File libcontainers-common.changes of Package libcontainers-common
4650
1
-------------------------------------------------------------------
2
Tue Feb 6 13:35:30 UTC 2024 - Dan Čermák <dcermak@suse.com>
3
4
- New release 20240206
5
- bump bundled c/common to 0.57.4
6
- bump bundled c/image to 0.29.2
7
- conditionally require libcontainers-sles-mounds for product(SLE-Micro) as well
8
(SLE Micro 6.0 now no longer provides product(SUSE_SLE) and instead only
9
provides product(SLE-Micro)), fixes bsc#1216443
10
11
-------------------------------------------------------------------
12
Mon Dec 4 07:12:17 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
13
14
- New release 20231204
15
- bump c/common to 0.57.0
16
* Bump to v0.56.0 by
17
* Fix typo in comment
18
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
19
* Fix specification of unix:///run
20
* libimage/layer_tree: if parent is empty and a manifest list then ignore check.
21
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
22
* Split up util package into pkg/password, pkg/copy, pkg/version
23
* Remove ActiveDestination method to move into podman
24
* Default machine CPUs to Cores/2
25
* pkg/config: do NOT set StaticDir and VolumeDir
26
* Implement negated label match function
27
* chore: import packages only once
28
* CoC: fix email link
29
- bump c/storage to 1.51.0
30
* Bump to v1.50.2
31
* overlay, composefs: mount loop device RO
32
* Run codespell on code
33
* fix(deps): update module github.com/klauspost/compress to v1.17.0
34
* store: serialize container deletion
35
* pkg/system: reduce retry timeout for EnsureRemoveAll
36
* overlay, composefs: use data-only lower layers
37
* store: call RecordWrite() before graphDriver Cleanup()
38
* fix(deps): update module golang.org/x/sys to v0.13.0
39
- bump c/image to 5.29.0
40
* Bump to v5.28.0
41
* fix(deps): update module github.com/containers/storage to v1.50.2
42
* Run codespell on code
43
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
44
* Use constants and types from opencontainers/image-spec/specs-go/v1
45
* progress: set Current before Refill
46
* copy: fix nil pointer dereference when checking compression algorithm
47
* fix(deps): update module github.com/klauspost/compress to v1.17.0
48
* fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0
49
* ociarchive: Add new ArchiveFileNotFoundError
50
51
-------------------------------------------------------------------
52
Wed Sep 13 12:48:43 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
53
54
- Require libcontainers-sles-mounts for *all* SLE products,
55
and not just SLES. (bsc#1215291)
56
57
-------------------------------------------------------------------
58
Wed Sep 13 06:13:53 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
59
60
- New release 20230913
61
- bump c/image to 5.28.0
62
* Bump to v5.26.0
63
* fix(deps): update module github.com/sigstore/rekor to v1.2.2
64
* fix(deps): update module github.com/sigstore/fulcio to v1.3.2
65
* Adding IO decorator to copy progress bar
66
* Ensure we close HTTP connections on all paths
67
* fix(deps): update module github.com/containers/storage to v1.48.0
68
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4
69
* fix(deps): update github.com/cyberphone/json-canonicalization digest to 91eb5f1
70
* fix(deps): update golang.org/x/exp digest to 97b1e66
71
* fix(deps): update module github.com/klauspost/compress to v1.16.7
72
* fix(deps): update module github.com/docker/docker to v24.0.3+incompatible
73
* fix(deps): update module golang.org/x/oauth2 to v0.10.0
74
* manifest: ListUpdate add imgspecv1.Platform field
75
* fix(deps): update module github.com/docker/docker to v24.0.4+incompatible
76
* pkg/docker: use the same default auth path as macOS on FreeBSD
77
* fix(deps): update module github.com/sigstore/fulcio to v1.3.4
78
* blob: TryReusingBlobWithOptions consider RequiredCompression if set
79
* Fix tests of the ostree transport
80
* helpers_test,cleanup: correct argument order
81
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1
82
* Make temporary names container/image specific
83
* listupdate,oci: instance show read-only annotations and CompressionAlgorithmNames
84
* fix(deps): update module github.com/docker/docker-credential-helpers to v0.8.0
85
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2
86
* Fix TestOCI1IndexChooseInstanc
87
* Refactor data passing in c/image/copy
88
* Update module github.com/sigstore/fulcio to v1.4.0
89
* copy/multiple: instanceCopyCopy honor UpdateCompressionAlgorithms
90
* Update vendor of containers/storage
91
* copy/single: accept custom *Options and wrap arguments in copySingleImageOptions
92
* Improve transport documentation
93
* fix(deps): update module github.com/vbatts/tar-split to v0.11.5
94
* fix(deps): update module github.com/docker/docker to v24.0.5+incompatible
95
* copy: implement instanceCopyClone for zstd compression
96
* copy/multiple: priority of instanceCopyCopy must be higher than instanceCopyClone
97
* Clarify where mirrors are used
98
* fix(deps): update github.com/cyberphone/json-canonicalization digest to aa7fe85
99
* fix(deps): update github.com/containers/storage digest to c3da76f
100
* Update x/exp/slices, and some small slice-related cleanups
101
* Use consistent example domains in #2069
102
* copy: add support for ForceCompressionFormat
103
* fix(deps): update module golang.org/x/term to v0.11.0
104
* fix(deps): update module golang.org/x/crypto to v0.12.0
105
* fix(deps): update module golang.org/x/oauth2 to v0.11.0
106
* [release-5.27] Preparing 5.27 backport
107
* Update to Go 1.19
108
* storage.storageImageDestination.Commit(): leverage image options
109
* Rename SKOPEO_CI_TAG to SKOPEO_CI_BRANCH
110
* [CI:DOCS] Add cirrus-cron retry/monitor jobs
111
* chore(deps): update dependency containers/automation_images to v20230807
112
* [release-5.27] Fix the branch we use for determining a git-validation starting point
113
* fix(deps): update golang.org/x/exp digest to 352e893
114
* fix(deps): update module github.com/sigstore/sigstore to v1.7.2
115
* OCI image-spec / distribution-spec v1.1 updates, first round
116
* fix(deps): update module github.com/sylabs/sif/v2 to v2.12.0
117
* chore(deps): update dependency containers/automation_images to v20230809
118
* Merge release branch into main
119
* BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted
120
* Update module github.com/containers/ocicrypt to v1.1.8
121
* chore(deps): update dependency containers/automation_images to v20230816
122
* fix(deps): update module github.com/containers/storage to v1.49.0
123
* fix(deps): update module github.com/sylabs/sif/v2 to v2.13.0
124
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.0
125
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.1
126
* fix(deps): update golang.org/x/exp digest to d852ddb
127
* fix(deps): update module golang.org/x/term to v0.12.0
128
* fix(deps): update module github.com/sigstore/sigstore to v1.7.3
129
* fix removal of temp file in GetBlob on Windows
130
* fix(deps): update module golang.org/x/crypto to v0.13.0
131
* Fix build with golangci-lint 1.54.2
132
* fix(deps): update module golang.org/x/oauth2 to v0.12.0
133
* Implement, and default to, a SQLite BlobInfoCache instead of BoltDB
134
* fix(deps): update module github.com/docker/docker to v24.0.6+incompatible
135
* Update dependencies of docker/docker
136
* Correctly handle encryption/decryption changes in non-OCI formats
137
* chore(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 [security]
138
* fix(deps): update module github.com/containers/storage to v1.50.1
139
- bump c/storage to 1.50.2
140
* Bump to v1.50.1
141
* Add an OWNERS file for the merge bot to refer to
142
- bump c/common to 0.55.4
143
* Bump c/image to v0.55.3
144
145
146
-------------------------------------------------------------------
147
Mon Aug 14 07:27:59 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
148
149
- New release 20230814
150
- bump c/storage to 1.48.0
151
* Bump to v1.47.0
152
* Fix error if continueWrite/continueRead pipe open fails
153
* pkg/regexp: make sure that &Regexp implements the interfaces
154
* Remove use of fillGo18FileTypeBits
155
- bump c/image to 5.27.0
156
* fix(deps): update module github.com/docker/docker to v23.0.3+incompatible
157
* fix(deps): update module golang.org/x/term to v0.7.0
158
* fix(deps): update module github.com/klauspost/compress to v1.16.4
159
* fix(deps): update module github.com/sigstore/sigstore to v1.6.1
160
* chore(deps): update dependency containers/automation_images to v20230405
161
* fix(deps): update module golang.org/x/crypto to v0.8.0
162
* fix(deps): update module golang.org/x/oauth2 to v0.7.0
163
* fix(deps): update module github.com/containers/storage to v1.46.1
164
* fix(deps): update module github.com/sigstore/sigstore to v1.6.2
165
* Don't completely silently ignore non-OCI manifests in OCI layouts
166
* fix(deps): update module github.com/klauspost/compress to v1.16.5
167
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0
168
* fix(deps): update module github.com/docker/docker to v23.0.4+incompatible
169
- bump c/common to 0.55.3
170
* Change default image volume mode to "nullfs" on FreeBSD
171
* [v0.55][CI-DOCS] remove zstd:chunked from docs
172
* libimage: harden lookup by digest
173
* libimage: HasDifferentDigest: add InsecureSkipTLSVerify option
174
175
-------------------------------------------------------------------
176
Mon Jul 31 06:17:22 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
177
178
- Disable CNI related configs on ALP (bsc#1213556)
179
(https://github.com/containers/podman/issues/19327)
180
181
-------------------------------------------------------------------
182
Tue Jun 27 14:18:18 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
183
184
- Remove unused grep requirement
185
186
-------------------------------------------------------------------
187
Mon Jun 26 12:51:12 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
188
189
- Resolve choice on openSUSE distributions for libcontainer-policy
190
by suggesting the libcontainers-openSUSE-policy explicitly.
191
192
-------------------------------------------------------------------
193
Mon Jun 5 12:04:33 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
194
195
- Enforce BCI verification via Podman on openSUSE distributions
196
using the already shipped container signing keys.
197
(bsc#1197030)
198
199
-------------------------------------------------------------------
200
Tue May 16 12:51:34 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
201
202
- Introduce new subpackage that adds SLE-specific mounts only
203
on SLE systems (if sles-release) hence avoiding superfluous
204
warnings on non-SLE systems while running podman commands.
205
(bsc#1211124)
206
207
-------------------------------------------------------------------
208
Wed Apr 26 12:43:41 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
209
210
- Own /etc/containers/systemd and /usr/share/containers/systemd,
211
useful for podman quadlet.
212
213
-------------------------------------------------------------------
214
Wed Mar 15 09:17:51 UTC 2023 - Dan Čermák <dcermak@suse.com>
215
216
- Remove container-storage-driver.sh, we want to default to the overlay driver
217
instead of btrfs.
218
The btrfs driver is not really supported upstream (see
219
e.g. https://github.com/containers/podman/issues/16882), there is no real
220
development anymore and it appears to have subtle bugs (e.g. the one linked
221
previously).
222
To prevent further such issues, we will from now on default to the overlay
223
driver.
224
225
-------------------------------------------------------------------
226
Wed Mar 15 08:55:24 UTC 2023 - Dan Čermák <dcermak@suse.com>
227
228
- Remove obsolete Requires(post): util-linux-systemd
229
230
-------------------------------------------------------------------
231
Mon Feb 27 10:30:12 UTC 2023 - Dan Čermák <dcermak@suse.com>
232
233
- Add registry.suse.com to the unqualified-search-registries
234
235
-------------------------------------------------------------------
236
Tue Feb 14 13:28:21 UTC 2023 - Dan Čermák <dcermak@suse.com>
237
238
- New upstream release 20230214
239
- bump c/storage to 1.45.3
240
- bump c/image to 5.24.1
241
- bump c/common to 0.51.0
242
- containers.conf:
243
* add commented out options containers.read_only,
244
engine.platform_to_oci_runtime, engine.events_container_create_inspect_data,
245
network.volume_plugin_timeout, engine.runtimes.youki, machine.provider
246
* remove deprecated setting containers.userns_size
247
* add youki to engine.runtime_supports_json
248
- shortnames.conf: pull in latest upstream version
249
- storage.conf: add commented out option storage.transient_store
250
- correct license to APACHE-2.0 only (there's no GPLv3 code to be found)
251
- add source URLs to spec
252
- drop pointless copyright year
253
254
-------------------------------------------------------------------
255
Wed Jan 25 10:01:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
256
257
- Reverts https://build.opensuse.org/request/show/1060361
258
Changes introduced to c/storage's storage.conf which adds
259
a driver_priority attribute would break consumers of libcontainer-common
260
as long as those packages are vendoring an older c/storage version.
261
Instead of patching every consumer, we're reverting this change, until
262
those packages have been updated downstream. [boo#1207509]
263
264
-------------------------------------------------------------------
265
Fri Jan 13 06:01:46 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
266
267
- storage.conf: Unset 'driver' and set 'driver_priority' to
268
allow podman to use 'btrfs' if available and fallback to
269
'overlay' if not.
270
- .spec: rm %post script to set 'btrfs' as storage driver
271
in storage.conf
272
273
-------------------------------------------------------------------
274
Mon Dec 5 12:23:07 UTC 2022 - Dan Čermák <dcermak@suse.com>
275
276
- Remove registry.suse.com from search unqualified-search-registries:
277
registry.suse.com responds very slowly to pagination repository listings
278
(https://docs.docker.com/registry/spec/api/#pagination) and thereby causes
279
every `podman search` to take over 90s. We have to remove it until this
280
regression is fixed.
281
282
-------------------------------------------------------------------
283
Mon Nov 28 09:08:11 UTC 2022 - Dirk Müller <dmueller@suse.com>
284
285
- add requires on util-linux-systemd for findmnt in profile script
286
- only set storage_driver env when no libpod exists
287
- avoid quoting issue
288
289
-------------------------------------------------------------------
290
Tue Nov 22 12:48:38 UTC 2022 - Dan Čermák <dcermak@suse.com>
291
292
- Update bundled common to 0.50.1
293
- Update bundled image to 5.23.1
294
- Update bundled storage to 1.44.0
295
- Drop bundled podman
296
- Bump version to 20221122
297
- Install container-storage-driver.sh in /etc/ on Leap & SLE
298
299
-------------------------------------------------------------------
300
Thu Nov 17 10:51:26 UTC 2022 - Dirk Müller <dmueller@suse.com>
301
302
- add container-storage-driver.sh (bsc#1197093)
303
304
-------------------------------------------------------------------
305
Thu Nov 10 11:58:09 UTC 2022 - Dirk Müller <dmueller@suse.com>
306
307
- postinstall script: slight cleanup, no functional change
308
309
-------------------------------------------------------------------
310
Tue Oct 25 10:40:49 UTC 2022 - Dirk Müller <dmueller@suse.com>
311
312
- set detached sigstore attachments for the SUSE controlled registries
313
314
-------------------------------------------------------------------
315
Tue Aug 9 08:49:18 UTC 2022 - Fabian Vogt <fvogt@suse.com>
316
317
- Fix obvious typo in containers.conf
318
319
-------------------------------------------------------------------
320
Wed Aug 3 13:19:58 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
321
322
- Resync containers.conf / storage.conf with Fedora
323
- Create /etc/containers/registries.conf.d and
324
add 000-shortnames.conf to it.
325
326
-------------------------------------------------------------------
327
Wed Jun 15 10:20:16 UTC 2022 - Fabian Vogt <fvogt@suse.com>
328
329
- Use $() again in %post, but with a space for POSIX compliance
330
331
-------------------------------------------------------------------
332
Tue Jun 14 13:53:43 UTC 2022 - Dan Čermák <dcermak@suse.com>
333
334
- Add missing Requires(post): sed, fixes boo#1200524
335
- Make %post compatible with dash
336
337
-------------------------------------------------------------------
338
Wed Jun 8 12:39:46 UTC 2022 - Richard Brown <rbrown@suse.com>
339
340
- Add missing comma to previous change
341
342
-------------------------------------------------------------------
343
Mon Jun 6 12:56:19 UTC 2022 - Lubos Kocman <lubos.kocman@suse.com>
344
345
- Add registry.suse.com as agreed on oSC22
346
Let's advertise usage of BCI images in general
347
348
-------------------------------------------------------------------
349
Thu Feb 3 19:43:19 UTC 2022 - Bruno Leon <bruno.leon@suse.com>
350
351
- Update storage to 1.38.2
352
- Update image to 5.19.1
353
- Update Podman to 3.4.4
354
- Update common to 0.47.3
355
356
-------------------------------------------------------------------
357
Tue Jan 11 12:56:24 UTC 2022 - Dan Čermák <dcermak@suse.com>
358
359
- Switch registries.conf to v2 format
360
361
-------------------------------------------------------------------
362
Fri Sep 17 10:20:19 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
363
364
- Update common to 0.44.0
365
366
0.42.3:
367
368
* (*libimage.Image).HasDifferentDigest: add authentication
369
370
0.42.2:
371
372
Backports for Podman 3.3.2
373
Fix the fallback runtime path
374
Switch default Rootless Networking to "CNI" for OSX
375
libimage: disk usage: catch corrupted images
376
set GOPROXY=https://proxy.golang.org
377
378
379
0.44.0:
380
381
Add HelperBinariesDir field to engine config
382
Add space trimming check in sysctl.Validate
383
Cirrus: Use fresher VM images
384
Fix `pkg/sysctl` path typo
385
Fix the fallback runtime path
386
Switch default Rootless Networking to "CNI" for OSX
387
Update pkg/sysctl/sysctl.go
388
add some cni plugin paths
389
build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0
390
build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0
391
build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0
392
build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
393
build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
394
docs/containers.conf.5.md: Fix manpage section
395
fix untag + v0.43.2
396
libimage: disk usage: catch corrupted images
397
libimage: relax untag by digest checks
398
path: dest paths inside container should always be treated as *nix type
399
remove-image: Add optional `LookupManifest` to RemoveImagesOptions.
400
runtime: Add ReturnManifestIfPresent to LookupImageOptions
401
runtime: Add `ManifestList` to `LookupImageOptions`
402
seccomp: allow memfd_secret
403
404
0.43.2:
405
406
* libimage: relax untag by digest checks
407
* path: dest paths inside container should always be treated as *nix type
408
409
0.43.1:
410
411
Fix spelling mistakes
412
Fix examples in containers.conf
413
414
415
0.43.0:
416
417
Add documentation for Containerfile and Dockerfile
418
Remove no_libsubid flag
419
Add machine_image to containers.conf
420
build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0
421
build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4
422
Add machine_image to containers.conf
423
Switch default logdriver and eventslogger to journald, if root
424
build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
425
build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0
426
libimage: {un}tag: reject digests
427
build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
428
style: complete containers#556 to-do list part 4
429
build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0
430
set GOPROXY=https://proxy.golang.org
431
432
433
0.42.1:
434
435
* pull: fallthrough for registry parsing errors
436
437
0.42.0:
438
439
* Remove --accept-repositories flag
440
* pull policy: support camel cases
441
* Use authfile in options to search image
442
* vendor in containers/storage v1.33.0
443
* config: split arguments in DBUS_SESSION_BUS_ADDRESS
444
* pkg/seccomp: avoid DefaultErrnoRet: null
445
* Add and use libimage.Runtime.imageIDsForManifest()
446
* Add libimage/manifests.LockerForImage()
447
* Add support for path based registry in login/logout
448
* libimage: pull: normalize docker-daemon
449
* libimage: report all removed images
450
* libruntime: layer tree: handle empty images
451
* refine dangling filters
452
* libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location
453
* build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
454
* pull with custom platform: handle "localhost/"
455
* User option to prepare container after creation for volume copy-up. Docker does this by default.
456
* add config option for ChownCopiedFiles
457
* build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6
458
* libimage: image tree: fix nil deref
459
460
461
- Update podman to 3.3.1
462
463
3.3.1:
464
465
### Bugfixes
466
- Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)).
467
- Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances.
468
- Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace ([#11303](https://github.com/containers/podman/issues/11303)).
469
- Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions.
470
- Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated ([#11158](https://github.com/containers/podman/issues/11158)).
471
- Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path ([#11358](https://github.com/containers/podman/issues/11358)).
472
473
### API
474
- A large number of potential file descriptor leaks from improperly closing client connections have been fixed.
475
476
477
3.3.0:
478
479
### Features
480
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
481
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
482
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
483
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
484
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
485
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
486
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
487
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
488
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
489
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
490
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
491
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
492
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
493
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
494
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
495
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
496
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
497
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
498
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
499
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
500
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
501
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
502
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
503
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
504
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
505
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
506
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
507
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
508
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
509
510
### Changes
511
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
512
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
513
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
514
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
515
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
516
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
517
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
518
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
519
- Systemd unit files generated by `podman generate systemd` now use `Type=notify` by default, instead of using PID files.
520
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
521
522
### Bugfixes
523
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
524
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
525
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
526
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
527
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
528
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
529
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
530
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
531
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
532
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
533
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
534
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
535
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
536
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
537
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
538
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
539
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
540
- Fixed a bug where the remote Podman client's `podman build` command would fail to build when run on Windows ([#11259](https://github.com/containers/podman/issues/11259)).
541
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
542
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
543
- Fixed a bug where named volumes created using a volume plugin would be removed from Podman, even if the plugin reported a failure to remove the volume ([#11214](https://github.com/containers/podman/issues/11214)).
544
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
545
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
546
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
547
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
548
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
549
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
550
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
551
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
552
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
553
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
554
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
555
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
556
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
557
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
558
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
559
- Fixed a bug where rootless Podman containers joined to a CNI network would not have functional DNS when the host used systemd-resolved without the resolved stub resolver being enabled ([#11222](https://github.com/containers/podman/issues/11222)).
