profile
viewpoint
Daniel J Walsh rhatdan Red Hat Westford MA http://danwalsh.livejournal.com Mr SELinux, Distinguished Engineer at Red Hat. Work on OCI Container Runtimes: CRI-O, Podman, Skopeo, Buildah projects, buildah, containers/image & storage

issue commentcontainers/crun

Permission denied: OCI runtime permission denied error

@cryobry /run should be a tmpfs, the difference would be whether or not the content would survive the container stopping an starting. My opinion is that /run should be cleared on stop/start so /run should be tmpfs.

cryobry

comment created time in 16 hours

issue commentcontainers/buildah

allow a per-user registries.conf option

It should be a failover, try in homedir first and if no file exists, use the system default.

elerch

comment created time in 18 hours

pull request commentcontainers/buildah

Ran buildah through codespell

@rh-atomic-bot retry

rhatdan

comment created time in 18 hours

push eventcontainers/crun

Giuseppe Scrivano

commit sha 89875e2b177dabfb9f02ef89b8c6c5949f3b61b3

cgroups2: map reservation to memory.low Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Daniel J Walsh

commit sha 39f5fa6be4225a05bc315d373cb0fe5f912c5c93

Merge pull request #188 from giuseppe/map-reservation-to-memory-low cgroups2: map reservation to memory.low

view details

push time in 19 hours

PR merged containers/crun

cgroups2: map reservation to memory.low

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

+2 -2

2 comments

2 changed files

giuseppe

pr closed time in 19 hours

pull request commentcontainers/crun

cgroups2: map reservation to memory.low

LGTM

giuseppe

comment created time in 19 hours

pull request commentcontainers/libpod

image prune command fixed as per docker image prune.

LGTM @vrothberg @giuseppe @TomSweeneyRedHat @baude @QiWang19 @mheon @jwhonce PTAL

kunalkushwaha

comment created time in 19 hours

pull request commentcri-o/cri-o

[release-1.13] test: properly check return code of results

/test kata-containers

openshift-cherrypick-robot

comment created time in 19 hours

pull request commentcri-o/cri-o

Update conmon to v2.0.3

/test integration_rhel

haircommander

comment created time in 19 hours

issue commentcontainers/libpod

CgroupsV2 - possible migration issue

What podman command are you executing?

returntrip

comment created time in 19 hours

pull request commentcontainers/podman.io

whatis line wrapped

LGTM @TomSweeneyRedHat PTAL

stappersg

comment created time in 20 hours

pull request commentcontainers/podman.io

index.html line wrap

LGTM @TomSweeneyRedHat PTAL

stappersg

comment created time in 20 hours

issue commentcontainers/crun

Permission denied: OCI runtime permission denied error

I thought -v /run creates a unnamed volume rather then a bind mount of /run into the container. @mheon am I correct? Was this fixed recently and not in this version of podman?

cryobry

comment created time in 21 hours

issue commentcontainers/libpod

Rootless: slirp4netns slow initial input to container

If that fixes the issue, we should add this to the troubleshooting page for podman.

waffshappen

comment created time in 21 hours

Pull request review commentcontainers/libpod

config: use EventsLogger=file without systemd

 func (c *Config) checkCgroupsAndAdjustConfig() { 		logrus.Warningf("Alternatively, you can enable lingering with: `loginctl enable-linger %d` (possibly as root)", rootless.GetRootlessUID()) 		logrus.Warningf("Falling back to --cgroup-manager=cgroupfs")

This warning should be updated to say faling back to --events-logger=file

giuseppe

comment created time in 21 hours

push eventcontainers/buildah

dependabot-preview[bot]

commit sha 7535655753d778ba54adf2a4372c4384289c3d25

Bump github.com/fsouza/go-dockerclient from 1.5.0 to 1.6.0 Bumps [github.com/fsouza/go-dockerclient](https://github.com/fsouza/go-dockerclient) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/fsouza/go-dockerclient/releases) - [Commits](https://github.com/fsouza/go-dockerclient/compare/v1.5.0...v1.6.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Closes: #1974 Approved by: rhatdan

view details

TomSweeneyRedHat

commit sha 7c97335f2c49fdb50bc7785ae7ff5e9ac80bc2d6

Bump to v1.11.5 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1978 Approved by: rhatdan

view details

TomSweeneyRedHat

commit sha 85ab067e58161707776ff8ca640c0e0b27759ae0

Bump back to v1.12.0-dev Closes: #1978 Approved by: rhatdan

view details

dependabot-preview[bot]

commit sha 985e8dcbdd8f42895f207305cdf2ff92771806c0

Bump github.com/onsi/ginkgo from 1.10.2 to 1.10.3 Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.10.2 to 1.10.3. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.10.2...v1.10.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Closes: #1975 Approved by: rhatdan

view details

Nalin Dahyabhai

commit sha c5244fe0bf4ee86d34111a9cbd612429a532358f

info: use util.Runtime() We have a function that decides what our OCI runtime command is, and duplicating that logic for `buildah info` isn't necessary. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1980 Approved by: vrothberg

view details

caiges

commit sha 9ff68b3cdead1f67c6cbab8bea419dd39a25af96

Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat

view details

TomSweeneyRedHat

commit sha 6a555a0405b50183e3b034f9733a4b03e474aeff

Touch up commit man page image parameter The commit command does not require that a value for the image be provided. Change the man page to reflect that and explain the behavior in that instance. This is the same behavior as Docker. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1987 Approved by: rhatdan

view details

Daniel J Walsh

commit sha c6d23998a5003f91b687758c0bb93ed29788a91d

Bump github.com/onsi/gomega from 1.7.0 to 1.7.1 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.7.0 to 1.7.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.7.0...v1.7.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

push time in 21 hours

pull request commentcontainers/buildah

Add some tests and test steps for buildah

@ypu Please rebase and answer @edsantiago questions. Would love to get this in.

ypu

comment created time in 21 hours

pull request commentcontainers/buildah

Cirrus: Migrate off of PAPR + Improve testing

@nalind @edsantiago @giuseppe @vrothberg @TomSweeneyRedHat PTAL

cevich

comment created time in 21 hours

pull request commentcontainers/buildah

images: adjust output of tags and digests

@nalind Are you still working on this?

nalind

comment created time in a day

pull request commentcontainers/buildah

bud COPY does not download URL

@QiWang19 Can you update this PR?

