When parsing image envs we need to be strict about the format, only the
"key=value" format must be accepted. Just keys must be rejected as they
are not valid according to the image spec.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When multiple containers in a pod YAML specify the same hostPort,
podman kube play previously accepted the YAML and started the
containers, causing one of them to fail at runtime with a confusing
bind() error.
Add early validation in getPodPorts() to detect duplicate
(hostIP, hostPort, protocol) tuples across containers and return
a clear error message naming both conflicting containers.
Fixes: https://github.com/podman-container-tools/podman/issues/26622
Signed-off-by: Miguel Álvarez <mialvare@redhat.com>
This fixes two problems when parsing ports.
First, check for host port conflicts. When we are given the same ip:host
port combo twice then we need to reject that as invalid, the backend
cannot bind the same port twice and thus we always get a runtime
failure. Failing early in the create code path is much better.
Second, when assigning random ports for expose we still have to check
for proper conflicts. The first error was using allUsedContainerPortsMap
to check for conflicts but this holds container side ports, we need to
ensure there are no conflicts on the host port.
Then there was the other issue that the array in the map was copied and
accessed by value on lookup. And because the code did not reassign the
value it then failed to actually update the correct ports.
To address that I switch the map to store the array by reference which
will avoid the bigger copies as we only need to update the pointer now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
log_path is currently set at the client side and is ignored by
the server in a remote session. This leads to either incorrect log_path
being considered by the server or not honored at all. Move the handling
from client to the server, in line with other flags such as log_driver.
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
Avoid reading /proc/filesystems on every container creation when
running as a service by caching the result.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Replace remaining references to Slirp/slirp4netns in code comments
with Pasta or remove them where the reference is no longer relevant.
Signed-off-by: Lokesh Mandvekar <lsm5@linux.com>
The podman module paths are moving from github.com/containers/podman to
go.podman.io/podman. This will help with future mobility.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This PR reflects the upstream change of moving the buildah module from
github.com/containers/buildah to go.podman.io/buildah.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This was implemented by containers/netavark #1369; this commit
completes the process by wiring it into Podman. We now respect
the CLI order for configured networks - if a user passes
`--net net1,net2` we guarantee that net1 will be configured
before net2.
For containers created before this patch, we don't retain enough
information to configure networks in CLI order, so we use
alphabetical order instead to still guarantee consistency.
No breaking API changes have been made, but we do add a new
field to supplement the existing map to (optionally) provide
ordering information. The Podman CLI will always pass this.
Existing applications that do not will, again, receive]
deterministic ordering based on an alphabetical sort of network
names.
This requires the latest version of Netavark to work properly.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Using --network=slirp4netns now returns a hard error directing
users to pasta and `podman system migrate`.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Previously, when default_rootless_network_cmd was empty, podman
would fall back to slirp4netns. Change this to default to pasta
instead. Remove the now-unused slirp4netns import.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The go std os package to will always make sure to use O_CLOEXEC, however
in cases where we directly call unix.Open() we need to pass that flag
explicitly.
I looked at this as there was a report of a leaked fd on the pasta list,
though I am not sure this will address it.
But anyway doing this should be rather safe and avoid leaks into other
processes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Replace the JSON marshal/unmarshal round-trip in Inherit() with
copier.Copy. json.Unmarshal reuses existing slice backing arrays
and does not zero struct fields absent from the JSON (omitempty),
so mount options like "ro" from one mount would leak into another
mount at the same backing-array position.
Fixes the case where running:
podman run --pod mypod \
--mount type=bind,src=/a,target=/mylog \
--mount type=bind,src=/b,target=/mytmp,ro=true \
alpine touch /mylog/a
incorrectly fails with "Read-only file system" because /mylog
inherits "ro" from /mytmp.
Fixes: https://issues.redhat.com/browse/RHEL-154348
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Replace github.com/docker/docker API imports with github.com/moby/moby
across compat handlers, swagger models, and tests to align with upstream
type definitions.
Fixes: #27536.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This allows things like compose project names to be associated with log
messages and later used in log processing and analysis.
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
Currently validation that log tag requires journald driver is done in several
places and emits only warning. Making it an error and moving to
`(c *Container) validate()` is a more correct approach.
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
Require (linux || freebsd), because the code already does that, in practice.
This just means macOS users of IDEs aren't hit with thousands of compilation
errors (and then the IDE can open an Linux-specific file and then process it
under the Linux assumption, which works much better).
This commit ONLY replaces
//go:build !remote
with
//go:build !remote && (linux || freebsd)
and is split from the rest to allow mechanically verifying that fact,
and focusing a review on the other kinds of changes.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add a per-volume 'nocreate' option that prevents automatic creation of
named volumes when they don't exist. When specified, Podman will fail
if the volume is not found instead of creating it automatically.
Usage: -v myvolume:/data:nocreate
--mount type=volume,src=myvolume,dst=/data,nocreate
See: #27862
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
ConfigToSpec() serializes the container config to JSON and deserializes
it into a SpecGenerator. Both structs use the JSON tag "secret_env" but
with incompatible types: the container config uses map[string]*secrets.Secret
(complex objects) while the specgen uses map[string]string (env var name
to secret name). This causes an unmarshal error when cloning containers
that use --secret with type=env.
Fix this by saving and clearing EnvSecrets before JSON marshal (same
pattern as existing tmpSystemd/tmpMounts), then converting the secret
objects to name strings and assigning them to the specgen afterward.
Also fix FillOutSpecGen to not overwrite env secrets populated by
ConfigToSpec when no new secrets are provided on the command line.
Fixes: #28130
Signed-off-by: Ozgur As <ozgur@live.com>
Instead of creating a slice and then appending to it, let's inline the
initial slice into append. This may or may not result in less slice
reallocations, but it is silencing the prealloc linter warnings.
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Calling append can lead to resizing the slice. In case we have all
elements beforehand, it is not necessary to call append in the first
place and this avoid resizing.
This is the first part of fixing issues reported by prealloc linter from
golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Remove CNI-specific conditional logic and update comments throughout
the libpod networking code:
- Simplified DNS configuration logic in container_internal_common.go
to always use netavark behavior (removed backend checks)
- Removed CNI-specific iptables chain error regex pattern
- Updated all comments referencing 'CNI' to use 'netavark' or
'network backend'
- Renamed variable 'cniNet' to 'netInfo' for clarity
- Updated field and type documentation to remove CNI references
All networking code now assumes netavark as the sole backend.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
- remove old CLI validation that only checked --pod flag
- add validation in namespaces.go to catch all paths (cli, quadlet, api)
- block userns mixing for all pods with infra, not just ipc/net
- update error message to be clearer
- fix test cleanup to use PodmanExitCleanly()
- use dynamic pod names in system tests to avoid conflicts
fixes#26848
Signed-off-by: 0xdvc <neilohene@gmail.com>
This also then bumps github.com/opencontainers/runtime-spec to v1.3.0
which contains breaking changes of the pid type as such we had to update
all the podman callers.
And tags.cncf.io/container-device-interface also used some changed
types from it and they have been updated in main so bump to the latest
commit there as well in order to get podman to compile properly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This was not working when emulating Linux container images on FreeBSD.
The code to handle host devices on FreeBSD relies on the container
having a devfs mount. Unfortunately, the Linux emulation code which adds
this was happening after the host device handling. This changes the
logic so that host device management happens after Linux emulation.
Signed-off-by: Doug Rabson <dfr@rabson.org>