network statistics cannot be collected for rootless network devices with
the current implementation. for now, we return nil so that stats will
at least for users.
Fixes:#4268
Signed-off-by: baude <bbaude@redhat.com>
The json field is called `Image` while the go field is called `ImageID`,
tricking users into filtering for `Image` which ultimately results in an
error. Hence, rename the field to `Image` to align json and go.
To prevent podman users from regressing, rename `Image` to `ImageID` in
the specified filters. Add tests to prevent us from regressing. Note
that consumers of the go API that are using `ImageID` are regressing;
ultimately we consider it to be a bug fix.
Fixes: #4193
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Do not discard errors when panicing on lockfile open
* config: drop skip_mount_home
* storage: drop ostree deduplication
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
In some cases, conmon can fail without writing logs. Change the wording
of the error message from
"error reading container (probably exited) json message"
to
"container create failed (no logs from conmon)"
to have a more helpful error message that is more consistent with other
errors at that stage of execution.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
similar change to f7d55d64e7
with images --format=json, be sure the output is valid json also when
it is an empty list.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
For non-Podman users of Libpod, we don't want to force the exit
command to use ARGV[0], which probably does not support a cleanup
command.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Translate the podman build --squash command to podman build --layers=false which
has the same functionality as docker build --squash. Add a new option --squash-all
which will squash all layers into one. This will be translated to buildah bud --squash
for the buildah bud api.
Also allow only one option, squash, layers or squash--all to be used per build command.
Fixes: https://github.com/containers/buildah/issues/1234
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
rootless podman is using a single user namespace for all the containers
so it can safely access the storage for all of them.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
`multi-user.target` doesn't exist in the systemd *user* instance.
We can't hook up the startup of a user unit to a system target.
Doing so causes systemd to error out in Fedora CoreOS builds
during presets.
Make it depend on `default.target` instead.
(Having the same unit in both system and user sessions has some
tricky bits like this)
Signed-off-by: Colin Walters <walters@verbum.org>
even if the system is using cgroups v2, rootless is not able to setup
limits when the cgroup-manager is not systemd.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Changes include: Containerfile by default, add --device flags to bud, allow buildah bud to be called without
arguments, and a couple of small typo corrections.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Default path should be ${XDG_RUNTIME_DIR}/containers/auth.json according
to the docs.
This regressed to ${XDG_RUNTIME_DIR}/auth.json in #3760.
Fixes: #4227
Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
Previously, `podman checkport restore` with exported containers,
when told to create a new container based on the exported
checkpoint, would create a new container, with a new container
ID, but not reset CGroup path - which contained the ID of the
original container.
If this was done multiple times, the result was two containers
with the same cgroup paths. Operations on these containers would
this have a chance of crossing over to affect the other one; the
most notable was `podman rm` once it was changed to use the --all
flag when stopping the container; all processes in the cgroup,
including the ones in the other container, would be stopped.
Reset cgroups on restore to ensure that the path matches the ID
of the container actually being run.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This is a horrible hack to work around issues with Fedora 31, but
other distros might need it to, so we'll move it upstream.
I do not recommend this functionality for general use, and the
manpages and other documentation will reflect this. But for some
upgrade cases, it will be the only thing that allows for a
working system.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
For future work, we need multiple implementations of the OCI
runtime, not just a Conmon-wrapped runtime matching the runc CLI.
As part of this, do some refactoring on the interface for exec
(move to a struct, not a massive list of arguments). Also, add
'all' support to Kill and Stop (supported by runc and used a bit
internally for removing containers).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
it enforces the systemd mode also when the command name doesn't match
/usr/sbin/init or systemd.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
"init" is a quite common name for the command executed in a container
image and Podman ends up using the systemd mode also when not
required.
Be stricter on enabling the systemd mode and not enable it
automatically when the basename is "init" but expect the full path
"/usr/sbin/init".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
baude
OpenShift Merge Robot
Valentin Rothberg
Daniel J Walsh
Giuseppe Scrivano
Nalin Dahyabhai
Kenta Tada
Matthew Heon
TomSweeneyRedHat
Colin Walters
Hunor Csomortáni
Qi Wang