560
- Fixed a bug where `podman network connect` and `podman network disconnect` of rootless containers could sometimes break port forwarding to the container ([#11248](https://github.com/containers/podman/issues/11248)).
561
- Fixed a bug where joining a container to a CNI network by ID and adding network aliases to this network would cause the container to fail to start ([#11285](https://github.com/containers/podman/issues/11285)).
562
563
### API
564
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
565
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
566
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
567
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
568
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
569
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
570
- Fixed a bug where the Compat Build endpoint for Images was too strict when validating the `Content-Type` header, rejecting content that Docker would have accepted ([#11022](https://github.com/containers/podman/issues/11012)).
571
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
572
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
573
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
574
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
575
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
576
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
577
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
578
579
### Misc
580
- Updated Buildah to v1.22.3
581
- Updated the containers/storage library to v1.34.1
582
- Updated the containers/image library to v5.15.2
583
- Updated the containers/common library to v0.42.1
584
585
586
3.3.0-RC3:
587
588
This is the third release candidate of Podman v3.3.0
589
590
Preliminary release notes follow:
591
### Features
592
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
593
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
594
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
595
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
596
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
597
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
598
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
599
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
600
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
601
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
602
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
603
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
604
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
605
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
606
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
607
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
608
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
609
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
610
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
611
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
612
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
613
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
614
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
615
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
616
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
617
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
618
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
619
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
620
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
621
622
### Changes
623
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
624
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
625
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
626
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
627
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
628
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
629
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
630
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
631
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
632
633
### Bugfixes
634
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
635
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
636
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
637
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
638
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
639
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
640
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
641
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
642
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
643
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
644
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
645
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
646
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
647
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
648
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
649
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
650
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
651
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
652
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
653
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
654
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
655
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
656
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
657
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
658
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
659
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
660
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
661
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
662
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
663
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
664
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
665
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
666
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
667
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
668
669
### API
670
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
671
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
672
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
673
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
674
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
675
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
676
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
677
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
678
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
679
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
680
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
681
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
682
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
683
684
### Misc
685
- Updated Buildah to v1.22.0
686
- Updated the containers/storage library to v1.34.1
687
- Updated the containers/image library to v5.15.1
688
- Updated the containers/common library to v0.42.1
689
690
691
3.3.0-RC2:
692
693
### Features
694
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
695
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
696
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
697
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
698
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
699
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
700
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
701
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
702
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
703
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
704
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
705
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
706
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
707
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
708
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
709
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
710
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
711
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
712
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
713
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
714
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
715
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
716
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
717
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
718
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
719
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
720
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
721
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
722
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
723
724
### Changes
725
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
726
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
727
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
728
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
729
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
730
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
731
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
732
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
733
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
734
735
### Bugfixes
736
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
737
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
738
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
739
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
740
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
741
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
742
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
743
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
744
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
745
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
746
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
747
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
748
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
749
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
750
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
751
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
752
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
753
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
754
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
755
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
756
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
757
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
758
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
759
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
760
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
761
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
762
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
763
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
764
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
765
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
766
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
767
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
768
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
769
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
770
771
### API
772
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
773
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
774
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
775
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
776
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
777
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
778
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
779
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
780
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
781
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
782
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
783
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
784
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
785
786
### Misc
787
- Updated Buildah to v1.22.0
788
- Updated the containers/storage library to v1.33.1
789
- Updated the containers/image library to v5.15.0
790
- Updated the containers/common library to v0.42.1
791
792
793
- Update storage to 1.36.0
794
795
1.36.0:
796
797
(*Store)Layer(): fix race when loading layers
798
Add Inodes to OverlayOptionsConfig
799
build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.8.22
800
build(deps): bump github.com/containerd/stargz-snapshotter/estargz
801
build(deps): bump github.com/klauspost/compress from 1.13.4 to 1.13.5
802
build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
803
chunked: cache all the files with the same digest
804
chunked: do not store the digest if it is empty
805
chunked: estargz support
806
chunked: fix linkat for rootless
807
chunked: restrict dedup with hard links
808
809
810
1.35.0:
811
812
chunked: add new pull options use_hard_links and enable_partial_images
813
build(deps): bump github.com/vbatts/tar-split from 0.11.1 to 0.11.2
814
build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
815
Update golang.org/x/sys
816
Add LayerOptions.OriginalDigest and LayerOptions.UncompressedDigest
817
Separate the IDMappingOptions logic from other LayerOptions work
818
Reorganize uncompressedCounter
819
Only compute {un,}compressedDigester.Digest() once
820
Reorganize the "defragmented" reader construction a bit.
821
Rename {un,}compressedDigest to {un,}compressedDigester
822
Have NewReadCloserWrapper pass through io.WriterTo
823
chunked: remove unused args
824
chunked: fix fd leak on error
825
chunked: remove unused argument missingDirsMode
826
chunked: add new pull option use_hard_links
827
chunked: allow to disable partial images feature
828
829
830
1.34.1:
831
832
types: on error fallback to filepath.Clean()
833
build(deps): bump github.com/klauspost/compress from 1.13.3 to 1.13.4
834
Add codespell fixes
835
ApplyDiff: compress saved headers without concurrency
836
build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
837
838
839
1.34.0:
840
841
overlay: check for aufs-style whiteout at startup
842
Invert libsubid tag
843
844
845
1.33.2:
846
847
build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
848
Follow symlinks if they exists
849
idtools: add support for libsubid
850
Makefile: use buildtags for golangci-lint
851
Cirrus: Use fresh VM & Container images
852
build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
853
build(deps): bump github.com/klauspost/compress from 1.13.1 to 1.13.3
854
855
856
1.33.1:
857
858
Fix handling of quota on volumes
859
860
861
1.33.0:
862
863
Add inode support to quota
864
Creating fifo files while non root should be supported
865
Revert #952, we don't want to use /run/user on non systemd systems
866
Split pkg/chunked.ZstdCompressor into a separate subpackage
867
Update docs/containers-storage.conf.5.md
868
build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
869
overlay: check if we can mknod() kernel whiteout
870
871
872
- Update image to 5.16.0
873
874
v0.44.0:
875
* Add HelperBinariesDir field to engine config
876
* Add space trimming check in sysctl.Validate
877
* Cirrus: Use fresher VM images
878
* Fix `pkg/sysctl` path typo
879
* Fix the fallback runtime path
880
* Switch default Rootless Networking to "CNI" for OSX
881
* Update pkg/sysctl/sysctl.go
882
* add some cni plugin paths
883
* build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0
884
* build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0
885
* build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0
886
* build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
887
* build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
888
* docs/containers.conf.5.md: Fix manpage section
889
* fix untag + v0.43.2
890
* libimage: disk usage: catch corrupted images
891
* libimage: relax untag by digest checks
892
* path: dest paths inside container should always be treated as *nix type
893
* remove-image: Add optional `LookupManifest` to RemoveImagesOptions.
894
* runtime: Add ReturnManifestIfPresent to LookupImageOptions
895
* runtime: Add `ManifestList` to `LookupImageOptions`
896
* seccomp: allow memfd_secret
897
898
v0.43.2:
899
* libimage: relax untag by digest checks
900
* path: dest paths inside container should always be treated as *nix type
901
902
v0.43.1:
903
* Fix spelling mistakes
904
* Fix examples in containers.conf
905
906
v0.43.0:
907
* Add documentation for Containerfile and Dockerfile
908
* Remove no_libsubid flag
909
* Add machine_image to containers.conf
910
* build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0
911
* build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4
912
* Add machine_image to containers.conf
913
* Switch default logdriver and eventslogger to journald, if root
914
* build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
915
* build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0
916
* libimage: {un}tag: reject digests
917
* build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
918
* style: complete containers#556 to-do list part 4
919
* build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0
920
* set GOPROXY=https://proxy.golang.org
921
922
v0.42.1:
923
* pull: fallthrough for registry parsing errors
924
925
v0.42.0:
926
* Remove --accept-repositories flag
927
* pull policy: support camel cases
928
* Use authfile in options to search image
929
* vendor in containers/storage v1.33.0
930
* config: split arguments in DBUS_SESSION_BUS_ADDRESS
931
* pkg/seccomp: avoid DefaultErrnoRet: null
932
* Add and use libimage.Runtime.imageIDsForManifest()
933
* Add libimage/manifests.LockerForImage()
934
* Add support for path based registry in login/logout
935
* libimage: pull: normalize docker-daemon
936
* libimage: report all removed images
937
* libruntime: layer tree: handle empty images
938
* refine dangling filters
939
* libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location
940
* build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
941
* pull with custom platform: handle "localhost/"
942
* User option to prepare container after creation for volume copy-up. Docker does this by default.
943
* add config option for ChownCopiedFiles
944
* build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6
945
* libimage: image tree: fix nil deref
946
947
948
-------------------------------------------------------------------
949
Fri Sep 17 09:23:33 UTC 2021 - Richard Brown <rbrown@suse.com>
950
951
- Comment out ostree_repo if it's blank [boo#1189893]
952
953
-------------------------------------------------------------------
954
Mon Sep 6 16:08:36 UTC 2021 - Richard Brown <rbrown@suse.com>
955
956
- Comment out ostree_repo [boo#1189893]
957
958
-------------------------------------------------------------------
959
Fri Jul 23 08:31:52 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
960
961
- Update common to 0.41.0
962
963
0.38.18:
964
965
[0.38] seccomp: add support for defaultErrnoRet
966
967
968
0.41.0:
969
970
Allow /etc/containers/containers.conf to be read by non-root
971
Created numMem_linux.go and numMem.go and nummem_unsupported.go
972
Fix default definition of secrets in containers.conf
973
Report bad entries in containers.conf to the user
974
add shelldriver.
975
build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
976
build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5
977
build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1
978
build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0
979
build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1
980
feat: add shell secret driver.
981
libimage: LookupImage: remove IgnorePlatform option
982
libimage: `(*Runtime).SystemContext()`
983
libimage: events: deferred write
984
libimage: force internal image lookups to ignore arch
985
libimage: import: fix tags
986
libimage: pull: enforce pull policy for custom platforms
987
libimage: pull: ignore platform for local image lookup
988
libimage: pull: override even --pull=never with custom platform
989
pull: custom platform: do not use local image name
990
991
992
0.38.13:
993
994
* libimage: events: deferred write
995
996
0.38.12:
997
998
* pull: custom platform: do not use local image name
999
1000
0.40.1:
1001
1002
Vendor in containers/image v5.13.2
1003
seccomp: tweak default profile (followup for #573)
1004
libimage: lookup images by custom platform
1005
libimage: force remove: only untag on multi tag image
1006
build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1
1007
Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
1008
seccomp: always allow get_mempolicy, set_mempolicy, mbind
1009
seccomp: let membarrier fail with ENOSYS
1010
seccomp: allow rseq
1011
seccomp: allow pkey_*
1012
seccomp: let io_uring_* fail with ENOSYS
1013
seccomp: allow clone3
1014
1015
0.40.0:
1016
1017
Add default for log-tag
1018
Add support for config drop in directories
1019
Do not set the default netns
1020
Don't use systemd defaults if /proc/1/comm != systemd
1021
Fix spacing on name value pairs to be consistent
1022
Leave default seccomp path empty
1023
Sort containers.conf and containers.conf.5.md
1024
Strip extra trailing newlines in templates
1025
Tests are writing customer config to host machine
1026
Use SetCredentials and add verbose to loginopts
1027
[NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md
1028
add 'secret' section to the containers.conf struct.
1029
add @Luap99 to OWNERS
1030
add passdriver for secrets.
1031
build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0
1032
build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2
1033
build(deps): bump github.com/docker/docker
1034
build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2
1035
build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4
1036
build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0
1037
build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
1038
fix autodiscovery of the secret passdriver.
1039
fixed comments
1040
libimage: fix Exists
1041
libimage: pull: turn image-lookup errors non-fatal
1042
libmage: Exists: catch corrupted images
1043
made necessary changes to handle OS/Arch while importing an image
1044
pkg/config: fix systemd compile errors
1045
pull: don't resolve short names on explicit docker:// reference
1046
seccomp: add support for defaultErrnoRet
1047
seccomp: allow more *_time64 syscalls
1048
seccomp: allow timer_settime64
1049
seccomp: switch default to ENOSYS
1050
secrets: fix build with go 1.15
1051
support tag@digest notation
1052
1053
1054
0.39.0:
1055
1056
Vendor in containers/storage v1.32.0
1057
Ensure configuration directory is created for networks
1058
Include gateway in generated default networks
1059
Use Private as default for rootless when we want CNI
1060
rootless networking
1061
libimage: add some comments
1062
libimage: add more image tests
1063
build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0
1064
rootless_networking = "slirp4netns | cni"
1065
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
1066
1067
1068
- Update podman to 3.2.3
1069
1070
3.2.3:
1071
1072
### Security
1073
- This release addresses CVE-2021-3602, an issue with the `podman build` command with the `--isolation chroot` flag that results in environment variables from the host leaking into build containers.
1074
1075
### Bugfixes
1076
- Fixed a bug where events related to images could occur before the relevant operation had completed (e.g. an image pull event could be written before the pull was finished) ([#10812](https://github.com/containers/podman/issues/10812)).
1077
- Fixed a bug where `podman save` would refuse to save images with an architecture different from that of the host ([#10835](https://github.com/containers/podman/issues/10835)).
1078
- Fixed a bug where the `podman import` command did not correctly handle images without tags ([#10854](https://github.com/containers/podman/issues/10854)).
1079
- Fixed a bug where Podman's journald events backend would fail and prevent Podman from running when run on a host with systemd as PID1 but in an environment (e.g. a container) without systemd ([#10863](https://github.com/containers/podman/issues/10863)).
1080
- Fixed a bug where containers using rootless CNI networking would fail to start when the `dnsname` CNI plugin was in use and the host system's `/etc/resolv.conf` was a symlink ([#10855](https://github.com/containers/podman/issues/10855) and [#10929](https://github.com/containers/podman/issues/10929)).
1081
- Fixed a bug where containers using rootless CNI networking could fail to start due to a race in rootless CNI initialization ([#10930](https://github.com/containers/podman/issues/10930)).
1082
1083
### Misc
1084
- Updated Buildah to v1.21.3
1085
- Updated the containers/common library to v0.38.16
1086
1087
1088
- Update storage to 1.32.6
1089
1090
1.32.6:
1091
1092
Fix runtime panic for opening lockfile if parent dir got removed
1093
Cleanup exclude exceptions path
1094
build(deps): bump github.com/Microsoft/hcsshim from 0.8.17 to 0.8.20
1095
Add test for bad entries in storage.conf
1096
chunked: fix the path used for layers dedup
1097
Report bad entries in storage.conf to the user
1098
Use /run/user/UID in rootless mode if writable
1099
1100
- Update image to 5.14.0
1101
1102
v0.41.0:
1103
* Allow /etc/containers/containers.conf to be read by non-root
1104
* Created numMem_linux.go and numMem.go and nummem_unsupported.go
1105
* Fix default definition of secrets in containers.conf
1106
* Report bad entries in containers.conf to the user
1107
* add shelldriver.
1108
* build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
1109
* build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5
1110
* build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1
1111
* build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0
1112
* build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1
1113
* feat: add shell secret driver.
1114
* libimage: LookupImage: remove IgnorePlatform option
1115
* libimage: `(*Runtime).SystemContext()`
1116
* libimage: events: deferred write
1117
* libimage: force internal image lookups to ignore arch
1118
* libimage: import: fix tags
1119
* libimage: pull: enforce pull policy for custom platforms
1120
* libimage: pull: ignore platform for local image lookup
1121
* libimage: pull: override even --pull=never with custom platform
1122
* pull: custom platform: do not use local image name
1123
1124
1125
v0.40.1:
1126
* Vendor in containers/image v5.13.2
1127
* seccomp: tweak default profile (followup for #573)
1128
* libimage: lookup images by custom platform
1129
* libimage: force remove: only untag on multi tag image
1130
* build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1
1131
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
1132
* seccomp: always allow get_mempolicy, set_mempolicy, mbind
1133
* seccomp: let membarrier fail with ENOSYS
1134
* seccomp: allow rseq
1135
* seccomp: allow pkey_*
1136
* seccomp: let io_uring_* fail with ENOSYS
1137
* seccomp: allow clone3
1138
1139
v0.40.0:
1140
* Add default for log-tag
1141
* Add support for config drop in directories
1142
* Do not set the default netns
1143
* Don't use systemd defaults if /proc/1/comm != systemd
1144
* Fix spacing on name value pairs to be consistent
1145
* Leave default seccomp path empty
1146
* Sort containers.conf and containers.conf.5.md
1147
* Strip extra trailing newlines in templates
1148
* Tests are writing customer config to host machine
1149
* Use SetCredentials and add verbose to loginopts
1150
* [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md
1151
* add 'secret' section to the containers.conf struct.
1152
* add @Luap99 to OWNERS
1153
* add passdriver for secrets.
1154
* build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0
1155
* build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2
1156
* build(deps): bump github.com/docker/docker
1157
* build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2
1158
* build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4
1159
* build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0
1160
* build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
1161
* fix autodiscovery of the secret passdriver.
1162
* fixed comments
1163
* libimage: fix Exists
1164
* libimage: pull: turn image-lookup errors non-fatal
1165
* libmage: Exists: catch corrupted images
1166
* made necessary changes to handle OS/Arch while importing an image
1167
* pkg/config: fix systemd compile errors
1168
* pull: don't resolve short names on explicit docker:// reference
1169
* seccomp: add support for defaultErrnoRet
1170
* seccomp: allow more *_time64 syscalls
1171
* seccomp: allow timer_settime64
1172
* seccomp: switch default to ENOSYS
1173
* secrets: fix build with go 1.15
1174
* support tag@digest notation
1175
1176
v0.39:
1177
* Vendor in containers/storage v1.32.0
1178
* Ensure configuration directory is created for networks
1179
* Include gateway in generated default networks
1180
* Use Private as default for rootless when we want CNI
1181
* rootless networking
1182
* libimage: add some comments
1183
* libimage: add more image tests
1184
* build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0
1185
* rootless_networking = "slirp4netns | cni"
1186
* build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
1187
1188
-------------------------------------------------------------------
1189
Tue Jun 29 07:38:39 UTC 2021 - Fabian Vogt <fvogt@suse.com>
1190
1191
- Mention libcontainers-common.rpmlintrc as source
1192
- Use versioned obsoletes
1193
1194
-------------------------------------------------------------------
1195
Fri Jun 25 22:37:43 UTC 2021 - Enrico Belleri <idesmi@protonmail.com>
1196
1197
- Update common to 0.38.11
1198
1199
0.38.11:
1200
1201
* Strip extra trailing newlines in templates
1202
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
1203
1204
0.38.10:
1205
1206
* libimage: pull: override even --pull=never with custom platfo
1207
* libimage: pull: enforce pull policy for custom platforms
1208
* libimage: pull: ignore platform for local image lookup
1209
* Allow /etc/containers/containers.conf to be read by non-root
1210
* [0.38] libimage: force remove: only untag on multi tag image
1211
1212
0.38.9:
1213
1214
* libimage: fix Exists
1215
1216
0.38.8:
1217
1218
* libmage: Exists: catch corrupted images
1219
1220
0.38.7:
1221
1222
* libimage: pull: turn image-lookup errors non-fatal
1223
1224
0.38.6:
1225
1226
* [0.38] Leave default seccomp path empty
1227
1228
0.38.5:
1229
1230
* pull: don't resolve short names on explicit docker:// reference
1231
1232
0.38.4:
1233
1234
Revert "Do not emit warnings about OCI runtime paths"
1235
libimage: lookup: tolerate corrupted image
1236
1237
1238
0.38.3:
1239
1240
build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1
1241
libimage: fix manifest list lookup
1242
1243
1244
- Update podman to 3.2.2
1245
1246
3.2.2:
1247
1248
### Changes
1249
- Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based on an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)).
1250
- Podman no longer uses inotify to monitor for changes to CNI configurations. This removes potential issues where Podman cannot be run because a user has exhausted their available inotify sessions ([#10686](https://github.com/containers/podman/issues/10686)).
1251
1252
### Bugfixes
1253
- Fixed a bug where the `podman cp` would, when given a directory as its source and a target that existed and was a file, copy the contents of the directory into the parent directory of the file; this now results in an error.
1254
- Fixed a bug where the `podman logs` command would, when following a running container's logs, not include the last line of output from the container when it exited when the `k8s-file` driver was in use ([#10675](https://github.com/containers/podman/issues/10675)).
1255
- Fixed a bug where Podman would fail to run containers if `systemd-resolved` was incorrectly detected as the system's DNS server ([#10733](https://github.com/containers/podman/issues/10733)).
1256
- Fixed a bug where the `podman exec -t` command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set ([#10560](https://github.com/containers/podman/issues/10560)).
1257
- Fixed a bug where Podman containers using the `slirp4netns` network mode would add an incorrect entry to `/etc/hosts` pointing the container's hostname to the wrong IP address.
1258
- Fixed a bug where Podman would create volumes specified by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)).
1259
- Fixed a bug where Podman would not respect the `uid` and `gid` options to `podman volume create -o` ([#10620](https://github.com/containers/podman/issues/10620)).
1260
- Fixed a bug where the `podman run` command could panic when parsing the system's cgroup configuration ([#10666](https://github.com/containers/podman/issues/10666)).
1261
- Fixed a bug where the remote Podman client's `podman build -f - ...` command did not read a Containerfile from STDIN ([#10621](https://github.com/containers/podman/issues/10621)).
1262
- Fixed a bug where the `podman container restore --import` command would fail to restore checkpoints created from privileged containers ([#10615](https://github.com/containers/podman/issues/10615)).
1263
- Fixed a bug where Podman was not respecting the `TMPDIR` environment variable when pulling images ([#10698](https://github.com/containers/podman/issues/10698)).
