4479 Commits

Author SHA1 Message Date
Salih Muhammed
20eae39b13 Only suggest --replace for commands that have the flag
formatError appended "or use --replace to instruct Podman to do so" to
every error wrapping storage.ErrDuplicateName, even for commands like
"podman manifest create" that have no --replace flag, telling users to
use a flag that does not exist.

Resolve the invoked command via ExecuteContextC and only add the hint
when that command actually defines a --replace flag.

Fixes: #24537
Signed-off-by: Salih Muhammed <root@lr0.org>
2026-07-03 01:35:16 +03:00
Paul Holzinger
d9a2250d3c Merge pull request #29086 from Luap99/machine-upgrade
fix podman machine os upgrade distro check
2026-07-02 17:18:00 +02:00
Jan Rodák
e852389e55 Merge pull request #29071 from Luap99/scannererr
fix missing error checks for bufio.Scanner
2026-07-02 14:55:12 +02:00
Paul Holzinger
db8f8298dd fix podman machine os upgrade distro check
We renamed the variant in machine-os to podman-machine-os so it is not
coreos:
a5c8fbcfc6

Now the main issue with this is the code runs inside the VM, which means
updates from 6.0.0 to the next one still will be broken and needs the os
apply command until this can work again. Of course a new init will also
work with the new image.

Fixes: #29085

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2026-06-30 15:12:08 +02:00
Paul Holzinger
9a3bf9986f machine return read errors from GetDistribution
If the scanner fails to read the file we should return an error to the
user and not make assumptions on the returned value here.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2026-06-30 10:32:32 +02:00
Šimon Brauner
64ab8171ed Use atomic file writer for quadlet unit files
Fixes: https://github.com/podman-container-tools/podman/issues/29004

Signed-off-by: Šimon Brauner <sbrauner@redhat.com>
2026-06-29 22:23:57 +02:00
Šimon Brauner
010e7ce556 Handle uninstantiated template quadlets
Fixes: https://github.com/containers/podman/issues/26960

Signed-off-by: Šimon Brauner <sbrauner@redhat.com>
2026-06-23 14:34:20 +02:00
Paul Holzinger
4ae189843b Merge pull request #28637 from ValentinTorassa/manifest-push-retry-options
Add --retry support to manifest push
2026-06-23 12:00:03 +02:00
KyounghoonJang
9e38f86993 feat: add --ignore flag to network rm
Add `--ignore` to `podman network rm` so removing a missing
network returns success instead of exit code 1.

Keep existing error behavior for networks in use and other failures.

This commit message was translated from Korean to English using an LLM.

Fixes: #28363
Signed-off-by: KyounghoonJang <matkimchi_@naver.com>
2026-06-23 10:52:47 +09:00
Valen Torassa
72349937e3 Add --retry support to podman manifest push
This patch adds retry plumbing for podman manifest push.

CLI flags added: --retry and --retry-delay
Flags are read into ImagePushOptions and passed through the local ABI path
Remote clients and REST API now respect retry settings (retry / retryDelay)
retry-delay is parsed with time.ParseDuration
Defaults fall back to containers.conf when the flags are not set
Updated manpages, Swagger comments, and e2e tests to validate retry behavior

Fixes: #28590

Signed-off-by: Valen Torassa <valentintorassacolombero@gmail.com>
2026-06-22 15:49:27 -03:00
Paul Holzinger
eb3c0f4c1a Merge pull request #28957 from shuaiyuanxx/exec-honor-console-size
exec: honor ConsoleSize so the terminal is sized at creation
2026-06-22 16:30:13 +02:00
Shuai Yuan
f5efef5043 exec: honor ConsoleSize so the terminal is sized at creation
The exec API accepts a ConsoleSize but it is dropped: the exec
pseudo-terminal is created at its default size and only corrected
afterwards by an asynchronous resize. A short-lived exec that reads its
window size at startup (e.g. `stty size`) can therefore observe the wrong
size, because the resize may arrive after the process has already read it.
docker applies the size at creation.

Carry the requested ConsoleSize through ExecConfig and into the exec OCI
process spec (process.consoleSize) so the runtime sizes the terminal
before the process starts, removing the race. The local and remote CLIs
capture the caller's terminal size when -t is given and pass it through
ExecOptions, matching the behavior of `podman run`.

Re-enable the previously flaky `podman exec` case in the interactive
system test, which this change makes deterministic.

