File libcontainers-common.changes of Package libcontainers-common

Overview Repositories Revisions Requests Users Attributes Meta

File libcontainers-common.changes of Package libcontainers-common

-------------------------------------------------------------------
Tue Feb  6 13:35:30 UTC 2024 - Dan Čermák <dcermak@suse.com>

- New release 20240206
- bump bundled c/common to 0.57.4
- bump bundled c/image to 0.29.2
- conditionally require libcontainers-sles-mounds for product(SLE-Micro) as well
  (SLE Micro 6.0 now no longer provides product(SUSE_SLE) and instead only
  provides product(SLE-Micro)), fixes bsc#1216443

-------------------------------------------------------------------
Mon Dec  4 07:12:17 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- New release 20231204
-  bump c/common to 0.57.0
   * Bump to v0.56.0 by
   * Fix typo in comment
   * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
   * Fix specification of unix:///run
   * libimage/layer_tree: if parent is empty and a manifest list then ignore check.
   * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
   * Split up util package into pkg/password, pkg/copy, pkg/version
   * Remove ActiveDestination method to move into podman
   * Default machine CPUs to Cores/2
   * pkg/config: do NOT set StaticDir and VolumeDir
   * Implement negated label match function
   * chore: import packages only once
   * CoC: fix email link
-  bump c/storage to 1.51.0
   * Bump to v1.50.2
   * overlay, composefs: mount loop device RO
   * Run codespell on code
   * fix(deps): update module github.com/klauspost/compress to v1.17.0
   * store: serialize container deletion
   * pkg/system: reduce retry timeout for EnsureRemoveAll
   * overlay, composefs: use data-only lower layers
   * store: call RecordWrite() before graphDriver Cleanup()
   * fix(deps): update module golang.org/x/sys to v0.13.0
-  bump c/image to 5.29.0
   * Bump to v5.28.0
   * fix(deps): update module github.com/containers/storage to v1.50.2
   * Run codespell on code
   * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
   * Use constants and types from opencontainers/image-spec/specs-go/v1
   * progress: set Current before Refill
   * copy: fix nil pointer dereference when checking compression algorithm
   * fix(deps): update module github.com/klauspost/compress to v1.17.0
   * fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0
   * ociarchive: Add new ArchiveFileNotFoundError

-------------------------------------------------------------------
Wed Sep 13 12:48:43 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Require libcontainers-sles-mounts for *all* SLE products,
  and not just SLES. (bsc#1215291)

-------------------------------------------------------------------
Wed Sep 13 06:13:53 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- New release 20230913
- bump c/image to 5.28.0
  * Bump to v5.26.0
  * fix(deps): update module github.com/sigstore/rekor to v1.2.2
  * fix(deps): update module github.com/sigstore/fulcio to v1.3.2
  * Adding IO decorator to copy progress bar
  * Ensure we close HTTP connections on all paths
  * fix(deps): update module github.com/containers/storage to v1.48.0
  * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4
  * fix(deps): update github.com/cyberphone/json-canonicalization digest to 91eb5f1
  * fix(deps): update golang.org/x/exp digest to 97b1e66
  * fix(deps): update module github.com/klauspost/compress to v1.16.7
  * fix(deps): update module github.com/docker/docker to v24.0.3+incompatible
  * fix(deps): update module golang.org/x/oauth2 to v0.10.0
  * manifest: ListUpdate add imgspecv1.Platform field
  * fix(deps): update module github.com/docker/docker to v24.0.4+incompatible
  * pkg/docker: use the same default auth path as macOS on FreeBSD
  * fix(deps): update module github.com/sigstore/fulcio to v1.3.4
  * blob: TryReusingBlobWithOptions consider RequiredCompression if set
  * Fix tests of the ostree transport
  * helpers_test,cleanup: correct argument order
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1
  * Make temporary names container/image specific
  * listupdate,oci: instance show read-only annotations and CompressionAlgorithmNames
  * fix(deps): update module github.com/docker/docker-credential-helpers to v0.8.0
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2
  * Fix TestOCI1IndexChooseInstanc
  * Refactor data passing in c/image/copy
  * Update module github.com/sigstore/fulcio to v1.4.0
  * copy/multiple: instanceCopyCopy honor UpdateCompressionAlgorithms
  * Update vendor of containers/storage
  * copy/single: accept custom *Options and wrap arguments in copySingleImageOptions
  * Improve transport documentation
  * fix(deps): update module github.com/vbatts/tar-split to v0.11.5
  * fix(deps): update module github.com/docker/docker to v24.0.5+incompatible
  * copy: implement instanceCopyClone for zstd compression
  * copy/multiple: priority of instanceCopyCopy must be higher than instanceCopyClone
  * Clarify where mirrors are used
  * fix(deps): update github.com/cyberphone/json-canonicalization digest to aa7fe85
  * fix(deps): update github.com/containers/storage digest to c3da76f
  * Update x/exp/slices, and some small slice-related cleanups
  * Use consistent example domains in #2069
  * copy: add support for ForceCompressionFormat
  * fix(deps): update module golang.org/x/term to v0.11.0
  * fix(deps): update module golang.org/x/crypto to v0.12.0
  * fix(deps): update module golang.org/x/oauth2 to v0.11.0
  * [release-5.27] Preparing 5.27 backport
  * Update to Go 1.19
  * storage.storageImageDestination.Commit(): leverage image options
  * Rename SKOPEO_CI_TAG to SKOPEO_CI_BRANCH
  * [CI:DOCS] Add cirrus-cron retry/monitor jobs
  * chore(deps): update dependency containers/automation_images to v20230807
  * [release-5.27] Fix the branch we use for determining a git-validation starting point
  * fix(deps): update golang.org/x/exp digest to 352e893
  * fix(deps): update module github.com/sigstore/sigstore to v1.7.2
  * OCI image-spec / distribution-spec v1.1 updates, first round
  * fix(deps): update module github.com/sylabs/sif/v2 to v2.12.0
  * chore(deps): update dependency containers/automation_images to v20230809
  * Merge release branch into main
  * BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted
  * Update module github.com/containers/ocicrypt to v1.1.8
  * chore(deps): update dependency containers/automation_images to v20230816
  * fix(deps): update module github.com/containers/storage to v1.49.0
  * fix(deps): update module github.com/sylabs/sif/v2 to v2.13.0
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.0
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.1
  * fix(deps): update golang.org/x/exp digest to d852ddb
  * fix(deps): update module golang.org/x/term to v0.12.0
  * fix(deps): update module github.com/sigstore/sigstore to v1.7.3
  * fix removal of temp file in GetBlob on Windows
  * fix(deps): update module golang.org/x/crypto to v0.13.0
  * Fix build with golangci-lint 1.54.2
  * fix(deps): update module golang.org/x/oauth2 to v0.12.0
  * Implement, and default to, a SQLite BlobInfoCache instead of BoltDB
  * fix(deps): update module github.com/docker/docker to v24.0.6+incompatible
  * Update dependencies of docker/docker
  * Correctly handle encryption/decryption changes in non-OCI formats
  * chore(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 [security]
  * fix(deps): update module github.com/containers/storage to v1.50.1
- bump c/storage to 1.50.2
  * Bump to v1.50.1
  * Add an OWNERS file for the merge bot to refer to
- bump c/common to 0.55.4
  * Bump c/image to v0.55.3

