I happened to run `podman run --config=/path/to/file` and got
an error without a trailing newline, which was a bit jarring.
Fix the instances I noticed.
Assisted-by: OpenCode (Claude Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
The `*os.File` returned by `pathrs.OpenatInRoot` needs to
be closed before returning from `openSymlinkPath`
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
This PR removes support for Intel Apple Macs. The removal includes
impacts to code, tests, Makefile, builds, release builds, and so forth.
Fixes Jira: RUN-3621
Signed-off-by: Brent Baude <bbaude@redhat.com>
Previously, using --secret=id=foo,env=BAR in remote mode would fail because the client sent the env var name to the server, which tried to resolve it locally. This patch modifies the client to resolve the environment variable locally, write it to a temp file, and send it as a file-based secret.
Fixes#27494
Signed-off-by: ZuhairM7 <ZuhairM7>
Signed-off-by: ZuhairM7 <zuhairmerali@gmail.com>
Update GetAll() and GetByVMType() to add a check to prevent non hyper-v admin users to
interact with hyperv machines.
Users can work with hyperv machines only with elevated rights or if
members of the hyperv administrators group
Signed-off-by: lstocchi <lstocchi@redhat.com>
- Update documentation: Differentiate `unless-stopped` from `always` - containers stopped by the user before a reboot will not restart.
- Add `should-start-on-boot` filter: Identify containers that require a restart after a system reboot.
- Update command documentation: Add `restart-policy` and `label!` filters to the documentation for container commands (rm, ps, start, stop, pause, unpause, restart).
- Add `restart-policy` and `shoud-start-on-boot` to completions.
- Update service: Update `podman-restart.service` to use the `needs-restart=true` filter.
- Preserve state: Preserve the `StoppedByUser` state across reboots.
- Update API: Add a `ShouldStartOnBoot()` method to the Container API.
- Update documentation: Add descriptions for the `should-start-on-boot` filter.
Fixes: https://issues.redhat.com/browse/RHEL-129405
Fixes: https://github.com/containers/podman/issues/20418
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
The WSL machine start was using the function FindExecutablePeer that
ignores user configuration (helper_binaries_dir). FindHelperBinary
instead is used when starting the machine for the rest of the providers
and honors user configuration.
This commit requires 4877783c37
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
The --macvlan flag was deprecated in Podman 3.x and was scheduled
for removal in version 4.0. Since we're now at version 6.0.0-dev,
this commit removes the deprecated flag and its associated code.
Users should now use the standard syntax:
podman network create --driver macvlan --opt parent=<device> <name>
Signed-off-by: shiavm006 <shivammittal42006@gmail.com>
There doesn't seem any reason why the system commands should not join
the userns. In particular the main commands use ParentNSRequired and
UnshareNSRequired when they don't want to be joined to the main userns.
Since the system command don't set these the go code does the join and
re-exec anyway so might as well use the shortcut to speed that up.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When trying to join the conmon pid to recreate the pause process based
on the namespace it can be that the pid is no longer valid, i.e. when
conmon crashed or was killed.
Currently we have a big issue that can be reproduced using:
$ podman run -d quay.io/libpod/testimage:20241011 sleep 100
$ killall -9 conmon
$ killall catatonit
All commands would fail as we keep trying to rejoin the namespace of the
non existing conmon process.
So to address that fall back to creating a new namespace if we fail to
join the conmon pids.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Just a minor improvement as we know the size needed for the slice we can
allocate it only once instead of the append having to resize it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Based on the description in commit 63ef557 this was added so that the
migrate command does not move the pause process into a separate cgroup.
It should however not disable the rejoining of the userns when the pause
process join failed. BEcause of this we end up calling migrate without a
userns and that then can fail if there are actual contianer it tries to
cleanup.
Fixes: 63ef5576ed ("command: migrate doesn't move process to cgroup")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There is no good reason to use logrus and os.Exit() here, other parts of
this function already return the error so do the same. The main podman
process will exit then with the normal formatted error message.
And also log an error about the last return which should never happen as
we should have exited above if the re-exec worked or errored out.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The virtiofs mount points do not actually are network mounts so we can
mount them earlier and using multi-user.target to enable them was wrong.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- remove old CLI validation that only checked --pod flag
- add validation in namespaces.go to catch all paths (cli, quadlet, api)
- block userns mixing for all pods with infra, not just ipc/net
- update error message to be clearer
- fix test cleanup to use PodmanExitCleanly()
- use dynamic pod names in system tests to avoid conflicts
fixes#26848
Signed-off-by: 0xdvc <neilohene@gmail.com>
This also then bumps github.com/opencontainers/runtime-spec to v1.3.0
which contains breaking changes of the pid type as such we had to update
all the podman callers.
And tags.cncf.io/container-device-interface also used some changed
types from it and they have been updated in main so bump to the latest
commit there as well in order to get podman to compile properly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
if users have legacy VMs (podman machines having hvsock registry entries
with the machineName field) when using podman with this patch, their
Registry entries will never be deleted by the functions added in
previous commits.
This commit adds a helper func to clean the Registry when these legacy
machines get removed
Signed-off-by: lstocchi <lstocchi@redhat.com>
Previously, each new HyperV Podman machine required creating new hvsock
registry entries, necessitating administrator privileges.
This change modifies the HyperV provider to reuse existing hvsock
entries if found. This is possible due to Podman's current
limitation of running only one HyperV machine at a time.
As a result, administrator privileges are only needed for the first initial
machine setup (when the registry is empty). Subsequent machines can be created by users in the
"Hyper-V Administrators" group without being Admin.
Hvsock entries are no longer deleted on each machine removal; cleanup
is handled when the last machine gets removed.
Signed-off-by: lstocchi <lstocchi@redhat.com>
