Using os.Is{Exist,NotExist,Permission} checks is not recommended in the
new code (see official documentation). While using it in the existing
code is OK, it may still result in a subtle errors later (for a specific
example of that, see [1]).
Replace those with errors.Is.
Generated by:
gofmt -r 'os.IsExist(a) -> errors.Is(a, os.ErrExist)' -w .
gofmt -r 'os.IsNotExist(a) -> errors.Is(a, os.ErrNotExist)' -w .
gofmt -r 'os.IsPermission(a) -> errors.Is(a, os.ErrPermission)' -w .
goimports -w .
git diff vendor test/tools/vendor | patch -p1 -R
[1]: https://github.com/opencontainers/runc/pull/5061
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Add rootless_port_forwarder="pasta" option that uses pesto to update
pasta's forwarding table via UNIX socket, preserving source IPs that
rootlessport's userspace proxy masks.
HostIP is stripped from port mappings in the netavark wrapper when
pasta forwarding is active because pesto handles host-side binding
while pasta's splice changes the destination IP that netavark DNAT
expects. Pesto binds both 0.0.0.0 and [::] for dual-stack support.
Fixes: https://redhat.atlassian.net/browse/RUN-2214
Fixes: https://github.com/containers/podman/issues/8193
Fixes: https://redhat.atlassian.net/browse/RUN-3587
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
When a network is created without gateway, i.e. --internal --disable-dns
then the gateway will be nil. But converting a nil ip to string produces
"<nil>" which is not what we want as we like an empty string there to
signal that the network has no gateway.
Fixes: #28705
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- libpod/events.go & libpod/runtime.go: Added the `Artifact` event type.
Refactored and deduplicated event forwarding logic by introducing
`spawnEventForwarder[T any]`, replacing separate goroutine loops for
images and artifacts. Implemented graceful shutdown and resolved eventer
initialization race conditions.
- libpod/events: Implemented event filtering by name/ID, updated journald
and logfile readers/writers for artifact events, and added `Artifact` to
`ToHumanReadable` formatting.
- cmd/podman: Added shell auto-completion for `artifact=` and `type=artifact` filters.
- docs/test: Documented the `artifact` event type, statuses, and filters in
`podman-events.1.md`. Added an end-to-end test in `events_test.go` to verify
event emissions.
Signed-off-by: Byounguk Lee <nimdrak@gmail.com>
Add missing defer Close() calls in four locations:
- libpod/container.go: specFromState() opens the container config file
but never closes it after reading, leaking one fd per call.
- libpod/container_internal_common.go: checkpoint() and restore() each
open the bundle directory for CRIU statistics but never close it,
leaking one fd per checkpoint/restore operation.
- pkg/machine/shim/host.go: Init() opens the playbook file but never
closes it after ReadAll, leaking one fd per machine init.
Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Add a --dry-run option to show which volumes would be pruned without removing them.
Related: #27838
Signed-off-by: KyounghoonJang <matkimchi_@naver.com>
This commit addresses two concerns.
Bind dual stack when hostIP unless it is explicitly specified. Since we
use listen(), this change resulted in blocked connections on stacks
without matching DNAT rules (e.g. connecting to [::1] on an IPv4-only
network) because the TCP handshake on the reservation socket would complete
instead of returning ECONNREFUSED allowing the client to fallback to IPv4.
Replacing listen() with raw socket() and bind() syscalls fixes this by
allowing us to reserve this port without accepting connections; clients
get ECONNREFUSED and fall back to IPv4 automatically, as is desired.
Fixes: https://github.com/containers/netavark/issues/1338
Co-authored-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
This is gated behind a new option in `podman system migrate`,
`--migrate-db`, or by a system restart being performed.
BoltDB support was removed in Podman 6, so we are certain that,
when we start Podman, a SQLite state is in use. However, if we
also detect a valid BoltDB state, we will attempt a migration.
Migration is performed by retrieving all volumes, pods, and
containers (in that order, to ensure there are no dependency
conflicts) from the Bolt database, when adding them to the SQLite
database. If there is a conflict - IE, a container exists in both
SQLite and Bolt - we skip migration for that object. The old DB
is then renamed so we do not try to migrate it again.
Our ability to test complex migration scenarios is limited, but
this should handle simple migrations easily.
This is a heavily adapted version of #27660 rebuilt to work with
Podman 6.0. Substantial changes were required to throw errors
when a BoltDB database is detected and no migration is being
performed. Firstly, for automatic on-reboot migrations, we need
to have a deferred error returned by getDBState (very early in
runtime initialization) that is only acted on much later (once we
know for certain a state refresh is/is not being performed).
The `system migrate --migrate-db` command was much more
problematic. Conceptually, it's not terrible - add a flag to the
runtime to suppress errors, set that flag only when calling the
`system migrate` command with `--migrate-db` - but it unveiled a
serious problem with how we do runtime init (special flags to the
runtime were being ignored because the image runtime set the
Libpod runtime first and had none of the proper handling) which
took a genuinely annoying amount of time to identify and fix.
This cannot be tested automatically, as the ability to create Bolt
databases has been entirely removed with Podman 6.
This also includes 9b810aed3a from
the v5.8 branch by Luap99, which I have had to squash into this
commit to satisfy the build-each-commit check. It was just a
simplification of the SQLite path check.
Signed-off-by: Matt Heon <matthew.heon@pm.me>
If we're going to maintain migration capability for the full
lifespan of 6 - and I think we're going to have to - the only
sane options are a separate binary that exclusively performs
migrations, or re-adding BoltDB code - in a very minimal way - to
allow us to perform migrations within the standard 6 binary.
After attempting the separate binary approach, results are not
promising - it's impossible to strip enough out to make a truly
small binary that still does what we need to perform a migration.