-------------------------------------------------------------------
Mon Aug 14 07:27:59 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- New release 20230814
- bump c/storage to 1.48.0
  * Bump to v1.47.0
  * Fix error if continueWrite/continueRead pipe open fails
  * pkg/regexp: make sure that &Regexp implements the interfaces
  * Remove use of fillGo18FileTypeBits
- bump c/image to 5.27.0
  * fix(deps): update module github.com/docker/docker to v23.0.3+incompatible
  * fix(deps): update module golang.org/x/term to v0.7.0
  * fix(deps): update module github.com/klauspost/compress to v1.16.4
  * fix(deps): update module github.com/sigstore/sigstore to v1.6.1
  * chore(deps): update dependency containers/automation_images to v20230405
  * fix(deps): update module golang.org/x/crypto to v0.8.0
  * fix(deps): update module golang.org/x/oauth2 to v0.7.0
  * fix(deps): update module github.com/containers/storage to v1.46.1
  * fix(deps): update module github.com/sigstore/sigstore to v1.6.2
  * Don't completely silently ignore non-OCI manifests in OCI layouts
  * fix(deps): update module github.com/klauspost/compress to v1.16.5
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0
  * fix(deps): update module github.com/docker/docker to v23.0.4+incompatible
- bump c/common to 0.55.3
  * Change default image volume mode to "nullfs" on FreeBSD
  * [v0.55][CI-DOCS] remove zstd:chunked from docs
  * libimage: harden lookup by digest
  * libimage: HasDifferentDigest: add InsecureSkipTLSVerify option

-------------------------------------------------------------------
Mon Jul 31 06:17:22 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Disable CNI related configs on ALP (bsc#1213556)
  (https://github.com/containers/podman/issues/19327)

-------------------------------------------------------------------
Tue Jun 27 14:18:18 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Remove unused grep requirement

-------------------------------------------------------------------
Mon Jun 26 12:51:12 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Resolve choice on openSUSE distributions for libcontainer-policy
  by suggesting the libcontainers-openSUSE-policy explicitly.

-------------------------------------------------------------------
Mon Jun  5 12:04:33 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Enforce BCI verification via Podman on openSUSE distributions
  using the already shipped container signing keys.
  (bsc#1197030)

-------------------------------------------------------------------
Tue May 16 12:51:34 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Introduce new subpackage that adds SLE-specific mounts only
  on SLE systems (if sles-release) hence avoiding superfluous
  warnings on non-SLE systems while running podman commands.
  (bsc#1211124)

-------------------------------------------------------------------
Wed Apr 26 12:43:41 UTC 2023 - Frederic Crozat <fcrozat@suse.com>

- Own /etc/containers/systemd and /usr/share/containers/systemd,
  useful for podman quadlet.

-------------------------------------------------------------------
Wed Mar 15 09:17:51 UTC 2023 - Dan Čermák <dcermak@suse.com>

- Remove container-storage-driver.sh, we want to default to the overlay driver
  instead of btrfs.
  The btrfs driver is not really supported upstream (see
  e.g. https://github.com/containers/podman/issues/16882), there is no real
  development anymore and it appears to have subtle bugs (e.g. the one linked
  previously).
  To prevent further such issues, we will from now on default to the overlay
  driver.