1264
- Fixed a bug where a number of Podman commands did not properly support using Go templates as an argument to the `--format` option.
1265
1266
### API
1267
- Fixed a bug where the Compat Inspect endpoint for Containers did not include information on container healthchecks ([#10457](https://github.com/containers/podman/issues/10457)).
1268
- Fixed a bug where the Libpod and Compat Build endpoints for Images did not properly handle the `devices` query parameter ([#10614](https://github.com/containers/podman/issues/10614)).
1269
1270
### Misc
1271
- Fixed a bug where the Makefile's `make podman-remote-static` target to build a statically-linked `podman-remote` binary was instead producing dynamic binaries ([#10656](https://github.com/containers/podman/issues/10656)).
1272
- Updated the containers/common library to v0.38.11
1273
1274
1275
3.2.1:
1276
1277
### Changes
1278
- Podman now allows corrupt images (e.g. from restarting the system during an image pull) to be replaced by a `podman pull` of the same image (instead of requiring they be removed first, then re-pulled).
1279
1280
### Bugfixes
1281
- Fixed a bug where Podman would fail to start containers if a Seccomp profile was not available at `/usr/share/containers/seccomp.json` ([#10556](https://github.com/containers/podman/issues/10556)).
1282
- Fixed a bug where the `podman machine start` command failed on OS X machines with the AMD64 architecture and certain QEMU versions ([#10555](https://github.com/containers/podman/issues/10555)).
1283
- Fixed a bug where Podman would always use the slow path for joining the rootless user namespace.
1284
- Fixed a bug where the `podman stats` command would fail on Cgroups v1 systems when run on a container running systemd ([#10602](https://github.com/containers/podman/issues/10602)).
1285
- Fixed a bug where pre-checkpoint support for `podman container checkpoint` did not function correctly.
1286
- Fixed a bug where the remote Podman client's `podman build` command did not properly handle the `-f` option ([#9871](https://github.com/containers/podman/issues/9871)).
1287
- Fixed a bug where the remote Podman client's `podman run` command would sometimes not resize the container's terminal before execution began ([#9859](https://github.com/containers/podman/issues/9859)).
1288
- Fixed a bug where the `--filter` option to the `podman image prune` command was nonfunctional.
1289
- Fixed a bug where the `podman logs -f` command would exit before all output for a container was printed when the `k8s-file` log driver was in use ([#10596](https://github.com/containers/podman/issues/10596)).
1290
- Fixed a bug where Podman would not correctly detect that systemd-resolved was in use on the host and adjust DNS servers in the container appropriately under some circumstances ([#10570](https://github.com/containers/podman/issues/10570)).
1291
- Fixed a bug where the `podman network connect` and `podman network disconnect` commands acted improperly when containers were in the Created state, marking the changes as done but not actually performing them.
1292
1293
### API
1294
- Fixed a bug where the Compat and Libpod Prune endpoints for Networks returned null, instead of an empty array, when nothing was pruned.
1295
- Fixed a bug where the Create API for Images would continue to pull images even if a client closed the connection mid-pull ([#7558](https://github.com/containers/podman/issues/7558)).
1296
- Fixed a bug where the Events API did not include some information (including labels) when sending events.
1297
- Fixed a bug where the Events API would, when streaming was not requested, send at most one event ([#10529](https://github.com/containers/podman/issues/10529)).
1298
1299
### Misc
1300
- Updated the containers/common library to v0.38.9
1301
1302
1303
3.2.0:
1304
1305
### Features
1306
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
1307
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
1308
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
1309
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
1310
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
1311
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
1312
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
1313
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
1314
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
1315
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
1316
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
1317
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
1318
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
1319
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
1320
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
1321
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
1322
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
1323
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
1324
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
1325
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
1326
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
1327
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
1328
1329
### Changes
1330
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
1331
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
1332
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
1333
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
1334
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
1335
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
1336
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
1337
- The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.
1338
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
1339
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
1340
- Podman now requires that Conmon v2.0.24 be available.
1341
1342
### Bugfixes
1343
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
1344
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
1345
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
1346
- Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)).
1347
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
1348
- Fixed a bug where the `podman generate systemd --new` command would generate unit files that did not include `RequiresMountsFor` lines ([#10493](https://github.com/containers/podman/issues/10493)).
1349
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
1350
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
1351
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
1352
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
1353
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
1354
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
1355
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
1356
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
1357
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
1358
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
1359
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
1360
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
1361
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
1362
- Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)).
1363
- Fixed a bug where filters to the `podman events` command could not be specified twice (if a filter is specified more than once, it will match if any of the given values match - logical or) ([#10507](https://github.com/containers/podman/issues/10507)).
1364
- Fixed a bug where Podman would include IPv6 nameservers in `resolv.conf` in containers without IPv6 connectivity ([#10158](https://github.com/containers/podman/issues/10158)).
1365
- Fixed a bug where containers could not be created with static IP addresses when connecting to a network using the `macvlan` driver ([#10283](https://github.com/containers/podman/issues/10283)).
1366
1367
### API
1368
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
1369
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
1370
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
1371
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
1372
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
1373
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
1374
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
1375
- Fixed a bug where the Compat Push endpoint for Images could leak goroutines if the remote end closed the connection prematurely.
1376
1377
### Misc
1378
- Updated Buildah to v1.21.0
1379
- Updated the containers/common library to v0.38.5
1380
- Updated the containers/storage library to v1.31.3
1381
1382
1383
1384
3.2.0-RC3:
1385
1386
This is the third release candidate for Podman v3.2.0. We expect it will be the final RC.
1387
1388
Preliminary release notes follow:
1389
1390
### Features
1391
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
1392
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
1393
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
1394
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
1395
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
1396
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
1397
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
1398
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
1399
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
1400
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
1401
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
1402
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
1403
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
1404
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
1405
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
1406
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
1407
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
1408
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
1409
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
1410
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
1411
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
1412
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
1413
1414
### Changes
1415
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
1416
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
1417
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
1418
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
1419
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
1420
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
1421
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
1422
- The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.
1423
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
1424
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
1425
- Podman now requires that Conmon v2.0.24 be available.
1426
1427
### Bugfixes
1428
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
1429
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
1430
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
1431
- Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)).
1432
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
1433
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
1434
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
1435
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
1436
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
1437
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
1438
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
1439
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
1440
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
1441
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
1442
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
1443
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
1444
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
1445
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
1446
- Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)).
1447
1448
### API
1449
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
1450
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
1451
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
1452
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
1453
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
1454
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
1455
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
1456
1457
### Misc
1458
- Updated Buildah to v1.21.0
1459
- Updated the containers/common library to v0.38.4
1460
- Updated the containers/storage library to v1.31.1
1461
1462
1463
3.2.0-RC2:
1464
1465
This is the second release candidate for Podman v3.2.0. We expect a final RC early next week, and a final release late next week if all goes well
1466
1467
Preliminary release notes follow:
1468
1469
### Features
1470
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
1471
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
1472
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
1473
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
1474
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
1475
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
1476
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
1477
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
1478
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
1479
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
1480
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
1481
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
1482
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
1483
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
1484
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
1485
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
1486
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
1487
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
1488
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
1489
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
1490
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
1491
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
1492
1493
### Changes
1494
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
1495
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
1496
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
1497
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
1498
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
1499
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
1500
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
1501
- The `podman info` command now includes the path of the Seccomp profile Podman is using, and whether Podman is connected to a remote service or running containers locally.
1502
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
1503
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
1504
- Podman now requires that Conmon v2.0.24 be available.
1505
1506
### Bugfixes
1507
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
1508
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
1509
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
1510
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
1511
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
1512
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
1513
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
1514
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
1515
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
1516
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
1517
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
1518
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
1519
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
1520
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
1521
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
1522
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
1523
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
1524
1525
### API
1526
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
1527
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
1528
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
1529
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
1530
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
1531
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
1532
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
1533
1534
### Misc
1535
- Updated Buildah to v1.21.0
1536
- Updated the containers/common library to v0.38.4
1537
- Updated the containers/storage library to v1.31.1
1538
1539
1540
3.2.0-RC1:
1541
1542
This is the first release candidate for the Podman v3.2.0 release. Podman 3.2.0 features improved rootless networking (including support for rootless Docker compose), a rewritten image backend, and numerous other changes.
1543
1544
Full release notes will be available with the release of RC2 next week.
1545
1546
- Update storage to 1.32.5
1547
1548
1.32.5:
1549
1550
Fix handling of user namespace
1551
1552
1553
1.32.4:
1554
1555
Vendor in opencontainers/runc v1.0.0
1556
overlay: fix check for rootless native diff
1557
1558
1559
1.32.3:
1560
1561
Reload layer storage if layers.json got externally modified
1562
build(deps): bump github.com/klauspost/compress from 1.13.0 to 1.13.1
1563
Fix cancel deferred remove bug
1564
Cirrus: Fix references to master branch
1565
[CI:DOCS] Fix docs links due to branch rename
1566
1567
1568
1.32.2:
1569
1570
lockfile: merge Seek+Read/Write into Pread/Pwrite
1571
Added support for CONTAINERS_STORAGE_CONF override
1572
canUseShifting can segfault
1573
build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12
1574
build(deps): bump github.com/klauspost/compress from 1.12.3 to 1.13.0
1575
overlay: make userxattr,metacopy=on debug message
1576
build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
1577
1578
1579
1.31.3:
1580
1581
* store: ReloadIfChanged propagates errors from Modified()
1582
* store: load additional image stores once
1583
* store: fix graphLock reload
1584
1585
1586
1.32.1:
1587
1588
store: fix graphLock reload
1589
store: ReloadIfChanged propagates errors from Modified()
1590
store: load additional image stores once
1591
delete_internal: return error early
1592
build(deps): bump github.com/klauspost/compress from 1.12.2 to 1.12.3
1593
1594
1.32.0:
1595
1596
chunked: fix build on other platforms
1597
Avoid failure when umount an unmounted mountpoint
1598
overlay: enable native diff for fuse-overlayfs
1599
Enable to export layers from Additional Layer Store
1600
1601
1.31.2:
1602
1603
build(deps): bump github.com/Microsoft/go-winio from 0.4.17 to 0.5.0
1604
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
1605
reintroduce store: allow shifting only with contiguous mappings
1606
overlay: check for unix.ENOTSUP
1607
archive/overlay: ignore failures from nested whiteouts
1608
overlay: honor DisableShifting
1609
store: allow shifting only with contiguous mappings
1610
1611
1.31.1:
1612
1613
Revert "store: allow shifting only with contiguous mappings"
1614
1615
- Update image to 5.13.2
1616
1617
v0.38.11:
1618
* Strip extra trailing newlines in templates
1619
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
1620
1621
v0.38.10:
1622
* libimage: pull: override even --pull=never with custom platfo
1623
* libimage: pull: enforce pull policy for custom platforms
1624
* libimage: pull: ignore platform for local image lookup
1625
* Allow /etc/containers/containers.conf to be read by non-root
1626
* [0.38] libimage: force remove: only untag on multi tag image
1627
1628
v0.38.9:
1629
* libimage: fix Exists
1630
1631
v0.38.8:
1632
* libmage: Exists: catch corrupted images
1633
1634
v0.38.7:
1635
* libimage: pull: turn image-lookup errors non-fatal
1636
1637
v0.38.6:
1638
* [0.38] Leave default seccomp path empty
1639
1640
v0.38.5:
1641
* pull: don't resolve short names on explicit docker:// reference
1642
1643
v0.38.4:
1644
* Revert "Do not emit warnings about OCI runtime paths"
1645
* libimage: lookup: tolerate corrupted image
1646
1647
v0.38.3:
1648
* build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1
1649
* libimage: fix manifest list lookup
1650
1651
-------------------------------------------------------------------
1652
Tue May 18 09:28:28 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
1653
1654
- Update image to 5.12.0
1655
1656
v0.38.2:
1657
* libimage: add save tests
1658
* libimage/Image.HasDifferentDigest: handle manifest lists
1659
* libimage: push: ignore image platform
1660
* Cirrus: Use config. in common with all repos.
1661
* libimage: add import test
1662
* Fix handling of all capabilities
1663
* libimage: add save tests
1664
* containers.conf: don't set default logging driver
1665
1666
v0.38.1:
1667
* libimage: add save tests
1668
* libimage/Image.HasDifferentDigest: handle manifest lists
1669
* libimage: push: ignore image platform
1670
* Cirrus: Use config. in common with all repos.
1671
* libimage: add import test
1672
* Fix handling of all capabilities
1673
* libimage: add save tests
1674
* containers.conf: don't set default logging driver
1675
1676
v0.38.1:
1677
* adjust log-driver defaults
1678
* Do not emit warnings about OCI runtime paths
1679
* build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
1680
* build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3
1681
* [NO TESTS NEEDED] Fix reading configs on mac and windows
1682
* libimage: add push tests
1683
* build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
1684
* libimage: fix pull from dir
1685
* libimage: add load unit tests
1686
* Only close EventChannel if it has been created.
1687
1688
v0.38:
1689
* build(deps): bump github.com/docker/docker
1690
* libimage: add an events system
1691
* libimage: add unit tests
1692
* libimage: rename dockerTransport to registryTransport
1693
* Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
1694
* pull: simplify transports switch
1695
* Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix
1696
* Add support for codespell, and fix issues found
1697
* libimage: restore the ability to pull from docker-daemon and tarball
1698
* Swap default logging to journald
1699
* fix image tree
1700
* Add support for creating default CNI network
1701
* Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
1702
* Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
1703
* Add a default network creation package
1704
* Add ability to specify a subnet for the default network
1705
* libimage: follow-up changes
1706
1707
v0.37.1:
1708
* Bump github.com/containers/storage from 1.30.0 to 1.30.1
1709
* Add support for the runsc OCI Runtime
1710
* Add support for machine_enabled in containers.conf
1711
* modify README.md: Contributing section finetuning
1712
* Add support for image_parallel_copies in containers.conf
1713
* Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
1714
1715
- Update common to 0.38.2
1716
1717
0.38.2:
1718
1719
libimage: add save tests
1720
libimage/Image.HasDifferentDigest: handle manifest lists
1721
libimage: push: ignore image platform
1722
Cirrus: Use config. in common with all repos.
1723
libimage: add import test
1724
Fix handling of all capabilities
1725
libimage: add save tests
1726
containers.conf: don't set default logging driver
1727
1728
1729
0.38.1:
1730
1731
adjust log-driver defaults
1732
Do not emit warnings about OCI runtime paths
1733
build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
1734
build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3
1735
[NO TESTS NEEDED] Fix reading configs on mac and windows
1736
libimage: add push tests
1737
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
1738
libimage: fix pull from dir
1739
libimage: add load unit tests
1740
Only close EventChannel if it has been created.
1741
1742
0.38.0:
1743
1744
build(deps): bump github.com/docker/docker
1745
libimage: add an events system
1746
libimage: add unit tests
1747
libimage: rename dockerTransport to registryTransport
1748
Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
1749
pull: simplify transports switch
1750
Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix
1751
Add support for codespell, and fix issues found
1752
libimage: restore the ability to pull from docker-daemon and tarball
1753
Swap default logging to journald
1754
fix image tree
1755
Add support for creating default CNI network
1756
Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
1757
Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
1758
Add a default network creation package
1759
Add ability to specify a subnet for the default network
1760
libimage: follow-up changes
1761
1762
1763
0.37.1:
1764
1765
Bump github.com/containers/storage from 1.30.0 to 1.30.1
1766
Add support for the runsc OCI Runtime
1767
Add support for machine_enabled in containers.conf
1768
modify README.md: Contributing section finetuning
1769
Add support for image_parallel_copies in containers.conf
1770
Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
1771
1772
- Update storage to 1.31.0
1773
1774
1.31.0:
1775
1776
1777
Update docs/containers-storage.conf.5.md
1778
store: add option to disable volatile
1779
build(deps): bump github.com/Microsoft/hcsshim from 0.8.16 to 0.8.17
1780
Enable zstd:chunked support in containers/image
1781
overlay: honor DisableShifting
1782
store: allow shifting only with contiguous mappings
1783
idtools: new function IsContiguous
1784
store: replace Modified+Load with ReloadIfChanged
1785
store: new method ROFileBasedStore.ReloadIfChanged()
1786
Expand the scope of transaction in the process of deleting device
1787
Remove unlock/lock caused by Incorrect assumption
1788
1789
1790
1.30.3:
1791
1792
Update to F34 and U2104
1793
Update vendor opencontainers/selinux v1.8.1
1794
AUFS not supported in Ubuntu 21.04+
1795
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
1796
TestMatch: handle cases where NewPatternMatcher catches syntax errors
1797
1798
1.30.2:
1799
1800
Switch from ffjson to json-iterator
1801
Remove dependencies on ffjson
1802
Expand Variables on rootlessStoragePath
1803
Log expected rootless overlay mount failures as debug level
1804
1805
-------------------------------------------------------------------
1806
Thu Apr 29 09:06:07 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
1807
1808
- Update common to 0.37.0
1809
1810
0.37.0:
1811
1812
new libimage package
1813
Bump github.com/containers/storage from 1.29.0 to 1.30.0
1814
config: suggest enable-linger only if euid != 0
1815
Change log message in findRuntime()
1816
Add setns to default seccomp.json
1817
Cleanup debugf information to make debugging more useful
1818
1819
- Update podman to 3.1.2
1820
1821
3.1.2:
1822
1823
### Bugfixes
1824
- Fixed a bug where images with empty layers were stored incorrectly, causing them to be unable to be pushed or saved.
1825
- Fixed a bug where the `podman rmi` command could fail to remove corrupt images from storage.
1826
- Fixed a bug where the remote Podman client's `podman save` command did not support the `oci-dir` and `docker-dir` formats ([#9742](https://github.com/containers/podman/issues/9742)).
1827
- Fixed a bug where volume mounts from `podman play kube` created with a trailing `/` in the container path were were not properly superceding named volumes from the image ([#9618](https://github.com/containers/podman/issues/9618)).
1828
- Fixed a bug where Podman could fail to build on 32-bit architectures.
1829
1830
### Misc
1831
- Updated the containers/image library to v5.11.1
1832
1833
1834
- Update storage to 1.30.1
1835
1836
1.30.1:
1837
1838
Allow users to tag images in read/only image stores
1839
build(deps): bump github.com/klauspost/compress from 1.12.1 to 1.12.2
1840
Validate selinux label before attempting to use it
1841
1842
1843
1.30.0:
1844
1845
unshare: new function HasCapSysAdmin
1846
btrfs: Do not disable quota on cleanup
1847
build(deps): bump github.com/klauspost/compress from 1.11.13 to 1.12.1
1848
1849
1850
- Update image to 5.11.1
1851
1852
* new libimage package
1853
* Bump github.com/containers/storage from 1.29.0 to 1.30.0
1854
* config: suggest enable-linger only if euid != 0
1855
* Change log message in findRuntime()
1856
* Add setns to default seccomp.json
1857
* Cleanup debugf information to make debugging more useful
1858
1859
-------------------------------------------------------------------
1860
Mon Apr 19 12:21:56 UTC 2021 - Richard Brown <rbrown@suse.com>
1861
1862
- Force overlay as default storage driver if system is not btrfs
1863
(gh#containers/buildah#3153)
1864
1865
-------------------------------------------------------------------
1866
Mon Apr 19 11:03:30 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
1867
1868
- Update common to 0.36.0
1869
1870
0.36.0:
1871
1872
no changelog found
1873
1874
0.35.4:
1875
1876
pkg/seccomp: simplify and fix IsSupported
1877
pkg/seccomp: use sync.Once to speed up IsSupported
1878
capabilities: ALL returns the bounding set
1879
capabilities: memoize BoundingSet
1880
capabilities: add new method BoundingSet()
1881
Update pause image to 3.5
1882
1883
1884
- Update podman to 3.1.1
1885
1886
3.1.1:
1887
1888
### Changes
1889
- Podman now recognizes `trace` as a valid argument to the `--log-level` command. Trace logging is now the most verbose level of logging available.
1890
- The `:z` and `:Z` options for volume mounts are now ignored when the container is privileged or is run with SELinux isolation disabled (`--security-opt label=disable`). This matches better matches Docker's behavior in this case.
1891
1892
### Bugfixes
1893
- Fixed a bug where pruning images with the `podman image prune` or `podman system prune` commands could cause Podman to panic.
1894
- Fixed a bug where the `podman save` command did not properly error when the `--compress` flag was used with incompatible format types.
1895
- Fixed a bug where the `--security-opt` and `--ulimit` options to the remote Podman client's `podman build` command were nonfunctional.
1896
- Fixed a bug where the `--log-rusage` option to the remote Podman client's `podman build` command was nonfunctional ([#9489](https://github.com/containers/podman/issues/9889)).
1897
- Fixed a bug where the `podman build` command could, in some circumstances, use the wrong OCI runtime ([#9459](https://github.com/containers/podman/issues/9459)).
1898
- Fixed a bug where the remote Podman client's `podman build` command could return 0 despite failing ([#10029](https://github.com/containers/podman/issues/10029)).
1899
- Fixed a bug where the `podman container runlabel` command did not properly expand the `IMAGE` and `NAME` variables in the label ([#9405](https://github.com/containers/podman/issues/9405)).
1900
- Fixed a bug where poststop OCI hooks would be executed twice on containers started with the `--rm` argument ([#9983](https://github.com/containers/podman/issues/9983)).
1901
- Fixed a bug where rootless Podman could fail to launch containers on cgroups v2 systems when the `cgroupfs` cgroup manager was in use.
1902
- Fixed a bug where the `podman stats` command could error when statistics tracked exceeded the maximum size of a 32-bit signed integer ([#9979](https://github.com/containers/podman/issues/9979)).
