[v4.4.1-rhel] Bump runc to 1.2.9, Buildah to v1.29.6 #27764
+388,656
−88,506
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
157deb1 to
6ae98a6
Compare
Honny1
reviewed
Dec 15, 2025
Member
Author
|
@timcoding1988 I'm assuming I need to bump AWS credentials here too? If not, please holler. |
2a36702 to
7140248
Compare
Collaborator
@TomSweeneyRedHat correct |
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
These functions were removed in github.com/opencontainers/selinux v1.12.0. Signed-off-by: Paul Holzinger <pholzing@redhat.com> Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
... Podman cli flags couldn't override the active-destination when env variables were set. As a remedy, the precedence of cli flags has been changed. Note: This commit is from containers#19997 and it brought in some pretty massive changes to how the remote connections are created. Signed-off-by: Chetan Giradkar <cgiradka@redhat.com> Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
The vendoring of Buildah dragged in a bump of common from v0.51.4 to v0.57.7 which contained many changes to variable and function names. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Signed-off-by: Tim Zhou <tizhou@redhat.com> Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Signed-off-by: Tim Zhou <tizhou@redhat.com> Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
We require GO 1.22, and it looks like Fedora 37 tops out at 1.19. Bump the Fedora to F41. Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
7140248 to
b80a469
Compare
The common v0.57.7 vendor bump added !remote build tags to libimage,
causing podman-remote builds to fail. This change splits files that
use libimage into separate _local and _remote variants:
- pkg/specgen/specgen_{local,remote}.go: Image field storage and methods
- pkg/api/handlers/types_local.go: ImageDataToImageInspect function
- cmd/podman/utils/error_local.go: ExitCodeFromBuildError function
This allows type definitions to be shared between remote and local
builds while keeping libimage-dependent implementations local-only.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
4be25e2 to
4231526
Compare
This commit fixes two issues in runtime initialization that occur when
vendor code doesn't properly set StaticDir and VolumePath defaults:
1. Add defensive initialization for StaticDir and VolumePath
- Check if StaticDir is empty and set it to GraphRoot/libpod
- Check if VolumePath is empty and set it to GraphRoot/volumes
- This works around missing initialization in older vendor code
without requiring changes to the vendor directory
2. Fix database initialization to allow creating new bolt_state.db
- Previously, getDBState() would fail if bolt_state.db didn't exist
- Now, only return error if it's not os.ErrNotExist
- This allows NewBoltState() to create the database on first run
These changes resolve the "creating runtime static files directory:
mkdir : no such file or directory" error that occurred when running
podman commands.
Tested with:
- podman ps, info, version commands work correctly
- Volume operations create volumes at correct path
- Database is properly initialized on first run
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
The events file backend writes events as they're generated, which may not match chronological order due to race conditions during concurrent operations in rmi -f. The remove and untag events from rmi can appear in any order in the events file. This fix: - Simplifies initial validation to check for event presence (not order) - Checks deterministic events (0-6) in exact order - Validates rmi events (7-9) are present without requiring specific order - Checks final event (10) is the second loadfromarchive Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This commit fixes three related issues that prevented userns=auto from working correctly in rootless containers: 1. Fix setgroups() error with userns=auto When using userns=auto, supplementary GIDs from the container image were being passed to setgroups() before user namespace mappings were allocated by storage, causing EINVAL errors. Added a check in container_internal_common.go to skip supplementary groups when AutoUserNs is enabled but GIDMap isn't populated yet. 2. Fix ID mapping allocation bug in storage.go CreateContainerStorage was returning empty UID/GID mappings from the input options parameter instead of the allocated mappings from the storage container object, causing containers to fail with "readlink: No such file or directory" errors. Changed the return statement to use container.UIDMap and container.GIDMap. 3. Add workaround for containers/storage v1.51.0 bug The vendored storage library has a bug in parseMountedFiles where groupFile path is incorrectly used as a directory path. Set an explicit Size=65536 in AutoUserNsOpts to bypass the buggy code path. With these fixes, all userns=auto tests in 170-run-userns.bats now pass in rootless mode. Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First pass, I may kill this later. Just pushing in case I can spot a compile error that I'm having.
Checklist
Ensure you have completed the following checklist for your pull request to be reviewed:
commits. (
git commit -s). (If needed, usegit commit -s --amend). The author email must matchthe sign-off email address. See CONTRIBUTING.md
for more information.
Fixes: #00000in commit message (if applicable)make validatepr(format/lint checks)Noneif no user-facing changes)Does this PR introduce a user-facing change?