-------------------------------------------------------------------
Wed Mar 15 08:55:24 UTC 2023 - Dan Čermák <dcermak@suse.com>

- Remove obsolete Requires(post): util-linux-systemd

-------------------------------------------------------------------
Mon Feb 27 10:30:12 UTC 2023 - Dan Čermák <dcermak@suse.com>

- Add registry.suse.com to the unqualified-search-registries

-------------------------------------------------------------------
Tue Feb 14 13:28:21 UTC 2023 - Dan Čermák <dcermak@suse.com>

- New upstream release 20230214
- bump c/storage to 1.45.3
- bump c/image to 5.24.1
- bump c/common to 0.51.0
- containers.conf:
  * add commented out options containers.read_only,
    engine.platform_to_oci_runtime, engine.events_container_create_inspect_data,
    network.volume_plugin_timeout, engine.runtimes.youki, machine.provider
  * remove deprecated setting containers.userns_size
  * add youki to engine.runtime_supports_json
- shortnames.conf: pull in latest upstream version
- storage.conf: add commented out option storage.transient_store
- correct license to APACHE-2.0 only (there's no GPLv3 code to be found)
- add source URLs to spec
- drop pointless copyright year

-------------------------------------------------------------------
Wed Jan 25 10:01:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Reverts https://build.opensuse.org/request/show/1060361
  Changes introduced to c/storage's storage.conf which adds
  a driver_priority attribute would break consumers of libcontainer-common
  as long as those packages are vendoring an older c/storage version.
  Instead of patching every consumer, we're reverting this change, until
  those packages have been updated downstream. [boo#1207509]

-------------------------------------------------------------------
Fri Jan 13 06:01:46 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- storage.conf: Unset 'driver' and set 'driver_priority' to
  allow podman to use 'btrfs' if available and fallback to
  'overlay' if not.
- .spec: rm %post script to set 'btrfs' as storage driver
  in storage.conf

-------------------------------------------------------------------
Mon Dec  5 12:23:07 UTC 2022 - Dan Čermák <dcermak@suse.com>

- Remove registry.suse.com from search unqualified-search-registries:
  registry.suse.com responds very slowly to pagination repository listings
  (https://docs.docker.com/registry/spec/api/#pagination) and thereby causes
  every `podman search` to take over 90s. We have to remove it until this
  regression is fixed.

-------------------------------------------------------------------
Mon Nov 28 09:08:11 UTC 2022 - Dirk Müller <dmueller@suse.com>

- add requires on util-linux-systemd for findmnt in profile script
- only set storage_driver env when no libpod exists
- avoid quoting issue

-------------------------------------------------------------------
Tue Nov 22 12:48:38 UTC 2022 - Dan Čermák <dcermak@suse.com>

- Update bundled common to 0.50.1
- Update bundled image to 5.23.1
- Update bundled storage to 1.44.0
- Drop bundled podman
- Bump version to 20221122
- Install container-storage-driver.sh in /etc/ on Leap & SLE

-------------------------------------------------------------------
Thu Nov 17 10:51:26 UTC 2022 - Dirk Müller <dmueller@suse.com>

- add container-storage-driver.sh (bsc#1197093)

-------------------------------------------------------------------
Thu Nov 10 11:58:09 UTC 2022 - Dirk Müller <dmueller@suse.com>

- postinstall script: slight cleanup, no functional change

-------------------------------------------------------------------
Tue Oct 25 10:40:49 UTC 2022 - Dirk Müller <dmueller@suse.com>

- set detached sigstore attachments for the SUSE controlled registries

-------------------------------------------------------------------
Tue Aug  9 08:49:18 UTC 2022 - Fabian Vogt <fvogt@suse.com>

- Fix obvious typo in containers.conf

-------------------------------------------------------------------
Wed Aug  3 13:19:58 UTC 2022 - Frederic Crozat <fcrozat@suse.com>

- Resync containers.conf / storage.conf with Fedora
- Create /etc/containers/registries.conf.d and 
  add 000-shortnames.conf to it.

-------------------------------------------------------------------
Wed Jun 15 10:20:16 UTC 2022 - Fabian Vogt <fvogt@suse.com>

- Use $() again in %post, but with a space for POSIX compliance

-------------------------------------------------------------------
Tue Jun 14 13:53:43 UTC 2022 - Dan Čermák <dcermak@suse.com>

- Add missing Requires(post): sed, fixes boo#1200524
- Make %post compatible with dash

-------------------------------------------------------------------
Wed Jun  8 12:39:46 UTC 2022 - Richard Brown <rbrown@suse.com>

- Add missing comma to previous change

-------------------------------------------------------------------
Mon Jun  6 12:56:19 UTC 2022 - Lubos Kocman <lubos.kocman@suse.com>

- Add registry.suse.com as agreed on oSC22
  Let's advertise usage of BCI images in general

-------------------------------------------------------------------
Thu Feb  3 19:43:19 UTC 2022 - Bruno Leon <bruno.leon@suse.com>

- Update storage to 1.38.2
- Update image to 5.19.1
- Update Podman to 3.4.4
- Update common to 0.47.3

-------------------------------------------------------------------
Tue Jan 11 12:56:24 UTC 2022 - Dan Čermák <dcermak@suse.com>

- Switch registries.conf to v2 format

-------------------------------------------------------------------
Fri Sep 17 10:20:19 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Update common to 0.44.0

0.42.3:

* (*libimage.Image).HasDifferentDigest: add authentication

0.42.2:

Backports for Podman 3.3.2
    Fix the fallback runtime path
    Switch default Rootless Networking to "CNI" for OSX
    libimage: disk usage: catch corrupted images
    set GOPROXY=https://proxy.golang.org