QiWang19

comment created time in a day

pull request commentcontainers/buildah

Ran buildah through codespell

@TomSweeneyRedHat @nalind @QiWang19 @giuseppe @vrothberg PTAL

rhatdan

comment created time in a day

pull request commentcontainers/buildah

commit(docker): always set ContainerID and ContainerConfig

@rh-atomic-bot r+

nalind

comment created time in a day

pull request commentcontainers/buildah

Fix .dockerignore exclude regression

@TomSweeneyRedHat Tests are timing out...

saschagrunert

comment created time in 2 days

push eventcontainers/crun

Giuseppe Scrivano

commit sha e22ecabe84105c5dc98ae1e4e8fa033cc1bbccdd

container: rename container_entrypoint to container_init make clearer it is the "init" process that runs in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Giuseppe Scrivano

commit sha 97cb4ca54a8c44e12e40235818dbb03221d66ad1

container: add hint about missing dynlib Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Daniel J Walsh

commit sha 01a9ff691659f519eefd2866250ee08c848ba39e

Merge pull request #186 from giuseppe/rename-entrypoint-to-init container: rename container_entrypoint to container_init

view details

push time in 2 days

PR merged containers/crun

container: rename container_entrypoint to container_init

make clearer it is the "init" process that runs in the container.

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

+16 -9

1 comment

1 changed file

giuseppe

pr closed time in 2 days

pull request commentcontainers/crun

container: rename container_entrypoint to container_init

LGTM

giuseppe

comment created time in 2 days

issue commentcontainers/buildah

Why does buildah pull print info output to stderr?

I believe this is following the Docker behavior. allowing users to just grab the image id from stdout and all of the progress information goes to stderr.

TomasTomecek

comment created time in 2 days

issue commentcontainers/buildah

buildah throws lots of errors lsetfilecon Operation not supported

I think this would work fine in Rootfull mode, but would not work in rootless. Since on Rootful, you are allowed to lay down labels on Overlayfs, but in rootless mode, you are using fuse-overlay, which would not allow labels.

llegolas

comment created time in 2 days

push eventrhatdan/oci-selinux

Daniel J Walsh

commit sha bb3d708beeb63c09db86c395f714a023c983a019

Add errors.Wrap to indicate the file relabel failed on Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in 2 days

release containers/storage

v1.14.0

released time in 2 days

created tagcontainers/storage

tagv1.14.0

created time in 2 days

push eventcontainers/storage

Daniel J Walsh

commit sha 905edaf56f38b4891b9fb57f774ec977f2bdaa61

Bump to v1.14.0 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha bba7f910dba64c89c0f3e20424e1952b31eeaf5b

Move to v1.14.1-dev Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha 63a0f4e50c12e3f1161f08295c414ac27ab9aa99

Merge pull request #465 from rhatdan/master Bump to v1.14.0

view details

push time in 2 days

PR merged containers/storage

Bump to v1.14.0
+1 -1

2 comments

1 changed file

rhatdan

pr closed time in 2 days

issue commentcontainers/podman.io

Website Design is not at all responsive

@stappersg This is a community project, something the engineers are doing in the spare time. We don't have a web site designer or documentation people working on this. Red Hat Documentation and web site design go into products, not projects. We need to rely on community to fixup the site.

We met last week to discuss how we want the web site to look ad have been working on a readthedocs site as well. https://podman.readthedocs.io/en/latest/

If you would like to help improving the podman.io website, that would be welcome.

robbyoconnor

comment created time in 2 days

push eventcontainers/container-selinux

Lukas Vrabec

commit sha a02c6f0d029558723a93ac46aa3556f01e9e2622

New alias for container_share_t type container_share_t is read-only type for container_t process. It's confusing for users so this commit adds new alias "container_ro_t" for contianer_share_t which make more sense.

view details

Daniel J Walsh

commit sha a233788873fd110965990219c9e53d94c165dd7c

Merge pull request #82 from wrabcak/container_ro New alias for container_share_t type

view details

push time in 2 days

PR merged containers/container-selinux

New alias for container_share_t type

container_share_t is read-only type for container_t process. It's confusing for users so this commit adds new alias "container_ro_t" for contianer_share_t which make more sense.

+75 -75

5 comments

3 changed files

wrabcak

pr closed time in 2 days

pull request commentcontainers/container-selinux

New alias for container_share_t type

LGTM

wrabcak

comment created time in 2 days

issue commentcontainers/buildah

buildah throws lots of errors lsetfilecon Operation not supported

No this is not a file system issue. In the case of fuse-overlay, it is creating a fuse file system. Fuse file systems do not accept XATTRS so when you attempt to chcon on it, it gets an unsupported error since chcon can not write the XATTR.

Usually in containers we attempt to disable SELinux code, so that it does not attempt to set labels. But in the case of buildah mount and dnf install above, it is running on the host (Not in a container) and the dnf command sees that SELinux is enabled so it is attempting to lay down the SELinux labels.

Since fuse does not support them, you get the error.

I am wondering if their is a flag to dnf/rpm to tell it not to do selinux labeling.

llegolas

comment created time in 2 days

issue closedcontainers/libpod

Podman cannot create (inspect) volume

/kind bug

When creating volume with podman: podman volume create vmaas_vmaas-db-data, errors appear.

