Since CI automation is now executing all tests as a regular user, there
is no need for root-based testing to run special rootless tests. Remove
them.
However, the root-based rootless tests did include one test for exercising
the '--rootfs' option which is needed. Add a new general, and more through
test to replace it - meaning it will be executed as root and non-root.
Signed-off-by: Chris Evich <cevich@redhat.com>
This command lets the user run a command in a new user namespace like `unshare -u`.
It uses the implementation of unshare in buildah. ( fixes#1388 )
Signed-off-by: Divyansh Kamboj <kambojdivyansh2000@gmail.com>
once the default event logger was removed from libpod.conf, we need to
set the default based on whether the systemd build tag is used or not.
Signed-off-by: baude <bbaude@redhat.com>
Type varlinkapi.VarlinkCall currently only used as receiver for
RequiresUpgrade() future helpers could be added to this type.
RequiresUpgrade() verifies caller has given correct options to the call
for the given operation.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
StartAndAttach() runs start() in a goroutine, which can allow it
to fire after the caller returns - and thus, after the defer to
unlock the container lock has fired.
The start() call _must_ occur while the container is locked, or
else state inconsistencies may occur.
Fixes#3114
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
print a clearer error message when an unprivileged user attempts to
create a network using CNI.
Closes: https://github.com/containers/libpod/issues/3118
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Adding the journald configuration broke decoding the default
libpod.conf, because it was after the [runtimes] table (and was
being interpreted as a member of the table, and not the larger
config). We can't easily fix this on the TOML side, so our best
bet is to move it above the table and add a comment to try and
make sure this doesn't happen again.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We want the remote tests for our distributions to be tested in a
different VM than the local tests. This allows for faster CI runs and
easier debug as well as seperation of flakes.
Signed-off-by: baude <bbaude@redhat.com>
If the systemd development files are not present on the system which
builds podman, then `podman events` will error on runtime creation.
Beside this, a warning will be printed when compiling podman.
This commit mainly exists because projects which depend on libpod
would not need the podman event support and therefore do not need to
rely on the systemd headers.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
We were always raising an error when the rootless user attempted to
setup resources, but this is not the case anymore with cgroup v2.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When using CGroupfs, we see races during pod removal between
removing the CGroup and the cleanup process starting (in the
CGroup, thus preventing removal).
The simplest way to avoid this is to prevent the forking of the
cleanup process. Conveniently, we can do this via the CGroup that
we already created for Conmon - we just need to update the PID
limit to 0, which completely inhibits new forks.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Buildah no longer updates the create time of single-action images
(e.g. `FROM ...` with no other instructions. This isn't a bug (it
matches Docker's behavior), but it broke one of our tests.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Instead of rewriting the logic, reuse the standard logic we use
for removing containers, which is much better tested.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
allow the user to define a remote host and remote username for their
remote podman sessions. this is then feed to the varlink "bridge" as
the ssh credentials and endpoint.
Signed-off-by: baude <bbaude@redhat.com>
OpenShift Merge Robot
TomSweeneyRedHat
Giuseppe Scrivano
Chris Evich
Divyansh Kamboj
Matthew Heon
baude
Jhon Honce
Ed Santiago
Matthew Heon
Sascha Grunert
Qi Wang