Signed-off-by: Shuai Yuan <shuaiyuanzju@gmail.com>
2026-06-22 10:36:10 +08:00
Matt Heon
df12c9806c Merge pull request #28214 from MayorFaj/feat/28189-volume-rename
feat: implement volume rename functionality
2026-06-18 14:47:35 -04:00
Jan Rodák
d222b0ae07 Fix staticcheck SA4023 warnings in call.go and sign.go
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-06-12 09:53:20 +02:00
Jan Rodák
fc433a9b27 Replace deprecated strings.Title with manual capitalization
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-06-12 09:53:19 +02:00
MayorFaj
d01b7ae534 libpod: add volume rename support
Add a podman volume rename command, REST API endpoint, and bindings for renaming volumes.

The rename updates both the VolumeConfig and VolumeState tables in a single transaction and moves the volume directory on disk, rolling back if the transaction fails. Renaming an anonymous volume converts it to a named volume. Volumes that are in use, mounted, or backed by a volume plugin or the image driver cannot be renamed.

Fixes: #28189
Signed-off-by: MayorFaj <mayorfaj@gmail.com>
2026-06-11 21:56:15 +01:00
Paul Holzinger
22e2f85311 fix small lint error
This was report on of of my PRs, I do not know why this fails there all
of the sudden, it seems golangci-lint has gotten flaky recently.

Locally the linter passes without this change just fine but in CI this
seems to fail:

Error: cmd/podman-testing/call.go:58:22: SA4023(related information): the lhs of the comparison is the 1st return value of this function call (staticcheck)
	reflectionClient := reflectionv1.NewServerReflectionClient(grpcClient)
	                    ^
Error: cmd/podman-testing/call.go:59:5: SA4023: this comparison is never true (staticcheck)
	if reflectionClient == nil {
	   ^

The lint seems right, NewServerReflectionClient never returns nil so
lets just fix it.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2026-06-10 15:05:24 +02:00
Jan Rodák
331946fd79 Merge pull request #28876 from solunolab/main
chore: fix some function names in comment
2026-06-10 07:30:30 +02:00
Jan Rodák
3e6de5ffd7 Merge pull request #28854 from bit-hope/some-improvements-for-cmd-podman
Some improvements for cmd/podman
2026-06-09 12:02:22 +02:00
zhongchunhe.zch
a351cf32f1 Some improvements for cmd/podman
Signed-off-by: zhongchunhe.zch <zhongchunhe.zch@qq.com>
2026-06-08 20:45:23 +08:00
zhongchunhe.zch
45b9e6f1a2 fix: handle multiple networks in 'podman inspect --type=all'
Signed-off-by: zhongchunhe.zch <zhongchunhe.zch@qq.com>
2026-06-08 20:37:47 +08:00
solunolab
cba51d1de4 chore: fix some function names in comment
Signed-off-by: solunolab <solunolab@outlook.com>
2026-06-07 11:29:49 +08:00
Paul Holzinger
486bacd3e4 Merge pull request #28335 from axel7083/refactor/quadlet-applications
refactor: podman quadlet sub-command
2026-06-05 17:55:51 +02:00
Giuseppe Scrivano
1a76d464fd cmd, commit: change --pause default to true
Pause the container by default during commit.  It is safer as it
avoids conflicts, and potentially security issues, when another
process is accessing the container rootfs.

Originally this was not done because it was a breaking change and
rootless containers weren't able to use the freezer cgroup controller.
Now that we support only cgroup v2, there is no gap anymore with
root (exotic configurations can still use --pause=false).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2026-06-03 07:28:22 +02:00
axel7083
496646f0da feat: update podman quadlet sub-command
Fixes: #28118
Signed-off-by: axel7083 <42176370+axel7083@users.noreply.github.com>
2026-06-02 09:52:49 +00:00
Tom Sweeney
8b1e46170b Adjust API calls for compression
Add the various compression API calls as created by @nalind in #28807

Signed-off-by: Tom Sweeney <tsweeney@redhat.com>
2026-05-29 09:10:50 -04:00
Dominique Martinet
4ec95b5de1 cmd/podman: don't warn on podman run -ti -d from not a tty
`podman run -ti` warns when stdin is not a tty, but if the container is
run in detached state that warning does not make much sense: we just
need the environment where podman attach will be run to be a tty.

Running with `-ti` even in detached state can make sense to avoid
applications buffering their output (for realtime logs) or allowing
later interaction and should not warn users.

