Update the outdated systemd and dbus dependencies which are now provided
as go modules. This will further tighten our dependencies and releases
and pave the way for the upcoming auto-update feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When enabling a systemd service we can specify which target will start
it by specifying it in the `[INSTALL]` section. In case of root, this
is commonly set to `multi-user.target` which is used to start other
essential system services such as the network manager, D-BUS and more.
However, the `multi-user.target` is not enough on all systems,
especially when running rootless and enabling user services. Multiple
users have reported issues that there isn't even an attempt to start the
service.
Setting the INSTALL target to `default.target` will fix the rootless
case. However, `default.target` may vary among systems. Fedora
Workstation, for instance, sets the `default.target` to the graphical
target (i.e., runlevel 5) while Fedora Server sets it to
`multi-user.target` which is on runlevel 2 and hence way earlier in the
startup sequence.
As INSTALL allows for specifying multiple INSTALL targets, we can set it
to `multi-user.target` to continue supporting existing workloads AND to
`default.target` which MAY redundantly attempt to start it at a later point;
effectively a NOP for the root case and essential for rootless.
Fixes: #5423
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
during container creation, if no network is provided, we need to add a default value so the container can be later started.
use apiv2 container creation for RunTopContainer instead of an exec to the system podman. RunTopContainer now also returns the container id and an error.
added a libpod commit endpoint.
also, changed the use of the connections and bindings slightly to make it more convenient to write tests.
Fixes: 5366
Signed-off-by: Brent Baude <bbaude@redhat.com>
Some users have small /var/tmp directories and need to be able to specify a different location
for temporary files, which includes more space.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
removed defaulting of query.Size
amended types.LibpodToContainer, removed hard coded true from inspect call
Signed-off-by: Steve Taylor <steven@taylormuff.co.uk>
Remove leading slashes from the run-dir paths. It was meant to make it
explicit that we're dealing with an absolute path but user feedback has
shown that most are aware. It also cleans up the path in the systemctl
status output.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Leave setting the "container" variable to consumers of pkg/env.
Podman is now hard-setting it to "podman" while "libpod" will
set it internally to "libpod" if it's unset.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
we need to make the environment map to avoid throwing an error when trying to add an environment value from file.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Add network dependencies to generated systemd services to allow for
enabling them at system startup and have a working network if needed.
Fixes: #4130
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The --rmi flag will delete the container image after its execution
unless that image is already been used by another container(s).
This is useful when one wants to execute a container once and remove
any resources attached to it.
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
Env-variable related code is scattered across several packages making it
hard to maintain and extend. Consolidate the code into a new pkg/env
package.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This patch allows users to specify the list of capabilities required
to run their container image.
Setting a image/container label "io.containers.capabilities=setuid,setgid"
tells podman that the contained image should work fine with just these two
capabilties, instead of running with the default capabilities, podman will
launch the container with just these capabilties.
If the user or image specified capabilities that are not in the default set,
the container will print an error message and will continue to run with the
default capabilities.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Modify the pod inspect bindings to hold current pod status.
Includes test to validate on pod status and added test to check
no or few pods are pruned,if the pods are in exited state.
Signed-off-by: Sujil02 <sushah@redhat.com>
added the ability to wait on a condition (stopped, running, paused...) for a container. if a condition is not provided, wait will default to the stopped condition which uses the original wait code paths. if the condition is stopped, the container exit code will be returned.
also, correct a mux issue we discovered.
Signed-off-by: Brent Baude <bbaude@redhat.com>
when creating a network, podman should add the firewall plugin to the config but not specify a backend. this will allow cni to determine whether it should use an iptables|firewalld backend.
Signed-off-by: Brent Baude <bbaude@redhat.com>
add binding tests for volumes: inspect(get), create, remove, prune, and list
implement filters ability for volumes
Signed-off-by: Brent Baude <bbaude@redhat.com>
