This update for conmon, fuse-overlayfs, libcontainers-common, podman fixes the following issues:
podman was updated to v2.0.6 (bsc#1175821)
Update to v2.0.6:
Update to v2.0.4
- Fixed a bug where the output of podman image search did not
populate the Description field as it was mistakenly assigned to
the ID field.
- Fixed a bug where podman build - and podman build on an HTTP
target would fail.
- Fixed a bug where rootless Podman would improperly chown the
copied-up contents of anonymous volumes (#7130).
- Fixed a bug where Podman would sometimes HTML-escape special
characters in its CLI output.
- Fixed a bug where the podman start --attach --interactive
command would print the container ID of the container attached
to when exiting (#7068).
- Fixed a bug where podman run --ipc=host --pid=host would only
set --pid=host and not --ipc=host (#7100).
- Fixed a bug where the --publish argument to podman run, podman
create and podman pod create would not allow binding the same
container port to more than one host port (#7062).
- Fixed a bug where incorrect arguments to podman images --format
could cause Podman to segfault.
- Fixed a bug where podman rmi --force on an image ID with more
than one name and at least one container using the image would
not completely remove containers using the image (#7153).
- Fixed a bug where memory usage in bytes and memory use
percentage were swapped in the output of podman stats
--format=json.
- Fixed a bug where the libpod and compat events endpoints would
fail if no filters were specified (#7078).
Fixed a bug where the CgroupVersion field in responses from the
compat Info endpoint was prefixed by 'v' (instead of just being
'1' or '2', as is documented).
Suggest katacontainers instead of recommending it. It's not
enabled by default, so it's just bloat
Update to v2.0.3
- Fix handling of entrypoint
- log API: add context to allow for cancelling
- fix API: Create container with an invalid configuration
- Remove all instances of named return 'err' from Libpod
- Fix: Correct connection counters for hijacked connections
- Fix: Hijacking v2 endpoints to follow rfc 7230 semantics
- Remove hijacked connections from active connections list
- version/info: format: allow more json variants
- Correctly print STDOUT on non-terminal remote exec
- Fix container and pod create commands for remote create
- Mask out /sys/dev to prevent information leak from the host
- Ensure sig-proxy default is propagated in start
- Add SystemdMode to inspect for containers
- When determining systemd mode, use full command
- Fix lint
- Populate remaining unused fields in
pod inspect
- Include infra container information in
pod inspect
- play-kube: add suport for 'IfNotPresent' pull type
- docs: user namespace can't be shared in pods
- Fix 'Error: unrecognized protocol \'TCP\' in port mapping'
- Error on rootless mac and ip addresses
- Fix & add notes regarding problematic language in codebase
- abi: set default umask and rlimits
- Used reference package with errors for parsing tag
- fix: system df error when an image has no name
- Fix Generate API title/description
- Add noop function disable-content-trust
- fix play kube doesn't override dockerfile ENTRYPOINT
- Support default profile for apparmor
- Bump github.com/containers/common to v0.14.6
- events endpoint: backwards compat to old type
- events endpoint: fix panic and race condition
- Switch references from libpod.conf to containers.conf
- podman.service: set type to simple
- podman.service: set doc to podman-system-service
- podman.service: use default registries.conf
- podman.service: use default killmode
- podman.service: remove stop timeout
- systemd: symlink user->system
- vendor golang.org/x/text@v0.3.3
- Fix a bug where --pids-limit was parsed incorrectly
- search: allow wildcards
- [CI:DOCS]Do not copy policy.json into gating image
- Fix systemd pid 1 test
- Cirrus: Rotate keys post repo. rename
- The libpod.conf(5) man page got removed and all references are
now pointing towards containers.conf(5), which will be part
of the libcontainers-common package.
Update to podman v2.0.2
- fix race condition in
libpod.GetEvents(...)
- Fix bug where
podman mount
didn't error as rootless
- remove podman system connection
- Fix imports to ensure v2 is used with libpod
- Update release notes for v2.0.2
- specgen: fix order for setting rlimits
- Ensure umask is set appropriately for 'system service'
- generate systemd: improve pod-flags filter
- Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil
- Fixes --remote flag issues
- Pids-limit should only be set if the user set it
- Set console mode for windows
- Allow empty host port in --publish flag
- Add a note on the APIs supported by
system service
- fix: Don't override entrypoint if it's
nil
- Set TMPDIR to /var/tmp by default if not set
- test: add tests for --user and volumes
- container: move volume chown after spec generation
- libpod: volume copyup honors namespace mappings
- Fix
system service
panic from early hangup in events
- stop podman service in e2e tests
- Print errors from individual containers in pods
- auto-update: clarify systemd-unit requirements
- podman ps truncate the command
- move go module to v2
- Vendor containers/common v0.14.4
- Bump to imagebuilder v1.1.6 on v2 branch
- Account for non-default port number in image name
- Changes since v2.0.1
- Update release notes with further v2.0.1 changes
- Fix inspect to display multiple label: changes
- Set syslog for exit commands on log-level=debug
- Friendly amendment for pr 6751
- podman run/create: support all transports
- systemd generate: allow manual restart of container units in pods
- Revert sending --remote flag to containers
- Print port mappings in
ps
for ctrs sharing network
- vendor github.com/containers/common@v0.14.3
- Update release notes for v2.0.1
- utils: drop default mapping when running uid!=0
- Set stop signal to 15 when not explicitly set
- podman untag: error if tag doesn't exist
- Reformat inspect network settings
- APIv2: Return
StatusCreated
from volume creation
- APIv2:fix: Remove
/json
from compat network EPs
- Fix ssh-agent support
- libpod: specify mappings to the storage
- APIv2:doc: Fix swagger doc to refer to volumes
- Add podman network to bash command completions
- Fix typo in manpage for
podman auto update
.