0.44.0:

Add HelperBinariesDir field to engine config
    Add space trimming check in sysctl.Validate
    Cirrus: Use fresher VM images
    Fix `pkg/sysctl` path typo
    Fix the fallback runtime path
    Switch default Rootless Networking to "CNI" for OSX
    Update pkg/sysctl/sysctl.go
    add some cni plugin paths
    build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0
    build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0
    build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0
    build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
    build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
    docs/containers.conf.5.md: Fix manpage section
    fix untag + v0.43.2
    libimage: disk usage: catch corrupted images
    libimage: relax untag by digest checks
    path: dest paths inside container should always be treated as *nix type
    remove-image: Add optional `LookupManifest` to RemoveImagesOptions.
    runtime: Add ReturnManifestIfPresent to LookupImageOptions
    runtime: Add `ManifestList` to `LookupImageOptions`
    seccomp: allow memfd_secret

0.43.2:

* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type

0.43.1:

Fix spelling mistakes
Fix examples in containers.conf

0.43.0:

Add documentation for Containerfile and Dockerfile
    Remove no_libsubid flag
    Add machine_image to containers.conf
    build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0
    build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4
    Add machine_image to containers.conf
    Switch default logdriver and eventslogger to journald, if root
    build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
    build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0
    libimage: {un}tag: reject digests
    build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
    style: complete containers#556 to-do list part 4
    build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0
    set GOPROXY=https://proxy.golang.org

0.42.1:

* pull: fallthrough for registry parsing errors

0.42.0:

* Remove --accept-repositories flag
* pull policy: support camel cases
* Use authfile in options to search image
* vendor in containers/storage v1.33.0
* config: split arguments in DBUS_SESSION_BUS_ADDRESS
* pkg/seccomp: avoid DefaultErrnoRet: null
* Add and use libimage.Runtime.imageIDsForManifest()
* Add libimage/manifests.LockerForImage()
* Add support for path based registry in login/logout
* libimage: pull: normalize docker-daemon
* libimage: report all removed images
* libruntime: layer tree: handle empty images
* refine dangling filters
* libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location
* build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
* pull with custom platform: handle "localhost/"
* User option to prepare container after creation for volume copy-up. Docker does this by default.
* add config option for ChownCopiedFiles
* build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6
* libimage: image tree: fix nil deref

- Update podman to 3.3.1

3.3.1:

### Bugfixes
- Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)).
- Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances.
- Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace ([#11303](https://github.com/containers/podman/issues/11303)).
- Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions.
- Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated ([#11158](https://github.com/containers/podman/issues/11158)).
- Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path ([#11358](https://github.com/containers/podman/issues/11358)).

### API
- A large number of potential file descriptor leaks from improperly closing client connections have been fixed.

3.3.0:

### Features
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.

### Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- Systemd unit files generated by `podman generate systemd` now use `Type=notify` by default, instead of using PID files.
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.

### Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to build when run on Windows ([#11259](https://github.com/containers/podman/issues/11259)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where named volumes created using a volume plugin would be removed from Podman, even if the plugin reported a failure to remove the volume ([#11214](https://github.com/containers/podman/issues/11214)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
- Fixed a bug where rootless Podman containers joined to a CNI network would not have functional DNS when the host used systemd-resolved without the resolved stub resolver being enabled ([#11222](https://github.com/containers/podman/issues/11222)).
- Fixed a bug where `podman network connect` and `podman network disconnect` of rootless containers could sometimes break port forwarding to the container ([#11248](https://github.com/containers/podman/issues/11248)).
- Fixed a bug where joining a container to a CNI network by ID and adding network aliases to this network would cause the container to fail to start ([#11285](https://github.com/containers/podman/issues/11285)).

### API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Build endpoint for Images was too strict when validating the `Content-Type` header, rejecting content that Docker would have accepted ([#11022](https://github.com/containers/podman/issues/11012)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.

### Misc
- Updated Buildah to v1.22.3
- Updated the containers/storage library to v1.34.1
- Updated the containers/image library to v5.15.2
- Updated the containers/common library to v0.42.1

3.3.0-RC3:

This is the third release candidate of Podman v3.3.0

Preliminary release notes follow:
### Features
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.

### Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.

### Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.

### API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.

### Misc
- Updated Buildah to v1.22.0
- Updated the containers/storage library to v1.34.1
- Updated the containers/image library to v5.15.1
- Updated the containers/common library to v0.42.1

3.3.0-RC2:

### Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.

### Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.

### API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.

### Misc
- Updated Buildah to v1.22.0
- Updated the containers/storage library to v1.33.1
- Updated the containers/image library to v5.15.0
- Updated the containers/common library to v0.42.1

- Update storage to 1.36.0

1.36.0:

(*Store)Layer(): fix race when loading layers
    Add Inodes to OverlayOptionsConfig
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.8.22
    build(deps): bump github.com/containerd/stargz-snapshotter/estargz
    build(deps): bump github.com/klauspost/compress from 1.13.4 to 1.13.5
    build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
    chunked: cache all the files with the same digest
    chunked: do not store the digest if it is empty
    chunked: estargz support
    chunked: fix linkat for rootless
    chunked: restrict dedup with hard links

