Docker allows the passing of -1 to indicate the maximum limit
allowed for the current process.
Fixes: https://github.com/containers/podman/issues/19319
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Note: in theory, we could support read/write overlays on FreeBSD using a
combination of unionfs and nullfs but this would take two mounts and the
API only lets us return a single mount from MountWithOptions. Read only
mounts can be done with just nullfs and this is enough to support read
only image mounts in podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This uses the same code as podman for slirp4netns, this means
- ipv6 is enabled by default
- slirp4netns options are read from contianers.conf
- slirp4netns options can now be set on the cli. This required some
small rework on where we parse the network string.
Lastly I updated the --network docs, to document the new slirp4netns
mode. That included fixing up buildah-from and buildah-run pages which
were incomplete in that regard. Now we show the same for all options.
Fixes#3968
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some tools depend on the hostname being present in /etc/hosts. I would
argue they are broken but its not like we can do anything about that.
This adds the hostname with the local host ip when the host network is
used. For private networking we already add the hostname.
We also now correctly force host networking in chroot mode, it was
silently ignored before thus causing extra confusion here.
Fixes#4446
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
it is not safe to use prctl(PR_SET_PDEATHSIG) in a Go program since
the parent of the process is considered the *thread* that created the
child process, and the Go runtime can free a thread at any time. We
would either need to lock the thread, or simpler just not use it.
[NO NEW TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/17918
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In the tutorial, switch to calling `DefaultStoreOptionsAutoDetectUID()`
instead of `DefaultStoreOptions()`, which should figure things out
better.
In the tutorial, add an example of using Run(), where for API backward
compatibility reasons, we can't tell the difference between "grant no
capabilties by default" and "grant the default set of capabilities by
default".
The default isolation can be set automatically, so start doing that at
run-time, but have the tutorial look it up anyway because the tutorial
on the web will be newer than our current release for at least a while.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When working with `--mount=type=bind` and `--mount=type=cache` allow
`target` to accept relative paths w.r.t to the configured work dir.
Closes: https://github.com/containers/buildah/issues/4309
Signed-off-by: Aditya R <arajan@redhat.com>
In golang 1.19, `io/ioutil` is fully deprecated preventing Buildah from
compiling. Replace all calls with equivalent calls from the `os`
package.
Signed-off-by: Chris Evich <cevich@redhat.com>
This allows declaring run mounts using e.g. '-mount=type=nullfs,...' on
FreeBSD which makes more sense for FreeBSD users. It is also consistent
with 'podman run' which requires the nullfs mount type on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This was needed early in development but is no longer necessary since
the OCI runtime handles container mounts in the host namespace.
Something like it could be used with some other options to allow nested
containers but that is not high on the priority list.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
... and use a more traditional error handling model,
where responsibility for the cleanup passes to the caller
_only_ if the called function succeeds.
To reinforce that, hard-code nil returns on error paths
instead of returning the locks.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
It can return at most one lock, so don't return an array.
Should not change behavior right now, but it will simplify
cleanup.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
They exist in memory anyway, so this is more efficient:
we avoid the need to manually touch the filesystem again,
the associated costs - and the error paths go away.
[NO NEW TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
On FreeBSD, this is required when installing some packages from
FreeBSD-base which have files protected with the immutable flag (e.g.
/usr/bin/passwd).
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This duplicates over a thousand lines of code from run_linux.go.
Subsequent commits will move this code to a new file run_common.go.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Daniel J Walsh
Doug Rabson
Paul Holzinger
Giuseppe Scrivano
Nalin Dahyabhai
Aditya R
Chris Evich
Miloslav Trmač