There is exactly one caller, with two code paths, and each only
needs _half_ of the function - and they really only share the
parentFlags and Quiet logic. It's easier to do things
directly.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
When we have the _precise_ knowledge of where the parameter boundaries
are, and an API that allows us to express that, just _do that_ instead
of completely unnecessarily worrying about spaces in parameter values.
Also, this allows us to format the code to make the option and value
correspondence much easier to see.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Quadlet list always reports the heading, even when using custom
formatting strings. This doesn't follow the behavior of other podman
list commands. Borrow some logic and the "--noheading" flag from the
container list command to make this behavior uniform.
Signed-off-by: Randolph Sapp <rs@ti.com>
We were going through our Github permissions to make sure they
were consistent with MAINTAINERS.md when we realized that we did
not make it explicit what each level in our contributor ladder
should receive for permissions. This fixes that oversight. We
retain some flexibility (e.g. granting Triage to anyone who is
assisting with the project, but not enough to become a Reviewer)
but core privileges are now spelled out explicitly.
Signed-off-by: Matt Heon <mheon@redhat.com>
Both are no longer working on Podman and not actively
contributing. It was lovely working with them both, and we hope
to see them again, but it is necessary to ensure that our
maintainers are active. Move both to alumni as such.
Signed-off-by: Matt Heon <mheon@redhat.com>
... to centralize the conversion from entities.PodmanConfig
to bindings.Options, we will add more code there.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Right now, this correctly handles pullOptions.credentials
which were ignored previously (admittedly that field is never set
by anything...); in the future, it will ensure the two c/image users
won't get out of sync again.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This will make it easier to add one more option,
and removes a risk of passing options in an incorrect order.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Don't allocate it on-demand, it will always be created in the end.
- Embed the SystemContext directly, without using a pointer,
to make it clear it always exists.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Previously, using WithRegistriesConf was setting
BigFilesTemporaryDir using buildah/internal/tmpdir, which (turns relative
$TMPDIR into absolute and) silently ignores invalid values in containers.conf
and uses /var/tmp in that case.
Without WithRegistriesConf, we would first initialize libimage with
BigFilesTemporaryDir = nil (causing libimage to determine BigFilesTemporaryDir
using a _different_ code path which fails on invalid containers.conf),
and only later set r.imageContext.BigFilesTemporaryDir.
It doesn't make sense that --registries-conf should affect TMPDIR processing
that way, and presumably the code path without --registries-conf is much
more frequently used and the one everyone expects; so drop this aspect of
WithRegistriesConf.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Statement
for line in "${lines[*]}"
does not make sense since line will be a single value consisting of
all elements of lines array, space-separated.
It should be
for line in "${lines[@]}"
if we want to iterate through each value.
Fixes: 00292ae1c4 ("systests: test instrumentation")
Fixes: c33ba70f95 ("system tests: instrument, to try to catch unlinkat-ebusy")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This way, the CLI can still call pkg/domain/infra, without needing
a "remote || linux || freebsd" build tag.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Require (linux || freebsd), because the code already does that, in practice.
This just means macOS users of IDEs aren't hit with thousands of compilation
errors (and then the IDE can open an Linux-specific file and then process it
under the Linux assumption, which works much better).
This commit contains the parts that differ somehow.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Require (linux || freebsd), because the code already does that, in practice.
This just means macOS users of IDEs aren't hit with thousands of compilation
errors (and then the IDE can open an Linux-specific file and then process it
under the Linux assumption, which works much better).
This commit ONLY replaces
//go:build !remote
with
//go:build !remote && (linux || freebsd)
and is split from the rest to allow mechanically verifying that fact,
and focusing a review on the other kinds of changes.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
closes: #27411
Adjust SUB_UID and SUB_GID ranges to support running rootless Podman inside a rootless run Podman container.
Also add a test to verify the change and prevent regression.
By default, a new user is assigned the following sub-ID ranges:
SUB_UID_MIN=100000, SUB_GID_MIN=100000, SUB_UID_COUNT=65536, SUB_GID_COUNT=65536
This means the user’s sub-UID and sub-GID ranges are 100000–165535.
When the container is run rootless with the user defined below, ID mappings occur as follows:
- Container ID 0 (root) maps to user ID 1000 on the host (which is the user created below).
- Container IDs 1–65536 map to IDs 100000–165535 on host (the subid range previously mentioned).
If a new user is created inside this container (to build containers for example), it will
attempt to use the default sub-ID range (100000–165535). However, this exceeds the container’s
available ID mapping, since only IDs up to 65536 are mapped. This causes nested rootless Podman
to fail.
To enable container-in-container builds, the sub-ID ranges for the user must be large enough
to provide at least 65536 usable IDs. A minimum SUB_UID_COUNT and SUB_GID_COUNT of 165536 is
required, but 1,000,000 is used here to provide additional margin.
1,000,000 matches the subid range other machines are using, defined in [ignition.go](69b397af49/pkg/machine/ignition/ignition.go (L284-L289)).
The script of other machines modify the subid files directly for 1 user, the `sed` command used in
this fix mimics that.
The test is added as en extension to the 'simple init with username' test case, to prevent having
to create a new VM.
Signed-off-by: dvorst <87502756+dvorst@users.noreply.github.com>
The `ServiceName=` Quadlet option was only documented for `.pod` and
`.artifact` units. However, it applies to all Quadlet types as it is a
global option.
Added `ServiceName=` listing and description to the `[Container]`,
`[Kube]`, `[Network]`, `[Volume]`, `[Build]`, and `[Image]` sections.
Fixes: #27015
Signed-off-by: Paul Nettleton <k9@k9withabone.dev>
Add a per-volume 'nocreate' option that prevents automatic creation of
named volumes when they don't exist. When specified, Podman will fail
if the volume is not found instead of creating it automatically.
Usage: -v myvolume:/data:nocreate
--mount type=volume,src=myvolume,dst=/data,nocreate
See: #27862
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
