- Don't allocate it on-demand, it will always be created in the end.
- Embed the SystemContext directly, without using a pointer,
to make it clear it always exists.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Previously, using WithRegistriesConf was setting
BigFilesTemporaryDir using buildah/internal/tmpdir, which (turns relative
$TMPDIR into absolute and) silently ignores invalid values in containers.conf
and uses /var/tmp in that case.
Without WithRegistriesConf, we would first initialize libimage with
BigFilesTemporaryDir = nil (causing libimage to determine BigFilesTemporaryDir
using a _different_ code path which fails on invalid containers.conf),
and only later set r.imageContext.BigFilesTemporaryDir.
It doesn't make sense that --registries-conf should affect TMPDIR processing
that way, and presumably the code path without --registries-conf is much
more frequently used and the one everyone expects; so drop this aspect of
WithRegistriesConf.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Require (linux || freebsd), because the code already does that, in practice.
This just means macOS users of IDEs aren't hit with thousands of compilation
errors (and then the IDE can open an Linux-specific file and then process it
under the Linux assumption, which works much better).
This commit contains the parts that differ somehow.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Require (linux || freebsd), because the code already does that, in practice.
This just means macOS users of IDEs aren't hit with thousands of compilation
errors (and then the IDE can open an Linux-specific file and then process it
under the Linux assumption, which works much better).
This commit ONLY replaces
//go:build !remote
with
//go:build !remote && (linux || freebsd)
and is split from the rest to allow mechanically verifying that fact,
and focusing a review on the other kinds of changes.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add a per-volume 'nocreate' option that prevents automatic creation of
named volumes when they don't exist. When specified, Podman will fail
if the volume is not found instead of creating it automatically.
Usage: -v myvolume:/data:nocreate
--mount type=volume,src=myvolume,dst=/data,nocreate
See: #27862
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
The orginal motivation was to give a hint to users to delete the file if
they did not create the storage.conf file since some early versions of
podman did auto generate that file[1].
However that was a really long time ago and with the config file rework
there can be many different storage.conf paths so this warning is no
longer useful so we should be able to remove this now.
[1] https://github.com/containers/podman/issues/7447
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Given the new config file logic will read many files pritning one
specific one here has no meaning anymore, just delete it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As I outlined in the design docs this is broken, there are several
data races here because we write to the config files that can be read by
other goroutines in parallel which violates the go memory model and
thus can lead to runtime panics and undefined behavior.
One could fix with a mutex but that would make the whole code base much
more ugly and there is still the risk that something would access this
field without the mutex held.
I am not sure we have any users using this, it never worked for the
storage side and since the service is a not a daemon any user could just
stop and start it again to re-read the files without having to stop
running containers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In the currently used go.podman.io/common/pkg/libartifact version
there is no store subpackage (yet). Fix the import statement and
usage accordingly.
Fixes: df0e3b6ec7 ("libpod: move artifact volume validation to creation phase"
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Apparently, prealloc got much smarter in this version, so let's disable
it for _test.go files as we're not really interested in
micro-optimizations for the test code.
The rest of its warnings is being fixed by the earlier commits.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Do not reuse names slice for the unrelated data. This fixes the
following prealoc warning:
> libpod/storage.go:109:2: Consider preallocating names with capacity 2 (prealloc)
> names := []string{containerName}
> ^
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Instead of creating a slice and then appending to it, let's inline the
initial slice into append. This may or may not result in less slice
reallocations, but it is silencing the prealloc linter warnings.
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When we already know the resulting slice size but still need/want to use
append, it makes sense to preallocate the slice by using make with the
capacity argument.
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Calling append can lead to resizing the slice. In case we have all
elements beforehand, it is not necessary to call append in the first
place and this avoid resizing.
This is the first part of fixing issues reported by prealloc linter from
golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The main purpose of the transient services/timers is to trigger the
healthcheck execution in regular intervals, their own state should
not depend on the result of the healthchecks. This way there are no
failing systemd services unless there is actually a fatal error.
Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
Use t.Helper, t.TempDir, and t.Cleanup in getEmptySqliteState,
simplifying its code and its users.
Simplify runForAllStates: remove redundant t.Fail call, and move
getEmptySqliteState call under t.Run.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: add test to check if SQLite DB config change will mitigate race condition when multiple podman process start at once.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: Check to ensure only one row was created in DBConfig table.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: Changed no of processes started at once to 20.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: rc reset to 0 to not affect second part of the test, db path is no longer hardcoded in test case.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
test: Reverted test case.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
lint: removed trailing whitespaces.
Signed-off-by: SanjayReddy91 <gamerzdamnyt1234@gmail.com>
We use only for a single const so inline that and use a better variable
name.
The main reason is the latest version of conmon removed that go code so
the update of it will be broken.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Remove CNI-specific conditional logic and update comments throughout
the libpod networking code:
- Simplified DNS configuration logic in container_internal_common.go
to always use netavark behavior (removed backend checks)
- Removed CNI-specific iptables chain error regex pattern
- Updated all comments referencing 'CNI' to use 'netavark' or
'network backend'
- Renamed variable 'cniNet' to 'netInfo' for clarity
- Updated field and type documentation to remove CNI references
All networking code now assumes netavark as the sole backend.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove runtime configuration options for CNI network backend:
Runtime options:
- Remove WithNetworkBackend() runtime option function
- Function allowed setting network backend programmatically
Flag handling:
- Remove --network-backend flag change detection
- Remove call to WithNetworkBackend() when flag changed
- Remove TODO comment about CNI plugins directory flag
The network backend configuration is now handled entirely by the
vendored common/libnetwork code, which will default to Netavark.
There is no longer any way to configure CNI as the network backend
through Podman's runtime initialization.
Note: libpod/info.go keeps existing NetworkBackend reporting logic
which will automatically report "netavark" as the only backend since
configuration defaults to netavark and cannot be changed to CNI.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
use name_to_handle_at and open_by_handle_at to persist rootless
namespaces without needing a pause process.
The namespace file handles are stored in a file and can be used to
rejoin the namespaces, as long as the namespaces still exist.
Fall back to the pause process approach only when the kernel doesn't
support nsfs handles (EOPNOTSUPP).
The feature is currently only enabled when the PODMAN_NO_PAUSE_PROCESS
environment variable is set.
These changes in the kernel are required (landed in Linux 6.18):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ab378cfa793
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