1903
- Fixed a bug where rootless Podman containers run with `--userns=keepid` (without a `--user` flag in addition) would grant exec sessions run in them too many capabilities ([#9919](https://github.com/containers/podman/issues/9919)).
1904
- Fixed a bug where the `--authfile` option to `podman build` did not validate that the path given existed ([#9572](https://github.com/containers/podman/issues/9572)).
1905
- Fixed a bug where the `--storage-opt` option to Podman was appending to, instead of overriding (as is documented), the default storage options.
1906
- Fixed a bug where the `podman system service` connection did not function properly when run in a socket-activated systemd unit file as a non-root user.
1907
- Fixed a bug where the `--network` option to the `podman play kube` command of the remote Podman client was being ignored ([#9698](https://github.com/containers/podman/issues/9698)).
1908
- Fixed a bug where the `--log-driver` option to the `podman play kube` command was nonfunctional ([#10015](https://github.com/containers/podman/issues/10015)).
1909
1910
### API
1911
- Fixed a bug where the Libpod Create endpoint for Manifests did not properly validate the image the manifest was being created with.
1912
- Fixed a bug where the Libpod DF endpoint could, in error cases, append an extra null to the JSON response, causing decode errors.
1913
- Fixed a bug where the Libpod and Compat Top endpoint for Containers would return process names that included extra whitespace.
1914
- Fixed a bug where the Compat Prune endpoint for Containers accepted too many types of filter.
1915
1916
### Misc
1917
- Updated Buildah to v1.20.1
1918
- Updated the containers/storage library to v1.29.0
1919
- Updated the containers/image library to v5.11.0
1920
- Updated the containers/common library to v0.36.0
1921
1922
- Update storage to 1.29.0
1923
1924
1.29.0:
1925
1926
ReloadConfigurationFile should Reset storage options
1927
rootless overlay: use user.* instead of trusted.*
1928
build(deps): bump github.com/Microsoft/hcsshim from 0.8.15 to 0.8.16
1929
Support additional layer store
1930
overlay, rootless: use user.* instead of trusted.*
1931
archive, rootless: use user.* instead of trusted.*
1932
copy, rootless: skip copying trusted.* xattr
1933
Make sure rootless mounts support the userxattr flag
1934
Rework autons ID mapping generation.
1935
Set default to overlay from storage.conf
1936
build(deps): bump github.com/klauspost/compress from 1.11.12 to 1.11.13
1937
1938
- Update image to 5.11.0
1939
1940
* no changelog found
1941
1942
-------------------------------------------------------------------
1943
Tue Mar 30 08:37:09 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
1944
1945
- Update common to 0.35.3
1946
1947
0.35.3:
1948
1949
* capabilities: add new method BoundingSet()
1950
* Bump github.com/containers/storage from 1.27.0 to 1.28.0
1951
* Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
1952
* Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
1953
* Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
1954
* Remove `vendor` from dependabot config
1955
* Add dependabot config file to support vendoring
1956
* Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
1957
* Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
1958
* Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5
1959
1960
1961
0.35.2:
1962
1963
Vendor in containers/common and start using types subdir.
1964
shrink the vendoring size of containers/common/pkg/config
1965
Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4
1966
1967
- Update podman to 3.1.0
1968
1969
3.1.0:
1970
1971
### Features
1972
- A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.
1973
- A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)).
1974
- The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)).
1975
- Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists.
1976
- The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container.
1977
- The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)).
1978
- The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options.
1979
- The Podman remote client's `podman push` command now supports the `--format` option.
1980
- The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options.
1981
- The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options.
1982
- The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)).
1983
- The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files.
1984
- The `podman generate kube` command can now generate `PersistentVolumeClaim` YAML for Podman named volumes ([#5788](https://github.com/containers/podman/issues/5788)).
1985
- The `podman generate kube` command can now generate YAML files containing multiple resources (pods or deployments) ([#9129](https://github.com/containers/podman/issues/9129)).
1986
1987
### Security
1988
- This release resolves CVE-2021-20291, a deadlock vulnerability in the storage library caused by pulling a specially-crafted container image.
1989
1990
### Changes
1991
- The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.
1992
- The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID.
1993
- When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)).
1994
- The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.
1995
- The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.
1996
- Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)).
1997
- The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.
1998
- The `podman generate systemd` command now generates `RequiresMountsFor` lines to ensure necessary storage directories are mounted before systemd starts Podman.
1999
- Podman will now emit a warning when `--tty` and `--interactive` are both passed, but `STDIN` is not a TTY. This will be made into an error in the next major Podman release some time next year.
2000
2001
### Bugfixes
2002
- Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)).
2003
- Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)).
2004
- Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)).
2005
- Fixed a bug where the `podman generate kube` command could not be used with containers that were not running.
2006
- Fixed a bug where the `podman generate systemd` command could duplicate some parameters to Podman in generated unit files ([#9776](https://github.com/containers/podman/issues/9776)).
2007
- Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers.
2008
- Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers.
2009
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend.
2010
- Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly.
2011
- Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)).
2012
- Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)).
2013
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)).
2014
- Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)).
2015
- Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)).
2016
- Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist.
2017
- Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers.
2018
- Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)).
2019
- Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)).
2020
- Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)).
2021
- Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances.
2022
- Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)).
2023
- Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)).
2024
- Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build.
2025
- Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)).
2026
- Fixed a bug where the `--pull-never` option to `podman build` was nonfunctional ([#9573](https://github.com/containers/podman/issues/9573)).
2027
- Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)).
2028
- Fixed a bug where the `--isolation` option to `podman build` in the remote Podman client was nonfunctional.
2029
- Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)).
2030
- Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)).
2031
- Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)).
2032
- Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)).
2033
- Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)).
2034
- Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman.
2035
- Fixed a bug where `podman commit` did not use the `TMPDIR` environment variable to place temporary files created during the commit ([#9825](https://github.com/containers/podman/issues/9825)).
2036
- Fixed a bug where remote Podman could error when attempting to resize short-lived containers ([#9831](https://github.com/containers/podman/issues/9831)).
2037
- Fixed a bug where Podman was unusable on kernels built without `CONFIG_USER_NS`.
2038
- Fixed a bug where the ownership of volumes created by `podman volume create` and then mounted into a container could be incorrect ([#9608](https://github.com/containers/podman/issues/9608)).
2039
- Fixed a bug where Podman volumes using a volume plugin could not pass certain options, and could not be used as non-root users.
2040
- Fixed a bug where the `--tz` option to `podman create` and `podman run` did not properly validate its input.
2041
2042
### API
2043
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value.
2044
- A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)).
2045
- Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now.
2046
- Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response.
2047
- Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response.
2048
- Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter).
2049
- Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body.
2050
- Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)).
2051
- Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options.
2052
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)).
2053
- Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)).
2054
- The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)).
2055
- Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)).
2056
- Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)).
2057
- Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)).
2058
- Fixed a bug where the Libpod create endpoint for Containers has a misnamed field in its JSON.
2059
- Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553))
2060
- Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)).
2061
- Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0.
2062
- Fixed a bug where the compat and libpod Resize endpoints for Containers did not set the correct terminal sizes (dimensions were reversed) ([#9756](https://github.com/containers/podman/issues/9756)).
2063
- Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)).
2064
- Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified.
2065
- Numerous bugs related to filters have been addressed.
2066
2067
### Misc
2068
- Updated Buildah to v1.20.0
2069
- Updated the containers/storage library to v1.28.1
2070
- Updated the containers/image library to v5.10.5
2071
- Updated the containers/common library to v0.35.4
2072
2073
2074
3.1.0-RC2:
2075
2076
This is the second release candidate for Podman v3.1.0
2077
2078
Preliminary release notes are below. Please note that these are subject to change until the final release.
2079
2080
### Features
2081
- A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.
2082
- A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)).
2083
- The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)).
2084
- Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists.
2085
- The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container.
2086
- The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)).
2087
- The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options.
2088
- The Podman remote client's `podman push` command now supports the `--format` option.
2089
- The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options.
2090
- The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options.
2091
- The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)).
2092
- The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files.
2093
2094
### Changes
2095
- The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.
2096
- The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID.
2097
- When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)).
2098
- The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.
2099
- The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.
2100
- Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)).
2101
- The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.
2102
2103
### Bugfixes
2104
- Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)).
2105
- Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)).
2106
- Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)).
2107
- Fixed a bug where the `podman generate kube` command could not be used with containers that were not running.
2108
- Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers.
2109
- Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers.
2110
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend.
2111
- Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly.
2112
- Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)).
2113
- Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)).
2114
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)).
2115
- Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)).
2116
- Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)).
2117
- Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist.
2118
- Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers.
2119
- Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)).
2120
- Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)).
2121
- Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)).
2122
- Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances.
2123
- Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)).
2124
- Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)).
2125
- Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build.
2126
- Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)).
2127
- Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)).
2128
- Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)).
2129
- Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)).
2130
- Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)).
2131
- Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)).
2132
- Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)).
2133
- Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman.
2134
2135
### API
2136
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value.
2137
- A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)).
2138
- Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now.
2139
- Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response.
2140
- Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response.
2141
- Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter).
2142
- Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body.
2143
- Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)).
2144
- Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options.
2145
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)).
2146
- Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)).
2147
- The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)).
2148
- Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)).
2149
- Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)).
2150
- Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)).
2151
- Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553))
2152
- Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)).
2153
- Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0.
2154
- Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)).
2155
- Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified.
2156
2157
### Misc
2158
- Updated Buildah to v1.19.8
2159
- Updated the containers/storage library to v1.28.0
2160
- Updated the containers/image library to v5.10.5
2161
- Updated the containers/common library to v0.35.3
2162
2163
2164
3.1.0-RC1:
2165
2166
This is the first release candidate for Podman v3.1.0. Release is expected later this week.
2167
2168
2169
- Update storage to 1.28.1
2170
2171
1.28.1:
2172
2173
overlay.recreateSymlinks: handle missing "link" files, add a test
2174
TestLockfileWriteConcurrent: stay below 8192 goroutines
2175
Use an xz library instead of shelling out to xz for decompression
2176
overlay: check selinux label support
2177
2178
1.28.0:
2179
2180
Add dependabot.yml configuration file
2181
Add more mount information to errors
2182
Inherit system storage driver in rootless configurations
2183
archive: make getFileOwner public
2184
archive: make getWhiteoutConverter public
2185
archive: whiteout creation with a handler
2186
build(deps): bump github.com/Microsoft/hcsshim from 0.8.14 to 0.8.15
2187
build(deps): bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
2188
build(deps): bump github.com/klauspost/compress from 1.11.7 to 1.11.12
2189
build(deps): bump github.com/moby/sys/mountinfo from 0.4.0 to 0.4.1
2190
build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
2191
chown: ignore both pkg/system.EOPNOTSUPP and pkg/system.ErrNotSupportedPlatform
2192
containers-storage: add --volatile to container create
2193
copy: create a unix socket with os.ModeSocket
2194
drivers: make copyRegular public
2195
drivers: new function CopyRegularToFile
2196
fswriters: honor nosync option
2197
overlay: add detection for overlay support in a user namespace
2198
overlay: allow to reset mount_program
2199
overlay: factor function out
2200
overlay: fix path to incompat/volatile
2201
overlay: improve overlay error message
2202
overlay: public function to check for overlay support
2203
overlay: record if using mount_program
2204
overlay: rootless move error to debug message
2205
overlay: use direct mount instead of mountFrom
2206
support patches to prepare #775
2207
tests: test mount/unmount volatile container
2208
types: check for native overlay support
2209
2210
2211
1.27.0:
2212
2213
Move storageOpts structures into types subdir to shrink bindings.
2214
(*store).Diff: add missing unlock in error case
2215
pkg/lockfile: fix a race and re-enable unit tests
2216
Add warning about possible storage corruption
2217
pkg/chrootarchive.TestChrootUntarWithHugeExcludesList: fix compile error
2218
pkg/archive.TestCopyWithTarSrcFile(): update for NoOverwriteDirNonDir
2219
drivers/devmapper: default the rootfs directory to 0555
2220
TestRootlessRuntimeDir: iterate tests using testing.T.Run()
2221
Fix TestDefaultStoreOpts()
2222
getRootlessRuntimeDirIsolated(): don't use an empty tmpPerUserDir
2223
drivers/zfs: default the base layer to 0555
2224
drivers/btrfs: default the base layer to 0555
2225
drivers/aufs: inherit permissions on "/" from parent layers
2226
drivers/vfs: inherit permissions on "/" from parent layers
2227
graphtest: expect 0555 permissions
2228
pkg/archive.parseDirent(): adjust to avoid unsafe pointer conversion
2229
Add warning about possible storage corruption
2230
pkg/idtools.TestParseSubidFileWithNewlinesAndComments(): clean up
2231
pkg/mount.TestSubtreeUnbindable(): check for wrapped EINVAL
2232
pkg/directory: count inodes of directories
2233
Makefile local-test-unit: use -race if it's available
2234
pkg/mount: don't complain if the filesystem volunteers inode32/inode64
2235
CI: run unit tests again
2236
pkg/lockfile: fix a race and an incorrect unit test
2237
2238
2239
1.26.0:
2240
2241
build(deps): bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
2242
homedir: add GetCacheHome
2243
Call recreateSymlinks when not found during Readlink
2244
build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
2245
We should ignore metacopy option on kernels that do not support it
2246
drivers: add support for volatile to overlay
2247
store: support volatile containers
2248
overlay: support native rootless mounts
2249
overlay: force metacopy=on for naivediff
2250
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc93
2251
2252
1.25.0:
2253
2254
layers: support BigData
2255
Fix FreeBSD support
2256
Remove empty line as per feedback
2257
Improve project quota to support querying disk usage
2258
Use unix.Statfs instead of syscall.Statfs
2259
overlay: use XFS quota when possible
2260
drivers/quota: add GetDiskUsage endpoint
2261
2262
- Update image to 5.10.5
2263
2264
v0.35.3:
2265
* capabilities: add new method BoundingSet()
2266
* Bump github.com/containers/storage from 1.27.0 to 1.28.0
2267
* Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
2268
* Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
2269
* Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
2270
* Remove vendor from dependabot config
2271
* Add dependabot config file to support vendoring
2272
* Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
2273
* Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
2274
* Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5
2275
2276
2277
v0.35.2:
2278
Vendor in containers/common and start using types subdir.
2279
shrink the vendoring size of containers/common/pkg/config
2280
Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4
2281
2282
-------------------------------------------------------------------
2283
Tue Mar 23 09:39:45 UTC 2021 - Richard Brown <rbrown@suse.com>
2284
2285
- Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems
2286
2287
-------------------------------------------------------------------
2288
Thu Mar 4 18:14:43 UTC 2021 - Richard Brown <rbrown@suse.com>
2289
2290
- Require util-linux-systemd for %post scripts (findmnt) (boo#1182998)
2291
2292
-------------------------------------------------------------------
2293
Thu Feb 25 16:15:46 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
2294
2295
- Update commonver to 0.35.1
2296
2297
v0.35.1:
2298
Bump github.com/containers/image/v5 from 5.10.2 to 5.10.3
2299
Stop logging messages about using DOCKER_CONFIG
2300
Add autocompletions to be shared between buildah and podman
2301
Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
2302
Export error constants from pkg/secrets
2303
2304
v0.35:
2305
Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
2306
Move EnforceRange and HasTable out of Podman and into common
2307
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
2308
Bump github.com/containers/image/v5 from 5.10.1 to 5.10.2
2309
Add missing values to containers.conf man page
2310
update pause image to 3.4.1
2311
2312
v0.34:
2313
Add image_default_format
2314
Change default log driver to journald
2315
Add compatible template functions
2316
Add U volume flag to chown source volumes
2317
Bump github.com/containers/image/v5 from 5.09.0 to 5.10.1
2318
seccomp: various updates
2319
pkg: check ownership for XDG_RUNTIME_DIR
2320
seccomp: update profile to Linux 5.11 list
2321
seccomp: add CI check for up-to-date seccomp.json
2322
seccomp: re-add generation script
2323
seccomp: deduplicate default profile
2324
Add image_parallel_copies engine config
2325
Fix secret create prefix
2326
cgroupv2: fix typo in comment
2327
Add accessor for log-driver
2328
Fix secret name validation
2329
Fix name validation and dir mode in secrets
2330
Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
2331
config: fix runtime_supports_nocgroup key name
2332
fix - make target all on osx
2333
Fix secret name regex
2334
Rename internal functions to make them easier to understand
2335
2336
- Update podmanver to 3.0.1
2337
2338
3.0.1:
2339
2340
### Changes
2341
- Several frequently-occurring `WARN` level log messages have been downgraded to `INFO` or `DEBUG` to not clutter terminal output.
2342
2343
### Bugfixes
2344
- Fixed a bug where the `Created` field of `podman ps --format=json` was formatted as a string instead of an Unix timestamp (integer) ([#9315](https://github.com/containers/podman/issues/9315)).
2345
- Fixed a bug where failing lookups of individual layers during the `podman images` command would cause the whole command to fail without printing output.
2346
- Fixed a bug where `--cgroups=split` did not function properly on cgroups v1 systems.
2347
- Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail ([#9393](https://github.com/containers/podman/issues/9393)).
2348
- Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume ([#9415](https://github.com/containers/podman/pull/9415)).
2349
- Fixed a bug where Podman would treat the `--entrypoint=[""]` option to `podman run` and `podman create` as a literal empty string in the entrypoint, when instead it should have been ignored ([#9377](https://github.com/containers/podman/issues/9377)).
2350
- Fixed a bug where Podman would set the `HOME` environment variable to `""` when the container ran as a user without an assigned home directory ([#9378](https://github.com/containers/podman/issues/9378)).
2351
- Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause `podman pod create` to panic ([#9374](https://github.com/containers/podman/issues/9374)).
2352
- Fixed a bug where the `--runtime` option was not properly handled by the `podman build` command ([#9365](https://github.com/containers/podman/issues/9365)).
2353
- Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
2354
- Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed ([#9387](https://github.com/containers/podman/issues/9387)).
2355
- Fixed a bug where the `podman generate systemd --new` command would incorrectly escape `%t` when generating the path for the PID file ([#9373](https://github.com/containers/podman/issues/9373)).
2356
- Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in ([#9191](https://github.com/containers/podman/issues/9191)).
2357
- Fixed a bug where some options of the `podman build` command (including but not limited to `--jobs`) were nonfunctional ([#9247](https://github.com/containers/podman/issues/9247)).
2358
2359
### API
2360
- Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 ([#9351](https://github.com/containers/podman/issues/9351)).
2361
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
2362
- Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
2363
- Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry ([#9232](https://github.com/containers/podman/issues/9232)).
2364
- The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the `docker-java` library.
2365
2366
### Misc
2367
- Updated Buildah to v1.19.4
2368
- Updated the containers/storage library to v1.24.6
2369
2370
2371
3.0.0:
2372
2373
### Features
2374
- Podman now features initial support for Docker Compose.
2375
- Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)).
2376
- The Podman remote client now supports the `podman copy` command.
2377
- A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`).
2378
- Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
2379
- Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them.
2380
- The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)).
2381
- The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes.
2382
- The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times.
2383
- The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
2384
- The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them.
2385
- The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)).
2386
- The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)).
2387
- The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)).
2388
- The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)).
2389
- The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option.
2390
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`.
2391
- The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container.
2392
- The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths.
2393
- The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945).
2394
- The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)).
2395
- The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter.
2396
- The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option.
2397
- The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned.
2398
- The `podman volume prune` commands now supports filtering what volumes will be pruned.
2399
- The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)).
2400
- The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems.
2401
- The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)).
2402
- The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list.
2403
- The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`.
2404
- Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`.
2405
- The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`).
2406
2407
### Security
2408
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
2409
2410
### Changes
2411
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
2412
- The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)).
2413
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md).
2414
- The legacy Varlink API has been completely removed from Podman.
2415
- The default log level for Podman has been changed from Error to Warn.
2416
- The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year.
2417
- The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included.
2418
- The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)).
2419
- The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)).
2420
- Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected.
2421
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
2422
- Error messages for `podman run` when an invalid SELinux is specified have been improved.
2423
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
2424
- Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share.
2425
- SSH public key handling for remote Podman has been improved.
2426
2427
### Bugfixes
2428
- Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)).
2429
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)).
2430
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)).
2431
- Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)).
2432
- Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)).
2433
- Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176)
2434
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)).
2435
- Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)).
2436
- Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)).
2437
- Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable.
2438
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
2439
- Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)).
2440
- Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)).
2441
- Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers.
2442
- Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)).
2443
- Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)).
2444
- Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)).
2445
- Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)).
2446
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)).
2447
- Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)).
2448
- Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)).
2449
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)).
2450
- Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)).
2451
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
2452
- Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)).
2453
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`.
2454
- Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)).
2455
- Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)).
2456
- Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)).
2457
- Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
2458
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)).
2459
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)).
2460
- Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)).
2461
- Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`.
2462
- Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)).
2463
- Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile.
2464
- Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)).
2465
- Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)).
2466
- Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)).
2467
- Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)).
2468
- Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored.
2469
- Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)).
2470
- Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)).
2471
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)).
2472
- Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined.
2473
- Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)).
2474
- Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)).
2475
- Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)).
2476
- Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)).
2477
- Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)).
2478
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
2479
- Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)).
2480
- Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option.
2481
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
2482
- Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)).
2483
- Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)).
2484
- Fixed a bug where specifying Go templates to the `--format` option to multiple Podman commands did not support the `join` function ([#8773](https://github.com/containers/podman/issues/8773)).
2485
- Fixed a bug where the `podman rmi` command could, when run in parallel on multiple images, return `layer not known` errors ([#6510](https://github.com/containers/podman/issues/6510)).
2486
- Fixed a bug where the `podman inspect` command on containers displayed unlimited ulimits incorrectly ([#9303](https://github.com/containers/podman/issues/9303)).
2487
- Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories ([#6003](https://github.com/containers/podman/issues/6003)).
2488
2489
### API
2490
- Libpod API version has been bumped to v3.0.0.
2491
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)).
2492
- The Compat API for Containers now supports the Rename and Copy APIs.
