Backports for v3.2.2 #10778
Merged
Backports for v3.2.2 #10778
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We should create the /etc/mtab->/proc/mountinfo link so that mount command will work within the container. Docker does this by default. Fixes: containers#10263 Signed-off-by: Daniel J Walsh <[email protected]>
Create the /etc and /etc/mtab directories with the correct ownership based on what the UID and GID is for the container. This was causing issue when starting the infra container with userns as the /etc directory wasn't being created with the correct ownership. Signed-off-by: Urvashi Mohnani <[email protected]>
`syncContainer()` requires the container to be locked, otherwise we can end up with undefined behavior. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <[email protected]>
Podman does not need to watch the cni config directory. If a network is not found in the cache, OCICNI will reload the networks anyway and thus even podman system service should work as expected. Also include a change to not mount a "new" /var by default in the rootless cni ns, instead try to use /var/lib/cni first and then the parent dir. This allows users to store cni configs under /var/... which is the case for the CI compose test. [NO TESTS NEEDED] Fixes containers#10686 Signed-off-by: Paul Holzinger <[email protected]>
Added parsing and handling for the healthCheck status within containers.go. Also modified tests fixes containers#10457 Signed-off-by: cdoern <[email protected]> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <[email protected]>
Previously podman failed when run in an environment where 127.0.0.53 is the only nameserver but systemd-resolved is not used directly. In practice this happened when podman was run within an alpine container that used the host's network and the host was running systemd-resolved. This fix makes podman ignore a file not found error when reading /run/systemd/resolve/resolv.conf. Closes containers#10733 [NO TESTS NEEDED] Signed-off-by: Max Goltzsche <[email protected]>
It affects all transports; and without --format, we try several manifest formats. [NO TESTS NEEDED] Signed-off-by: Miloslav Trmač <[email protected]>
When starting a process with `podman exec -it` the terminal is resized after the process is started. To fix this allow exec start to accept the terminal height and width as parameter and let it resize right before the process is started. Fixes containers#10560 Signed-off-by: Paul Holzinger <[email protected]>
As discussed in containers#10710, the additional checks for podman-exec added by commit 666f555 are extremely flaky and appear in nearly every PR I have see this week. Let's temporarily disable the checks and reenable them on containers#10710 is fixed. Signed-off-by: Valentin Rothberg <[email protected]>
The container name should have the slirp interface ip set in /etc/hosts and not the gateway ip. Commit c8dfcce introduced this regression. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1972073 Signed-off-by: Paul Holzinger <[email protected]>
As near as I can tell, sometime between `v1.6.4` and `v1.9` the definition of `LDFLAGS_PODMAN_STATIC` was both created and lost. Additionally, after a refactoring of the `Makefile` it was possible to enable CGO (which will cause a dynamic binary to be built). Fix both issues by adding the missing definition and forcing CGO to be disabled. Signed-off-by: Chris Evich <[email protected]>
Permission of volume should match the directory it is being mounted on. Fixes: containers#10188 Signed-off-by: Daniel J Walsh <[email protected]>
Signed-off-by: zhangguanzhang <[email protected]>
Fixes: containers#10621 Signed-off-by: Daniel J Walsh <[email protected]>
Fixes: containers#10614 Signed-off-by: Daniel J Walsh <[email protected]>
Checkpointed containers started with --privileged fail during restore with: Error: error creating container storage: ProcessLabel and Mountlabel must either not be specified or both specified This commit fixes it by not setting the labels when restoring a privileged container. [NO TESTS NEEDED] Signed-off-by: Adrian Reber <[email protected]>
Signed-off-by: Matthew Heon <[email protected]>
openshift-ci
bot
added
the
approved
|
LGTM |
RELEASE_NOTES.md
Outdated
| @@ -1,5 +1,28 @@ | |||
| # Release Notes | |||
|
|
|||
| ## 3.2.2 | |||
| ### Changes | |||
| - Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based off an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)). | |||
There was a problem hiding this comment.
Soft suggestion if you've others
Suggested change
| - Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based off an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)). | |
| - Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based on an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)). |
RELEASE_NOTES.md
Outdated
| - Fixed a bug where Podman would fail to run containers if `systemd-resolved` was incorrectly detected as the system's DNS server ([#10733](https://github.com/containers/podman/issues/10733)). | ||
| - Fixed a bug where the `podman exec -t` command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set ([#10560](https://github.com/containers/podman/issues/10560)). | ||
| - Fixed a bug where Podman containers using the `slirp4netns` network mode would add an incorrect entry to `/etc/hosts` pointing the container's hostname to the wrong IP address. | ||
| - Fixed a bug where Podman would create volumes specific by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)). |
There was a problem hiding this comment.
I think?
Suggested change
| - Fixed a bug where Podman would create volumes specific by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)). | |
| - Fixed a bug where Podman would create volumes specified by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)). |
|
A couple of release notes nits. I think one should be fixed, but I'm fine if you want to merge this and chase that with a separate PR. |
|
@mheon, can you add another to commit to vendor in c/common v0.38.11 (https://github.com/containers/common/releases/tag/v0.38.11)? |
|
Also ad3b56c would be great if you repush anyway. |
Signed-off-by: Matthew Heon <[email protected]>
Podman uses the volume option map to check if it has to mount the volume or not when the container is started. Commit 28138da added to uid and gid options to this map, however when only uid/gid is set we cannot mount this volume because there is no filesystem or device specified. Make sure we do not try to mount the volume when only the uid/gid option is set since this is a simple chown operation. Also when a uid/gid is explicity set, do not chown the volume based on the container user when the volume is used for the first time. Fixes containers#10620 Signed-off-by: Paul Holzinger <[email protected]>
Refactor podman commands that have drifted from using c/common report pkg. Report pkg is needed to implement go template functions. Removed obsolete code from podman which exists in c/common. Latest template library added default newlines and method to remove them. Incorporated needed changes in c/common PR below. Depends on containers/common#624 Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1855983 Signed-off-by: Jhon Honce <[email protected]> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <[email protected]>
Users are complaining about read/only /var/tmp failing even if TMPDIR=/tmp is set. This PR Fixes: containers#10698 [NO TESTS NEEDED] No way to test this. Signed-off-by: Daniel J Walsh <[email protected]> <MH: Fixed cherry-pick conflicts> Signed-off-by: Matthew Heon <[email protected]>
|
Done, repushed with 0.38.11 and final backports |
openshift-ci
bot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon, vrothberg The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
github-actions
bot
added
the
locked - please file new issue/PR
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Missing #10723 and #10688 right now as these require c/common backports. Working on that now.