formatError appended "or use --replace to instruct Podman to do so" to
every error wrapping storage.ErrDuplicateName, even for commands like
"podman manifest create" that have no --replace flag, telling users to
use a flag that does not exist.
Resolve the invoked command via ExecuteContextC and only add the hint
when that command actually defines a --replace flag.
Fixes: #24537
Signed-off-by: Salih Muhammed <root@lr0.org>
We renamed the variant in machine-os to podman-machine-os so it is not
coreos:
a5c8fbcfc6
Now the main issue with this is the code runs inside the VM, which means
updates from 6.0.0 to the next one still will be broken and needs the os
apply command until this can work again. Of course a new init will also
work with the new image.
Fixes: #29085
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the scanner fails to read the file we should return an error to the
user and not make assumptions on the returned value here.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add `--ignore` to `podman network rm` so removing a missing
network returns success instead of exit code 1.
Keep existing error behavior for networks in use and other failures.
This commit message was translated from Korean to English using an LLM.
Fixes: #28363
Signed-off-by: KyounghoonJang <matkimchi_@naver.com>
This patch adds retry plumbing for podman manifest push.
CLI flags added: --retry and --retry-delay
Flags are read into ImagePushOptions and passed through the local ABI path
Remote clients and REST API now respect retry settings (retry / retryDelay)
retry-delay is parsed with time.ParseDuration
Defaults fall back to containers.conf when the flags are not set
Updated manpages, Swagger comments, and e2e tests to validate retry behavior
Fixes: #28590
Signed-off-by: Valen Torassa <valentintorassacolombero@gmail.com>
The exec API accepts a ConsoleSize but it is dropped: the exec
pseudo-terminal is created at its default size and only corrected
afterwards by an asynchronous resize. A short-lived exec that reads its
window size at startup (e.g. `stty size`) can therefore observe the wrong
size, because the resize may arrive after the process has already read it.
docker applies the size at creation.
Carry the requested ConsoleSize through ExecConfig and into the exec OCI
process spec (process.consoleSize) so the runtime sizes the terminal
before the process starts, removing the race. The local and remote CLIs
capture the caller's terminal size when -t is given and pass it through
ExecOptions, matching the behavior of `podman run`.
Re-enable the previously flaky `podman exec` case in the interactive
system test, which this change makes deterministic.
Signed-off-by: Shuai Yuan <shuaiyuanzju@gmail.com>
Add a podman volume rename command, REST API endpoint, and bindings for renaming volumes.
The rename updates both the VolumeConfig and VolumeState tables in a single transaction and moves the volume directory on disk, rolling back if the transaction fails. Renaming an anonymous volume converts it to a named volume. Volumes that are in use, mounted, or backed by a volume plugin or the image driver cannot be renamed.
Fixes: #28189
Signed-off-by: MayorFaj <mayorfaj@gmail.com>
This was report on of of my PRs, I do not know why this fails there all
of the sudden, it seems golangci-lint has gotten flaky recently.
Locally the linter passes without this change just fine but in CI this
seems to fail:
Error: cmd/podman-testing/call.go:58:22: SA4023(related information): the lhs of the comparison is the 1st return value of this function call (staticcheck)
reflectionClient := reflectionv1.NewServerReflectionClient(grpcClient)
^
Error: cmd/podman-testing/call.go:59:5: SA4023: this comparison is never true (staticcheck)
if reflectionClient == nil {
^
The lint seems right, NewServerReflectionClient never returns nil so
lets just fix it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Pause the container by default during commit. It is safer as it
avoids conflicts, and potentially security issues, when another
process is accessing the container rootfs.
Originally this was not done because it was a breaking change and
rootless containers weren't able to use the freezer cgroup controller.
Now that we support only cgroup v2, there is no gap anymore with
root (exotic configurations can still use --pause=false).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
`podman run -ti` warns when stdin is not a tty, but if the container is
run in detached state that warning does not make much sense: we just
need the environment where podman attach will be run to be a tty.
Running with `-ti` even in detached state can make sense to avoid
applications buffering their output (for realtime logs) or allowing
later interaction and should not warn users.
Also remove the comment saying that warning will become fatal, as there
seems to be agreement that such a breaking change will not be made
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Add support for blackhole, unreachable, and prohibit route types in podman
networks. These route types allow silently discarding packets (blackhole),
rejecting with destination unreachable (unreachable), or rejecting with
administratively prohibited (prohibit).
Note: Blackhole routes require netavark >= 2.0.0. Regular unicast routes
remain backward compatible with all netavark versions.
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
<MH: Rebased atop latest main & fixed cherry-pick conflicts>
Signed-off-by: Matt Heon <matthew.heon@pm.me>
inspect was using the default system provider (machineProvider) to resolve machine directories instead of the provider returned by shim.VMExists for the specific machine. This caused incorrect results (e.g. listing WSL dirs when inspecting a Hyper-V machine).