Steps to reproduce the issue:

  1. Run podman volume create vmaas_vmaas-db-data
Error: error creating volume directory "/home/mjurek/.local/share/containers/storage/volumes/vmaas_vmaas-db-data/_data": mkdir /home/mjurek/.local/share/containers/storage/volumes/vmaas_vmaas-db-data/_data: file exists

  1. Delete file /_data

  2. Run podman volume create vmaas_vmaas-db-data

Error: error setting selinux label for /home/mjurek/.local/share/containers/storage/volumes/vmaas_vmaas-db-data/_data to "system_u:object_r:container_file_t:s0:c553,c980" as shared: operation not supported

When creating volume with podman, it should use (delete and create) existing volume and not pop error, that file exists.

When /_data deleted, podman can create volume, but can't relabel selinux context.

Output of podman version:

Version:            1.6.2
RemoteAPI Version:  1
Go Version:         go1.12.10
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  git commit: ""
  go version: go1.12.10
  podman version: 1.6.2
host:
  BuildahVersion: 1.11.3
  CgroupVersion: v1
  Conmon:
    package: conmon-2.0.2-1.fc30.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.2, commit: a89d21975ee86e84e0b0e1c0f887687582f4b0e3'
  Distribution:
    distribution: fedora
    version: "30"
  IDMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  MemFree: 1879089152
  MemTotal: 16424656896
  OCIRuntime:
    name: runc
    package: runc-1.0.0-95.rc9.gitc1485a1.fc30.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc9+dev
      commit: 0840802d505e28d3adcbc7a275cbeadbdf64ddec
      spec: 1.0.1-dev
  SwapFree: 7890964480
  SwapTotal: 8295804928
  arch: amd64
  cpus: 8
  eventlogger: journald
  hostname: redhat-com
  kernel: 5.3.6-200.fc30.x86_64
  os: linux
  rootless: true
  slirp4netns:
    Executable: /usr/bin/slirp4netns
    Package: slirp4netns-0.4.0-4.git19d199a.fc30.x86_64
    Version: |-
      slirp4netns version 0.4.0-beta.2
      commit: 19d199a6ca424fcf9516320a327cedad85cf4dfb
  uptime: 602h 29m 39.79s (Approximately 25.08 days)
registries:
  blocked: null
  insecure: null
  search:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  ConfigFile: /home/mjurek/.config/containers/storage.conf
  ContainerStore:
    number: 3
  GraphDriverName: overlay
  GraphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: fuse-overlayfs-0.6.5-2.fc30.x86_64
      Version: |-
        fusermount3 version: 3.6.2
        fuse-overlayfs: version 0.6.5
        FUSE library version 3.6.2
        using FUSE kernel interface version 7.29
  GraphRoot: /home/mjurek/.local/share/containers/storage
  GraphStatus:
    Backing Filesystem: ecryptfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 143
  RunRoot: /run/user/1000
  VolumePath: /home/mjurek/.local/share/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

podman-1.6.2-2.fc30.x86_64

Encrypted /home folder with: ecryptfs

Project: https://github.com/RedHatInsights/vmaas

docker-compose.yml:

version: '3'

services:
  vmaas_database:
    container_name: vmaas-database
    build:
        context: .
        dockerfile: ./database/Dockerfile
    image: vmaas/database:latest
    restart: unless-stopped
    env_file:
      - ./conf/database-connection-admin.env
    ports:
      - 5432:5432
    volumes:
      - vmaas-db-data:/var/lib/pgsql/data

  vmaas_websocket:
    container_name: vmaas-websocket
    build:
        context: .
        dockerfile: ./websocket/Dockerfile
    image: vmaas/websocket:latest
    restart: unless-stopped
    ports:
      - 8082:8082

  vmaas_reposcan:
    container_name: vmaas-reposcan
    build:
        context: .
        dockerfile: ./reposcan/Dockerfile
    image: vmaas/reposcan:latest
    restart: unless-stopped
    env_file:
      - ./conf/database-connection-writer.env
      - ./conf/reposcan.env
    ports:
      - 8081:8081
      - 8730:8730
    volumes:
      - vmaas-reposcan-tmp:/tmp
      - vmaas-dump-data:/data:z
    depends_on:
      - vmaas_websocket
      - vmaas_database

  vmaas_webapp:
    container_name: vmaas-webapp
    build:
        context: .
        dockerfile: ./webapp/Dockerfile
    image: vmaas/webapp:latest
    restart: unless-stopped
    env_file:
      - ./conf/webapp.env
    ports:
      - 8080:8080
    depends_on:
      - vmaas_websocket
      - vmaas_reposcan

    
  vmaas_webapp_utils:
    container_name: vmaas-webapp-utils
    build:
        context: .
        dockerfile: ./webapp_utils/Dockerfile
    image: vmaas/webapp_utils:latest
    restart: unless-stopped
    env_file:
      - ./conf/webapp_utils.env
      - ./conf/database-connection-reader.env
    ports:
      - 8083:8083
    depends_on:
      - vmaas_webapp


  vmaas_prometheus:
    container_name: vmaas-prometheus
    image: prom/prometheus:v2.1.0
    volumes:
      - prometheus-data:/prometheus
      - ./monitoring/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
    security_opt:
      - label=disable
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
      - '--web.console.templates=/usr/share/prometheus/consoles'
    ports:
      - 9090:9090
    depends_on:
      - vmaas_reposcan
      - vmaas_webapp
    restart: always

  vmaas_grafana:
    container_name: vmaas-grafana
    image: grafana/grafana:6.2.5
    volumes:
      - grafana-data:/var/lib/grafana
      - ./monitoring/grafana/provisioning/:/etc/grafana/provisioning/
    depends_on:
      - vmaas_prometheus
    ports:
      - 3000:3000
    env_file:
      - ./monitoring/grafana/grafana.conf
    user: "104"
    restart: always

volumes:
  vmaas-db-data:
  vmaas-dump-data:
  vmaas-reposcan-tmp:
  prometheus-data:
  grafana-data:

closed time in 2 days

Michael-Jurek

pull request commentcontainers/buildah

Touch up commit man page image parameter

@rh-atomic-bot r+

TomSweeneyRedHat

comment created time in 2 days

issue commentcontainers/buildah

allow a per-user registries.conf option

Makes sense.

elerch

comment created time in 2 days

issue commentcontainers/skopeo

Cannot delete image from Artifactory

Can someone reach out to Jfrog to see if they would be interested in adding support for skopeo or at least explaining what should be done.

nc-nvmt

comment created time in 2 days

pull request commentcri-o/cri-o

Do not rebuild binaries when installing

I think the issue is, if you do a make followed by a make install

The make install builds the images a second time. IE it is not smart enough to know that the executables are up2date.

saschagrunert

comment created time in 2 days

issue commentcontainers/libpod

Podman Pull Images always error when docker not

@mtrmac Would adding a --retry flag or something to podman make sense? Or since we can not distinquish we can just fail.