2493
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
2494
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281))
2495
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)).
2496
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly.
2497
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
2498
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used).
2499
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
2500
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)).
2501
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)).
2502
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
2503
- Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)).
2504
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
2505
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)).
2506
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)).
2507
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
2508
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
2509
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
2510
- Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
2511
2512
### Misc
2513
- Updated Buildah to v1.19.2
2514
- Updated the containers/storage library to v1.24.5
2515
- Updated the containers/image library to v5.10.2
2516
- Updated the containers/common library to v0.33.4
2517
2518
2519
3.0.0-RC3:
2520
2521
Please note that these release notes are preliminary until v3.0.0 final is released
2522
2523
### Features
2524
- Podman now features initial support for Docker Compose.
2525
- Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)).
2526
- The Podman remote client now supports the `podman copy` command.
2527
- A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`).
2528
- Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
2529
- Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them.
2530
- The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)).
2531
- The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes.
2532
- The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times.
2533
- The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
2534
- The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them.
2535
- The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)).
2536
- The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)).
2537
- The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)).
2538
- The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)).
2539
- The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option.
2540
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`.
2541
- The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container.
2542
- The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths.
2543
- The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945).
2544
- The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)).
2545
- The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter.
2546
- The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option.
2547
- The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned.
2548
- The `podman volume prune` commands now supports filtering what volumes will be pruned.
2549
- The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)).
2550
- The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems.
2551
- The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)).
2552
- The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list.
2553
- The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`.
2554
- Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`.
2555
- The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`).
2556
2557
### Security
2558
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
2559
2560
### Changes
2561
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
2562
- The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)).
2563
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md).
2564
- The legacy Varlink API has been completely removed from Podman.
2565
- The default log level for Podman has been changed from Error to Warn.
2566
- The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year.
2567
- The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included.
2568
- The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)).
2569
- The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)).
2570
- Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected.
2571
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
2572
- Error messages for `podman run` when an invalid SELinux is specified have been improved.
2573
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
2574
- Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share.
2575
- SSH public key handling for remote Podman has been improved.
2576
2577
### Bugfixes
2578
- Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)).
2579
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)).
2580
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)).
2581
- Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)).
2582
- Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)).
2583
- Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176)
2584
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)).
2585
- Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)).
2586
- Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)).
2587
- Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable.
2588
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
2589
- Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)).
2590
- Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)).
2591
- Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers.
2592
- Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)).
2593
- Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)).
2594
- Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)).
2595
- Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)).
2596
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)).
2597
- Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)).
2598
- Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)).
2599
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)).
2600
- Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)).
2601
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
2602
- Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)).
2603
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`.
2604
- Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)).
2605
- Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)).
2606
- Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)).
2607
- Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
2608
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)).
2609
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)).
2610
- Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)).
2611
- Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`.
2612
- Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)).
2613
- Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile.
2614
- Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)).
2615
- Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)).
2616
- Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)).
2617
- Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)).
2618
- Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored.
2619
- Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)).
2620
- Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)).
2621
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)).
2622
- Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined.
2623
- Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)).
2624
- Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)).
2625
- Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)).
2626
- Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)).
2627
- Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)).
2628
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
2629
- Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)).
2630
- Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option.
2631
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
2632
- Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)).
2633
- Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)).
2634
2635
### API
2636
- Libpod API version has been bumped to v3.0.0.
2637
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)).
2638
- The Compat API for Containers now supports the Rename and Copy APIs.
2639
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
2640
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281))
2641
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)).
2642
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly.
2643
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
2644
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used).
2645
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
2646
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)).
2647
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)).
2648
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
2649
- Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)).
2650
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
2651
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)).
2652
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)).
2653
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
2654
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
2655
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
2656
2657
### Misc
2658
- Updated Buildah to v1.19.2
2659
- Updated the containers/storage library to v1.24.5
2660
- Updated the containers/common library to v0.33.4
2661
2662
2663
3.0.0-rc2:
2664
2665
This is the second release candidate of Podman v3.0.
2666
2667
3.0.0-rc1:
2668
2669
### Features
2670
- Add ability to set system wide options for slirp4netns
2671
- Add --cidfile to container kill
2672
- Add commas between mount options
2673
- Add compose regression to ci
2674
- Add containerenv information to /run/.containerenv
2675
- Add default sysctls for pod infra containers
2676
- Add --filter to podman system prune
2677
- Adding json formatting to `--list-tags` option in `podman search` command.
2678
- Add mask and unmask option to --security-opt
2679
- Add 'MemUsageBytes' format option
2680
- Add more information and examples on podman and pipes
2681
- Add network filter for podman ps and pod ps
2682
- Add Networks format placeholder to podman ps and pod ps
2683
- Add pod filter for ps
2684
- Add podman network create option for bridge mtu
2685
- Add podman network create option for bridge vlan
2686
- Add pre checkpoint
2687
- Add Security information to podman info
2688
- Add support for Gentoo file to package query
2689
- Add support for network ids
2690
- Add support for pacman package version query
2691
- Add support for persistent volume claims in kube files
2692
- Add support for --platform
2693
- Add systempaths=unconfined option
2694
- Add volume filters to system prune
2695
- Add volume prune --filter support
2696
- Allow podman push to push manifest lists
2697
- Allow users to specify TMPDIR in containers.conf
2698
- Always add the default gateway to the cni config file
2699
- Drop default log-level from error to warn
2700
- Enable short-name aliasing
2701
- Generate kube on multiple containers
2702
- Generate systemd: do not set `KillMode`
2703
- Image sign using per user registries.d
2704
- Implement pod-network-reload
2705
- Include named volumes in container migration
2706
- Initial implementation of renaming containers
2707
- Initial implementation of volume plugins
2708
- Network connect disconnect on non-running containers
2709
- Not use local image create/add manifest
2710
- Podman network label support
2711
- Prepare support in kube play for other volume types than hostPath
2712
- Remote copy
2713
- Remove the ability to use [name:tag] in podman load command
2714
- Remove varlink support from Podman
2715
- Sign multi-arch images
2716
- Support --network=default as if it was private
2717
- Support Unix timestamps for `podman logs --since`
2718
### Changes
2719
- Add LogSize to container inspect
2720
- Allow image errors to bubble up from lower level functions.
2721
- Change name of imageVolumes in container config JSON
2722
- Cleanup CNI Networks on reboot
2723
- Consolidate filter logic to pkg subdirectory
2724
- Make `podman stats` slirp check more robust
2725
- More /var/run -> /run
2726
- Prefer read/write images over read/only images
2727
- Refactor kube.ToSpecGen parameters to struct
2728
- Rename AutocompletePortCommand func
2729
- Repeat system pruning until there is nothing removed
2730
- Switch references of /var/run -> /run
2731
- Use HTTPProxy settings from containers.conf
2732
- Use Libpod tmpdir for pause path
2733
- Use Options as CRImportCheckpoint() argument
2734
- Use Options as exportCheckpoint() argument
2735
- Use PasswordCallback instead of Password for ssh
2736
- Use abi PodPs implementation for libpod/pods/json endpoint
2737
- Validate that the bridge option is supported
2738
- archive: move stat-header handling into copy package
2739
- libpod, conmon: change log level for rootless
2740
- libpod: change function to accept ExecOptions
2741
- libpod: handle single user mapped as root
2742
- make podman play use ENVs from image
2743
- pkg/copy: introduce a Copier
2744
- podman events allow future time for --until
2745
- podman.service should be an exec service not a notify service
2746
- rewrite podman-cp
2747
- rootless: add function to retrieve gid/uid mappings
2748
- rootless: automatically split userns ranges
2749
- runtime: set XDG_* env variables if missing
2750
- shell completion for the network flag
2751
- specgen: improve heuristic for /sys bind mount
2752
- systemd: make rundir always accessible
2753
### Bugfixes
2754
- Close image rawSource when each loop ends
2755
- Containers should not get inheritable caps by default
2756
- Correct port range logic for port generation
2757
- Correct which network commands can be run as rootless
2758
- Disable CGv1 pod stats on net=host post
2759
- Do not error on installing duplicate shutdown handler
2760
- Do not ignore infra command from config files
2761
- Do not mount sysfs as rootless in more cases
2762
- Do not pull if image domain is localhost
2763
- Do not use "true" after "syslog" in exit commands
2764
- Do not validate the volume source path in specgen
2765
- Don't accidently remove XDG_RUNTIME_DIR when reseting storage
2766
- Ensure that `podman play kube` actually reports errors
2767
- Ensure that user-specified HOSTNAME is honored
2768
- Ensure we do not edit container config in Exec
2769
- Exorcise Driver code from libpod/define
2770
- Expose Height/Width fields to decoder
2771
- Expose security attribute errors with their own messages
2772
- Fix Wrong image tag is used when creating a container from an image with multiple tags
2773
- Fix `podman images...` missing headers in table templates
2774
- Fix build for mips architecture
2775
- Fix build for mips architecture follow-up
2776
- Fix custom mac address with a custom cni network
2777
- Fix extra quotation mark in manpages.
2778
- Fix missing options in volumes display while setting uid and gid
2779
- Fix missing podman-container-rename man page link
2780
- Fix network ls --filter invalid value flake
2781
- Fix option names --subuidname and --subgidname
2782
- Fix panic in libpod images exists endpoint
2783
- Fix podman build --logfile
2784
- Fix podman logs read partial log lines
2785
- Fix problems reported by staticcheck
2786
- Fix problems with network remove
2787
- Fix shell completion for ps --filter ancestor
2788
- Fix some nit
2789
- Fix spelling mistakes
2790
- Fix storage.conf to define driver in the VM
2791
- Fix support for rpmbuild < 4.12.0.
2792
- Fix: unpause not supported for CGv1 rootless
2793
- Fxes /etc/hosts duplicated every time after container restarted in a pod
2794
- Handle --rm when starting a container
2795
- Handle podman exec capabilities correctly
2796
- Honor the --layers flag
2797
- Ignore containers.conf sysctls when sharing namespaces
2798
- Improve error message when the the podman service is not enabled
2799
- Make podman generate systemd --new flag parsing more robust
2800
- Pass down EnableKeyring from containers.conf to conmon
2801
- Properly handle --cap-add all when running with a --user flag
2802
- Revert "Allow multiple --network flags for podman run/create"
2803
- Revert e6fbc15f26b2a609936dfc11732037c70ee14cba
2804
- Revert the custom cobra vendor
2805
- Rework pruning to report reclaimed space
2806
- Set NetNS mode instead of value
2807
- The slirp4netns sandbox requires pivot_root
2808
- close journald when reading
2809
- container create: do not clear image name
2810
- container stop: release lock before calling the runtime
2811
- exec: honor --privileged
2812
- fix: disable seccomp by default when privileged.
2813
- image list: ignore bare manifest list
2814
- network: disallow CNI networks with user namespaces
2815
- oci: keep LC_ env variables to conmon
2816
- oci: use /proc/self/fd/FD to open unix socket
2817
- pass full NetworkMode to ParseNetworkNamespace
2818
- play kube: fix args/command handling
2819
- play kube: set entrypoint when interpreting Command
2820
- podman build --force-rm defaults to true in code
2821
- podman logs honor stderr correctly
2822
- podman, exec: move conmon to the correct cgroup
2823
- podman-remote fix sending tar content
2824
- podman: drop checking valid rootless UID
2825
- re-open container log files
2826
- security: honor systempaths=unconfined for ro paths
2827
### API
2828
- Add API for communicating with Docker volume plugins
2829
- Change bindings to stop two API calls for ping
2830
- Close the stdin/tty when using podman as a restAPI.
2831
- Compat api containers/json add support for filters
2832
- Container rename bindings
2833
- Do not pass name argument to Load API
2834
- Docker compat API - /images/search returns wrong structure (#7857)
2835
- Docker compat API - containers create ignores the name
2836
- Fix some network compat api problems
2837
- Jira RUN-1106 Container handlers updates
2838
- Jira RUN-1106 Image handlers updates
2839
- Jira RUN-1106 Network handlers updates
2840
- Jira RUN-1106 System handlers updates
2841
- Jira RUN-1106 Volumes handlers updates
2842
- Makefile: add target to generate bindings
2843
- More docker compat API fixes
2844
- Podman image bindings for 3.0
2845
- REST API v2 - ping - fix typo in header
2846
- REST API v2 - ping - remove newline from response to improve Docker compatibility
2847
- Reduce general binding binary size
2848
- Restore compatible API for prune endpoints
2849
- compat create should use bindings
2850
- hack/podman-socat captures the API stream
2851
- libpod API: pull: fix channel race
2852
- misc bindings to podman v3
2853
- pkg/copy: add parsing API
2854
- podman v3 container bindings
2855
- podman v3 pod bindings
2856
### Misc
2857
- Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0
2858
- Bump github.com/containers/common from 0.30.0 to 0.31.1
2859
- Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0
2860
- Bump github.com/containers/storage from 1.24.1 to 1.24.5
2861
- Bump github.com/cri-o/ocicni to latest master
2862
- Bump github.com/google/uuid from 1.1.2 to 1.1.5
2863
- Bump github.com/onsi/gomega from 1.10.3 to 1.10.4
2864
- Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
2865
- Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
2866
- Bump k8s.io/apimachinery from 0.19.4 to 0.20.2
2867
- Bump master to v3.0.0-dev
2868
- Bump to containers/buildah 1.9.2
2869
- Bump version in README to v2.2.0
2870
- vendor containers/psgo@v1.5.2
2871
2872
- Update storagever to 1.24.8
2873
2874
1.24.8:
2875
2876
Call recreateSymlinks when not found during Readlink
2877
homedir: add GetCacheHome
2878
2879
2880
1.24.7:
2881
2882
ignore metacopy option on kernels that do not support it
2883
2884
2885
1.24.6:
2886
2887
overlay: force metacopy=on for naivediff
2888
2889
- Update imagever to 5.10.4
2890
2891
5.10.4:
2892
2893
* copy: compute blob compression on reused blobs based on source MediaType
2894
* copy: provide compression info about copied blobs
2895
2896
5.10.3:
2897
2898
* place shortnames in `~/.cache` not `~/.config/.cache`
2899
2900
5.10.2:
2901
2902
* short-name-aliases.conf: use cache folders instead of $HOME
2903
2904
Note: the v5.10.x series is now cut from the `release-v5.10` branch.
2905
2906
5.10.1:
2907
2908
Fix segfault if sys is not defined.
2909
2910
5.10.0:
2911
2912
- tarball: fix example code
2913
- Bump github.com/ulikunitz/xz from 0.5.8 to 0.5.9
2914
- Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
2915
- Bump github.com/vbauerster/mpb/v5 from 5.3.0 to 5.4.0
2916
- Add DockerLogMirrirChoice to ctx for log
2917
- Rename variables in pkg/docker/config tests
2918
- Fix pkg/docker/config tests on non-Linux systems
2919
- Add macOS test cases to GetPathToAuth
2920
- Fix docker tests with recent c/storage
2921
- Fix signature tests with recent c/storage
2922
- Fix sysregistriesv2 tests with recent c/storage
2923
- Fix pkg/docker/config tests with recent c/storage
2924
- Bump github.com/containers/storage from 1.23.7 to 1.24.5
2925
- Bump github.com/klauspost/compress from 1.11.3 to 1.11.6
2926
- Enable subdomain matching in policy.json
2927
- Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
2928
- Bump github.com/klauspost/compress from 1.11.6 to 1.11.7
2929
- ostree.TestReferenceSignaturePath: fix a compiler warning in a test
2930
- manifest: add a test for UpdatedMIMEType
2931
- blobinfocache: track compression types for locations
2932
- Actually make a copy of ctx as the comment claims
2933
- Actually use the SystemContext copy in the one place that matters
2934
- Update golangci-lint
2935
- Clarify the canModifyBlob condition in copyBlobFromStream
2936
- Cleanup description of shortname expansion
2937
- Allow callers to set the MaxParallelDownloads field
2938
- Fix up errors linter is complaining about
2939
- Set a default User-Agent if unset
2940
2941
-------------------------------------------------------------------
2942
Tue Jan 12 08:43:22 UTC 2021 - Sascha Grunert <sgrunert@suse.com>
2943
2944
- Update common to 0.33.0:
2945
2946
v0.33:
2947
seccomp: drop 'vmsplice' from the allowed list
2948
Add new function to setup default environment
2949
Implement secrets pkg: backend and filedriver
2950
2951
v0.32:
2952
Do not retry on most syscall failures
2953
Set http_proxy default to true
2954
Add new completion functions for Arch and Os.
2955
2956
v0.31:
2957
Switch default runtime from runc to crun
2958
Add a volume plugins field to containers.conf
2959
Remove libpod.conf
2960
2961
v0.30:
2962
Add ability to set system wide options for slirp4netns
2963
2964
v0.29:
2965
Remove stutter APIs from pkg/umask and pkg/subscriptions.
2966
2967
v0.28:
2968
Add support for enabling/disabling kernel keyring in engines
2969
We should not be setting a default infra command.
2970
Print the error to log info
2971
Move buildah/pkg/secrets to common/pkg/subscriptions
2972
Move some volume and device parsing from buildah to common
2973
2974
v0.27:
2975
fix: Set ping_group_range to 0 0 by default
2976
Allow users to customer the --remote flag to be on by default.
2977
2978
v0.26:
2979
Consolidate reporting functions from Buildah and Podman.
2980
Update pkg/report to consolidate --format flag handling between Buildah and Podman and eventually Skopeo.
2981
2982
v0.25:
2983
Common library now has pkg/formats pulled out of containers/buildah to make it easier to share with other tools.
2984
Recommended containers.conf is also now available to be used by distros and CI/CD systems.
2985
2986
v0.24:
2987
Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
2988
Add shared autocomplete functions for podman/buildah
2989
2990
v0.23:
2991
Allow users to specify the default format for image builds
2992
Shell Completion with cobra for login/logout flags
2993
remove fchmodat2 from seccomp.json file
2994
Add support for CONTAINER_CONNECTION environment variable
2995
Bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
2996
Allow pidfd_getfd by default in seccomp.json
2997
Fix problems found by codespell
2998
2999
v0.22:
3000
Add new syscalls to allowed seccomp.json
3001
ValidatePullPolicy case-insensitive
3002
Update default seccomp rules to match fedora rules
3003
Bump github.com/onsi/gomega from 1.10.1 to 1.10.2
3004
Bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
3005
Bump github.com/containers/storage from 1.23.3 to 1.23.5
3006
Add seccomp validation unit test for failing BuildProfile()
3007
3008
v0.21:
3009
Add BuildFilter() and ValidateProfile() API
3010
Add FindAppArmorParserBinary() helper
3011
Add mock'able unit tests and move package to `internal`
3012
Add owners file
3013
Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
3014
Bump github.com/containers/storage from 1.23.2 to 1.23.3
3015
Bump golang to 1.15
3016
Change fmt.Errorf calls to be replaced by errors package
3017
Enable retry EOF from http request
3018
Fix all gocritic lints
3019
Fix nested elseif
3020
Migrate seccomp/containers-golang
3021
RetryIfNecessary: add a field for setting the delay in RetryOptions
3022
Update golangci-lint and add config
3023
Update pkg/config/config_darwin.go
3024
Update pkg/config/config_linux.go
3025
Update pkg/config/config_windows.go
3026
Update pkg/retry/retry.go
3027
Validate that apparmor_parser is available on the system
3028
begin migration off travis
3029
containers.conf: Fix ulimits nofile example syntax
3030
fix windows containers.conf path
3031
getCustomConfigFile for windows and darwin
3032
3033
v0.20:
3034
multi_image_archive: add option for `podman save`
3035
Wrap AppArmor errors to provide more debug information
3036
Omit apparmor_parser warnings when parsing the version
3037
Support different zoneinfo locations
3038
Do not mention libpod.conf if no files found
3039
3040
v0.19:
3041
Vendor in containers/storage v1.23.0
3042
Fix duplicated code found by codeverity.
3043
Export NormalizeCapabilities function
3044
Use homedir.GetConfigHome()
3045
Respect XDG_CONFIG_HOME for policy.json and cni
3046
Fix documentation
3047
hooks_dir_path was in wrong location, should be under Enigine section
3048
Fix deprecation warnings about libpod.conf and raise log level
3049
3050
v0.18:
3051
Move retry code to pkg/retry
3052
Bump github.com/containers/storage from 1.21.1 to 1.21.2
3053
3054
v0.17:
3055
Add retry helper functions
3056
Remove extra lock in Reload function
3057
3058
v0.16:
3059
Add support for Umask
3060
Fix config reload race
3061
Add support for multiple service destinations
3062
Bump github.com/containers/storage from 1.21.0 to 1.21.1
3063
Add config reload
3064
Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
3065
Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
3066
3067
v0.15:
3068
Add support for timezone
3069
Specify container engine in comments of engine env
3070
Add env to [engines] for engine to use
3071
Fix location of stop_timeout in default containers.conf
3072
Bump github.com/containers/image/v5 from 5.4.4 to 5.5.1
3073
Fix testing to not race on containers.conf
3074
pkg/version -> version
3075
Move pkg/version to version to be consistent with other libraries in c/image.