1.35.0:

chunked: add new pull options use_hard_links and enable_partial_images
    build(deps): bump github.com/vbatts/tar-split from 0.11.1 to 0.11.2
    build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
    Update golang.org/x/sys
    Add LayerOptions.OriginalDigest and LayerOptions.UncompressedDigest
    Separate the IDMappingOptions logic from other LayerOptions work
    Reorganize uncompressedCounter
    Only compute {un,}compressedDigester.Digest() once
    Reorganize the "defragmented" reader construction a bit.
    Rename {un,}compressedDigest to {un,}compressedDigester
    Have NewReadCloserWrapper pass through io.WriterTo
    chunked: remove unused args
    chunked: fix fd leak on error
    chunked: remove unused argument missingDirsMode
    chunked: add new pull option use_hard_links
    chunked: allow to disable partial images feature

1.34.1:

types: on error fallback to filepath.Clean()
    build(deps): bump github.com/klauspost/compress from 1.13.3 to 1.13.4
    Add codespell fixes
    ApplyDiff: compress saved headers without concurrency
    build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4

1.34.0:

overlay: check for aufs-style whiteout at startup
    Invert libsubid tag

1.33.2:

build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
    Follow symlinks if they exists
    idtools: add support for libsubid
    Makefile: use buildtags for golangci-lint
    Cirrus: Use fresh VM & Container images
    build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
    build(deps): bump github.com/klauspost/compress from 1.13.1 to 1.13.3

1.33.1:

Fix handling of quota on volumes

1.33.0:

Add inode support to quota
    Creating fifo files while non root should be supported
    Revert #952, we don't want to use /run/user on non systemd systems
    Split pkg/chunked.ZstdCompressor into a separate subpackage
    Update docs/containers-storage.conf.5.md
    build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
    overlay: check if we can mknod() kernel whiteout

- Update image to 5.16.0

v0.44.0:
* Add HelperBinariesDir field to engine config
* Add space trimming check in sysctl.Validate
* Cirrus: Use fresher VM images
* Fix `pkg/sysctl` path typo
* Fix the fallback runtime path
* Switch default Rootless Networking to "CNI" for OSX
* Update pkg/sysctl/sysctl.go
* add some cni plugin paths
* build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0
* build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0
* build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0
* build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
* build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
* docs/containers.conf.5.md: Fix manpage section
* fix untag + v0.43.2
* libimage: disk usage: catch corrupted images
* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type
* remove-image: Add optional `LookupManifest` to RemoveImagesOptions.
* runtime: Add ReturnManifestIfPresent to LookupImageOptions
* runtime: Add `ManifestList` to `LookupImageOptions`
* seccomp: allow memfd_secret

v0.43.2:
* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type

v0.43.1:
* Fix spelling mistakes
* Fix examples in containers.conf

v0.43.0:
* Add documentation for Containerfile and Dockerfile
* Remove no_libsubid flag
* Add machine_image to containers.conf
* build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0
* build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4
* Add machine_image to containers.conf
* Switch default logdriver and eventslogger to journald, if root
* build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
* build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0
* libimage: {un}tag: reject digests
* build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
* style: complete containers#556 to-do list part 4
* build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0
* set GOPROXY=https://proxy.golang.org

v0.42.1:
* pull: fallthrough for registry parsing errors

v0.42.0:
* Remove --accept-repositories flag
* pull policy: support camel cases
* Use authfile in options to search image
* vendor in containers/storage v1.33.0
* config: split arguments in DBUS_SESSION_BUS_ADDRESS
* pkg/seccomp: avoid DefaultErrnoRet: null
* Add and use libimage.Runtime.imageIDsForManifest()
* Add libimage/manifests.LockerForImage()
* Add support for path based registry in login/logout
* libimage: pull: normalize docker-daemon
* libimage: report all removed images
* libruntime: layer tree: handle empty images
* refine dangling filters
* libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location
* build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
* pull with custom platform: handle "localhost/"
* User option to prepare container after creation for volume copy-up. Docker does this by default.
* add config option for ChownCopiedFiles
* build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6
* libimage: image tree: fix nil deref

-------------------------------------------------------------------
Fri Sep 17 09:23:33 UTC 2021 - Richard Brown <rbrown@suse.com>

- Comment out ostree_repo if it's blank [boo#1189893]

-------------------------------------------------------------------
Mon Sep  6 16:08:36 UTC 2021 - Richard Brown <rbrown@suse.com>

- Comment out ostree_repo [boo#1189893]

-------------------------------------------------------------------
Fri Jul 23 08:31:52 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Update common to 0.41.0

0.38.18:

[0.38] seccomp: add support for defaultErrnoRet

0.41.0:

Allow /etc/containers/containers.conf to be read by non-root
    Created numMem_linux.go and numMem.go and nummem_unsupported.go
    Fix default definition of secrets in containers.conf
    Report bad entries in containers.conf to the user
    add shelldriver.
    build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
    build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5
    build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1
    build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0
    build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1
    feat: add shell secret driver.
    libimage: LookupImage: remove IgnorePlatform option
    libimage: `(*Runtime).SystemContext()`
    libimage: events: deferred write
    libimage: force internal image lookups to ignore arch
    libimage: import: fix tags
    libimage: pull: enforce pull policy for custom platforms
    libimage: pull: ignore platform for local image lookup
    libimage: pull: override even --pull=never with custom platform
    pull: custom platform: do not use local image name

0.38.13:

* libimage: events: deferred write

0.38.12:

* pull: custom platform: do not use local image name

0.40.1:

Vendor in containers/image v5.13.2
    seccomp: tweak default profile (followup for #573)
    libimage: lookup images by custom platform
    libimage: force remove: only untag on multi tag image
    build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1
    Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
    seccomp: always allow get_mempolicy, set_mempolicy, mbind
    seccomp: let membarrier fail with ENOSYS
    seccomp: allow rseq
    seccomp: allow pkey_*
    seccomp: let io_uring_* fail with ENOSYS
    seccomp: allow clone3

0.40.0:

Add default for log-tag
    Add support for config drop in directories
    Do not set the default netns
    Don't use systemd defaults if /proc/1/comm != systemd
    Fix spacing on name value pairs to be consistent
    Leave default seccomp path empty
    Sort containers.conf and containers.conf.5.md
    Strip extra trailing newlines in templates
    Tests are writing customer config to host machine
    Use SetCredentials and add verbose to loginopts
    [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md
    add 'secret' section to the containers.conf struct.
    add @Luap99 to OWNERS
    add passdriver for secrets.
    build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0
    build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2
    build(deps): bump github.com/docker/docker
    build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2
    build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4
    build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0
    build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
    fix autodiscovery of the secret passdriver.
    fixed comments
    libimage: fix Exists
    libimage: pull: turn image-lookup errors non-fatal
    libmage: Exists: catch corrupted images
    made necessary changes to handle OS/Arch while importing an image
    pkg/config: fix systemd compile errors
    pull: don't resolve short names on explicit docker:// reference
    seccomp: add support for defaultErrnoRet
    seccomp: allow more *_time64 syscalls
    seccomp: allow timer_settime64
    seccomp: switch default to ENOSYS
    secrets: fix build with go 1.15
    support tag@digest notation

0.39.0:

Vendor in containers/storage v1.32.0
    Ensure configuration directory is created for networks
    Include gateway in generated default networks
    Use Private as default for rootless when we want CNI
    rootless networking
    libimage: add some comments
    libimage: add more image tests
    build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0
    rootless_networking = "slirp4netns | cni"
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95

- Update podman to 3.2.3

3.2.3:

### Security
- This release addresses CVE-2021-3602, an issue with the `podman build` command with the `--isolation chroot` flag that results in environment variables from the host leaking into build containers.

### Bugfixes
- Fixed a bug where events related to images could occur before the relevant operation had completed (e.g. an image pull event could be written before the pull was finished) ([#10812](https://github.com/containers/podman/issues/10812)).
- Fixed a bug where `podman save` would refuse to save images with an architecture different from that of the host ([#10835](https://github.com/containers/podman/issues/10835)).
- Fixed a bug where the `podman import` command did not correctly handle images without tags ([#10854](https://github.com/containers/podman/issues/10854)).
- Fixed a bug where Podman's journald events backend would fail and prevent Podman from running when run on a host with systemd as PID1 but in an environment (e.g. a container) without systemd ([#10863](https://github.com/containers/podman/issues/10863)).
- Fixed a bug where containers using rootless CNI networking would fail to start when the `dnsname` CNI plugin was in use and the host system's `/etc/resolv.conf` was a symlink ([#10855](https://github.com/containers/podman/issues/10855) and [#10929](https://github.com/containers/podman/issues/10929)).
- Fixed a bug where containers using rootless CNI networking could fail to start due to a race in rootless CNI initialization ([#10930](https://github.com/containers/podman/issues/10930)).

### Misc
- Updated Buildah to v1.21.3
- Updated the containers/common library to v0.38.16

- Update storage to 1.32.6

1.32.6:

Fix runtime panic for opening lockfile if parent dir got removed
    Cleanup exclude exceptions path
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.17 to 0.8.20
    Add test for bad entries in storage.conf
    chunked: fix the path used for layers dedup
    Report bad entries in storage.conf to the user
    Use /run/user/UID in rootless mode if writable

- Update image to 5.14.0

v0.41.0:
* Allow /etc/containers/containers.conf to be read by non-root
* Created numMem_linux.go and numMem.go and nummem_unsupported.go
* Fix default definition of secrets in containers.conf
* Report bad entries in containers.conf to the user
* add shelldriver.
* build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
* build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5
* build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1
* build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0
* build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1
* feat: add shell secret driver.
* libimage: LookupImage: remove IgnorePlatform option
* libimage: `(*Runtime).SystemContext()`
* libimage: events: deferred write
* libimage: force internal image lookups to ignore arch
* libimage: import: fix tags
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* libimage: pull: override even --pull=never with custom platform
* pull: custom platform: do not use local image name

v0.40.1:
* Vendor in containers/image v5.13.2
* seccomp: tweak default profile (followup for #573)
* libimage: lookup images by custom platform
* libimage: force remove: only untag on multi tag image
* build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
* seccomp: always allow get_mempolicy, set_mempolicy, mbind
* seccomp: let membarrier fail with ENOSYS
* seccomp: allow rseq
* seccomp: allow pkey_*
* seccomp: let io_uring_* fail with ENOSYS
* seccomp: allow clone3