On Docker, how does it work if their are multiple registries?

benyaminl

comment created time in 2 days

pull request commentcri-o/cri-o

Update conmon to v2.0.3

/test integration_rhel

haircommander

comment created time in 2 days

pull request commentcontainers/container-selinux

New alias for container_share_t type

Or better yet container_ro_file_t or container_file_ro_t

wrabcak

comment created time in 2 days

pull request commentcontainers/container-selinux

New alias for container_share_t type

Should the default name be container_ro_t?

wrabcak

comment created time in 2 days

push eventrhatdan/storage

Daniel J Walsh

commit sha 905edaf56f38b4891b9fb57f774ec977f2bdaa61

Bump to v1.14.0 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha bba7f910dba64c89c0f3e20424e1952b31eeaf5b

Move to v1.14.1-dev Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in 2 days

pull request commentcontainers/storage

Bump to v1.14.1

I did not know if counting started at 0 or 1, I can change it back. I would think this is a minor update since a new interface was added?

rhatdan

comment created time in 2 days

push eventrhatdan/libpod

baude

commit sha 7343de24e5961c33158f4002964e6b0178d8b740

check existing bridge names when creating networks when creating a new networking, we should check existing networks for their bridge names and make sure the proposed new name is not part of this. reported by QE. Signed-off-by: baude <bbaude@redhat.com>

view details

Matthew Heon

commit sha 224d805db788397b6d74f58496ffbbdb147edd83

Fix sig-proxy=false test and use image cache Pulling fedora-minimal was potentially causing timeouts, which is bad. Using the cache avoids that. Sig-proxy=false test was entirely nonfunctional - I think we didn't update it when we fixed sig-proxy=true to be less racy. It was still passing, which is concerning. Signed-off-by: Matthew Heon <mheon@redhat.com>

view details

Matthew Heon

commit sha 84eea2b2c09385078d7b147954ec9be3da608214

Return a better error for volume name conflicts When you try and create a new volume with the name of a volume that already exists, you presently get a thoroughly unhelpful error from `mkdir` as the volume attempts to create the directory it will be mounted at. An EEXIST out of mkdir is not particularly helpful to Podman users - it doesn't explain that the name is already taken by another volume. The solution here is potentially racy as the runtime is not locked, so someone else could take the name while we're still getting things set up, but that's a narrow timing window, and we will still return an error - just an error that's not as good as this one. Signed-off-by: Matthew Heon <matthew.heon@pm.me>

view details

Giuseppe Scrivano

commit sha 0d5d6dab57590f9f52666031c1979f4cf136d12e

systemd: mask /sys/fs/cgroup/systemd/release_agent when running in systemd mode on cgroups v1, make sure the /sys/fs/cgroup/systemd/release_agent is masked otherwise the container is able to modify it and execute scripts on the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Tyler Ramer

commit sha 1d00acee19f88406073cf1207f3944b3ad3046c3

Log warn instead of error for removing nonexistant container In event of a container removal that is no longer in database, log a warning instead of an error, as there is not any problem continuing execution. Resolves #4314 Signed-off-by: Tyler Ramer <tyaramer@gmail.com>

view details

OpenShift Merge Robot

commit sha ea46937675bbb5839a4f2fdf894d480b57744aeb

Merge pull request #4345 from giuseppe/mask-release_agent systemd: mask /sys/fs/cgroup/systemd/release_agent

view details

OpenShift Merge Robot

commit sha ac73fd3fe5dcbf2647d589f9c9f37fe9531ed663

Merge pull request #4348 from rhatdan/man Cleanup man pages

view details

Daniel J Walsh

commit sha f438b2cc09d5b6eef3d09e8b8e3d3dcf2c6727df

Merge pull request #4291 from baude/networkcreatecheckbridge check existing bridge names when creating networks

view details

Daniel J Walsh

commit sha 94864adb2888c6648bd061004e81dd20f8a30280

Merge pull request #4347 from tylarb/Warn_NoSuchCtr Log warn instead of error for removing nonexistant container

view details

Matthew Heon

commit sha 5f8bf3d07d94d58465dfa494f7720ca23b8d4c6f

Add ensureState helper for checking container state We have a lot of checks for container state scattered throughout libpod. Many of these need to ensure the container is in one of a given set of states so an operation may safely proceed. Previously there was no set way of doing this, so we'd use unique boolean logic for each one. Introduce a helper to standardize state checks. Note that this is only intended to replace checks for multiple states. A simple check for one state (ContainerStateRunning, for example) should remain a straight equality, and not use this new helper. Signed-off-by: Matthew Heon <mheon@redhat.com>

view details

baude

commit sha 2f6b8b94e87bb3645d34e59dd3b748dba4aa4d2c

enable dnsplugin for network create when users create a new network and the dnsname plugin can be found by podman, we will enable container name resolution on the new network. there is an option to opt *out* as well. tests cannot be added until we solve the packaging portion of the dnsname plugin. Signed-off-by: baude <bbaude@redhat.com>

view details

OpenShift Merge Robot

commit sha 49bd51e12f3aa8f2f711832d1dc4134861ee29c8

Merge pull request #4331 from mheon/sane_rename_error Return a better error for volume name conflicts