3076
Fixup handling of remote_uri for documentation
3077
Add script to rebuild images on quay.io
3078
Fix AppArmor profile prefix and name
3079
Change AppArmor profile prefix and fix name-check
3080
3081
- Update image to 5.9.0:
3082
3083
v5.5.0:
3084
* Add Security Policy
3085
* Bump to v5.5.0-dev again
3086
* Bump github.com/containers/storage from 1.19.1 to 1.19.2
3087
* Add debug line to get Content-Type from manifests
3088
* Add defaults for using the rootless policy path
3089
* Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0
3090
* Bump github.com/klauspost/pgzip from 1.2.3 to 1.2.4
3091
* pkg/docker/config/ModifyJSON: fix MkdirAll usage
3092
* Bump github.com/vbauerster/mpb/v5 from 5.0.4 to 5.2.1
3093
* Bump github.com/containers/storage from 1.19.2 to 1.20.1
3094
* Bump github.com/klauspost/compress from 1.10.5 to 1.10.6
3095
* Bump github.com/vbauerster/mpb/v5 from 5.2.1 to 5.2.2
3096
* Go module noise
3097
* Fix crash on inspecting an OCI image with no config
3098
* Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2
3099
* Add hardcode Authfile for windows and mac
3100
* docker/config: initialize dockerConfigFile
3101
* docker/config: add `GetAllCredentials`
3102
* Bump github.com/stretchr/testify from 1.5.1 to 1.6.0
3103
* Bump github.com/klauspost/compress from 1.10.6 to 1.10.7
3104
* Bump github.com/containers/storage from 1.20.1 to 1.20.2
3105
* Add documentation for credHelper
3106
* Fix error messages on !canModifyManifest
3107
* Add support for ProgressEventSkipped
3108
* Bump github.com/stretchr/testify from 1.6.0 to 1.6.1
3109
* Bump github.com/klauspost/compress from 1.10.7 to 1.10.8
3110
* oci: don't overwrite tags pointing at the same manifest
3111
* oci test: simplify length calculation
3112
3113
v5.5.1:
3114
because the Go proxy caches an old version of the 5.5.0 tag, making
3115
it difficult to use 5.5.0.
3116
3117
v5.5.2:
3118
* backports pagination fix
3119
3120
v5.6.0:
3121
* When we can't store signatures, point the user at the destination.
3122
* Update for https://github.com/containers/skopeo/pull/932
3123
* Refactor configPath API
3124
* Load the rootless registries.conf.d for override
3125
* docker config: clean up after test
3126
* blobinfocache: clean up after test
3127
* enable search using pagination
3128
* pkg/docker/config: correct default file mode when create auth.json file
3129
* Update to Go 1.13
3130
* Coverity found potential nil dereference
3131
* Look for normalized paths in tarfile.
3132
* Move docker/tarfile.Destination to docker/internal/tarfile.Destination
3133
* Use the docker/internal/tarfile.Destination from docker/daemon and docker/archive
3134
* Remove deprecated non-SystemContext functions from docker/internal.tarfile
3135
* Introduce Destination.configPath and Destination.physicalLayerPath
3136
* Split docker/internal.tarfile.Writer from Destination
3137
* Move createRepositoriesFile to a bit better place
3138
* Split Writer.createManifest from Destination.PutManifest
3139
* Reorganize docker/internal/tarfile.Writer.createManifest a bit
3140
* Move the computation of layerPaths in docker-archive
3141
* Implement writing multiple images in the modern format.
3142
* Split createSingleLegacyLayer from writeLegacyLayerMetadata
3143
* Move legacy layer ID computation to a bit later
3144
* Merge writeLegacyMetadata and createRepositoriesFile
3145
* Implement writing multiple images in the legacy format
3146
* Separate tarfile.Writer creation from Destination creation
3147
* Lock docker/internal/tarfile.Writer to support concurrent uses
3148
* Split openArchiveForWriting from docker/archive/newImageDestination
3149
* Finally, introduce docker/archive.Writer
3150
* use container/storage/pkg/homedir
3151
* Fix an error message on docker-archive:path:name@sha256:$digest
3152
* Move docker/tarfile.Source to docker/internal/tarfile.Source
3153
* Use the docker/internal/tarfile.Source from docker/daemon and docker/archive
3154
* Remove deprecated non-SystemContext functions from docker/internal/tarfile
3155
* Split docker/internal/tarfile.Reader from Source
3156
* Separate tarfile.Reader creation from Source creation
3157
* Read the tarfile manifest already when initializing tarfile.Reader
3158
* Turn tarfile.Source.LoadTarManifest into a TarManifest
3159
* Allow choosing an image from tarfile.Reader by reference
3160
* Introduce docker-archive:path:@index syntax for reading untagged images
3161
* Introduce docker/archive.Reader
3162
* Finally, share a tarfile.Reader across archiveSource objects
3163
* Add docker/archive.NewReaderForReference
3164
* Add docker/archive.Reader.ManifestTagsForReference
3165
* Support per user registries.d
3166
* Move TestInvalidPolicyFormatError
3167
* Reduce duplication in policy_config_test.go
3168
* Eliminate more duplication in signature/policy_config_tests.go
3169
* Return error body if UnexpectedHTTPResponseError
3170
* Set NoLchown to true in untar opts
3171
3172
v5.7.0:
3173
* add comment on CVE-2020-15157
3174
* Bump github.com/containers/storage from 1.23.5 to 1.23.6
3175
* Search credentials under XDG_CONFIG_HOME
3176
* Bump github.com/klauspost/compress from 1.11.0 to 1.11.1
3177
* Use $DOCKER_CONFIG/config.json to match the docker CLI.
3178
* Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
3179
* Regenerate oci/layout fixture certificates
3180
* Extend the lifetime of test certificates to 10 years
3181
* Set default rootless sigstore
3182
* Update copier/imagecopier to fix race
3183
* Fix problems found by codespell
3184
3185
v5.8.0:
3186
* pkg/shortnames
3187
* Finally, split configuration loading and merging
3188
* Reorder merging code in loadConfig to match field order in V2RegistriesConf
3189
* Remove "TODO: separate upper format from internal data below:"
3190
* Move shortNameMode from V2RegistriesConf to parsedConfig
3191
* Behavior change: Move unqualifiedSearchRegistriesOrigin to parsedConfig
3192
* Deprecate TryUpdatingCache return value, warn about parsedConfig.v2
3193
* Some progress: Move aliasCache out of V2RegistriesConf to parsedConfig
3194
* Add a parsedConfig return value to loadConfigFile
3195
* Split shortNameAliasCache.updateWithConfigurationFrom from loadConfig
3196
* Move the creation of shortNameAliasCache to loadConfigFile
3197
* Rename shortNameAliasConf.parseAndValidate to newShortNameAliasCache
3198
* Move the allocation of an empty alias map to editShortNameAlias
3199
* Bump github.com/klauspost/compress from 1.11.1 to 1.11.2
3200
* Split shortNameAliasCache from shortNameAliasConf
3201
* Split the error and success return paths of shortNameAliasConf.parseAndValidate
3202
* Sort Registries in V2RegistriesConf.postProcess
3203
* Make it clearer that .postProcessRegistries() is called on the V2RegistriesConf data
3204
* Make tomlConfig private
3205
* Split loadConfigFile from loadConfig
3206
* Make loadConfig a method on parsedConfig instead of tomlConfig
3207
* Introduce sysregistriesv2.parsedConfig, use it for configCache
3208
* Don't hard-code cache implementation details in tests
3209
* Add a test for correctly merging unqualified-search-registries
3210
* sysregistriesv2: short-name aliasing
3211
* Add GetDigest method to retrieve digest from manifest HEAD request
3212
* Fix misleading network error
3213
* Bump github.com/containers/storage from 1.23.6 to 1.23.7
3214
* docs: update reference to containers-registeries.d.md
3215
3216
v5.9.0:
3217
* copy: check our assumptions about compression
3218
* Add a signedIdentity choice "type": "remapIdentity"
3219
* shortnames: error if there's no alias and no search registries
3220
3221
- Update podman to 2.2.1
3222
3223
v2.2.1
3224
3225
### Changes
3226
- Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using `--mount type=image`) were handled in the database. As a result, containers created in Podman 2.2.0 with image volumes will not have them in v2.2.1, and these containers will need to be re-created.
3227
3228
### Bugfixes
3229
- Fixed a bug where rootless Podman would, on systems without the `XDG_RUNTIME_DIR` environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start ([#8539](https://github.com/containers/podman/issues/8539)).
3230
- Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors ([#8613](https://github.com/containers/podman/issues/8613)).
3231
- Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running.
3232
- Fixed a bug where the `podman system reset` command would print a warning about a duplicate shutdown handler being registered.
3233
- Fixed a bug where rootless Podman would attempt to mount `sysfs` in circumstances where it was not allowed; some OCI runtimes (notably `crun`) would fall back to alternatives and not fail, but others (notably `runc`) would fail to run containers.
3234
- Fixed a bug where the `podman run` and `podman create` commands would fail to create containers from untagged images ([#8558](https://github.com/containers/podman/issues/8558)).
3235
- Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
3236
- Fixed a bug where the `podman exec` command did not move the Conmon process for the exec session into the correct cgroup.
3237
- Fixed a bug where shell completion for the `ancestor` option to `podman ps --filter` did not work correctly.
3238
- Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if `--rm` was set) if the Podman command that created them was invoked with `--log-level=debug`.
3239
3240
### API
3241
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the `Binds` and `Mounts` parameters in `HostConfig`.
3242
- Fixed a bug where the Compat Create endpoint for Containers ignored the `Name` query parameter.
3243
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the "default" value for `NetworkMode` (this value is used extensively by `docker-compose`) ([#8544](https://github.com/containers/podman/issues/8544)).
3244
- Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the `target` query parameter as the image's tag.
3245
3246
### Misc
3247
- Podman v2.2.0 vendored a non-released, custom version of the `github.com/spf13/cobra` package; this has been reverted to the latest upstream release to aid in packaging.
3248
- Updated the containers/image library to v5.9.0
3249
3250
v2.2.0
3251
3252
### Features
3253
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing) and [here](https://www.redhat.com/sysadmin/container-image-short-names).
3254
- Initial support has been added for the `podman network connect` and `podman network disconnect` commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify `--network=none` when they were created.
3255
- The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Aliases can also be added and removed using the new `podman network connect` and `podman network disconnect` commands. Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks.
3256
- The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)).
3257
- The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)).
3258
- The `podman play kube` command now supports persistent volumes claims using Podman named volumes.
3259
- The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)).
3260
- The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers.
3261
- The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles.
3262
- The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)).
3263
- The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)).
3264
- The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location.
3265
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added.
3266
- The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)).
3267
- The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)).
3268
- The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster.
3269
- The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository.
3270
- The `podman search` command can now output JSON using the `--format=json` option.
3271
- The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
3272
- The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
3273
- The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman.
3274
- The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)).
3275
- The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option.
3276
- The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option.
3277
- The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`.
3278
- The `name` and `id` filters for `podman pod ps` now match based on a regular expression, instead of requiring an exact match.
3279
- The `podman pod ps` command now supports a new filter `status`, that matches pods in a certain state.
3280
3281
### Changes
3282
- The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)).
3283
- The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given.
3284
- If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
3285
- Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`).
3286
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
3287
- The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release.
3288
- The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work.
3289
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)).
3290
- The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)).
3291
- A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`.
3292
- Podman will now print a warning when conflicting network options related to port forwarding (e.g. `--publish` and `--net=host`) are specified when creating a container.
3293
- The `--restart on-failure` and `--rm` options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly ([#7906](https://github.com/containers/podman/issues/7906)).
3294
- Remote Podman will no longer use settings from the client's `containers.conf`; defaults will instead be provided by the server's `containers.conf` ([#7657](https://github.com/containers/podman/issues/7657)).
3295
- The `podman network rm` command now has a new alias, `podman network remove` ([#8402](https://github.com/containers/podman/issues/8402)).
3296
3297
### Bugfixes
3298
- Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
3299
- Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)).
3300
- Fixed a bug where the `--pull` option to `podman run`, `podman create`, and `podman build` did not match Docker's behavior.
3301
- Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl.
3302
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
3303
- Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable.
3304
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)).
3305
- Fixed a bug where the `podman untag --all` command was not supported with remote Podman.
3306
- Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)).
3307
- Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present.
3308
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
3309
- Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)).
3310
- Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)).
3311
- Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)).
3312
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)).
3313
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)).
3314
- Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)).
3315
- Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)).
3316
- Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)).
3317
- Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up.
3318
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)).
3319
- Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)).
3320
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
3321
- Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)).
3322
- Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)).
3323
- Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)).
3324
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)).
3325
- Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running.
3326
- Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)).
3327
- Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)).
3328
- Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)).
3329
- Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted.
3330
- Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)).
3331
- Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)).
3332
- Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)).
3333
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations.
3334
- Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)).
3335
- Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)).
3336
- Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing.
3337
- Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions.
3338
- Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)).
3339
- Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context).
3340
- Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)).
3341
- Fixed a bug where the `--extract` option to `podman cp` was nonfunctional.
3342
- Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)).
3343
- Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)).
3344
- Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)).
3345
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)).
3346
- Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)).
3347
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)).
3348
- Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)).
3349
- Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed.
3350
- Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)).
3351
- Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)).
3352
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)).
3353
- Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)).
3354
- Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)).
3355
- Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)).
3356
- Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)).
3357
- Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)).
3358
- Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)).
3359
- Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)).
3360
- Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it).
3361
- Fixed a bug where the `podman network rm` command would error when trying to remove `macvlan` networks and rootless CNI networks ([#8491](https://github.com/containers/podman/issues/8491)).
3362
- Fixed a bug where Podman was not setting sane defaults for missing `XDG_` environment variables.
3363
- Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server ([#8473](https://github.com/containers/podman/issues/8473)).
3364
- Fixed a bug where the `podman manifest create` and `podman manifest add` commands on local images would drop any images in the manifest not pulled by the host.
3365
- Fixed a bug where networks made by `podman network create` did not include the `tuning` plugin, and as such did not support setting custom MAC addresses ([#8385](https://github.com/containers/podman/issues/8385)).
3366
- Fixed a bug where container healthchecks did not use `$PATH` when searching for the Podman executable to run the healthcheck.
3367
- Fixed a bug where the `--ip-range` option to `podman network create` did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment ([#8448](https://github.com/containers/podman/issues/8448)).
3368
- Fixed a bug where the `podman container ps` alias for `podman ps` was missing ([#8445](https://github.com/containers/podman/issues/8445)).
3369
3370
### API
3371
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
3372
- A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)).
3373
- The Compat Network Connect and Network Disconnect endpoints have been added.
3374
- Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration.
3375
- The Compat Create endpoint for images now properly supports specifying images by digest.
3376
- The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions.
3377
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
3378
- Fixed a bug where the Ping endpoint misspelled a header name (`Libpod-Buildha-Version` instead of `Libpod-Buildah-Version`).
3379
- Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
3380
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
3381
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)).
3382
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)).
3383
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)).
3384
- Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
3385
- Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with `CAP_` (Docker does not do so).
3386
- Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
3387
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)).
3388
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)).
3389
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)).
3390
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
3391
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client.
3392
- Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response.
3393
- Fixed a bug where the Compat Inspect endpoint for images would omit the `ParentId` field if the image had no parent, and the `Created` field if the image did not have a creation time.
3394
- Fixed a bug where the Compat Remove endpoint for Networks did not support the `Force` query parameter.
3395
3396
### Misc
3397
- Updated Buildah to v1.18.0
3398
- Updated the containers/storage library to v1.24.1
3399
- Updated the containers/image library to v5.8.1
3400
- Updated the containers/common library to v0.27.0
3401
3402
v2.2.0-rc2
3403
3404
APIv2
3405
* Fix Bugs and compatability
3406
* Fix list of images - mandatory Created attribute
3407
* Add network connect|disconnect compat endpoints
3408
Missing Commands
3409
* Add alias for podman network rm -> remove
3410
* Add podman container ps command
3411
Missing Options support
3412
* Align the podman pod ps --filter behavior with podman ps
3413
* Allow containers to --restart on-failure with --rm
3414
* Allow multiple --network flags for podman run/create
3415
Documentation:
3416
* Containers.conf settings for remote connections
3417
* Specify what the replace flag replaces in help text
3418
* Clarify ps(1) fallback of `podman top`
3419
Improve shell completions
3420
Bugs
3421
* Fix ip-range for classless subnet masks
3422
* Make c.networks() list include the default network
3423
* Make podman service log events
3424
* Set PATH env in systemd timer.
3425
* Fix container cgroup lookup
3426
v2.2.0-RC1
3427
3428
This is the first release candidate for Podman v2.2.0. Preliminary release notes are below:
3429
3430
## 2.2.0
3431
### Features
3432
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing).
3433
- The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)).
3434
- The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)).
3435
- The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)).
3436
- The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers.
3437
- The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles.
3438
- The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks.
3439
- The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)).
3440
- The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)).
3441
- The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location.
3442
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added.
3443
- The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)).
3444
- The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)).
3445
- The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster.
3446
- The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository.
3447
- The `podman search` command can now output JSON using the `--format=json` option.
3448
- The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
3449
- The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
3450
- The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman.
3451
- The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)).
3452
- The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option.
3453
- The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option.
3454
- The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`.
3455
- The `name` filter for `podman pod ps` now matches based on a regular expression, instead of requiring an exact match.
3456
3457
### Changes
3458
- The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)).
3459
- The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given.
3460
- If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
3461
- Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`).
3462
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
3463
- The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release.
3464
- The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work.
3465
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)).
3466
- The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)).
3467
- A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`.
3468
3469
### Bugfixes
3470
- Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
3471
- Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)).
3472
- Fixed a bug where the `--pull` option to `podman run`, `podman create`, and `podman build` did not match Docker's behavior.
3473
- Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl.
3474
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
3475
- Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable.
3476
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)).
3477
- Fixed a bug where the `podman untag --all` command was not supported with remote Podman.
3478
- Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)).
3479
- Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present.
3480
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
3481
- Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)).
3482
- Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)).
3483
- Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)).
3484
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)).
3485
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)).
3486
- Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)).
3487
- Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)).
3488
- Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)).
3489
- Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up.
3490
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)).
3491
- Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)).
3492
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
3493
- Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)).
3494
- Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)).
3495
- Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)).
3496
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)).
3497
- Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running.
3498
- Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)).
3499
- Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)).
3500
- Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)).
3501
- Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted.
3502
- Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)).
3503
- Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)).
3504
- Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)).
3505
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations.
3506
- Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)).
3507
- Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)).
3508
- Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing.
3509
- Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions.
3510
- Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)).
3511
- Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context).
3512
- Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)).
3513
- Fixed a bug where the `--extract` option to `podman cp` was nonfunctional.
3514
- Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)).
3515
- Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)).
3516
- Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)).
3517
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)).
3518
- Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)).
3519
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)).
3520
- Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)).
3521
- Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed.
3522
- Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)).
3523
- Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)).
3524
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)).
3525
- Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)).
3526
- Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)).
3527
- Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)).
3528
- Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)).
3529
- Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)).
3530
- Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)).
3531
- Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)).
3532
- Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it).
3533
3534
### API
3535
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
3536
- A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)).
3537
- The Compat Network Connect and Network Disconnect endpoints have been added.
3538
- Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration.
3539
- The Compat Create endpoint for images now properly supports specifying images by digest.
3540
- The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions.
3541
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
3542
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
3543
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)).
3544
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)).
3545
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)).
3546
- Fixed a bug where the Compat Inspect endpoint for Containers did not include complete network information on the container.
3547
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)).
3548
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)).
3549
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)).
3550
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
3551
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client.
3552
- Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response.
3553
3554
### Misc
3555
- Updated Buildah to v1.18.0
3556
- Updated the containers/storage library to v1.24.0
3557
- Updated the containers/image library to v5.8.0
3558
- Updated the containers/common library to v0.27.0
3559
3560
v2.1.1
3561
3562
### Changes
3563
- The `podman info` command now includes the cgroup manager Podman is using.
3564
3565
### Bugfixes
3566
- Fixed a bug where Podman would not build with the `varlink` build tag enabled.
3567
- Fixed a bug where the `podman save` command could, when asked to save multiple images, write its progress bar to the archive instead of the terminal, producing a corrupted archive.
3568
- Fixed a bug where the `json-file` log driver did not write logs.
3569
- Fixed a bug where `podman-remote start --attach` did not properly handle detaching using the detach keys.
3570
- Fixed a bug where `podman pod ps --filter label=...` did not work.
3571
- Fixed a bug where the `podman build` command did not respect the `--runtime` flag.
3572
3573
### API
3574
- The REST API now includes a Server header in all responses.
3575
- Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container.
3576
- Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter.
3577
- Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error.
3578
- Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) ([#7722](https://github.com/containers/podman/issues/7722)).
3579
- The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release.
3580
3581
v2.1.0
3582
3583
### Features
3584
- A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)).
3585
- The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)).
3586
- Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks.
3587
- The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present.
3588
- The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)).
3589
- The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
3590
- The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications.
3591
- The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units.
3592
- The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)).
3593
- The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
3594
- The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)).
3595
- The `podman play kube` command now supports read-only mounts.
3596
- The `podman play kube` command now supports setting labels on pods from Kubernetes metadata labels.
3597
- The `podman play kube` command now supports setting container restart policy ([#7656](https://github.com/containers/podman/issues/7656)).
3598
- The `podman play kube` command now properly handles `HostAlias` entries.
3599
- The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries.
3600
- The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods.
3601
- The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container).
3602
- The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container.
3603
- The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)).
3604
- Environment variables for Podman can now be added in the `containers.conf` configuration file.
3605
- The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal.
3606
- The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem.
3607
- Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems.
3608
- The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran.
3609
- A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called.
3610
- The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options.
3611
3612
### Security
3613
- This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API.
3614
3615
### Changes
3616
- Podman will now retry pulling an image 3 times if a pull fails due to network errors.
3617
- The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did.
3618
- Error messages when creating a container or pod with a name that is already in use have been improved.
3619
- For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`.
3620
- The `podman system reset` command no longer removes configuration files for rootless Podman.
3621
3622
### Bugfixes
3623
- Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)).
3624
- Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)).
3625
- Fixed a bug where privileged containers would still configure an AppArmor profile.
3626
- Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)).
3627
- Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman.
3628
- Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)).
3629
- Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)).
3630
- Fixed a bug where input to the `--log-level` option was no longer case-insensitive.
3631
- Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)).
3632
- Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory.
3633
- Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)).
3634
- Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)).
3635
- Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)).
3636
- Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands.
3637
- Fixed a bug where the `podman build --logfile` command would segfault.
3638
- Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)).