- Add JSON output field for ps
- V2 podman system connection
- image load: no args required
- Re-add PODMAN_USERNS environment variable
- Fix conflicts between privileged and other flags
- Bump required go version to 1.13
- Add explicit command to alpine container in test case.
- Use POLL_DURATION for timer
- Stop following logs using timers
- 'pod' was being truncated to 'po' in the names of the generated systemd unit files.
- rootless_linux: improve error message
- Fix podman build handling of --http-proxy flag
- correct the absolute path of
rm
executable
- Makefile: allow customizable GO_BUILD
- Cirrus: Change DEST_BRANCH to v2.0
Update to podman v2.0.0
- The
podman generate systemd
command now supports the --new
flag when used with pods, allowing portable services for pods
to be created.
- The
podman play kube
command now supports running Kubernetes
Deployment YAML.
- The
podman exec
command now supports the --detach
flag to
run commands in the container in the background.
- The
-p
flag to podman run
and podman create
now supports
forwarding ports to IPv6 addresses.
- The
podman run
, podman create
and podman pod create
command now support a --replace
flag to remove and replace any
existing container (or, for pod create
, pod) with the same name
- The
--restart-policy
flag to podman run
and podman create
now supports the unless-stopped
restart policy.
- The
--log-driver
flag to podman run
and podman create
now supports the none
driver, which does not log the
container's output.
- The
--mount
flag to podman run
and podman create
now
accepts readonly
option as an alias to ro
.
- The
podman generate systemd
command now supports the --container-prefix
,
--pod-prefix
, and --separator
arguments to control the
name of generated unit files.
- The
podman network ls
command now supports the --filter
flag to filter results.
- The
podman auto-update
command now supports specifying an
authfile to use when pulling new images on a per-container
basis using the io.containers.autoupdate.authfile
label.
- Fixed a bug where the
podman exec
command would log to journald
when run in containers loggined to journald
(#6555).
- Fixed a bug where the
podman auto-update
command would not
preserve the OS and architecture of the original image when
pulling a replacement
(#6613).
- Fixed a bug where the
podman cp
command could create an extra
merged
directory when copying into an existing directory
(#6596).
- Fixed a bug where the
podman pod stats
command would crash
on pods run with --network=host
(#5652).
- Fixed a bug where containers logs written to journald did not
include the name of the container.
- Fixed a bug where the
podman network inspect
and
podman network rm
commands did not properly handle non-default
CNI configuration paths (#6212).
- Fixed a bug where Podman did not properly remove containers
when using the Kata containers OCI runtime.
- Fixed a bug where
podman inspect
would sometimes incorrectly
report the network mode of containers started with --net=none
.
- Podman is now better able to deal with cases where
conmon
is killed before the container it is monitoring.
Update to podman v1.9.3:
- Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets
were not properly mounted into containers
- Fixed a bug where builds run over Varlink would hang
- Fixed a bug where podman save would fail when the target
image was specified by digest
- Fixed a bug where rootless containers with ports forwarded to them
could panic and dump core due to a concurrency issue (#6018)
- Fixed a bug where rootless Podman could race when opening the
rootless user namespace, resulting in commands failing to run
- Fixed a bug where HTTP proxy environment variables forwarded into
the container by the --http-proxy flag could not be overridden by --env or --env-file
- Fixed a bug where rootless Podman was setting resource limits on cgroups
v2 systems that were not using systemd-managed cgroups
(and thus did not support resource limits), resulting in containers failing to start
Update podman to v1.9.1:
Bugfixes
- Fixed a bug where healthchecks could become nonfunctional if
container log paths were manually set with --log-path and
multiple container logs were placed in the same directory
- Fixed a bug where rootless Podman could, when using an older
libpod.conf, print numerous warning messages about an invalid
CGroup manager config
- Fixed a bug where rootless Podman would sometimes fail to
close the rootless user namespace when joining it
Update podman to v1.9.0:
Update podman to v1.8.2:
Features
- Initial support for automatically updating containers managed
via Systemd unit files has been merged. This allows
containers to automatically upgrade if a newer version of
their image becomes available
Bugfixes
- Fixed a bug where unit files generated by podman generate
systemd --new would not force containers to detach, causing
the unit to time out when trying to start
- Fixed a bug where podman system reset could delete important
system directories if run as rootless on installations
created by older Podman (#4831)
- Fixed a bug where image built by podman build would not
properly set the OS and Architecture they were built with
(#5503)
- Fixed a bug where attached podman run with --sig-proxy
enabled (the default), when built with Go 1.14, would
repeatedly send signal 23 to the process in the container and
could generate errors when the container stopped (#5483)
- Fixed a bug where rootless podman run commands could hang
when forwarding ports
- Fixed a bug where rootless Podman would not work when /proc
was mounted with the hidepid option set
- Fixed a bug where the podman system service command would use
large amounts of CPU when --timeout was set to 0 (#5531)
HTTP API
- Initial support for Libpod endpoints related to creating and
operating on image manifest lists has been added
- The Libpod Healthcheck and Events API endpoints are now
supported
- The Swagger endpoint can now handle cases where no Swagger
documentation has been generated
Update podman to v1.8.1:
conmon was update to v2.0.20 (bsc#1175821)
- journald: fix logging container name
- container logging: Implement none driver - 'off', 'null' or
'none' all work.
