When initing a podman machine, we match core's UID to the UID of the user on the host. If the UID is in the subUID range, the machine throws an error. Check if the UID is within the default range for /etc/subuid (10000:1000000), and if it is, we adjust the range to not include it.
Signed-off-by: Ashley Cui <acui@redhat.com>
GetSystemDefaultProvider reworked to fetch provider value from
the config file.
Additional environment variable CONTAINERS_MACHINE_PROVIDER is
supported to override the config for testing purposes.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
When we encounter an error while pushing a manifest list, don't claim
that we encountered an error while adding an item to the list.
[NO NEW TESTS NEEDED]
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
It really does not make sense to call RemoveConnection() twice and then
update the config file a third time in updateDefaultMachineinConfig().
This results in unnecessary reads/writes and more code.
Simplyfy this into one function that is only called once and do all
updates at once.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the connection remove call must be done inside the function that is
returned so that we wait until the user confirmed it.
Fixes#18330
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In rare instances, if podman machine start does not exit correctly, the machine can be left in a "Starting" state, when in reality the machine is stopped. This prevents the user from actually starting the machine. This commit makes sure that on `podman machine stop`, we check if this is the case, and correctly set the starting state to false, allowing the user to start their machine again.
Signed-off-by: Ashley Cui <acui@redhat.com>
The problem right now is that --ns contianer: syntax causes use to add
the namespace path to the spec which means the runtime will try to call
setns on that. This works fine for private namespaces but when the host
namspace is used by the container a rootless user is not allowed to
join that namespace so the setns call will return with permission
denied.
The fix is to effectively switch the container to the `host` mode
instead of `container:` when the mention container used the host ns. I
tried to fix this deep into the libpod call when we assign these
namespaces but the problem is that this does not work correctly because
these namespace require much more setup. Mainly different kind of mount
points to work correctly.
We already have similar work-arounds in place for pods because they also
need this.
For some reason this does not work with the user namespace, I don't know
why and I don't think it is really needed so I left this out just to get
at least the rest working. The original issue only reported this for the
network namespace.
Fixes#18027
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When checking for new images on registries, do not suppress
and debug-log errors but return them. Other images and units
will still be processed.
That is important to a) stop hiding flaky registries (see #18321)
b) mark the updates as `failed` instead of `false`
[NO NEW TESTS NEEDED]
Closes: #18321
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This reverts commit 6b6458916e (Resolve
symlink path for qemu directory if possible).
Fully resolving the symlink to qemu solves some issues for
aarch64-darwin nix with regards to finding `edk2-aarch64-code.fd`, but
unfortunately the fully resolved path includes the version number,
making it so that even patch updates break the path to
homebrew-installed qemu files.
Fixes https://github.com/containers/podman/issues/18111
[NO NEW TESTS NEEDED]
Signed-off-by: Nathan Henrie <nate@n8henrie.com>
Resolves Win Installer CI issues where dep processing variance can
pull in gpgme, which doesn't compile on Windows without a
specialized msys2 setup.
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Wire in support for writing the digest of the pushed image to a
user-specified file. Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.
Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The Report will be used in a future change as a new return value for the
internal Push API.
Note: this change is only breaking internal APIs while user-facing
external ones remain unchanges.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
PR #15093 implemented support for NoPrune in the ImageRemoveOptions,
this PR simply brings that also to the compat API along with
regression tests.
Signed-off-by: Andreas Kohn <andreas.kohn@gmail.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
on machine start, create a socket representing the machine's podman
service socket so local (to the host) applications can take advanatge of
it.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
If Pull() fails, which it does on registry or network flakes,
bail out early: there's no point in continuing. Same with
Save() and restoreImageFromCache(), although those are
unlikely to fail.
Possibly better solution: retry with backoff. Left as exercise
for future maintainer.
Use Expect() for failure checks, and correct two existing
instances of Printf()/Exit() to also use Expect().
Signed-off-by: Ed Santiago <santiago@redhat.com>
When using podman machine with hyperv, stop was releasing the terminal
back top the user prematurely. This resulted in users being able to run
subsequent commands while the vm was still stopped. Commands like
machine stop were prone to failing.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
podman machine with Microsoft HyperV will use hvsock on the guest and
vsock on the guest for its networking. this pr enables the basics for
this to happen as well as changes to ignition to automatically set this
up with network manager.
the vm binary referenced in this pr is in containers/gvisor-tap-vsock
and will need to be added to distributions.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fix a number of bugs wrt. filtering remote containers and how to
process specified names or IDs. I _really_ do not like the duplication
between remote and local Podman but want to focus on fixing #18153
for now.
What I desire in the future is to consolidate all functionality of
looking up containers (all, latest, filters, specified names/IDs, etc.)
and for remote clients to just call containers/list etc.
Fixes: #18153
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The documentation says
> The new Buffer takes ownership of buf, and the
> caller should not use buf after this call.
so use the more directly applicable, and simpler, bytes.Reader instead, to avoid this potentially risky use.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Windows HyperV uses HVSocks (Windows adaptation of vsock) for
communicating between vms and the host. Podman machine in Qemu uses a
virtual UDS to signal the host that the machine is booted. In HyperV,
we can use a HVSOCK for the same purpose.
One of the big aspects of using HVSOCK on Windows is that the HVSOCK
must be entered into the Windows registry. So now part of init and rm
of a podman machine, entries must be added and removed respectively.
Also duplicates are a no-no.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Podman is attempting to split the headers returned by the ps
command into a list of headers. Problem is that some headers
are multi-word, and headers are not guaranteed to be split via
a tab. This PR splits the headers bases on white space, and for
the select group of CAPS headers which are multi-word, combines
them back together.
Fixes: https://github.com/containers/podman/issues/17524
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Update e2e tests not to expect the flag
System tests - explicitly set the log driver to be able to parse the output
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
When using the docker REST API to wait for a container to be removed,
for example, WaitContainerDocker uses a one microsecond interval between
poll requests. This ends up being effectively a busy-wait, with the
podman system service spinning at > 100% CPU time.
The equivalent Podman method uses a 250ms default. Use that for the
docker variant, too.
I'm going to optimistically assert [NO NEW TESTS NEEDED] - given there's
no functional change here, and a test will require some form of mocking
or strac'ing the binary for evidence that it's polling less frequently,
unless someone who is familiar with podman can briefly explain what kind
of test would be appropriate here.
Signed-off-by: Peter Edwards <peadar@arista.com>
Fixes: #18150
