This is useful for triggering the execution of a healthcheck
without caring about it's result as long as no fatal error occured.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
now that we use `bootc switch` for changing out-of-band updates, we can
consider also using some of their supported transports.
* containers-storage
* oci
* oci-archive
* registry
RUN-3963
Signed-off-by: Brent Baude <bbaude@redhat.com>
Removed all CNI-specific documentation from man pages:
- podman.1.md: Simplified --network-config-dir to only mention
netavark directories
- podman-network.1.md: Removed dual backend description, now states
netavark is the only backend
- podman-network-create.1.md: Removed CNI-specific notes about DNS
and DHCP socket configuration
- podman-network-connect.1.md: Removed CNI limitation note about
network aliases
- options/network-alias.md: Removed CNI limitation note about
network aliases
- podman-info.1.md: Updated example output to show netavark backend
information instead of CNI
All man pages now reflect netavark as the sole network backend.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
use name_to_handle_at and open_by_handle_at to persist rootless
namespaces without needing a pause process.
The namespace file handles are stored in a file and can be used to
rejoin the namespaces, as long as the namespaces still exist.
Fall back to the pause process approach only when the kernel doesn't
support nsfs handles (EOPNOTSUPP).
The feature is currently only enabled when the PODMAN_NO_PAUSE_PROCESS
environment variable is set.
These changes in the kernel are required (landed in Linux 6.18):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ab378cfa793
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Implements automatic OS upgrade functionality for Podman machines that requires no user input beyond running the command. The upgrade logic automatically determines the appropriate upgrade path using a three-way comparison between client version, machine version, and OCI registry:
* When the client version is older than the machine version, no action is taken and an error is returned.
* When the client version matches the machine version, the OCI registry is queried to check for in-band updates by comparing image digests. This handles minor, patch level, and updates oci image use cases.
* When the client version is newer than the machine version, the machine is upgraded to match the client's major.minor version.
* No manual image selection or version specification required.
The command supports dry-run mode and JSON (only) output format for automation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Instead of using rpm-ostree, we now use bootc for os apply. the
implementation is a little murky right now and will require some cleanup
to implement bootc's transports. for now, we only support oci images
from registries.
once we have an upgrade command, the transports can be added and the
docs for apply can be ammended to be more clear.
Fixes: RUN-3836
Signed-off-by: Brent Baude <bbaude@redhat.com>
These are not options directly passed to `--opt`, but these use `--opt o=`, so update the table accordingly.
Signed-off-by: Matthijs Kooijman <matthijs@stdin.nl>
The documentation incorrectly stated that TimeoutStartSec "cannot be
used" with Type=oneshot services. According to systemd.service(5),
the startup timeout is simply disabled by default (set to infinity)
for oneshot services, but TimeoutStartSec can still be explicitly
configured if a timeout is desired.
Signed-off-by: Daniel Pereira <zdaniel.gp@gmail.com>
- Update documentation: Differentiate `unless-stopped` from `always` - containers stopped by the user before a reboot will not restart.
- Add `should-start-on-boot` filter: Identify containers that require a restart after a system reboot.
- Update command documentation: Add `restart-policy` and `label!` filters to the documentation for container commands (rm, ps, start, stop, pause, unpause, restart).
- Add `restart-policy` and `shoud-start-on-boot` to completions.
- Update service: Update `podman-restart.service` to use the `needs-restart=true` filter.
- Preserve state: Preserve the `StoppedByUser` state across reboots.
- Update API: Add a `ShouldStartOnBoot()` method to the Container API.
- Update documentation: Add descriptions for the `should-start-on-boot` filter.
Fixes: https://issues.redhat.com/browse/RHEL-129405
Fixes: https://github.com/containers/podman/issues/20418
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
When starting a machine and the user has not explicitly passed
-u=true|false AND stdin is a not a tty, we should not prompt to update
connections.
Fixes: #27556
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fixes: #26588
For use cases like HPC, where `podman exec` is called in rapid succession, the standard exec process can become a bottleneck due to container locking and database I/O for session tracking.
This commit introduces a new `--no-session` flag to `podman exec`. When used, this flag invokes a new, lightweight backend implementation that:
- Skips container locking, reducing lock contention
- Bypasses the creation, tracking, and removal of exec sessions in the database
- Executes the command directly and retrieves the exit code without persisting session state
- Maintains consistency with regular exec for container lookup, TTY handling, and environment setup
- Shares implementation with health check execution to avoid code duplication
The implementation addresses all performance bottlenecks while preserving compatibility with existing exec functionality including --latest flag support and proper exit code handling.
Changes include:
- Add --no-session flag to cmd/podman/containers/exec.go
- Implement lightweight execution path in libpod/container_exec.go
- Ensure consistent container validation and environment setup
- Add comprehensive exit code testing including signal handling (exit 137)
- Optimize configuration to skip unnecessary exit command setup
Signed-off-by: Ryan McCann <ryan_mccann@student.uml.edu>
Signed-off-by: ryanmccann1024 <ryan_mccann@student.uml.edu>
