes#17907
Signed-off-by: Cedric Staniewski <cedric@gmx.ca>
OpenShift Merge Robot
Ed Santiago
Peter Whittaker
Urvashi Mohnani
Daniel J Walsh
Oleh Dmytrychenko
Ygal Blum
Erik Sjölund
Aditya R
Adam Jones
danishprakash
Black-Hole1
Valentin Rothberg
Anchit Bajaj
Hari Kannan
Matt Heon
iczero
Jake Correnti
Lokesh Mandvekar
Paul Holzinger
Philipp Wagner
Alex Palaistras
Michael Hrivnak
Anders F Björklund
Giuseppe Scrivano
Toshiki Sonoda
Cedric Staniewski
Jan Hendrik Farr
Laurenz Kruty
Tom Deseyn
binghongtao
Abhijeet Kasurde
Ashley Cui
Daniel Rudolf
Petr Lautrbach
Hussam Qasem
AndroidKitKat
Jason T. Greene
arctic-alpaca
Park Jaeon
Ali Rizvi-Santiago
Sohan Kunkerkar