view details

OpenShift Merge Robot

commit sha 1b5c2d14409c4fb5d83fff77d4a17f0dcfe9e04e

Merge pull request #4355 from mheon/ensure_state Add ensureState helper for checking container state

view details

Valentin Rothberg

commit sha 52e5c4b460b80f74db8a487cf8f5dbc7c1c9d32a

GitHub stale action Add a GitHub action to mark issues and PRs as stale and to eventually close them after a grace period. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Peter Hunt

commit sha 57fa6cf756219baa1d8d562906ccf5bbb85380dc

require conmon v2.0.0 Signed-off-by: Peter Hunt <pehunt@redhat.com>

view details

Peter Hunt

commit sha 306f7cb9f56f7807dc125caa2292b653c7fae3ac

require conmon v2.0.1 Signed-off-by: Peter Hunt <pehunt@redhat.com>

view details

Peter Hunt

commit sha 9ff66824f31b55d6316778d7adad08210cdf8dc2

bump cirrus images Signed-off-by: Peter Hunt <pehunt@redhat.com>

view details

Peter Hunt

commit sha 49e251fc57447f79632ca5ddf37847c86ade2271

update conmon to v2.0.2 in in_podman image Signed-off-by: Peter Hunt <pehunt@redhat.com>

view details

Giuseppe Scrivano

commit sha 795460f7b0de37b1e76face6fea09fd36247cad7

libpod: if slirp4netns fails, return its output read the slirp4netns stderr and propagate it in the error when the process fails. Replace: https://github.com/containers/libpod/pull/4338 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Daniel J Walsh

commit sha 797288222bb5c4d0b89dc0a51deaa7cb06e652dd

Fix spelling mistakes Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in 2 days

PR opened containers/storage

Bump to v1.14.1
+1 -1

0 comment

1 changed file

pr created time in 2 days

push eventrhatdan/storage

Daniel J Walsh

commit sha 0e90661ffa8e82609ab39e2baecfe11797782031

Bump to v1.14.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha 183eef608782b3e1ec8d916f3d7acbfde0ee70cc

Move to v1.14.2-dev Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in 2 days

push eventrhatdan/storage

Daniel J Walsh

commit sha 1a0442ea2bb903c225f46c54e54a6f77b7ad43ed

Merge pull request #414 from rhatdan/master Bump to v1.13.1

view details

Daniel J Walsh

commit sha a2b9488c8324cd8443e91d83e08cc1374d3d1d93

Ignore ro mount options in btrfs and windows drivers Since now we always set the "ro" mount option, we need to ignore these options on drivers that do not support them. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha e3f1fe0cb355fed87eb6e03bd6c873f470067e83

Ignore ro mount options in btrfs and windows drivers Since now we always set the "ro" mount option, we need to ignore these options on drivers that do not support them. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Valentin Rothberg

commit sha b048d475d961e9435e81c393ca0598c5b641aba7

Merge pull request #416 from rhatdan/additionalstores Ignore ro mount options in btrfs and windows drivers

view details

Valentin Rothberg

commit sha 4ee8bba68425ff9f7f1081c0a246e72ddbe80cd2

v1.13.2 * Ignore ro mount options in btrfs and windows drivers Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Valentin Rothberg

commit sha c2c705971ca6e4a464c8a89b063cc06f3ad2d497

bump to v1.13.3-dev Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Valentin Rothberg

commit sha 69bcd96b85fe4fdda4a491cc279ff888522d9122

Merge pull request #417 from vrothberg/release Release v1.13.2

view details

Valentin Rothberg

commit sha 295dac361050b304a4a72a450a36f17317cb5db2

Makefile: use go proxy Use GOPROXY=https://proxy.golang.org to speed up fetching dependencies. Setting it makes `make vendor` ten times faster in my local env. For details please refer to https://proxy.golang.org/. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Daniel J Walsh

commit sha 120176145452c162ed8c64f0194817e0acc259f4

Merge pull request #424 from vrothberg/go-proxy Makefile: use go proxy

view details

Nalin Dahyabhai

commit sha d46d549322163d04271b907dd6ad4f488f32f6ba

layerStore.Load(): avoid double-locking the mounts list for Save If we need to re-save the layers list when we've loaded it, to either solve a duplicate name issue or to clean up a partially-constructed layer, don't make the mistake of attempting to take another lock on the mounts list. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

view details

Nalin Dahyabhai

commit sha 2fffa4842d2e3d319fd23e9cb061e08835c49e40

Update generated files Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

view details

Valentin Rothberg

commit sha a427596d18babb848a63aee25c5854df34d13977

wrap ID or digest to ErrImageUnkown errors Wrap the ID or the digest to ErrImageUnknown errors to avoid ambiguity which image is unknown. Consumers of the storage library may have multiple subsequent calls to the storage API where it can be unclear which image is unknown. Wrapping the ID and digest attempts to avoid this ambiguity. Related-to: github.com/containers/libpod/issues/2979 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Urvashi Mohnani

commit sha eef3c2291eccf0bbcab6f5a359236a992e116774

Merge pull request #425 from nalind/mountslock layerStore.Load(): avoid double-locking the mounts list for Save

view details

Valentin Rothberg

commit sha 978b1d8b7512c4a80ad59862358a97af85144d53

Merge pull request #426 from vrothberg/enhance-image-not-known-errors wrap ID or digest to ErrImageUnkown errors

view details

Chris Evich

commit sha 12df58465795c939ad91b2b68091d2ede1c1b73b

Cirrus: Increase Ubuntu install timeouts Signed-off-by: Chris Evich <cevich@redhat.com>

view details

Nalin Dahyabhai

commit sha 4488835ea0336940f1516d7b84e44873df7ea6ca

Merge pull request #428 from cevich/increase_ubuntu_install_timeout Cirrus: Increase Ubuntu install timeouts