v0.40.0:
* Add default for log-tag
* Add support for config drop in directories
* Do not set the default netns
* Don't use systemd defaults if /proc/1/comm != systemd
* Fix spacing on name value pairs to be consistent
* Leave default seccomp path empty
* Sort containers.conf and containers.conf.5.md
* Strip extra trailing newlines in templates
* Tests are writing customer config to host machine
* Use SetCredentials and add verbose to loginopts
* [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md
* add 'secret' section to the containers.conf struct.
* add @Luap99 to OWNERS
* add passdriver for secrets.
* build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0
* build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2
* build(deps): bump github.com/docker/docker
* build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2
* build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4
* build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0
* build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
* fix autodiscovery of the secret passdriver.
* fixed comments
* libimage: fix Exists
* libimage: pull: turn image-lookup errors non-fatal
* libmage: Exists: catch corrupted images
* made necessary changes to handle OS/Arch while importing an image
* pkg/config: fix systemd compile errors
* pull: don't resolve short names on explicit docker:// reference
* seccomp: add support for defaultErrnoRet
* seccomp: allow more *_time64 syscalls
* seccomp: allow timer_settime64
* seccomp: switch default to ENOSYS
* secrets: fix build with go 1.15
* support tag@digest notation

v0.39:
* Vendor in containers/storage v1.32.0
* Ensure configuration directory is created for networks
* Include gateway in generated default networks
* Use Private as default for rootless when we want CNI
* rootless networking
* libimage: add some comments
* libimage: add more image tests
* build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0
* rootless_networking = "slirp4netns | cni"
* build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95

-------------------------------------------------------------------
Tue Jun 29 07:38:39 UTC 2021 - Fabian Vogt <fvogt@suse.com>

- Mention libcontainers-common.rpmlintrc as source
- Use versioned obsoletes

-------------------------------------------------------------------
Fri Jun 25 22:37:43 UTC 2021 - Enrico Belleri <idesmi@protonmail.com>

- Update common to 0.38.11

0.38.11:

* Strip extra trailing newlines in templates
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp

0.38.10:

* libimage: pull: override even --pull=never with custom platfo
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* Allow /etc/containers/containers.conf to be read by non-root
* [0.38] libimage: force remove: only untag on multi tag image

0.38.9:

* libimage: fix Exists

0.38.8:

* libmage: Exists: catch corrupted images

0.38.7:

* libimage: pull: turn image-lookup errors non-fatal

0.38.6:

* [0.38] Leave default seccomp path empty

0.38.5:

* pull: don't resolve short names on explicit docker:// reference

0.38.4:

Revert "Do not emit warnings about OCI runtime paths"
    libimage: lookup: tolerate corrupted image

0.38.3:

build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1
    libimage: fix manifest list lookup

- Update podman to 3.2.2

3.2.2:

### Changes
- Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based on an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)).
- Podman no longer uses inotify to monitor for changes to CNI configurations. This removes potential issues where Podman cannot be run because a user has exhausted their available inotify sessions ([#10686](https://github.com/containers/podman/issues/10686)).

### Bugfixes
- Fixed a bug where the `podman cp` would, when given a directory as its source and a target that existed and was a file, copy the contents of the directory into the parent directory of the file; this now results in an error.
- Fixed a bug where the `podman logs` command would, when following a running container's logs, not include the last line of output from the container when it exited when the `k8s-file` driver was in use ([#10675](https://github.com/containers/podman/issues/10675)).
- Fixed a bug where Podman would fail to run containers if `systemd-resolved` was incorrectly detected as the system's DNS server ([#10733](https://github.com/containers/podman/issues/10733)).
- Fixed a bug where the `podman exec -t` command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set ([#10560](https://github.com/containers/podman/issues/10560)).
- Fixed a bug where Podman containers using the `slirp4netns` network mode would add an incorrect entry to `/etc/hosts` pointing the container's hostname to the wrong IP address.
- Fixed a bug where Podman would create volumes specified by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)).
- Fixed a bug where Podman would not respect the `uid` and `gid` options to `podman volume create -o` ([#10620](https://github.com/containers/podman/issues/10620)).
- Fixed a bug where the `podman run` command could panic when parsing the system's cgroup configuration ([#10666](https://github.com/containers/podman/issues/10666)).
- Fixed a bug where the remote Podman client's `podman build -f - ...` command did not read a Containerfile from STDIN ([#10621](https://github.com/containers/podman/issues/10621)).
- Fixed a bug where the `podman container restore --import` command would fail to restore checkpoints created from privileged containers ([#10615](https://github.com/containers/podman/issues/10615)).
- Fixed a bug where Podman was not respecting the `TMPDIR` environment variable when pulling images ([#10698](https://github.com/containers/podman/issues/10698)).
- Fixed a bug where a number of Podman commands did not properly support using Go templates as an argument to the `--format` option.

### API
- Fixed a bug where the Compat Inspect endpoint for Containers did not include information on container healthchecks ([#10457](https://github.com/containers/podman/issues/10457)).
- Fixed a bug where the Libpod and Compat Build endpoints for Images did not properly handle the `devices` query parameter ([#10614](https://github.com/containers/podman/issues/10614)).

### Misc
- Fixed a bug where the Makefile's `make podman-remote-static` target to build a statically-linked `podman-remote` binary was instead producing dynamic binaries ([#10656](https://github.com/containers/podman/issues/10656)).
- Updated the containers/common library to v0.38.11

3.2.1:

### Changes
- Podman now allows corrupt images (e.g. from restarting the system during an image pull) to be replaced by a `podman pull` of the same image (instead of requiring they be removed first, then re-pulled).

