Removed all CNI-specific documentation from man pages:
- podman.1.md: Simplified --network-config-dir to only mention
netavark directories
- podman-network.1.md: Removed dual backend description, now states
netavark is the only backend
- podman-network-create.1.md: Removed CNI-specific notes about DNS
and DHCP socket configuration
- podman-network-connect.1.md: Removed CNI limitation note about
network aliases
- options/network-alias.md: Removed CNI limitation note about
network aliases
- podman-info.1.md: Updated example output to show netavark backend
information instead of CNI
All man pages now reflect netavark as the sole network backend.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
- Update documentation: Differentiate `unless-stopped` from `always` - containers stopped by the user before a reboot will not restart.
- Add `should-start-on-boot` filter: Identify containers that require a restart after a system reboot.
- Update command documentation: Add `restart-policy` and `label!` filters to the documentation for container commands (rm, ps, start, stop, pause, unpause, restart).
- Add `restart-policy` and `shoud-start-on-boot` to completions.
- Update service: Update `podman-restart.service` to use the `needs-restart=true` filter.
- Preserve state: Preserve the `StoppedByUser` state across reboots.
- Update API: Add a `ShouldStartOnBoot()` method to the Container API.
- Update documentation: Add descriptions for the `should-start-on-boot` filter.
Fixes: https://issues.redhat.com/browse/RHEL-129405
Fixes: https://github.com/containers/podman/issues/20418
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
When starting a machine and the user has not explicitly passed
-u=true|false AND stdin is a not a tty, we should not prompt to update
connections.
Fixes: #27556
Signed-off-by: Brent Baude <bbaude@redhat.com>
Fixes: #26588
For use cases like HPC, where `podman exec` is called in rapid succession, the standard exec process can become a bottleneck due to container locking and database I/O for session tracking.
This commit introduces a new `--no-session` flag to `podman exec`. When used, this flag invokes a new, lightweight backend implementation that:
- Skips container locking, reducing lock contention
- Bypasses the creation, tracking, and removal of exec sessions in the database
- Executes the command directly and retrieves the exit code without persisting session state
- Maintains consistency with regular exec for container lookup, TTY handling, and environment setup
- Shares implementation with health check execution to avoid code duplication
The implementation addresses all performance bottlenecks while preserving compatibility with existing exec functionality including --latest flag support and proper exit code handling.
Changes include:
- Add --no-session flag to cmd/podman/containers/exec.go
- Implement lightweight execution path in libpod/container_exec.go
- Ensure consistent container validation and environment setup
- Add comprehensive exit code testing including signal handling (exit 137)
- Optimize configuration to skip unnecessary exit command setup
Signed-off-by: Ryan McCann <ryan_mccann@student.uml.edu>
Signed-off-by: ryanmccann1024 <ryan_mccann@student.uml.edu>
This allows users to set the associated machine's system connection to the system default when running `podman machine init --now` or `podman machine start`. It also changes the default bbehavior of these commands in that the user will be prompted and asked if they would like to switch the system connection. It also introduces a command line switch called `--update-connection`. If the switch is unset, then the user will be prmpted. If the command value is explicitly set to `false`, the user will not be prompted and the system connection will not be altered. If the value is set to `true`, the system connection will be made the default and the user will not be prompted.
Fixes: https://issues.redhat.com/browse/RUN-3632
Signed-off-by: Brent Baude <bbaude@redhat.com>
- Removal of a note in the build-context documentation about remote Podman client limitations
- Removal of skip statements for build-context tests in the test suite
Pull request #26628 adds support for --build-context for the remote client.
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
In explanation of chrootdirs option, leading / is dropped
from podman managed file path (/etc/hostname). So this PR
adds leading /.
Signed-off-by: Vanou Ishii <ishii.vanou@fujitsu.com>
This adds a new feature that allows signing using Sequoia-backed
keys. The existing options to sign using GPG-backed keys (and sigstore)
remain unchanged, and continue to use the same backends as usual.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This reverts commit c12b1b32bc.
