Add the connective logic so that annotating the manifest as a whole will
succeed as intended, and we don't mix up annotations for an entry and
annotations which are meant for the manifest as a whole. Make
consistent the names which are used when encoding values of certain
fields.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
If err != nil then inspect is nil thus here it is better
to use name when outputting the error instead of inspectID.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Tigran Sogomonian <tsogomonian@astralinux.ru>
Use filepath utility instead of generic string replace to convert path
on Windows. This also separates OS specific implementations to separate
compilation sources and removes redundant check for virtualization
provider on Windows platform.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
* Add --hosts-file flag to container create, container run and pod create
* Add HostsFile field to pod inspect and container inspect results
* Test BaseHostsFile config in containers.conf
Signed-off-by: Gavin Lam <gavin.oss@tutamail.com>
New flags in a `podman update` can change the configuration of HealthCheck when the container is started, without having to restart or recreate the container.
This can help determine why a given container suddenly started failing HealthCheck without interfering with the services it provides. For example, reconfigure HealthCheck to keep logs longer than the usual last X results, store logs to other destinations, etc.
Fixes: https://issues.redhat.com/browse/RHEL-60561
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This matches the behavior of other volume and mount types. Image
volumes and volumes/mounts from the `--volumes-from` flag should
be overridden by actual user-specified named volumes and mounts,
but this was not true for overlay mounts. Fortunately, our
duplicate-mount detection logic still works, so we got a good
error message at least.
The fix is simple - extend our supersede logic, which currently
only works with named volumes and mounts, to also work with
overlay mounts.
Fixes#24555
Signed-off-by: Matt Heon <mheon@redhat.com>
For machine we know we have all the info we need so there is no reason
to read and parse another file.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The ssh_config can contain a path with ~/ to refer to the home dir like
done on shells. Handle that special case and resolve the path correctly
so it can be used.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we alreadty get a full URL with user, port and identity then we
should not read the config file just to overwrite them with wrong
values. This is a bad regression for user using * wildcard in their
ssh_config as it makes podman machine unusable.
Fixes: #24567
Fixes: e523734ab6 ("Add support for ssh_config for connection")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The new ssh_Config feature doesn't work on my system because the lib
fails to parse configs using Match[1]. However Fedora and RHEL based
distros seem to ship /etc/ssh/ssh_config.d/50-redhat.conf which contains
a Match line thus it always fails to parse and never uses the proper
values from my home dir config.
[1] https://github.com/kevinburke/ssh_config/issues/6
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This way has a huge disadvantage: The user will not see an error when he
uses a non-existent option. Another disadvantage is, that if we add more
options within podman, they might collide with the names chosen by
plugins. Such issues might be hard to debug.
The advantage is that the usage is very nice:
--network bridge:opt1=val1,opt2=val2.
Alternatively, we could put this behind `opt=`, which is harder to use,
but would solve all issues above:
--network bridge:opt=opt1=val1,opt=opt2=val2
Signed-off-by: Michael Zimmermann <sigmaepsilon92@gmail.com>
Fix the issue where podman machine init does not create
all the necessary machine files when ignition-path is used. Fixes: #23544
Signed-off-by: Graceson Aufderheide <gracesonphoto@gmail.com>
All the backend work was done a while back for image volumes, so
this is effectively just plumbing the option in for volumes in
the parser logic. We do need to change the return type of the
volume parser as it only worked on spec.Mount before (which does
not have subpath support, so we'd have to pass it as an option
and parse it again) but that is cleaner than the alternative.
Fixes#20661
Signed-off-by: Matt Heon <mheon@redhat.com>
- fix issues found by recvcheck
- skip k8s files from recvcheck
- remove two removed linters gomnd and execinquery
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This function is not used, we pull actual container images for testing
now. This allows us to remove github.com/coreos/stream-metadata-go.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add error check during tmpfile close.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Tigran Sogomonian <tsogomonian@astralinux.ru>
Add support for inspecting Mounts which include SubPaths.
Handle SubPaths for kubernetes image volumes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If volume ls was called while another volume was removed at the right
time it could have failed with "no such volume" as we did not ignore
such error during listing. As we list things and this no longer exists
the correct thing is to ignore the error and continue like we do with
containers, pods, etc...
This was pretty easy to reproduce with these two commands running in
different terminals:
while :; do bin/podman volume create test && bin/podman volume rm test || break; done
while :; do bin/podman volume ls || break ; done
I have a slight feeling that this might solve #23913 but I am not to
sure there so I am not adding a Fixes here.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit disables ssh port forwarding on WSL by passing -1 to the -ssh-port flag of gvproxy. Port forwarding is not required on WSL and disabling it prevents port conflict with CRC.
Fixes: https://github.com/containers/podman/issues/20327
Signed-off-by: Gunjan Vyas <vyasgun20@gmail.com>
This commit resolves an issue where network creation and removal events were not being logged in `podman events`. A new function has been introduced in the `events` package to ensure consistent logging of network lifecycle events. This update will allow users to track network operations more effectively through the event log, improving visibility and aiding in debugging network-related issues.
Fixes: #24032
Signed-off-by: Sainath Sativar <Sativar.sainath@gmail.com>
By default today, the container is always started if its pod is also
started. This prevents to create custom with systemd where containers in
a pod could be started through their `[Install]` section.
We add a key `StartWithPod=`, enabled by default, that enables one to
disable that behavior.
This prevents the pod service from changing the state of the container
service.
Fixes#24401
Signed-off-by: Farya L. Maerten <me@ltow.me>
API clients expect the status code quickly otherwise they can time out.
If we do not flush we may not write the header immediately and only when
futher logs are send.
Fixes#23712
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
One of the problems with the Events() API was that you had to call it in
a new goroutine. This meant the the error returned by it had to be read
back via a second channel. This cuased other bugs in the past but here
the biggest problem is that basic errors such as invalid since/until
options were not directly returned to the caller.
It meant in the API we were not able to write http code 200 quickly
because we always waited for the first event or error from the
channels. This in turn made some clients not happy as they assume the
server hangs on time out if no such events are generated.
To fix this we resturcture the entire event flow. First we spawn the
goroutine inside the eventer Read() function so not all the callers have
to. Then we can return the basic error quickly without the goroutine.
The caller then checks the error like any normal function and the API
can use this one to decide which status code to return.
Second we now return errors/event in one channel then the callers can
decide to ignore or log them which makes it a bit more clear.
Fixes c46884aa93 ("podman events: check for an error after we finish reading events")
Fixes#23712
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
