The upcoming commit to support checkpointing out of Pods requires CRIU
3.16. This changes the CRIU version check to support checking for
different versions.
Signed-off-by: Adrian Reber <areber@redhat.com>
Commit 341e6a1 made sure that all exec sessions are getting cleaned up.
But it also came with a peformance penalty. Fix that penalty by
spawning the cleanup process to really only cleanup the exec session
without attempting to remove the container.
[NO TESTS NEEDED] since we have no means to test such performance
issues in CI.
Fixes: #10701
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Pull policies in K8s yaml may be capitalized, so lower them before
parsing.
Fixes: bugzilla.redhat.com/show_bug.cgi?id=1985905
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
By proxy by vendoring containers/common. Previously, a "dangling" image
was an untagged image; just a described in the Docker docs. The
definition of dangling has now been refined to an untagged image without
children to be compatible with Docker.
Further update a redundant image-prune test.
Fixes: #10998Fixes: #10832
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
compat containers/logs was missing actual usage of until query param.
This led me to implement the until param for libpod's container logs as well. Added e2e tests.
Signed-off-by: cdoern <cdoern@redhat.com>
As a conclusion of a discussion in #10861, until filter is added
by this commit to volume ls filters.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
The global flag will work in either location, and this flag just breaks
users expectations, and is basically a noop.
Also fix global storage-opt so that podman-remote can use it.
[NO TESTS NEEDED] Since it would be difficult to test in ci/cd.
Fixes: https://github.com/containers/podman/issues/10264
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fixes: https://github.com/containers/podman/issues/10969
[NO TESTS NEEDED] We added tests for this, but they don't seem to be
running. If I run the local system tests, they fail with the current
Podman and work with this version.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Handle the platform parameter correctly. The parameter was only parsed
in presence of credentials and the code was a bit complex. Also add a
regression test.
Fixes: #10977
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Require the network to be online in all (generated) systemd units to
make sure that containers and Podman run only after the network has been
fully configured.
Fixes: #10655
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The `IgnorePlatform` options has been removed from the
`LookupImageOptions` in libimage to properly support multi-arch images.
Skip one buildah-bud test which requires updated CI images. This is
currently being done in github.com/containers/podman/pull/10829 but
we need to unblock merging common and buildah into podman.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Make sure that containers configured for auto removal
(e.g., via `podman create --rm`) are removed in `podman start`
if starting the container failed.
Fixes: #10935
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Adds the new --infra-name command line argument allowing users to define
the name of the infra container
Issue #10794
Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
added support for --pid flag. User can specify ns:file, pod, private, or host.
container returns an error since you cannot point the ns of the pods infra container
to a container outside of the pod.
Signed-off-by: cdoern <cdoern@redhat.com>
There was an race condition when calling `GetRootlessCNINetNs()`. It
created the rootless cni directory before it got locked. Therefore
another process could have called cleanup and removed this directory
before it was used resulting in errors. The lockfile got moved into the
XDG_RUNTIME_DIR directory to prevent a panic when the parent dir was
removed by cleanup.
Fixes#10930Fixes#10922
To make this even more robust `GetRootlessCNINetNs()` will now return
locked. This guarantees that we can run `Do()` after `GetRootlessCNINetNs()`
before another process could have called `Cleanup()` in between.
[NO TESTS NEEDED] CI is flaking, hopefully this will fix it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a --dry-run flag to `podman auto-update` which will look for new
images but won't perform any pull or restart any service or container.
The "UPDATED" column will now indicate the availability of a newer image
via "pending".
```
$ podman auto-update --dry-run
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Fixes: #9949
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
$ mkdir zzz;cd zzz
$ printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\nCOPY subdir ./\n" >Dockerfile
$ printf "*\nsubdir\n\!*/sub1*\n" >.dockerignore
$ mkdir subdir; touch subdir/sub1.txt
$ ../bin/podman-remote build .
Should fail, but succeeds because we are not sending over the
.dockerignore file to the server side. This PR will send the
.dockerignore so the server side and use it.
Fixes: #10907
Also if both .containerignore and .dockerignore in the context
directory, podman-remote should prefer .containerignore and not use
.dockerignore.
Fixes: #10908
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The rather raw and scarce output of `podman auto-update` has been a
thorn in my eyes for a longer while. So far, Podman would only print
updated systemd units, one per line, without further formatting.
Motivated by issue #9949 which is asking for some more useful
information in combination with a dry-run feature, I sat down and
reflected which information may come in handy.
Running `podman auto-update` will now look as follows:
```
$ podman auto-update
Trying to pull [...]
UNIT CONTAINER IMAGE POLICY UPDATED
container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false
```
Also refactor the spaghetti code in the backend a bit to make it easier
to digest and maintain.
For easier testing and for the sake of consistency with other commands
listing output, add a `--format` flag.
The man page will get an overhaul in a follow up commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
On EOF of STDIN, we need to perform a one-sided close of the
attach connection on the client side, to ensure that STDIN
finishing will also cause the exec session to terminate, instead
of hang.
Fixes#7360
Signed-off-by: Matthew Heon <mheon@redhat.com>
Pass a single context.Context through the call stack. If auto-updates
will ever be made available for REST calls, the context will help
supporting disconnected clients.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Use the `HasDifferentDigest()` method of the image to replace the
previous checks if an image needs to be updated.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