- ctrl: warn if we fail to unlink
- Drop fsync calls
- Reap PIDs before running exit command
- Fix log path parsing
- Add --sync option to prevent conmon from double forking
Add --no-sync-log option to instruct conmon to not sync the
logs of the containers upon shutting down. This feature fixes a
regression where we unconditionally dropped the log sync. It is
possible the container logs could be corrupted on a sudden
power-off. If you need container logs to remain in consistent
state after a sudden shutdown, please update from v2.0.19 to
v2.0.20
Update to v2.0.17:
- Add option to delay execution of exit command
Update to v2.0.16:
- tty: flush pending data when fd is ready
Enable support for journald logging (bsc#1162432)
Update to v2.0.15:
- store status while waiting for pid
Update to v2.0.14:
- drop usage of splice(2)
- avoid hanging on stdin
- stdio: sometimes quit main loop after io is done
- ignore sigpipe
Update to v2.0.12
- oom: fix potential race between verification steps
Update to v2.0.11
- log: reject --log-tag with k8s-file
- chmod std files pipes
- adjust score to -1000 to prevent conmon from ever being OOM
killed
- container OOM: verify cgroup hasn't been cleaned up before
reporting OOM
- journal logging: write to /dev/null instead of -1
fuse-overlayfs was updated to 1.1.2 (bsc#1175821):
- fix memory leak when creating whiteout files.
- fix lookup for overflow uid when it is different than the overflow gid.
- use openat2(2) when available.
- accept 'ro' as mount option.
- fix set mtime for a symlink.
- fix some issues reported by static analysis.
- fix potential infinite loop on a short read.
- fix creating a directory if the destination already exists
in the upper layer.
- report correctly the number of links for a directory also for
subsequent stat calls
- stop looking up the ino in the lower layers if the file could
not be opened
- make sure the destination is deleted before doing a rename(2).
It prevents a left over directory to cause delete to fail with
EEXIST.
- honor --debug.
libcontainers-common was updated to fix:
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Added containers/common tarball for containers.conf(5) man page
- Install containers.conf default configuration in
/usr/share/containers
- libpod repository on github got renamed to podman
- Update to image 5.5.1
- Add documentation for credHelpera
- Add defaults for using the rootless policy path
- Update libpod/podman to 2.0.3
- docs: user namespace can't be shared in pods
- Switch references from libpod.conf to containers.conf
- Allow empty host port in --publish flag
- update document login see config.json as valid
Update storage to 1.20.2
Remove remaining difference between SLE and openSUSE package and
ship the some mounts.conf default configuration on both platforms.
As the sources for the mount point do not exist on openSUSE by
default this config will basically have no effect on openSUSE.
(jsc#SLE-12122, bsc#1175821)
Update to image 5.4.4
- Remove registries.conf VERSION 2 references from man page
- Intial authfile man page
- Add $HOME/.config/containers/certs.d to perHostCertDirPath
- Add $HOME/.config/containers/registries.conf to config path
- registries.conf.d: add stances for the registries.conf
- update to libpod 1.9.3
- userns: support --userns=auto
- Switch to using --time as opposed to --timeout to better match Docker
- Add support for specifying CNI networks in podman play kube
- man pages: fix inconsistencies
- Update to storage 1.19.1
- userns: add support for auto
- store: change the default user to containers
- config: honor XDGCONFIGHOME
Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again.
It never ended up in SLES and a different way to fix the underlying
problem is being worked on.
Add registry.opensuse.org as default registry [bsc#1171578]
Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts.
This for making container-suseconnect working in the public
cloud on-demand images. It needs that file for being able to
verify the server certificates of the RMT servers hosted
in the public cloud.
(https://github.com/SUSE/container-suseconnect/issues/41)