view details

Nalin Dahyabhai

commit sha bcedb54d0547a9a5c0c641518a86a72efc2b19dd

layerStore.Load(): don't try to lock the mounts list on cleanup When cleaning up an incomplete layer, don't call regular Delete() to handle it, since that calls Save(), which tries to lock the mountpoints list, which we've already obtained a lock over. Add a variation on Delete() that skips the Save() step, which we're about to do anyway, and call that instead. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

view details

Nalin Dahyabhai

commit sha 4c50612dee37c1780d1a3f3612fe4032ca8db625

Update generated files Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

view details

Urvashi Mohnani

commit sha 106ba57d82f8e44950a84d9653c8b86849df19f3

Merge pull request #429 from nalind/incomplete-mountslock layerStore.Load(): don't try to lock the mounts list on cleanup

view details

Nalin Dahyabhai

commit sha 8c25cfb55e64450a67667cf1f3d5591f0ab65583

v1.13.3 * Makefile: use go proxy * layerStore.Load(): avoid double-locking the mounts list for Save * wrap ID or digest to ErrImageUnkown errors * Cirrus: Increase Ubuntu install timeouts * layerStore.Load(): don't try to lock the mounts list on cleanup Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

view details

push time in 2 days

Pull request review commentopencontainers/selinux

Add errors.Wrap to indicate the file relabel failed on

 func SetFileLabel(fpath string, label string) error { 	if fpath == "" { 		return ErrEmptyPath 	}-	return lsetxattr(fpath, xattrNameSelinux, []byte(label), 0)+	if err := lsetxattr(fpath, xattrNameSelinux, []byte(label), 0); err != nil {+		return errors.Wrap(err, "Failed to set file label on %s")

It is there now.

rhatdan

comment created time in 2 days

push eventrhatdan/oci-selinux

Daniel J Walsh

commit sha 1267f6624d372edb4ee6e3f4a2d4861434a7b80f

Add errors.Wrap to indicate the file relabel failed on Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in 2 days

push eventrhatdan/oci-selinux

Daniel J Walsh

commit sha ef290ec39cb7b3e2c1ee49ed1b4e3e45d680f18c

Add errors.Wrap to indicate the file relabel failed on Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in 2 days

push eventrhatdan/buildah

caiges

commit sha 9ff68b3cdead1f67c6cbab8bea419dd39a25af96

Add builder identity annotations. Use io.podman.version and fix inspect tests Signed-off-by: caiges <caigesn@gmail.com> Closes: #1917 Approved by: TomSweeneyRedHat

view details

Daniel J Walsh

commit sha 122dd5cfcc2504991a26b58d792542a09612f6db

Ran buildah through codespell Thanks to Dmitry Smirnov @onlyjob for suggesting this tool. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha d85c395f3edfa73216b8173c8b4bfaa5d23eff3b

Merge branch 'master' of github.com:containers/buildah into codespell

view details

push time in 2 days

issue commentcontainers/buildah

allow a per-user registries.conf option

Of course if @kevinlmadison wanted to open a PR, that would be appreciated as well.

elerch

comment created time in 2 days

issue commentcontainers/buildah

allow a per-user registries.conf option

Sorry no one has worked on this, @TomSweeneyRedHat Can you look into this?

elerch

comment created time in 2 days

issue commentcontainers/libpod

rootless podman supports credHelper

@sdouche do you have a specific credhelper you are looking for?

QiWang19

comment created time in 2 days

issue commentcontainers/libpod

Support running podman containers inside unprivileged (docker) container

Currently have to disable SELinux since by default it blocks a few commands I have a modified seccomp.json file also. BTW I have been sending out updates on podman.io mailing list.

Since I don't use apparmor, I would figure it is similar to SELinux. Main SELinux issues were on mounting file systems.

johanbrandhorst

comment created time in 3 days

pull request commentcontainers/buildah

Fix .dockerignore exclude regression

Wait for release. We want to keep momentum on Debian moving and they want proper versioning.

saschagrunert

comment created time in 3 days

pull request commentcri-o/cri-o

Update conmon to v2.0.3

LGTM although tests not looking good.

haircommander

comment created time in 3 days

pull request commentcontainers/storage

Add indicator for last matched result

I am on plane right now and github is blocked, I will do it this evening.

saschagrunert

comment created time in 3 days

issue commentcontainers/buildah

podman: tar too many levels of symbolic links

Reopen if this issue is not fixed.

tuan-hoang1

comment created time in 3 days

issue closedcontainers/buildah

podman: tar too many levels of symbolic links

<!-- If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.

If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information.


BUG REPORT INFORMATION

Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST -->

Description

<!-- Briefly describe the problem you are having in a few paragraphs. -->

Steps to reproduce the issue:

  1. git clone https://github.com/coreos/coreos-assembler
  2. podman build -t fcos/cosa -f $PWD/coreos-assembler/Dockerfile

Describe the results you received:

STEP 7: COPY ./ /root/containerbuild/
Error: error building at STEP "COPY ./ /root/containerbuild/": error copying "/home/tmhoang/coreos/github.com/tuan-hoang1/coreos-assembler" to "/home/tmhoang/.local/share/containers/storage/overlay/b44c478bd93416d784ff646e9c2a1e2d008dcefb8491177af0b75aff91d7bc88/merged/root/containerbuild": Error processing tar file(exit status 1): too many levels of symbolic links

In coreos-assembler directory there are a couple of symlink files ending in .txt that links to src/*.txt. I think they are the cause, because for i in vmdeps*.txt deps*.txt; do rm $i; cp src/$i $i; done works.