Also remove the comment saying that warning will become fatal, as there
seems to be agreement that such a breaking change will not be made

Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
2026-05-29 10:37:26 +09:00
Povilas Kanapickas
daaf8b62ba podman: Add support for blackhole routes
Add support for blackhole, unreachable, and prohibit route types in podman
networks. These route types allow silently discarding packets (blackhole),
rejecting with destination unreachable (unreachable), or rejecting with
administratively prohibited (prohibit).

Note: Blackhole routes require netavark >= 2.0.0. Regular unicast routes
remain backward compatible with all netavark versions.

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>

<MH: Rebased atop latest main & fixed cherry-pick conflicts>

Signed-off-by: Matt Heon <matthew.heon@pm.me>
2026-05-27 09:09:19 -04:00
Brent Baude
e581ddc253 Merge pull request #28731 from lstocchi/hyperv_enhancements
Fixes for Hyper-V user experience
2026-05-26 10:30:18 -05:00
Paul Holzinger
1c6d8a0a89 Merge pull request #28759 from kolyshkin/modernize-3
Assorted go modernize fixes
2026-05-26 12:20:31 +02:00
Jan Rodák
5b98ee331f Merge pull request #28641 from jiwahn/feat/container-annotation-filter
Feat/container annotation filter
2026-05-26 12:00:40 +02:00
lstocchi
6e98a49e03 inspect: use per-machine provider for GetMachineDirs
inspect was using the default system provider (machineProvider) to resolve machine directories instead of the provider returned by shim.VMExists for the specific machine. This caused incorrect results (e.g. listing WSL dirs when inspecting a Hyper-V machine).

Signed-off-by: lstocchi <lstocchi@redhat.com>
2026-05-25 00:10:29 +02:00
Kir Kolyshkin
bf78f80b00 Replace strings.Split(..)[0] with strings.Cut
These places were ignored by modernize, so I did some grepping and
editing.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2026-05-22 13:08:56 -07:00
Kir Kolyshkin
63166293c8 cmd/podman: replace strings.Split with strings.Cut
Suggested by latest modernize.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2026-05-22 12:36:26 -07:00
Daniel J Walsh
f524bce46a Merge pull request #28753 from kolyshkin/os-is
Stop using os.Is{Exist,NotExist,Permission} checks
2026-05-22 05:18:45 -04:00
Kir Kolyshkin
7f7b35356f Replace os.Is* error checks with errors.Is
Using os.Is{Exist,NotExist,Permission} checks is not recommended in the
new code (see official documentation). While using it in the existing
code is OK, it may still result in a subtle errors later (for a specific
example of that, see [1]).

Replace those with errors.Is.

Generated by:

	gofmt -r 'os.IsExist(a) -> errors.Is(a, os.ErrExist)' -w .
	gofmt -r 'os.IsNotExist(a) -> errors.Is(a, os.ErrNotExist)' -w .
	gofmt -r 'os.IsPermission(a) -> errors.Is(a, os.ErrPermission)' -w .
	goimports -w .
	git diff vendor test/tools/vendor | patch -p1 -R

[1]: https://github.com/opencontainers/runc/pull/5061
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2026-05-21 13:09:42 -07:00
Kir Kolyshkin
a7886d1fe8 Remove unused nolint annotations
The interfacer linter was removed a few years ago.

Remove the annotations as well.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2026-05-20 15:02:25 -07:00
Jan Rodák
517070e750 Merge pull request #28673 from kyounghunJang/feat/add-volume-prune-dry-run
volume prune: add dry-run support
2026-05-18 19:26:18 +02:00
Byounguk Lee
b50b9c0dbc events: support artifact events with refactored event forwarding
- libpod/events.go & libpod/runtime.go: Added the `Artifact` event type.
  Refactored and deduplicated event forwarding logic by introducing
  `spawnEventForwarder[T any]`, replacing separate goroutine loops for
  images and artifacts. Implemented graceful shutdown and resolved eventer
  initialization race conditions.
- libpod/events: Implemented event filtering by name/ID, updated journald
  and logfile readers/writers for artifact events, and added `Artifact` to
  `ToHumanReadable` formatting.
- cmd/podman: Added shell auto-completion for `artifact=` and `type=artifact` filters.
- docs/test: Documented the `artifact` event type, statuses, and filters in
  `podman-events.1.md`. Added an end-to-end test in `events_test.go` to verify
  event emissions.

Signed-off-by: Byounguk Lee <nimdrak@gmail.com>
2026-05-18 00:05:10 +00:00
KyounghoonJang
3d899a8c25 volume prune: add dry-run support
Add a --dry-run option to show which volumes would be pruned without removing them.