The content contains incorrect information and misses a lot of details
from the previous page that must be restored.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit does the following:
- Splits the podman-systemd.unit.5.md into multiple files - one for each
quadlet file type, podman-quadlet.7.md for general quadlet information
and podman-quadlet-basic-usage.7.md for quadlet examples.
- Removes the original podman-systemd.unit.5.md file.
- Adds support for jinja2 templating language in the markdown_preprocess.
- Uses jinja2 in options/*.md to use the single .md file for both podman
subcommands man-pages and quadlet man-pages. This deduplicates
the Quadlet man-pages a lot.
- Adds new `@@option quadlet:source.md` preprocess command to import
such .md files from options directory.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Relax _will_ to _may_ and add a clarifying _then_.
Furthermore, we add a paragraph describing the behavior of the `--dns`
command line option. This references #26812.
Signed-off-by: Christoph Weiss <weiss@wsoptics.de>
The docs were outdated mentioning the qemu backed for Mac and I find the
way they are written to be a bit confusing.
I think it is best to start with that this option is not supported on
all the providers except WSL.
Fixes: #26780
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This patch adds a new --tls-verify flag to the `podman machine init`
sub command which matches many of our other commands. This allows the
user to optionally control whether TLS verification is enabled or
disabled for download of the machine image.
The default remains to leave the TLS verification decision to the
backend library which defaults to enabling it, this patch just
allows the user to explicitly set it on the CLI.
Fixes: #26517
Signed-off-by: Lewis Roy <lewis@redhat.com>
Add --creds flag to podman create and podman run commands to support
registry authentication during image pulling.
Without this flag, users must perform a separate `podman pull
--creds/--cert-dir` first and then remember to specify `--pull=never`.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add the missing man page options for `podman build`,
`podman farm build`, and `podman image build`. These
are new to `buildah build` with Buildah v1.41.0.
They are:
* created-annotation
* inherit-annotations
* rewrite-timestamp
* source-date-epoch
* unsetannotation
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Allow users to target the most recently created container with
`podman update --latest` (short `-l`). The same option already exists
on many other commands, so this brings update in line with the rest of
the CLI and saves users from typing or looking up the newest container.
Fixes: #26380
Signed-off-by: Hayato Kihara <kai.21banana@gmail.com>
An artifact without the title annoation just gets the digest as name
which is less than ideal. While it is a decent default to avoid
conflicts users would like to configure the name.
With the name=abc option we will call the file abc in case of a signle
artifact and otherwise we use abc-x where x is the layer index starting
at 0 to avoid conflicts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the artifact has a single blob then use the dst path directly as
mount in case it does not exist.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The prior version talked about potential access to DBus, but this is a
bogus warning: default OS setups do not bind DBus to localhost or to an
abstract Unix socket. It is possible that the original author was
thinking of CVE-2020–15257, which affected containerd's abstract Unix
socket; they fixed it by switching to a named socket, just as DBus
always (?) has done.
Signed-off-by: Warren Young <wyoung@tangentsoft.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
'noatime' flag disables updates to file access times when files are read. This can reduce unnecessary writes and improve performance, especially in read-heavy workloads. Previously, tmpfs did not recognize the 'noatime' mount option and would return an error.
With this change, tmpfs now properly accepts and handles the 'noatime' option.
Fixes: #26102
Signed-off-by: Arthur Wu <lion811004@gmail.com>
Given I wrote this and I still mess it up on a regular basis, I
cannot be alone in forgetting whether "dst" or "dest" is the
correct short option for "destination". Let's just make both
valid, I don't see a reason not to.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Bumps to Buildah v1.40.0 and adds the `--inherits-labels` option to
build and farm build man pages.
Also turn off the inherit-labels option test for now as it seems to be
rathr unhappy.
Issue for inherit-labels test failure: https://github.com/containers/podman/issues/25938
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
