Also modernize main library to resemble what's used in other
containers-org repositories. Lastly, update hack/get_ci_vm.sh to use
the new shared container image.
Signed-off-by: Chris Evich <cevich@redhat.com>
With Go 1.16 and later, pkg/fileutils.NewPatternMatcher() will flag
patterns with bad syntax immediately. With older compilers, it would
have returned a matcher object which flagged syntax errors only when the
matcher was actually used to check a path. Update tests to accept
either behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The current code was hanging for me, this makes sure the path is
expanded properly when it is read.
Fixes: https://github.com/containers/podman/issues/10181
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Most linux kernels do not support overlay mounts in rootless mode,
we should not be reporting this as an error, but drop it to debug
level.
Fixes: https://github.com/containers/podman/issues/10153
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Certain platforms might not have container_file_t defined, so we need to
check if the label is defined before attempting to use it.
Discussion is going on in: https://github.com/containers/podman/issues/9682
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
add a function to check whether the current process has the
CAP_SYS_ADMIN capability in its effective capabilities set.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Before this change, cleanup of the btrfs driver (occuring on each driver
shutdown) resulted in disabling quotas. It was done with an assumption
that quotas can be enabled or disabled on a subvolume level, which is
not true - enabling or disabling quota is always done on a filesystem
level.
That was leading to disabling quota on btrfs filesystems on btrfs driver
shutdown.
This change fixes that behavior and removes misleading `subvol` prefix
from functions and methods which set up quota (on a filesystem level).
Ref: moby/moby#34593
Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
Currently in Podman if we reset the CONTAINERS_STORAGE_CONF path, we get
the graph driver options from the original config file as well as the
options from the override path. This PR resets the storageconf to the
initial state when called multiple times.
Also if user sets STORAGE_OPTS="" then we should use it to override all
other storage options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
unprivileged users cannot use the trusted.* xattrs. Since for
rootless we always mount overlay with userxattr, we can just check if
running in rootless mode and use user.* instead of trusted.*.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
unprivileged users cannot use the trusted.* xattrs. Since for
rootless we always mount overlay with userxattr, we can just check if
running in rootless mode and use user.* instead of trusted.*.
Closes: https://github.com/containers/podman/issues/9936
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This implements the algorithm proposed in
https://github.com/containers/storage/issues/852#issuecomment-798954173,
which is:
1. find available IDs from subuid/subgid file; by subtracting the used
IDs (from other containers) as well as additional IDs, we get the IDs
available to allocate;
2. target ID range is [0, requestedSize), subtract the additional IDs;
3. allocate IDs from range in step 1; the number to allocate is the
number of IDs in step 2;
4. generate a mapping from IDs in step 3 to the ones in step 2.
Closes: https://github.com/containers/storage/issues/852
Signed-off-by: Kan Li <likan@google.com>
Chris Evich