Related: #27838
Signed-off-by: KyounghoonJang <matkimchi_@naver.com>
2026-05-16 19:03:34 +09:00
Byounguk Lee
6e089b421b completion: add artifact support to podman inspect
Autocompletion for `podman inspect` now includes artifact names,
matching the behavior of other object types like containers, images,
pods, networks, and volumes.

Signed-off-by: Byounguk Lee <nimdrak@gmail.com>
2026-05-13 02:38:25 +00:00
Jiwoo Ahn
ec583fa17f filters: add annotation filter for containers Fixes: #28562
Signed-off-by: Jiwoo Ahn <ikwydls1314@gmail.com>
2026-05-11 20:24:28 +09:00
Paul Holzinger
a7ed92280a Merge pull request #28569 from mheon/60_migrate
Podman 6: Automatic BoltDB to SQLite migration
2026-05-08 21:36:52 +02:00
Matt Heon
d420fbfde3 Add migration code for BoltDB to SQLite
This is gated behind a new option in `podman system migrate`,
`--migrate-db`, or by a system restart being performed.

BoltDB support was removed in Podman 6, so we are certain that,
when we start Podman, a SQLite state is in use. However, if we
also detect a valid BoltDB state, we will attempt a migration.

Migration is performed by retrieving all volumes, pods, and
containers (in that order, to ensure there are no dependency
conflicts) from the Bolt database, when adding them to the SQLite
database. If there is a conflict - IE, a container exists in both
SQLite and Bolt - we skip migration for that object. The old DB
is then renamed so we do not try to migrate it again.

Our ability to test complex migration scenarios is limited, but
this should handle simple migrations easily.

This is a heavily adapted version of #27660 rebuilt to work with
Podman 6.0. Substantial changes were required to throw errors
when a BoltDB database is detected and no migration is being
performed. Firstly, for automatic on-reboot migrations, we need
to have a deferred error returned by getDBState (very early in
runtime initialization) that is only acted on much later (once we
know for certain a state refresh is/is not being performed).
The `system migrate --migrate-db` command was much more
problematic. Conceptually, it's not terrible - add a flag to the
runtime to suppress errors, set that flag only when calling the
`system migrate` command with `--migrate-db` - but it unveiled a
serious problem with how we do runtime init (special flags to the
runtime were being ignored because the image runtime set the
Libpod runtime first and had none of the proper handling) which
took a genuinely annoying amount of time to identify and fix.

This cannot be tested automatically, as the ability to create Bolt
databases has been entirely removed with Podman 6.

This also includes 9b810aed3a from
the v5.8 branch by Luap99, which I have had to squash into this
commit to satisfy the build-each-commit check. It was just a
simplification of the SQLite path check.

Signed-off-by: Matt Heon <matthew.heon@pm.me>
2026-05-08 14:07:17 -04:00
Ashley Cui
462b24479b Use tmp context dir when building with process substitution
Podman defaults to the directory of the Containerfile when no context dir is explicitly provided.
When running podman build with process subsituiton,  `podman build -f <(echo "FROM scratch")`,
the Containerfile path expands to `/dev/fd/<NUM>`, which makes `/dev/fd` the context dir.
When building, Buildah attempts to create an overlay mount on top of the `/dev/fd` context dir, which fails.

In these cases, use a temp context dir instead: `$TMPDIR/podman-build-context-$randnum`

Fixes: https://github.com/containers/podman/issues/28113

Signed-off-by: Ashley Cui <acui@redhat.com>
2026-05-08 10:39:38 -04:00
Jan Rodák
d5b4685cc8 Fix lint issue with replace reflect.Ptr with reflect.Pointer
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-05-04 13:48:36 +02:00
Jan Rodák
4a3b214e3f Sort network ls labels
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-04-30 18:05:30 +02:00
Jan Rodák
dc4495ec64 volume ls: format labels as comma-separated key=value strings
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-04-30 18:05:06 +02:00
Jan Rodák
f460bc0ae5 ps: format labels as comma separated key=value for Docker compatibility
Fixes: https://github.com/containers/podman/issues/21847

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-04-30 18:04:49 +02:00
Mario Loriedo
15c9ca130f Add command podman system hyperv-prep
Introducing a new `podmand system` subcommand to prepare a Windows host
to run Hyper-V based Podman machines: `hyperv-prep`.

When executed it:
- creates of the registry keys for VSocks
- adds the current user to the Hyper-V administrators group

This command requires an administrator terminal.

Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
2026-04-29 23:00:29 +02:00