3639
- Fixed a bug where the `podman ps` was ignoring the `--latest` flag.
3640
- Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)).
3641
- Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional.
3642
- Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional.
3643
- Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system.
3644
- Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)).
3645
- Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)).
3646
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)).
3647
- Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)).
3648
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)).
3649
- Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)).
3650
- Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)).
3651
- Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)).
3652
- Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)).
3653
- Fixed a bug where `podman images -a` would break if any image pulled by digest was present in the store ([#7651](https://github.com/containers/podman/issues/7651)).
3654
- Fixed a bug where the `--mount` option to `podman run` and `podman create` required the `type=` parameter to be passed first ([#7628](https://github.com/containers/podman/issues/7628)).
3655
- Fixed a bug where the `--infra-command` parameter to `podman pod create` was nonfunctional.
3656
- Fixed a bug where `podman auto-update` would fail for any container started with `--pull=always` ([#7407](https://github.com/containers/podman/issues/7407)).
3657
- Fixed a bug where the `podman wait` command would only accept a single argument.
3658
- Fixed a bug where the parsing of the `--volumes-from` option to `podman run` and `podman create` was broken, making it impossible to use multiple mount options at the same time ([#7701](https://github.com/containers/podman/issues/7701)).
3659
- Fixed a bug where the `podman exec` command would not join executed processes to the container's supplemental groups if the container was started with both the `--user` and `--group-add` options.
3660
- Fixed a bug where the `--iidfile` option to `podman-remote build` was nonfunctional.
3661
3662
### API
3663
- The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API.
3664
- Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
3665
- Added an endpoint for generating systemd unit files for containers.
3666
- The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)).
3667
- The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
3668
- The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
3669
- The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)).
3670
- Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
3671
- Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
3672
- Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
3673
- Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
3674
- Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
3675
- Added a `noTrunc` option to the Libpod image search endpoint.
3676
- Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)).
3677
- Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)).
3678
- Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
3679
- The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)).
3680
- Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.
3681
- Fixed a bug where Pull endpoints did not stream progress back to the client.
3682
- The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker.
3683
- All non-hijacking responses to API requests should not include headers with the version of the server.
3684
- Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred ([#7263](https://github.com/containers/podman/issues/7263)).
3685
- Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client.
3686
- Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting.
3687
- Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly.
3688
- Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format ([#7196](https://github.com/containers/podman/issues/7196)).
3689
3690
### Misc
3691
- Updated Buildah to v1.16.1
3692
- Updated the containers/storage library to v1.23.5
3693
- Updated the containers/image library to v5.6.0
3694
- Updated the containers/common library to v0.22.0
3695
3696
v2.1.0-RC2
3697
3698
This is the second release candidate for Podman v2.1.0.
3699
v2.1.0-RC1
3700
3701
This is the first release candidate of Podman v2.1.0. Preliminary release notes are attached below:
3702
3703
### Features
3704
- A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)).
3705
- The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)).
3706
- Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks.
3707
- The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present.
3708
- The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)).
3709
- The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
3710
- The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications.
3711
- The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units.
3712
- The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)).
3713
- The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
3714
- The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)).
3715
- The `podman play kube` command now supports read-only mounts.
3716
- The `podman play kube` command now properly handles `HostAlias` entries.
3717
- The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries.
3718
- The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods.
3719
- The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container).
3720
- The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container.
3721
- The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)).
3722
- Environment variables for Podman can now be added in the `containers.conf` configuration file.
3723
- The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal.
3724
- The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem.
3725
- Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems.
3726
- The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran.
3727
- A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called.
3728
- The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options.
3729
3730
### Changes
3731
- Podman will now retry pulling an image 3 times if a pull fails due to network errors.
3732
- The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did.
3733
- Error messages when creating a container or pod with a name that is already in use have been improved.
3734
- For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`.
3735
- The `podman system reset` command no longer removes configuration files for rootless Podman.
3736
3737
### Bugfixes
3738
- Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)).
3739
- Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)).
3740
- Fixed a bug where privileged containers would still configure an AppArmor profile.
3741
- Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)).
3742
- Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman.
3743
- Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)).
3744
- Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)).
3745
- Fixed a bug where input to the `--log-level` option was no longer case-insensitive.
3746
- Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)).
3747
- Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory.
3748
- Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)).
3749
- Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)).
3750
- Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)).
3751
- Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands.
3752
- Fixed a bug where the `podman build --logfile` command would segfault.
3753
- Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)).
3754
- Fixed a bug where the `podman ps` was ignoring the `--latest` flag.
3755
- Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)).
3756
- Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional.
3757
- Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional.
3758
- Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system.
3759
- Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)).
3760
- Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)).
3761
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)).
3762
- Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)).
3763
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)).
3764
- Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)).
3765
- Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)).
3766
- Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)).
3767
- Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)).
3768
3769
### API
3770
- Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
3771
- Added an endpoint for generating systemd unit files for containers.
3772
- The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)).
3773
- The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
3774
- The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
3775
- The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)).
3776
- Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
3777
- Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
3778
- Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
3779
- Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
3780
- Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
3781
- Added a `noTrunc` option to the Libpod image search endpoint.
3782
- Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)).
3783
- Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)).
3784
- Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
3785
- The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)).
3786
- Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.
3787
3788
### Misc
3789
- Updated Buildah to v1.16.1
3790
- Updated the containers/storage library to v1.23.5
3791
- Updated the containers/common library to v0.22.0
3792
3793
v2.0.6
3794
3795
### Bugfixes
3796
- Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
3797
- Fixed a bug where `/etc/passwd` could be re-created every time a container is restarted if the container's `/etc/passwd` did not contain an entry for the user the container was started as.
3798
- Fixed a bug where containers without an `/etc/passwd` file specifying a non-root user would not start.
3799
- Fixed a bug where the `--remote` flag would sometimes not make remote connections and would instead attempt to run Podman locally.
3800
3801
### Misc
3802
- Updated the containers/common library to v0.14.10
3803
3804
v2.0.6-rc1
3805
3806
This is the first release candidate for Podman v2.0.6. It includes several small bugfixes for issues identified with v2.0.5.
3807
v2.0.5
3808
3809
### Features
3810
- Rootless Podman will now add an entry to `/etc/passwd` for the user who ran Podman if run with `--userns=keep-id`.
3811
- The `podman system connection` command has been reworked to support multiple connections, and reenabled for use!
3812
- Podman now has a new global flag, `--connection`, to specify a connection to a remote Podman API instance.
3813
3814
### Changes
3815
- Podman's automatic systemd integration (activated by the `--systemd=true` flag, set by default) will now activate for containers using `/usr/local/sbin/init` as their command, instead of just `/usr/sbin/init` and `/sbin/init` (and any path ending in `systemd`).
3816
- Seccomp profiles specified by the `--security-opt seccomp=...` flag to `podman create` and `podman run` will now be honored even if the container was created using `--privileged`.
3817
3818
### Bugfixes
3819
- Fixed a bug where the `podman play kube` would not honor the `hostIP` field for port forwarding ([#5964](https://github.com/containers/podman/issues/5964)).
3820
- Fixed a bug where the `podman generate systemd` command would panic on an invalid restart policy being specified ([#7271](https://github.com/containers/podman/issues/7271)).
3821
- Fixed a bug where the `podman images` command could take a very long time (several minutes) to complete when a large number of images were present.
3822
- Fixed a bug where the `podman logs` command with the `--tail` flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com/containers/podman/issues/7230]).
3823
- Fixed a bug where the `podman exec` command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) ([#6893](https://github.com/containers/podman/issues/6893)).
3824
- Fixed a bug where the `podman load` command with remote Podman would did not honor user-specified tags ([#7124](https://github.com/containers/podman/issues/7124)).
3825
- Fixed a bug where the `podman system service` command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result ([#7180](https://github.com/containers/podman/issues/7180)).
3826
- Fixed a bug where the `--publish` flag to `podman create`, `podman run`, and `podman pod create` did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) ([#7104](https://github.com/containers/podman/issues/7014)).
3827
- Fixed a bug where the `podman start --attach` command would not print the container's exit code when the command exited due to the container exiting.
3828
- Fixed a bug where the `podman rm` command with remote Podman would not remove volumes, even if the `--volumes` flag was specified ([#7128](https://github.com/containers/podman/issues/7128)).
3829
- Fixed a bug where the `podman run` command with remote Podman and the `--rm` flag could exit before the container was fully removed.
3830
- Fixed a bug where the `--pod new:...` flag to `podman run` and `podman create` would create a pod that did not share any namespaces.
3831
- Fixed a bug where the `--preserve-fds` flag to `podman run` and `podman exec` could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
3832
- Fixed a bug where default environment variables (`$PATH` and `$TERM`) were not set in containers when not provided by the image.
3833
- Fixed a bug where pod infra containers were not properly unmounted after exiting.
3834
- Fixed a bug where networks created with `podman network create` with an IPv6 subnet did not properly set an IPv6 default route.
3835
- Fixed a bug where the `podman save` command would not work properly when its output was piped to another command ([#7017](https://github.com/containers/podman/issues/7017)).
3836
- Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under `/sys/fs/cgroup/systemd` to the host.
3837
- Fixed a bug where `podman build` would not generate an event on completion ([#7022](https://github.com/containers/podman/issues/7022)).
3838
- Fixed a bug where the `podman history` command with remote Podman printed incorrect creation times for layers ([#7122](https://github.com/containers/podman/issues/7122)).
3839
- Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
3840
- Fixed a bug where Podman did not clear `CMD` from the container image if the user overrode `ENTRYPOINT` ([#7115](https://github.com/containers/podman/issues/7115)).
3841
- Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
3842
- Fixed a bug where the `podman images` command with remote Podman did not support printing image tags in Go templates supplied to the `--format` flag ([#7123](https://github.com/containers/podman/issues/7123)).
3843
- Fixed a bug where the `podman rmi --force` command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
3844
- Fixed a bug where the `podman generate systemd --new` command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files ([#7285](https://github.com/containers/podman/issues/7285)).
3845
- Fixed a bug where the `podman version` command did not properly include build time and Git commit.
3846
- Fixed a bug where running systemd in a Podman container on a system that did not use the `systemd` cgroup manager would fail ([#6734](https://github.com/containers/podman/issues/6734)).
3847
- Fixed a bug where capabilities from `--cap-add` were not properly added when a container was started as a non-root user via `--user`.
3848
- Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues ([#7103](https://github.com/containers/podman/issues/7103)).
3849
3850
### API
3851
- Fixed a bug where the libpod and compat Build endpoints did not accept the `application/tar` content type (instead only accepting `application/x-tar`) ([#7185](https://github.com/containers/podman/issues/7185)).
3852
- Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions ([#7197](https://github.com/containers/podman/issues/7197)).
3853
- Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
3854
- Added a versioned `_ping` endpoint (e.g. `http://localhost/v1.40/_ping`).
3855
- Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when `podman system service` shut down due to its idle timeout ([#7294](https://github.com/containers/podman/issues/7294)).
3856
- Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
3857
- The `Pod` URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the `Pod` boolean will now be included in the response unconditionally.
3858
3859
### Misc
3860
- Updated Buildah to v1.15.1
3861
- Updated containers/image library to v5.5.2
3862
3863
v2.0.4
3864
3865
### Bugfixes
3866
- Fixed a bug where the output of `podman image search` did not populate the Description field as it was mistakenly assigned to the ID field.
3867
- Fixed a bug where `podman build -` and `podman build` on an HTTP target would fail.
3868
- Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes ([#7130](https://github.com/containers/podman/issues/7130)).
3869
- Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output.
3870
- Fixed a bug where the `podman start --attach --interactive` command would print the container ID of the container attached to when exiting ([#7068](https://github.com/containers/podman/pull/7068)).
3871
- Fixed a bug where `podman run --ipc=host --pid=host` would only set `--pid=host` and not `--ipc=host` ([#7100](https://github.com/containers/podman/issues/7100)).
3872
- Fixed a bug where the `--publish` argument to `podman run`, `podman create` and `podman pod create` would not allow binding the same container port to more than one host port ([#7062](https://github.com/containers/podman/issues/7062)).
3873
- Fixed a bug where incorrect arguments to `podman images --format` could cause Podman to segfault.
3874
- Fixed a bug where `podman rmi --force` on an image ID with more than one name and at least one container using the image would not completely remove containers using the image ([#7153](https://github.com/containers/podman/issues/7153)).
3875
- Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of `podman stats --format=json`.
3876
3877
### API
3878
- Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified ([#7078](https://github.com/containers/podman/issues/7078)).
3879
- Fixed a bug where the `CgroupVersion` field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented).
3880
3881
- Update storage to 1.24.5
3882
3883
1.24.5:
3884
3885
Use STORAGE_DRIVER environment variable in rootless mode
3886
Fix errors about undefined storage driver in vms
3887
idtools: handle single user mapped as root
3888
3889
3890
1.24.4:
3891
3892
Use /run instead of /var/run
3893
archive: Skip FIFO creation in user namespace
3894
3895
3896
1.24.3:
3897
3898
Revert returning storageOpts early in rootless mode.
3899
Log message when graphdriver is not set
3900
3901
3902
1.24.2:
3903
3904
Fix reading of ~/.config/containers/storage.conf
3905
3906
3907
1.24.1:
3908
3909
Fix unshare.HomeDir to use entry in /etc/passwd
3910
3911
3912
1.24.0:
3913
3914
Add support for force_mask field, which allows for sharing container image over NFS shares or between different users on the same system. (Experimental)
3915
3916
3917
3918
1.23.9:
3919
3920
Improve handling Get() in pkg/homedir, handling user namespaced homedirs correctly
3921
Improve ID range selection for automatic user namespace range selection.
3922
Restore usage of rootless_storage_path in user storage.conf
3923
3924
3925
1.20.5:
3926
3927
Fix handling of Interrupts while changing file system attributes.
3928
3929
1.23.8:
3930
3931
Tighten permissions on created directory
3932
Fix handling of EINTR when changing file permissions, being triggered by newer version of golang.
3933
Fix resource leaks and improve error messages.
3934
3935
3936
1.23.7:
3937
3938
Fix handling of SetDefaultConfigFilePath(path)
3939
Switch to handling EINTR when chowning content.
3940
3941
3942
3943
1.23.6:
3944
3945
Lot's of bug fixes.
3946
Drop some Warning messages down to Info level
3947
Improve error messages for users
3948
Improve imput parsing.
3949
Maintain IMA Attributes in image creation
3950
Fix usage of rootless_storage_path from system storage.conf file
3951
Improve devmapper handling.
3952
3953
3954
1.23.5:
3955
3956
For podman v2.0 we need to use use ignore_chown_errors field if set
3957
utils_test.go: make test show mismatching items
3958
Support the rootless storage path from the system file
3959
build(deps): bump github.com/klauspost/compress from 1.10.11 to 1.11.0
3960
3961
1.20.4:
3962
3963
For podman v2.0 we need to use use ignore_chown_errors field if set
3964
3965
3966
1.23.4:
3967
3968
build(deps): bump github.com/klauspost/pgzip from 1.2.4 to 1.2.5
3969
fix goroutine leak with close tatLogger in a defer clause
3970
3971
3972
1.23.3:
3973
3974
Switch to moby/sys/mountinfo
3975
counter: check for external umounts
3976
3977
3978
1.20.3:
3979
3980
counter: check for external umounts
3981
3982
3983
1.23.2:
3984
3985
counter: check for external umounts
3986
3987
3988
1.23.1:
3989
3990
recover use graphLock when mount a layer
3991
build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11
3992
Use `bash` binary from env instead of /bin/bash for scripts
3993
build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11
3994
Allow users to override imagestores
3995
Remove dead code
3996
3997
3998
1.23.0:
3999
4000
* Revert "build(deps): bump github.com/opencontainers/runc"
4001
* Allow any env variable for graphroot, runroot, storagepath
4002
* fileutils.Pattern.compile(): end the regex with the right path separator
4003
* archive: preallocate a buffer for io.Copy
4004
4005
1.22.0:
4006
4007
Allow env variables in graphroot and runroot
4008
userns: make sure host id is not always 0
4009
store: support mapped layers deletion
4010
Cirrus: Fix matrix filter
4011
build(deps): bump github.com/opencontainers/runc
4012
Cirrus: Add success-accumulator task
4013
Cirrus: Note matrix filter resolution
4014
store: support mapped layers deletion
4015
userns: fix host id calculation when ranges overlap
4016
userns: simplify function
4017
Fix leaked fd
4018
Coverity errors found
4019
4020
1.21.2:
4021
4022
archive: fix the bug of ReadSecurityXattrToTarHeader
4023
unbreak build on mipsen harder
4024
unshare: memoize HomeDir()
4025
4026
4027
1.21.1:
4028
4029
userns: fix available range with explicit idmapping
4030
layer mount: fix RO logic
4031
When mounting images we have no lowers, but still need to mount
4032
layerStore: clean residual resources in layerStore when remove an image
4033
Allow mounting of Non Read Write images read/only
4034
Always mount the layer via overlay.
4035
4036
4037
1.21.0:
4038
4039
Remove whitelist and replace with allowed
4040
build(deps): bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
4041
new interface for MountImage added
4042
Record security.ima in container images
4043
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc90 to 1.0.0-rc91
4044
Store the pvcreate --metadatasize option in storage.conf
4045
new interface Free for deleting Store object
4046
Just uncommenting this line blew up on me
4047
build(deps): bump github.com/hashicorp/go-multierror from 1.0.0 to 1.1.0
4048
Use temp instead of run as fallback directory for rootless mode
4049
Make lock files world readable
4050
Lock files should be CLOEXEC
4051
Stop using golang 1.12
4052
build(deps): bump github.com/klauspost/compress from 1.10.8 to 1.10.10
4053
devmapper: allow devmapper devices as directlvm device
4054
build(deps): bump github.com/stretchr/testify from 1.6.0 to 1.6.1
4055
4056
4057
4058
1.20.2:
4059
4060
Add back skip_mount_home
4061
Update git validation EPOCH
4062
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90
4063
build(deps): bump github.com/klauspost/compress from 1.10.5 to 1.10.7
4064
build(deps): bump github.com/stretchr/testify from 1.5.1 to 1.6.0
4065
unbreak build on mipsen
4066
4067
4068
- Switch to seccomp profile provided by common instead of podman
4069
- Update containers.conf to match latest version
4070
4071
-------------------------------------------------------------------
4072
Tue Oct 13 15:53:05 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
4073
4074
- Simplify %setup statements.
4075
4076
-------------------------------------------------------------------
4077
Mon Aug 3 17:10:46 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
4078
4079
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
4080
4081
-------------------------------------------------------------------
4082
Tue Jul 28 13:22:02 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
4083
4084
- Added containers/common tarball for containers.conf(5) man page
4085
- Install containers.conf default configuration in
4086
/usr/share/containers
4087
- libpod repository on github got renamed to podman
4088
- Update to image 5.5.1
4089
- Add documentation for credHelpera
4090
- Add defaults for using the rootless policy path
4091
- Update libpod/podman to 2.0.3
4092
- docs: user namespace can't be shared in pods
4093
- Switch references from libpod.conf to containers.conf
4094
- Allow empty host port in --publish flag
4095
- update document login see config.json as valid
4096
- Update storage to 1.20.2
4097
- Add back skip_mount_home
4098
4099
-------------------------------------------------------------------
4100
Fri Jun 19 09:57:44 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
4101
4102
- Remove remaining difference between SLE and openSUSE package and
4103
ship the some mounts.conf default configuration on both platforms.
4104
As the sources for the mount point do not exist on openSUSE by
4105
default this config will basically have no effect on openSUSE.
4106
(jsc#SLE-12122, bsc#1175821)
4107
4108
-------------------------------------------------------------------
4109
Wed Jun 3 14:37:20 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
4110
4111
- Update to image 5.4.4
4112
- Remove registries.conf VERSION 2 references from man page
4113
- Intial authfile man page
4114
- Add $HOME/.config/containers/certs.d to perHostCertDirPath
4115
- Add $HOME/.config/containers/registries.conf to config path
4116
- registries.conf.d: add stances for the registries.conf
4117
- update to libpod 1.9.3
4118
- userns: support --userns=auto
4119
- Switch to using --time as opposed to --timeout to better match Docker
4120
- Add support for specifying CNI networks in podman play kube
4121
- man pages: fix inconsistencies
4122
- Update to storage 1.19.1
4123
- userns: add support for auto
4124
- store: change the default user to containers
4125
- config: honor XDG_CONFIG_HOME
4126
- Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again.
4127
It never ended up in SLES and a different way to fix the underlying
4128
problem is being worked on.
4129
4130
-------------------------------------------------------------------
4131
Wed May 13 12:45:58 UTC 2020 - Richard Brown <rbrown@suse.com>
4132
4133
- Add registry.opensuse.org as default registry [bsc#1171578]
4134
4135
-------------------------------------------------------------------
4136
Fri Apr 24 08:35:54 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
4137
4138
- Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts.
4139
This for making container-suseconnect working in the public
4140
cloud on-demand images. It needs that file for being able to
4141
verify the server certificates of the RMT servers hosted
4142
in the public cloud.
4143
(https://github.com/SUSE/container-suseconnect/issues/41)
4144
4145
-------------------------------------------------------------------
4146
Fri Mar 6 11:14:24 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
4147
4148
- New snaphot (bsc#1165917)
4149
- Update to image 5.2.1
4150
* Add documentation about rewriting docker.io registries
4151
* Add registries warning to registries.conf
4152
- Update to libpod 1.8.0
4153
* Fixed some spelling errors in oci-hooks documentations
4154
* include containers-mounts.conf(5) man-page into the package
4155
- Update to storage 1.16.1
4156
* Add `rootless_storage_path` directive to storage.conf
4157
* Add better documentation for the mount_program in overlay driver
4158
4159
-------------------------------------------------------------------
4160
Wed Dec 11 16:13:32 UTC 2019 - Richard Brown <rbrown@suse.com>
4161
4162
- Update to image 5.0.0
4163
- Clean up various imports primarily so that imports of packages that aren't in the standard library are all in one section.
