The orginal motivation was to give a hint to users to delete the file if
they did not create the storage.conf file since some early versions of
podman did auto generate that file[1].
However that was a really long time ago and with the config file rework
there can be many different storage.conf paths so this warning is no
longer useful so we should be able to remove this now.
[1] https://github.com/containers/podman/issues/7447
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Given the new config file logic will read many files pritning one
specific one here has no meaning anymore, just delete it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As I outlined in the design docs this is broken, there are several
data races here because we write to the config files that can be read by
other goroutines in parallel which violates the go memory model and
thus can lead to runtime panics and undefined behavior.
One could fix with a mutex but that would make the whole code base much
more ugly and there is still the risk that something would access this
field without the mutex held.
I am not sure we have any users using this, it never worked for the
storage side and since the service is a not a daemon any user could just
stop and start it again to re-read the files without having to stop
running containers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In the currently used go.podman.io/common/pkg/libartifact version
there is no store subpackage (yet). Fix the import statement and
usage accordingly.
Fixes: df0e3b6ec7 ("libpod: move artifact volume validation to creation phase"
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Apparently, prealloc got much smarter in this version, so let's disable
it for _test.go files as we're not really interested in
micro-optimizations for the test code.
The rest of its warnings is being fixed by the earlier commits.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Do not reuse names slice for the unrelated data. This fixes the
following prealoc warning:
> libpod/storage.go:109:2: Consider preallocating names with capacity 2 (prealloc)
> names := []string{containerName}
> ^
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Instead of creating a slice and then appending to it, let's inline the
initial slice into append. This may or may not result in less slice
reallocations, but it is silencing the prealloc linter warnings.
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When we already know the resulting slice size but still need/want to use
append, it makes sense to preallocate the slice by using make with the
capacity argument.
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Calling append can lead to resizing the slice. In case we have all
elements beforehand, it is not necessary to call append in the first
place and this avoid resizing.
This is the first part of fixing issues reported by prealloc linter from
golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The main purpose of the transient services/timers is to trigger the
healthcheck execution in regular intervals, their own state should
not depend on the result of the healthchecks. This way there are no
failing systemd services unless there is actually a fatal error.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Use t.Helper, t.TempDir, and t.Cleanup in getEmptySqliteState,
simplifying its code and its users.
Simplify runForAllStates: remove redundant t.Fail call, and move
getEmptySqliteState call under t.Run.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: add test to check if SQLite DB config change will mitigate race condition when multiple podman process start at once.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: Check to ensure only one row was created in DBConfig table.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: Changed no of processes started at once to 20.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: rc reset to 0 to not affect second part of the test, db path is no longer hardcoded in test case.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: Reverted test case.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
lint: removed trailing whitespaces.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
We use only for a single const so inline that and use a better variable
name.
The main reason is the latest version of conmon removed that go code so
the update of it will be broken.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Remove CNI-specific conditional logic and update comments throughout
the libpod networking code:
- Simplified DNS configuration logic in container_internal_common.go
to always use netavark behavior (removed backend checks)
- Removed CNI-specific iptables chain error regex pattern
- Updated all comments referencing 'CNI' to use 'netavark' or
'network backend'
- Renamed variable 'cniNet' to 'netInfo' for clarity
- Updated field and type documentation to remove CNI references
All networking code now assumes netavark as the sole backend.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove runtime configuration options for CNI network backend:
Runtime options:
- Remove WithNetworkBackend() runtime option function
- Function allowed setting network backend programmatically
Flag handling:
- Remove --network-backend flag change detection
- Remove call to WithNetworkBackend() when flag changed
- Remove TODO comment about CNI plugins directory flag
The network backend configuration is now handled entirely by the
vendored common/libnetwork code, which will default to Netavark.
There is no longer any way to configure CNI as the network backend
through Podman's runtime initialization.
Note: libpod/info.go keeps existing NetworkBackend reporting logic
which will automatically report "netavark" as the only backend since
configuration defaults to netavark and cannot be changed to CNI.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
use name_to_handle_at and open_by_handle_at to persist rootless
namespaces without needing a pause process.
The namespace file handles are stored in a file and can be used to
rejoin the namespaces, as long as the namespaces still exist.
Fall back to the pause process approach only when the kernel doesn't
support nsfs handles (EOPNOTSUPP).
The feature is currently only enabled when the PODMAN_NO_PAUSE_PROCESS
environment variable is set.
These changes in the kernel are required (landed in Linux 6.18):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ab378cfa793
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
There are two fields I'm worried about: shared namespaces and pod
containers. Both are generated via loops over maps and are thus
non-deterministic in ordering. Throw a sort on each to fix the
order so we can actually diff `podman pod inspect` output.
Signed-off-by: Matt Heon <mheon@redhat.com>
The code checks for isPathOnVolume and isPathOnMount so we can just use
the SecureJoin here directly to check for path existance.
Then instead of walking symlinks and trying to guess if they are on a
mount just assume if it is a link (path is different from the normal
joined one) then don't error out early and let the OCI runtime deal with
it. The runtime does produce a less readable error but it still fails
and we have much less fragile code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
MkdirAll can fail with EEXIST when the path is a symlink and the target
doesn't exist. As such we should ignore the error.
Note there is something fundemantal wrong here with the path access as
it is following the symlink to the host, however it is only for a
stat() so it is not an security issue here.
Fixes: 637c264e2e ("fix issues found by nilness")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Update documentation: Differentiate `unless-stopped` from `always` - containers stopped by the user before a reboot will not restart.
- Add `should-start-on-boot` filter: Identify containers that require a restart after a system reboot.
- Update command documentation: Add `restart-policy` and `label!` filters to the documentation for container commands (rm, ps, start, stop, pause, unpause, restart).
- Add `restart-policy` and `shoud-start-on-boot` to completions.
- Update service: Update `podman-restart.service` to use the `needs-restart=true` filter.
- Preserve state: Preserve the `StoppedByUser` state across reboots.
- Update API: Add a `ShouldStartOnBoot()` method to the Container API.
- Update documentation: Add descriptions for the `should-start-on-boot` filter.
Fixes: https://issues.redhat.com/browse/RHEL-129405
Fixes: https://github.com/containers/podman/issues/20418
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
