Replace remaining references to Slirp/slirp4netns in code comments
with Pasta or remove them where the reference is no longer relevant.
Signed-off-by: Lokesh Mandvekar <lsm5@linux.com>
The podman module paths are moving from github.com/containers/podman to
go.podman.io/podman. This will help with future mobility.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Currently, running Podman on Hyper-V as a non-administrator requires the user to be a member of the "Hyper-V Administrators" local group. If they are not, various WMI calls fail with access denied.
This commit automates the permission setup.
1. During podman machine init, if Podman is running with elevated privileges (required for registry/networking setup anyway), it will now automatically add the current user to the localized "Hyper-V Administrators" group
2. If a user is added to the group, the change is not reflected until the next login. We now detect this state and explicitly instruct the user to log out and back in.
3. Modified the Hyper-V stubber to handle permission checks at the method level rather than the provider selection level (GetAll). This allows init to continue far enough to perform the elevation and setting.
Signed-off-by: lstocchi <lstocchi@redhat.com>
This PR reflects the upstream change of moving the buildah module from
github.com/containers/buildah to go.podman.io/buildah.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Use shared configfile instead of custom policy.json path handling.
This updates ocipull to rely on signature.DefaultPolicy(), removes
explicit SignaturePolicyPath, and replaces trust's custom default-policy
path logic with common configfile code.
Replace hidden `--policypath` with --signature-policy` and require
it for `trust set` command instead of path resolution based on
configfile.
For `trust get`, the `--signature-policy` is optional.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The Docker client (docker run) sends /wait then /start, but it only
sends /start after receiving the 200 OK response from /wait. Previously,
the event subscription for the "died" event was set up after the 200 was
sent, creating a window where a fast-exiting container (e.g. hello-world)
could emit its "died" event before the subscription was ready, causing
the client to hang forever.
Fix this by subscribing to "died" events before flushing the 200 status
code. This guarantees the event listener is ready before the client can
send /start, eliminating the race entirely.
Fixes: https://github.com/containers/podman/issues/28514
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
These are two new Buildah flags that we need to wire into Podman
(both local and remote) and document, with the interesting note
that one requires the other and a check needed to be added for
that.
Also: secret parsing was tightened up in Buildah, and was
breaking the remote build tests. Rewire it to use the new parser
Buildah made, which ends up simplifying the code considerably.
Tests are back to passing afterwards.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This was implemented by containers/netavark #1369; this commit
completes the process by wiring it into Podman. We now respect
the CLI order for configured networks - if a user passes
`--net net1,net2` we guarantee that net1 will be configured
before net2.
For containers created before this patch, we don't retain enough
information to configure networks in CLI order, so we use
alphabetical order instead to still guarantee consistency.
No breaking API changes have been made, but we do add a new
field to supplement the existing map to (optionally) provide
ordering information. The Podman CLI will always pass this.
Existing applications that do not will, again, receive]
deterministic ordering based on an alphabetical sort of network
names.
This requires the latest version of Netavark to work properly.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
With netavark v2 we start to default to strict isolation mode in
netavark[1] as such that already matches the docker behavior.
Therefore no longer hard code the isolate option in the compat api.
Podman v6 is requires netavark v2 for other changes already so we do
not need to worry about podman 6 + older netavark here.
[1] https://github.com/containers/netavark/pull/1438Fixes: #27349
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The systemd timer created for health checks did not pass global
podman flags to the subprocess, causing it to use default storage
settings instead of matching the parent process. This is most
visible with --transient-store, where the healthcheck looks up
the container in the default store instead of the volatile one.
Extract GlobalPodmanArgs() from CreateExitCommandArgs so both the
exit command and healthcheck timer share the same set of global
flags (--root, --runroot, --transient-store, --storage-driver, etc.).
Fixes: https://github.com/containers/podman/issues/28483
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
Remove all slirp4netns-specific setup and helper functions while
preserving the RootlessRLK port mapping functions that are still
used by pasta and bridge networking.
Rename networking_slirp4netns.go to networking_rootlessport.go.
Convert the slirp4netns compose test to use pasta instead.
Remove rootlessSlirpSyncR/W fields from container struct and
getSlirp4netnsIP stub from FreeBSD networking.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Using --network=slirp4netns now returns a hard error directing
users to pasta and `podman system migrate`.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Previously, when default_rootless_network_cmd was empty, podman
would fall back to slirp4netns. Change this to default to pasta
instead. Remove the now-unused slirp4netns import.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The server already does validate this so this is not strictly needed and
the client must trust the server no matter what.
But adding an extra check here does not hurt and may help prevent future
bugs.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Just as additional hardening.
Note chrootarchive does not work on macos/windows, in that case it still
falls back to the regular pkg/archive.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Under normal circumstances this is not a problem as the archive file
created podman container checkpoint will no create symlinks.
However if a user passes a custom archive they could contain symlinks
that point outside our root. To resolve them within the root use
securejoin.
Note this is not a security problem because the full archive must be
trusted by a user to begin with as it contain the full container config.
Fixes: #27977
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The old ErrRelaunchAttempt name was ambiguous — it reads as though the
relaunch attempt failed, when it actually signals success. Rename to
ErrRelaunchSucceeded and update comments at every call site to clarify
that this is not a real error but a sentinel indicating the elevated
child process completed the operation successfully.
Also fix a bug in WSL's launchElevate where a failed elevated process
was incorrectly wrapped with the sentinel, causing callers to treat the
failure as success and print "Machine init complete."
Signed-off-by: lstocchi <lstocchi@redhat.com>
This commit adds automatic UAC elevation prompts for HyperV machine
init/rm actions when administrator privileges are required.
Previously, users had to manually run Podman as administrator
when creating the first machine or removing the last machine, which
requires Windows Registry modifications.
When the HyperV command gets relaunched as elevated, the error of the
elevated process is saved on a file to be displayed by the caller. The
implementation is the same as that used by WSL.
Signed-off-by: lstocchi <lstocchi@redhat.com>
The go std os package to will always make sure to use O_CLOEXEC, however
in cases where we directly call unix.Open() we need to pass that flag
explicitly.
I looked at this as there was a report of a leaked fd on the pasta list,
though I am not sure this will address it.
But anyway doing this should be rather safe and avoid leaks into other
processes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>