Signed-off-by: lstocchi <lstocchi@redhat.com>
Using os.Is{Exist,NotExist,Permission} checks is not recommended in the
new code (see official documentation). While using it in the existing
code is OK, it may still result in a subtle errors later (for a specific
example of that, see [1]).
Replace those with errors.Is.
Generated by:
gofmt -r 'os.IsExist(a) -> errors.Is(a, os.ErrExist)' -w .
gofmt -r 'os.IsNotExist(a) -> errors.Is(a, os.ErrNotExist)' -w .
gofmt -r 'os.IsPermission(a) -> errors.Is(a, os.ErrPermission)' -w .
goimports -w .
git diff vendor test/tools/vendor | patch -p1 -R
[1]: https://github.com/opencontainers/runc/pull/5061
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
- libpod/events.go & libpod/runtime.go: Added the `Artifact` event type.
Refactored and deduplicated event forwarding logic by introducing
`spawnEventForwarder[T any]`, replacing separate goroutine loops for
images and artifacts. Implemented graceful shutdown and resolved eventer
initialization race conditions.
- libpod/events: Implemented event filtering by name/ID, updated journald
and logfile readers/writers for artifact events, and added `Artifact` to
`ToHumanReadable` formatting.
- cmd/podman: Added shell auto-completion for `artifact=` and `type=artifact` filters.
- docs/test: Documented the `artifact` event type, statuses, and filters in
`podman-events.1.md`. Added an end-to-end test in `events_test.go` to verify
event emissions.
Signed-off-by: Byounguk Lee <nimdrak@gmail.com>
Add a --dry-run option to show which volumes would be pruned without removing them.
Related: #27838
Signed-off-by: KyounghoonJang <matkimchi_@naver.com>
Autocompletion for `podman inspect` now includes artifact names,
matching the behavior of other object types like containers, images,
pods, networks, and volumes.
Signed-off-by: Byounguk Lee <nimdrak@gmail.com>
This is gated behind a new option in `podman system migrate`,
`--migrate-db`, or by a system restart being performed.
BoltDB support was removed in Podman 6, so we are certain that,
when we start Podman, a SQLite state is in use. However, if we
also detect a valid BoltDB state, we will attempt a migration.
Migration is performed by retrieving all volumes, pods, and
containers (in that order, to ensure there are no dependency
conflicts) from the Bolt database, when adding them to the SQLite
database. If there is a conflict - IE, a container exists in both
SQLite and Bolt - we skip migration for that object. The old DB
is then renamed so we do not try to migrate it again.
Our ability to test complex migration scenarios is limited, but
this should handle simple migrations easily.
This is a heavily adapted version of #27660 rebuilt to work with
Podman 6.0. Substantial changes were required to throw errors
when a BoltDB database is detected and no migration is being
performed. Firstly, for automatic on-reboot migrations, we need
to have a deferred error returned by getDBState (very early in
runtime initialization) that is only acted on much later (once we
know for certain a state refresh is/is not being performed).
The `system migrate --migrate-db` command was much more
problematic. Conceptually, it's not terrible - add a flag to the
runtime to suppress errors, set that flag only when calling the
`system migrate` command with `--migrate-db` - but it unveiled a
serious problem with how we do runtime init (special flags to the
runtime were being ignored because the image runtime set the
Libpod runtime first and had none of the proper handling) which
took a genuinely annoying amount of time to identify and fix.
This cannot be tested automatically, as the ability to create Bolt
databases has been entirely removed with Podman 6.
This also includes 9b810aed3a from
the v5.8 branch by Luap99, which I have had to squash into this
commit to satisfy the build-each-commit check. It was just a
simplification of the SQLite path check.
Signed-off-by: Matt Heon <matthew.heon@pm.me>
Podman defaults to the directory of the Containerfile when no context dir is explicitly provided.
When running podman build with process subsituiton, `podman build -f <(echo "FROM scratch")`,
the Containerfile path expands to `/dev/fd/<NUM>`, which makes `/dev/fd` the context dir.
When building, Buildah attempts to create an overlay mount on top of the `/dev/fd` context dir, which fails.
In these cases, use a temp context dir instead: `$TMPDIR/podman-build-context-$randnum`
Fixes: https://github.com/containers/podman/issues/28113
Signed-off-by: Ashley Cui <acui@redhat.com>
Introducing a new `podmand system` subcommand to prepare a Windows host
to run Hyper-V based Podman machines: `hyperv-prep`.
When executed it:
- creates of the registry keys for VSocks
- adds the current user to the Hyper-V administrators group
This command requires an administrator terminal.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>