4164
- Update to major version v5
4165
- return resp error message
4166
- copy.Image(): select the CopySystemImage image using the source context
4167
- Add manifest list support
4168
- docker: handle http 429 status codes
4169
- allow for .dockercfg files to reside in non-home directories
4170
- Use the correct module path in (make test-skopeo)
4171
- Update to libpod 1.6.3
4172
- Handling of the libpod.conf configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration.
4173
- Initial support for the CNI DNS plugin, which allows containers to resolve the IPs of other containers via DNS name, has been added
4174
- Podman now supports anonymous named volumes, created by specifying only a destination to the -v flag to the podman create and podman run commands
4175
- Named volumes now support uid and gid options in --opt o=... to set UID and GID of the created volume
4176
- Update to storage 1.15.3
4177
- overlay: allow storing images with more than 127 layers
4178
- Lazy initialize the layer store
4179
- tarlogger: drop state mutex
4180
4181
-------------------------------------------------------------------
4182
Wed Oct 2 08:29:50 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
4183
4184
- Update to image 4.0.0
4185
- Add http response to log
4186
- Add tests for parsing OpenShift kubeconfig files
4187
- Compress: define some consts for the compression algos
4188
- Compression: add support for the zstd
4189
- Compression: allow to specify the compression format
4190
- Copy: add nil checks
4191
- Copy: compression: default to gzip
4192
- Copy: don't lose annotations of BlobInfo
4193
- Copy: fix options.DestinationCtx nil check
4194
- Copy: use a bigger buffer for the compression
4195
- Fix cross-compilation by vendoring latest c/storage
4196
- Internal/testing/explicitfilepath-tmpdir: handle unset TMPDIR
4197
- Keyctl: clean up after tests
4198
- Make container tools work with go+openssl
4199
- Make test-skopeo: replace c/image module instead of copying code
4200
- Media type checks
4201
- Move keyctl to internal & func remove auth from keyring
4202
- Replace vendor.conf by go.mod
4203
- Update dependencies
4204
- Update test certificates
4205
- Update to mergo v0.3.5
4206
- Vendor.conf: update reference for containers/storage
4207
- Update to storage 1.13.4
4208
- Update generated files
4209
- ImageBigData: distinguish between no-such-image and no-such-item
4210
- ImageSize: don't get tripped up by images with no layers
4211
- tarlogger: disable raw accouting
4212
- Update to libpod 1.6.0
4213
- Nothing changed regarding the OCI hooks documentation provided by this
4214
package
4215
4216
-------------------------------------------------------------------
4217
Mon Sep 23 15:28:02 UTC 2019 - Richard Brown <rbrown@suse.com>
4218
4219
- Update to image 1.4.4
4220
- Hard-code the kernel keyring use to be disabled for now
4221
- Update to libpod 1.5.1
4222
- The hostname of pods is now set to the pod's name
4223
- Minor bugfixes
4224
- Update to storage 1.12.16
4225
- Ignore ro mount options in btrfs and windows drivers
4226
4227
-------------------------------------------------------------------
4228
Mon Sep 23 12:01:53 UTC 2019 - Richard Brown <rbrown@suse.com>
4229
4230
- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)
4231
4232
-------------------------------------------------------------------
4233
Wed Aug 7 10:35:07 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
4234
4235
- Add missing licenses to spec file
4236
4237
-------------------------------------------------------------------
4238
Tue Aug 6 11:42:17 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
4239
4240
- Add a default registries.d configuration file, used to specify images
4241
signatures storage location.
4242
4243
-------------------------------------------------------------------
4244
Fri Aug 2 09:46:10 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
4245
4246
- Update to image v3.0.0
4247
- Add "Env" to ImageInspectInfo
4248
- Add API function TryUpdatingCache
4249
- Add ability to install man pages
4250
- Add user registry auth to kernel keyring
4251
- Fix policy.json.md -> containers-policy.json.5.md references
4252
- Fix typo in docs/containers-registries.conf.5.md
4253
- Remove pkg/sysregistries
4254
- Touch up transport man page
4255
- Try harder in storageImageDestination.TryReusingBlob
4256
- Use the same HTTP client for contacting the bearer token server and the
4257
registry
4258
- ci: change GOCACHE to a writeable path
4259
- config.go: improve debug message
4260
- config.go: log where credentials come from
4261
- docker client: error if registry is blocked
4262
- docker: allow deleting OCI images
4263
- docker: delete: support all MIME types
4264
- ostree: default is no OStree support
4265
- ostree: improve error message
4266
- progress bar: use spinners for unknown blob sizes
4267
- use 'containers_image_ostree' as build tag
4268
- use keyring when authfile empty
4269
- Update to storage v1.12.16
4270
- Add cirrus vendor check
4271
- Add storage options to IgnoreChownErrors
4272
- Add support for UID as well as UserName in /etc/subuid files.
4273
- Add support for ignoreChownErrors to vfs
4274
- Add support for installing man pages
4275
- Fix cross-compilation
4276
- Keep track of the UIDs and GIDs used in applied layers
4277
- Move lockfiles to their own package
4278
- Remove merged directory when it is unmounted
4279
- Switch to go modules
4280
- Switch to golangci-lint
4281
- Update generated files
4282
- Use same variable name on both commands
4283
- cirrus: ubuntu: try removing cryptsetup-initramfs
4284
- compression: add support for the zstd algorithm
4285
- getLockfile(): use the absolute path
4286
- loadMounts(): reset counts before merging just-loaded data
4287
- lockfile: don't bother releasing a lock when closing a file
4288
- locking test updates
4289
- locking: take read locks on read-only stores
4290
- make local-cross more reliable for CI
4291
- overlay: cache the results of supported/using-metacopy/use-naive-diff
4292
feature tests
4293
- overlay: fix small piece of repeated work
4294
- utils: fix check for missing conf file
4295
- zstd: use github.com/klauspost/compress directly
4296
4297
-------------------------------------------------------------------
4298
Mon Jul 8 13:18:20 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
4299
4300
- Update to libpod v1.4.4
4301
- Fixed a bug where rootless Podman would attempt to use the
4302
entire root configuration if no rootless configuration was
4303
present for the user, breaking rootless Podman for new
4304
installations
4305
- Fixed a bug where rootless Podman's pause process would block
4306
SIGTERM, preventing graceful system shutdown and hanging until
4307
the system's init send SIGKILL
4308
- Fixed a bug where running Podman as root with sudo -E would not
4309
work after running rootless Podman at least once
4310
- Fixed a bug where options for tmpfs volumes added with the
4311
--tmpfs flag were being ignored
4312
- Fixed a bug where images with no layers could not properly be
4313
displayed and removed by Podman
4314
- Fixed a bug where locks were not properly freed on failure to
4315
create a container or pod
4316
- Podman now has greatly improved support for containers using
4317
multiple OCI runtimes. Containers now remember if they were
4318
created with a different runtime using --runtime and will
4319
always use that runtime
4320
- The cached and delegated options for volume mounts are now
4321
allowed for Docker compatability (#3340)
4322
- The podman diff command now supports the --latest flag
4323
- Fixed a bug where podman cp on a single file would create a
4324
directory at the target and place the file in it (#3384)
4325
- Fixed a bug where podman inspect --format '{{.Mounts}}' would
4326
print a hexadecimal address instead of a container's mounts
4327
- Fixed a bug where rootless Podman would not add an entry to
4328
container's /etc/hosts files for their own hostname (#3405)
4329
- Fixed a bug where podman ps --sync would segfault (#3411)
4330
- Fixed a bug where podman generate kube would produce an invalid
4331
ports configuration (#3408)
4332
- Podman now performs much better on systems with heavy I/O load
4333
- The --cgroup-manager flag to podman now shows the correct
4334
default setting in help if the default was overridden by
4335
libpod.conf
4336
- For backwards compatability, setting --log-driver=json-file in
4337
podman run is now supported as an alias for
4338
--log-driver=k8s-file. This is considered deprecated, and
4339
json-file will be moved to a new implementation in the future
4340
([#3363](https://github.com/containers/libpod/issues/3363))
4341
- Podman's default libpod.conf file now allows the crun OCI
4342
runtime to be used if it is installed
4343
- Fixed a bug where Podman could not run containers using an
4344
older version of Systemd as init (#3295)
4345
- Updated vendored Buildah to v1.9.0 to resolve a critical bug
4346
with Dockerfile RUN instructions
4347
- The error message for running podman kill on containers that
4348
are not running has been improved
4349
- The Podman remote client can now log to a file if syslog is not
4350
available
4351
- The MacOS dmg file is experimental, use at your own risk.
4352
- The podman exec command now sets its error code differently
4353
based on whether the container does not exist, and the command
4354
in the container does not exist
4355
- The podman inspect command on containers now outputs Mounts
4356
JSON that matches that of docker inspect, only including
4357
user-specified volumes and differentiating bind mounts and
4358
named volumes
4359
- The podman inspect command now reports the path to a
4360
container's OCI spec with the OCIConfigPath key (only included
4361
when the container is initialized or running)
4362
- The podman run --mount command now supports the
4363
bind-nonrecursive option for bind mounts (#3314)
4364
- Fixed a bug where podman play kube would fail to create
4365
containers due to an unspecified log driver
4366
- Fixed a bug where Podman would fail to build with musl libc
4367
(#3284)
4368
- Fixed a bug where rootless Podman using slirp4netns networking
4369
in an environment with no nameservers on the host other than
4370
localhost would result in nonfunctional networking (#3277)
4371
- Fixed a bug where podman import would not properly set
4372
environment variables, discarding their values and retaining
4373
only keys
4374
- Fixed a bug where Podman would fail to run when built with
4375
Apparmor support but run on systems without the Apparmor kernel
4376
module loaded (#3331)
4377
- Remote Podman will now default the username it uses to log in
4378
to remote systems to the username of the current user
4379
- Podman now uses JSON logging with OCI runtimes that support it,
4380
allowing for better error reporting
4381
- Updated vendored Buildah to v1.8.4
4382
- Updated vendored containers/image to v2.0
4383
- Update to image v2.0.0
4384
- Add registry mirror support
4385
- Include missing man pages (bsc#1139526)
4386
- Update to storage v1.12.10
4387
- Add support for UID as well as UserName in /etc/subuid files.
4388
- utils: fix check for missing conf file
4389
- compression: add support for the zstd algorithm
4390
- overlay: cache the results of
4391
supported/using-metacopy/use-naive-diff feature tests
4392
4393
-------------------------------------------------------------------
4394
Tue Jun 11 07:06:13 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
4395
4396
- Update to libpod v1.4.0
4397
- The podman checkpoint and podman restore commands can now be
4398
used to migrate containers between Podman installations on
4399
different systems
4400
- The podman cp command now supports a pause flag to pause
4401
containers while copying into them
4402
- The remote client now supports a configuration file for
4403
pre-configuring connections to remote Podman installations
4404
- Fixed CVE-2019-10152 - The podman cp command improperly
4405
dereferenced symlinks in host context
4406
- Fixed a bug where podman commit could improperly set
4407
environment variables that contained = characters
4408
- Fixed a bug where rootless Podman would sometimes fail to start
4409
containers with forwarded ports
4410
- Fixed a bug where podman version on the remote client could
4411
segfault
4412
- Fixed a bug where podman container runlabel would use
4413
/proc/self/exe instead of the path of the Podman command when
4414
printing the command being executed
4415
- Fixed a bug where filtering images by label did not work
4416
- Fixed a bug where specifying a bing mount or tmpfs mount over
4417
an image volume would cause a container to be unable to start
4418
- Fixed a bug where podman generate kube did not work with
4419
containers with named volumes
4420
- Fixed a bug where rootless Podman would receive permission
4421
denied errors accessing conmon.pid
4422
- Fixed a bug where podman cp with a folder specified as target
4423
would replace the folder, as opposed to copying into it
4424
- Fixed a bug where rootless Podman commands could double-unlock
4425
a lock, causing a crash
4426
- Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
4427
mounts, causing errors when using the Kata containers runtime
4428
- Fixed a bug where podman exec would fail on older kernels
4429
- The podman commit command is now usable with the Podman remote
4430
client
4431
- The --signature-policy flag (used with several image-related
4432
commands) has been deprecated
4433
- The podman unshare command now defines two environment
4434
variables in the spawned shell: CONTAINERS_RUNROOT and
4435
CONTAINERS_GRAPHROOT, pointing to temporary and permanent
4436
storage for rootless containers
4437
- Updated vendored containers/storage and containers/image
4438
libraries with numerous bugfixes
4439
- Updated vendored Buildah to v1.8.3
4440
- Podman now requires Conmon v0.2.0
4441
- The podman cp command is now aliased as podman container cp
4442
- Rootless Podman will now default init_path using root Podman's
4443
configuration files (/etc/containers/libpod.conf and
4444
/usr/share/containers/libpod.conf) if not overridden in the
4445
rootless configuration
4446
- Update to image v1.5.1
4447
- Vendor in latest containers/storage
4448
- docker/docker_client: Drop redundant Domain(ref.ref) call
4449
- pkg/blobinfocache: Split implementations into subpackages
4450
- copy: progress bar: show messages on completion
4451
- docs: rename manpages to *.5.command
4452
- add container-certs.d.md manpage
4453
- pkg/docker/config: Bring auth tests from
4454
docker/docker_client_test
4455
- Don't allocate a sync.Mutex separately
4456
- Update to storage v1.12.10
4457
- Add function to parse out mount options from graphdriver
4458
- Merge the disparate parts of all of the Unix-like lockfiles
4459
- Fix unix-but-not-Linux compilation
4460
- Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set
4461
- Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes
4462
- lockfile: add RecursiveLock() API
4463
- Update generated files
4464
- Fix crash on tesing of aufs code
4465
- Let consumers know when Layers and Images came from read-only stores
4466
- chown: do not change owner for the mountpoint
4467
- locks: correctly mark updates to the layers list
4468
- CreateContainer: don't worry about mapping layers unless necessary
4469
- docs: fix manpage for containers-storage.conf
4470
- docs: sort configuration options alphabetically
4471
- docs: document OSTree file deduplication
4472
- Add missing options to man page for containers-storage
4473
- overlay: use the layer idmapping if present
4474
- vfs: prefer layer custom idmappings
4475
- layers: propagate down the idmapping settings
4476
- Recreate symlink when not found
4477
- docs: fix manpage for configuration file
4478
- docs: add special handling for manpages in sect 5
4479
- overlay: fix single-lower test
4480
- Recreate symlink when not found
4481
- overlay: propagate errors from mountProgram
4482
- utils: root in a userns uses global conf file
4483
- Fix handling of additional stores
4484
- Correctly check permissions on rootless directory
4485
- Fix possible integer overflow on 32bit builds
4486
- Evaluate device path for lvm
4487
- lockfile test: make concurrent RW test determinisitc
4488
- lockfile test: make concurrent read tests deterministic
4489
- drivers.DirCopy: fix filemode detection
4490
- storage: move the logic to detect rootless into utils.go
4491
- Don't set (struct flock).l_pid
4492
- Improve documentation of getLockfile
4493
- Rename getLockFile to createLockerForPath, and document it
4494
- Add FILES section to containers-storage.5 man page
4495
- add digest locks
4496
- drivers/copy: add a non-cgo fallback
4497
- Add default SLES mounts for container-suseconnect usage
4498
4499
-------------------------------------------------------------------
4500
Tue Jun 4 14:27:15 UTC 2019 - Richard Brown <rbrown@suse.com>
4501
4502
- Add util-linux and grep as Requires(post) to ensure btrfs config gets made correctly
4503
4504
-------------------------------------------------------------------
4505
Mon Apr 1 14:24:17 UTC 2019 - Richard Brown <rbrown@suse.com>
4506
4507
- Update to libpod v1.2.0
4508
* Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
4509
* Move pkg/util default storage functions from libpod to containers/storage
4510
- Update to image v1.5
4511
* Minor behind the scene bugfixes, no user facing changes
4512
- Update to storage v1.12.1
4513
* Move pkg/util default storage functions from libpod to containers/storage
4514
* containers/storage no longer depends on containers/image
4515
- Version 20190401
4516
4517
-------------------------------------------------------------------
4518
Wed Feb 27 14:51:55 UTC 2019 - Richard Brown <rbrown@suse.com>
4519
4520
- Update to libpod v1.1.0
4521
* Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
4522
* Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
4523
4524
-------------------------------------------------------------------
4525
Tue Feb 19 15:34:54 UTC 2019 - Richard Brown <rbrown@suse.com>
4526
4527
- Upgrade to storage v1.10
4528
* enable parallel blob reads
4529
* Teach images to hold multiple manifests
4530
* Move structs for storage.conf to pkg/config
4531
- Upgrade to libpod v1.0.1
4532
* Do not unmarshal into c.config.Spec
4533
* spec: add nosuid,noexec,nodev to ro bind mount
4534
4535
-------------------------------------------------------------------
4536
Sat Feb 2 11:07:30 UTC 2019 - Richard Brown <rbrown@suse.com>
4537
4538
- Restore non-upstream storage.conf, needed by CRI-O
4539
4540
-------------------------------------------------------------------
4541
Fri Jan 25 14:30:45 UTC 2019 - Richard Brown <rbrown@suse.com>
4542
4543
- Upgrade to storage v1.8
4544
* Check for the OS when setting btrfs/libdm/ostree tags
4545
- Upgrade to image v1.3
4546
* vendor: use github.com/klauspost/pgzip instead of compress/gzip
4547
* vendor latest ostree
4548
- Refactor specfile to use versioned tarballs
4549
- Established package versioning scheme (ISODATE of change)
4550
- Remove non-upstream storage.conf
4551
- Set btrfs as default driver if /var/lib is on btrfs [boo#1123119]
4552
- Version 20190125
4553
4554
-------------------------------------------------------------------
4555
Thu Jan 17 14:20:49 UTC 2019 - Richard Brown <rbrown@suse.com>
4556
4557
- Upgrade to storage v1.6
4558
* Remove private mount from zfs driver
4559
* Update zfs driver to be closer to moby driver
4560
* Use mount options when mounting the chown layer.
4561
4562
-------------------------------------------------------------------
4563
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>
4564
4565
- Upgrade to libpod v1.0.0
4566
* Fixed a bug where storage.conf was sometimes ignored for rootless containers
4567
4568
-------------------------------------------------------------------
4569
Tue Jan 8 11:35:41 UTC 2019 - Richard Brown <rbrown@suse.com>
4570
4571
- Upgrade to libpod v0.12.1.2 and storage v1.4
4572
* No significant functional or packaging changes
4573
4574
-------------------------------------------------------------------
4575
Sun Jan 6 22:11:02 UTC 2019 - Richard Brown <rbrown@suse.com>
4576
4577
- storage.conf - restore btrfs as the default driver
4578
4579
-------------------------------------------------------------------
4580
Fri Dec 7 10:54:37 UTC 2018 - Richard Brown <rbrown@suse.com>
4581
4582
- Update to latest libpod and storage to support cri-o 1.13
4583
4584
-------------------------------------------------------------------
4585
Wed Dec 5 14:45:37 UTC 2018 - Richard Brown <rbrown@suse.com>
4586
4587
- Use seccomp.json from github.com/containers/libpod, instead of
4588
installing the tar.xz on users systems (boo#1118444)
4589
4590
-------------------------------------------------------------------
4591
Mon Nov 12 09:21:37 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
4592
4593
- Add oci-hooks(5) manpage from libpod.
4594
4595
-------------------------------------------------------------------
4596
Mon Nov 12 08:14:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
4597
4598
- Use seccomp.json from github.com/containers/libpod to align with the
4599
upstream defaults.
4600
4601
- Update to the latest image and storage to pull in improvements to the
4602
manpages.
4603
4604
-------------------------------------------------------------------
4605
Mon Aug 27 14:24:51 UTC 2018 - vrothberg@suse.com
4606
4607
- storage.conf: comment out options that are not supported by btrfs.
4608
This simplifies switching the driver as it avoids the whack-a-mole
4609
of commenting out "unsupported" options.
4610
4611
-------------------------------------------------------------------
4612
Mon Aug 27 08:48:16 UTC 2018 - vrothberg@suse.com
4613
4614
- Consolidate libcontainers-{common,image,storage} into one package,
4615
libcontainers-common. That's the way upstream intended all libraries from
4616
github.com/containers to be packaged. It facilitates updating and maintaining
4617
the package, as all configs and manpages come from a central source.
4618
4619
Note that the `storage` binary that previously has been provided by the
4620
libcontainers-storage package is not provided anymore as, despite the claims
4621
in the manpages, it is not intended for production use.
4622
4623
-------------------------------------------------------------------
4624
Mon Aug 13 11:44:31 UTC 2018 - vrothberg@suse.com
4625
4626
- Make libcontainers-common arch independent.
4627
4628
- Add LICENSE.
4629
4630
-------------------------------------------------------------------
4631
Thu Apr 12 09:36:39 UTC 2018 - fcastelli@suse.com
4632
4633
- Added /usr/share/containers/oci/hooks.d and /etc/containers/oci/hooks.d
4634
to the package. These are used by tools like cri-o and podman to store
4635
custom hooks.
4636
4637
-------------------------------------------------------------------
4638
Mon Mar 5 09:30:12 UTC 2018 - vrothberg@suse.com
4639
4640
- Configuration files should generally be tagged as %config(noreplace) in order
4641
to keep the modified config files and to avoid losing data when the package
4642
is being updated.
4643
4644
feature#crio
4645
4646
-------------------------------------------------------------------
4647
Thu Feb 8 13:07:24 UTC 2018 - vrothberg@suse.com
4648
4649
- Add libcontainers-common package.
4650