That leaves re-adding BoltDB code.
This adds a minimal version of the BoltDB code that no longer
claims to be a valid State (freeing us from the requirement of
continued maintenance - we should never touch these bits again
until they get removed in 7) which has just enough to get every
container, pod, and volume in the DB, so we can migrate them to
SQLite.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Apparently paths can have colons in them, and this completely breaks
parsing:
Error: could not find any cgroup in "/proc/6080/cgroup"
$ cat /proc/6080/cgroup
0::/user.slice/user-10000.slice/user@10000.service/app.slice/app-dbus\x2d:1.2\x2dorg.gnome.Console.slice/3809f153fce7324de5298d0d9b2782bb76f75f4603c2085acce13f71348c1fb6
This limits the split to 3 fields, so that colons in the path don't
cause problems.
Signed-off-by: Clayton Craft <clayton@craftyguy.net>
Replace remaining references to Slirp/slirp4netns in code comments
with Pasta or remove them where the reference is no longer relevant.
Signed-off-by: Lokesh Mandvekar <lsm5@linux.com>
When a container in a pod is stopped, its container name is removed from /etc/hosts. etchosts.Remove() filters for any entry matching the container name or the pod hostname. A pod with additional host entries like --add-host FQDN;pod-hostname:127.0.0.1 is affected by this deletion, too.
Only the container name needs to be removed when a container is stopped.
Signed-off-by: Clemens Klug <git@agp8x.org>
The default std json behavior is to escape &, < and >. Because we print
to the terminal we do not want escapes and rather the real chars.
That is what PrintGenericJSON() does but because we have custom
MarshalJSON() overwrite on the type which called json.Marshal() this
option was not carried into that. The inner type must not escape it.
This is not a problem in the other direction because the outer
json.Marshal call will still escape the chars returned from the inner
MarshalJSON() result if needed.
Fixes: #28560
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The podman module paths are moving from github.com/containers/podman to
go.podman.io/podman. This will help with future mobility.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Check the result from the volume config deletion
to verify rows were actually affected. If no
rows were deleted, return ErrNoSuchVolume.
Signed-off-by: Donal O'Sullivan <osullivanpatrickdonal@gmail.com>
This PR reflects the upstream change of moving the buildah module from
github.com/containers/buildah to go.podman.io/buildah.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Use shared configfile instead of custom policy.json path handling.
This updates ocipull to rely on signature.DefaultPolicy(), removes
explicit SignaturePolicyPath, and replaces trust's custom default-policy
path logic with common configfile code.
Replace hidden `--policypath` with --signature-policy` and require
it for `trust set` command instead of path resolution based on
configfile.
For `trust get`, the `--signature-policy` is optional.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This was implemented by containers/netavark #1369; this commit
completes the process by wiring it into Podman. We now respect
the CLI order for configured networks - if a user passes
`--net net1,net2` we guarantee that net1 will be configured
before net2.
For containers created before this patch, we don't retain enough
information to configure networks in CLI order, so we use
alphabetical order instead to still guarantee consistency.
No breaking API changes have been made, but we do add a new
field to supplement the existing map to (optionally) provide
ordering information. The Podman CLI will always pass this.
Existing applications that do not will, again, receive]
deterministic ordering based on an alphabetical sort of network
names.
This requires the latest version of Netavark to work properly.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The systemd timer created for health checks did not pass global
podman flags to the subprocess, causing it to use default storage
settings instead of matching the parent process. This is most
visible with --transient-store, where the healthcheck looks up
the container in the default store instead of the volatile one.
Extract GlobalPodmanArgs() from CreateExitCommandArgs so both the
exit command and healthcheck timer share the same set of global
flags (--root, --runroot, --transient-store, --storage-driver, etc.).
Fixes: https://github.com/containers/podman/issues/28483
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Remove all slirp4netns-specific setup and helper functions while
preserving the RootlessRLK port mapping functions that are still
used by pasta and bridge networking.
Rename networking_slirp4netns.go to networking_rootlessport.go.
Convert the slirp4netns compose test to use pasta instead.
Remove rootlessSlirpSyncR/W fields from container struct and
getSlirp4netnsIP stub from FreeBSD networking.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Using --network=slirp4netns now returns a hard error directing
users to pasta and `podman system migrate`.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Add slirp4netns to pasta migration in `podman system migrate`. When
run, it changes the NetMode from slirp4netns to pasta and removes
any slirp4netns network options. Warns about options that cannot be
mapped to pasta (e.g. cidr, allow_host_loopback). The config is
persisted via RewriteContainerConfig.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Just as additional hardening.
Note chrootarchive does not work on macos/windows, in that case it still
falls back to the regular pkg/archive.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The go std os package to will always make sure to use O_CLOEXEC, however
in cases where we directly call unix.Open() we need to pass that flag
explicitly.
I looked at this as there was a report of a leaked fd on the pasta list,
though I am not sure this will address it.
But anyway doing this should be rather safe and avoid leaks into other
processes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
ExecContainerHTTP returns attachChan to its caller before attachExecHTTP
finishes. The caller's deferred close(holdConnOpen) can therefore fire
while attachExecHTTP is still running (including its own deferred
cleanups), which races with the goroutine inside attachExecHTTP that
reads deferredErr after <-holdConnOpen unblocks.
Fix this by introducing an errCh channel: deferred functions write
deferredErr into it, and the goroutine reads from it after
<-holdConnOpen unblocks, ensuring the read happens-after all writes to
the named return value.
Fixes: #28277
Signed-off-by: crawfordxx <crawfordxx@users.noreply.github.com>
Add support for `default_host_ips` in containers.conf to set default
host IP(s) if no IP is set when forwarding ports. Multiple IPs can be
configured, and passing explicit IP with -p will always override
the configured defaults.
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