Output of podman version if reporting a podman build issue:

podman version 1.6.2

Output of cat /etc/*release:

Fedora release 31 (Thirty One)
NAME=Fedora
VERSION="31 (Server Edition)"
ID=fedora
VERSION_ID=31
VERSION_CODENAME=""
PLATFORM_ID="platform:f31"
PRETTY_NAME="Fedora 31 (Server Edition)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:31"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f31/system-administrators-guide/"
SUPPORT_URL="https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=31
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=31
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Server Edition"
VARIANT_ID=server
Fedora release 31 (Thirty One)
Fedora release 31 (Thirty One)

Output of uname -a:

Linux xzkvm32 5.3.9-300.fc31.x86_64 #1 SMP Wed Nov 6 16:13:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Output of cat /etc/containers/storage.conf:

It's default, I have never touched it.

closed time in 3 days

tuan-hoang1
IssuesEvent

issue commentcontainers/libpod

`VOLUME` are mounted as `noexec`

Ok I think we should match docker.

ensc

comment created time in 3 days

issue commentcontainers/buildah

Request: throw error on COPY --chown x:y (without equal sign)

Tom can you make these legal or at least match Docker.

edsantiago

comment created time in 3 days

issue commentcontainers/libpod

Issues running nvidia runtime rootless

@Ngpriddy I would figure the devices were created and kernel modules were loaded on the other machine, so the Nvidia plugin did not have to do anything on these machines. I would guess if you rebooted those machines and ran rootless first, you would see similar errors.

Ngpriddy

comment created time in 3 days

pull request commentcontainers/libpod

Discard errors from Shutdown in `system renumber`

/lgtm

mheon

comment created time in 3 days

push eventcontainers/fuse-overlayfs

Giuseppe Scrivano

commit sha d077ea28e30e4240883df59cc93be994b0edf70c

configure: check for FUSE copy_file_range check if the version of FUSE supports copy_file_range. It fixes the build on RHEL 8. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

view details

Daniel J Walsh

commit sha 58101db1b056c58975c397fccd9c0d217d138ba9

Merge pull request #146 from giuseppe/check-fuse-copy_file_range configure: check for FUSE copy_file_range

view details

push time in 3 days

PR merged containers/fuse-overlayfs

configure: check for FUSE copy_file_range

check if the version of FUSE supports copy_file_range.

It fixes the build on RHEL 8.

Signed-off-by: Giuseppe Scrivano gscrivan@redhat.com

+20 -2

1 comment

2 changed files

giuseppe

pr closed time in 3 days

pull request commentcontainers/fuse-overlayfs

configure: check for FUSE copy_file_range

LGTM

giuseppe

comment created time in 3 days

issue commentcontainers/conmon

Provide logging behavior policies applied by conmon to stdout/stderr

I've a few questions.

* Is `ignore` the equivalent of `drop` with a bytes-per-interval=0?

@portante WDYT?

* Are these limits supposed to be changed at runtime?  e.g. can I change bytes-per-interval while the container is running?

No these should be constant for the container

* How these settings will work for Podman/CRI-O?  e.g. for CRi-O: should it be done globally or in an annotation?

CRI-O would need to use annotations until this gets support in upstream Kubernetes. I agree with @mheon Podman would use --log-opt.

portante

comment created time in 3 days

issue commentcontainers/common

Include containers-common files in this repository for easier packaging

@vrothberg any time to work on this?

jwflory

comment created time in 3 days

push eventcontainers/common

Valentin Rothberg

commit sha 5c967354bdacef300dcfa6b7d1fe6fa0daa11878

add Apache 2.0 license file When creating the repository, we forgot to add the license file. Fixes: #15 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Valentin Rothberg

commit sha 535ff83587cc9fb96f3cde47ab2164d46a78acb7

delete _output Delete the empty _output directory which has been mistakenly added by a previous commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>

view details

Daniel J Walsh

commit sha cd8c34240d9e048008195f43d89d88cc218834d1

Merge pull request #17 from vrothberg/fix-15 Fix 15

view details

push time in 3 days

issue closedcontainers/common

No License Specified

Could you please add license information to the repo?

closed time in 3 days

barthy1

PR merged containers/common

Fix 15
  • add license
  • delete _output

@rhatdan @QiWang19 PTAL

+201 -1

2 comments

2 changed files

vrothberg

pr closed time in 3 days

pull request commentcontainers/common

Fix 15

LGTM

vrothberg

comment created time in 3 days

fork rhatdan/common

Location for shared common files in github.com/containers repos.

fork in 3 days

issue commentcontainers/libpod

Support running podman containers inside unprivileged (docker) container

Yes I have a working prototype of this, now, will publish a blog on it shortly. I think we could get some additional support into containers.conf to make this easier to do.

johanbrandhorst

comment created time in 3 days

pull request commentcri-o/cri-o

Generate CRI-O CLI man page during build

/test integration_rhel

saschagrunert

comment created time in 3 days

issue commentcontainers/libpod

configuration option for dns server to use

Yes @QiWang19 could easily add this option.

whitel

comment created time in 3 days

Pull request review commentcontainers/libpod

macvlan networks

 Driver to manage the network (default "bridge").  Currently on `bridge` is suppo Define a gateway for the subnet. If you want to provide a gateway address, you must also provide a *subnet* option. +**--host-device**++Host networking device that will be used by *macvlan* connections.  This option must be used with the

The code allows users to add multiple. Should we combine the options, into one.
--macvlanaddr="1.2.3.4" Which would indicate that you want to use macvlan and don't have to specify the address separately. removes extra error checking.

baude

comment created time in 3 days

issue closedcontainers/storage

FTBFS@mipsel: mismatched types uint64 and uint32

v11.13.2 FTBFS on mipsel as follows:

# github.com/containers/storage/pkg/loopback
src/github.com/containers/storage/pkg/loopback/attach_loopback.go:96:10: invalid operation: dev != st.Dev (mismatched types uint64 and uint32)
src/github.com/containers/storage/pkg/loopback/loopback.go:56:24: invalid operation: dev == targetDevice (mismatched types uint64 and uint32)
github.com/containers/storage/pkg/fsutils
github.com/ostreedev/ostree-go/pkg/glibobject
github.com/containers/storage/pkg/archive
# github.com/containers/storage/pkg/archive
src/github.com/containers/storage/pkg/archive/archive_linux.go:67:17: cannot use s.Rdev (type uint32) as type uint64 in argument to major
src/github.com/containers/storage/pkg/archive/archive_linux.go:67:39: cannot use s.Rdev (type uint32) as type uint64 in argument to minor
src/github.com/containers/storage/pkg/archive/archive_linux.go:102:18: cannot use s.Rdev (type uint32) as type uint64 in argument to major
src/github.com/containers/storage/pkg/archive/archive_linux.go:102:40: cannot use s.Rdev (type uint32) as type uint64 in argument to minor
src/github.com/containers/storage/pkg/archive/changes_linux.go:312:13: cannot use s.Rdev (type uint32) as type uint64 in argument to major
src/github.com/containers/storage/pkg/archive/changes_linux.go:312:35: cannot use s.Rdev (type uint32) as type uint64 in argument to minor
src/github.com/containers/storage/pkg/archive/changes_linux.go:323:13: cannot use s.Rdev (type uint32) as type uint64 in argument to major
src/github.com/containers/storage/pkg/archive/changes_linux.go:323:35: cannot use s.Rdev (type uint32) as type uint64 in argument to minor
src/github.com/containers/storage/pkg/archive/changes_linux.go:356:15: cannot use s.Rdev (type uint32) as type uint64 in argument to major
src/github.com/containers/storage/pkg/archive/changes_linux.go:356:37: cannot use s.Rdev (type uint32) as type uint64 in argument to minor
src/github.com/containers/storage/pkg/archive/changes_linux.go:356:37: too many errors
github.com/containers/storage/drivers/copy
github.com/mistifyio/go-zfs
# github.com/containers/storage/drivers/copy
src/github.com/containers/storage/drivers/copy/copy_linux.go:158:17: cannot use stat.Dev (type uint32) as type uint64 in field value

closed time in 3 days

onlyjob

push eventcontainers/storage

dependabot-preview[bot]

commit sha b10bb250c68f88fb65bee54e22d3afb0fa5bf389

Bump github.com/klauspost/compress from 1.9.1 to 1.9.2 Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/klauspost/compress/releases) - [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml) - [Commits](https://github.com/klauspost/compress/compare/v1.9.1...v1.9.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

Daniel J Walsh

commit sha 11e519354e87d06d173859d21d7e65a8f14a1a54

Merge pull request #464 from containers/dependabot/go_modules/github.com/klauspost/compress-1.9.2 Bump github.com/klauspost/compress from 1.9.1 to 1.9.2

view details

push time in 3 days

PR merged containers/storage

Bump github.com/klauspost/compress from 1.9.1 to 1.9.2 dependencies

Bumps github.com/klauspost/compress from 1.9.1 to 1.9.2. <details> <summary>Release notes</summary>

Sourced from github.com/klauspost/compress's releases.

v1.9.2

Changelog

ba5daf5 Add stateless gzip/deflate (#176) fb5147c Fix inconsistent zstd error (#179) f741997 Remove artifacts. 4e96aec Update README.md c0145a2 Use latest fuzzit 64d2747 bit_writer: Use arrays. (#177) bc6fcd8 inflate: Reduce memory use (#178) 754afe9 s2c: Default to max block size (4MB) 30596e9 zstd: Fix frame content size decoding (#180) </details> <details> <summary>Commits</summary>

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

</details>

+288 -32

1 comment

10 changed files

dependabot-preview[bot]

pr closed time in 3 days

push eventcontainers/storage

Sascha Grunert

commit sha 5e07044cf0e2936b1a805e898d64697fc19e630d

Add indicator for last matched result This information is needed as well if we want to match in a way that the last match has the highest priority. We now introduce a new method `MatchesResult` to not break the previous API. Signed-off-by: Sascha Grunert <sgrunert@suse.com>

view details

Daniel J Walsh

commit sha c4d42c8124bb0dc54394b07c65beaf773102c615

Merge pull request #446 from saschagrunert/last-result-matched Add indicator for last matched result

view details

push time in 3 days

PR merged containers/storage

Add indicator for last matched result

We all know that every good improvement has to split-up into three PRs, right? :innocent:

This information is needed as well if we want to match in a way that the last match has the highest priority.

@vrothberg PTAL, I think we're now somewhat fine with the API, see https://github.com/containers/buildah/pull/1914

+87 -26

4 comments

2 changed files

saschagrunert

pr closed time in 3 days

pull request commentcontainers/storage

Add indicator for last matched result

LGTM

saschagrunert

comment created time in 3 days

Pull request review commentopencontainers/selinux

Add errors.Wrap to indicate the file relabel failed on

 func SetFileLabel(fpath string, label string) error { 	if fpath == "" { 		return ErrEmptyPath 	}-	return lsetxattr(fpath, xattrNameSelinux, []byte(label), 0)+	if err := lsetxattr(fpath, xattrNameSelinux, []byte(label), 0); err != nil {+		return errors.Wrap(err, "Failed to set file label on %s")

Fixed

rhatdan

comment created time in 3 days

push eventrhatdan/oci-selinux

Daniel J Walsh

commit sha 09f1063dc9bfd96acd670bf830d5787cd9cf61d2

Add errors.Wrap to indicate the file relabel failed on Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in 3 days

push eventrhatdan/oci-selinux

Daniel J Walsh

commit sha 3c38c1a6d88f51a54ccc30ecd3b6b16c60432d4b

Add errors.Wrap to indicate the file relabel failed on Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

view details

push time in 3 days

issue commentcontainers/libpod

Better error message when relabelling fail

I just opened a PR on go-selinux to indicate the file that selinux failed to relabel, which would have made this a lot easie to diagnose. https://github.com/opencontainers/selinux/pull/60

DamienCassou

comment created time in 4 days

pull request commentopencontainers/selinux

Add errors.Wrap to indicate the file relabel failed on

@mrunalp @crosbymichael @vrothberg @giuseppe PTAL

rhatdan

comment created time in 4 days

more