### Bugfixes
- Fixed a bug where Podman would fail to start containers if a Seccomp profile was not available at `/usr/share/containers/seccomp.json` ([#10556](https://github.com/containers/podman/issues/10556)).
- Fixed a bug where the `podman machine start` command failed on OS X machines with the AMD64 architecture and certain QEMU versions ([#10555](https://github.com/containers/podman/issues/10555)).
- Fixed a bug where Podman would always use the slow path for joining the rootless user namespace.
- Fixed a bug where the `podman stats` command would fail on Cgroups v1 systems when run on a container running systemd ([#10602](https://github.com/containers/podman/issues/10602)).
- Fixed a bug where pre-checkpoint support for `podman container checkpoint` did not function correctly.
- Fixed a bug where the remote Podman client's `podman build` command did not properly handle the `-f` option ([#9871](https://github.com/containers/podman/issues/9871)).
- Fixed a bug where the remote Podman client's `podman run` command would sometimes not resize the container's terminal before execution began ([#9859](https://github.com/containers/podman/issues/9859)).
- Fixed a bug where the `--filter` option to the `podman image prune` command was nonfunctional.
- Fixed a bug where the `podman logs -f` command would exit before all output for a container was printed when the `k8s-file` log driver was in use ([#10596](https://github.com/containers/podman/issues/10596)).
- Fixed a bug where Podman would not correctly detect that systemd-resolved was in use on the host and adjust DNS servers in the container appropriately under some circumstances ([#10570](https://github.com/containers/podman/issues/10570)).
- Fixed a bug where the `podman network connect` and `podman network disconnect` commands acted improperly when containers were in the Created state, marking the changes as done but not actually performing them.

### API
- Fixed a bug where the Compat and Libpod Prune endpoints for Networks returned null, instead of an empty array, when nothing was pruned.
- Fixed a bug where the Create API for Images would continue to pull images even if a client closed the connection mid-pull ([#7558](https://github.com/containers/podman/issues/7558)).
- Fixed a bug where the Events API did not include some information (including labels) when sending events.
- Fixed a bug where the Events API would, when streaming was not requested, send at most one event ([#10529](https://github.com/containers/podman/issues/10529)).

### Misc
- Updated the containers/common library to v0.38.9

3.2.0:

### Features
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.

### Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.

### Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate systemd --new` command would generate unit files that did not include `RequiresMountsFor` lines ([#10493](https://github.com/containers/podman/issues/10493)).
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
- Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)).
- Fixed a bug where filters to the `podman events` command could not be specified twice (if a filter is specified more than once, it will match if any of the given values match - logical or) ([#10507](https://github.com/containers/podman/issues/10507)).
- Fixed a bug where Podman would include IPv6 nameservers in `resolv.conf` in containers without IPv6 connectivity ([#10158](https://github.com/containers/podman/issues/10158)).
- Fixed a bug where containers could not be created with static IP addresses when connecting to a network using the `macvlan` driver ([#10283](https://github.com/containers/podman/issues/10283)).

### API
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
- Fixed a bug where the Compat Push endpoint for Images could leak goroutines if the remote end closed the connection prematurely.

### Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.5
- Updated the containers/storage library to v1.31.3

3.2.0-RC3:

This is the third release candidate for Podman v3.2.0. We expect it will be the final RC.

Preliminary release notes follow:

### Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
- Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)).

### Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.4
- Updated the containers/storage library to v1.31.1

3.2.0-RC2:

This is the second release candidate for Podman v3.2.0. We expect a final RC early next week, and a final release late next week if all goes well

Preliminary release notes follow:

### Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile Podman is using, and whether Podman is connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.

### Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).

### Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.4
- Updated the containers/storage library to v1.31.1

3.2.0-RC1:

This is the first release candidate for the Podman v3.2.0 release. Podman 3.2.0 features improved rootless networking (including support for rootless Docker compose), a rewritten image backend, and numerous other changes.

Full release notes will be available with the release of RC2 next week.

- Update storage to 1.32.5

1.32.5:

Fix handling of user namespace

1.32.4:

Vendor in opencontainers/runc v1.0.0
    overlay: fix check for rootless native diff

1.32.3:

Reload layer storage if layers.json got externally modified
    build(deps): bump github.com/klauspost/compress from 1.13.0 to 1.13.1
    Fix cancel deferred remove bug
    Cirrus: Fix references to master branch
    [CI:DOCS] Fix docs links due to branch rename

1.32.2:

lockfile: merge Seek+Read/Write into Pread/Pwrite
    Added support for CONTAINERS_STORAGE_CONF override
    canUseShifting can segfault
    build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12
    build(deps): bump github.com/klauspost/compress from 1.12.3 to 1.13.0
    overlay: make userxattr,metacopy=on debug message
    build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2

1.31.3:

* store: ReloadIfChanged propagates errors from Modified()
* store: load additional image stores once
* store: fix graphLock reload

1.32.1:

store: fix graphLock reload
    store: ReloadIfChanged propagates errors from Modified()
    store: load additional image stores once
    delete_internal: return error early
    build(deps): bump github.com/klauspost/compress from 1.12.2 to 1.12.3

1.32.0:

chunked: fix build on other platforms
    Avoid failure when umount an unmounted mountpoint
    overlay: enable native diff for fuse-overlayfs
    Enable to export layers from Additional Layer Store

1.31.2:

build(deps): bump github.com/Microsoft/go-winio from 0.4.17 to 0.5.0
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
    reintroduce store: allow shifting only with contiguous mappings
    overlay: check for unix.ENOTSUP
    archive/overlay: ignore failures from nested whiteouts
    overlay: honor DisableShifting
    store: allow shifting only with contiguous mappings

1.31.1:

Revert "store: allow shifting only with contiguous mappings"

- Update image to 5.13.2

v0.38.11:
* Strip extra trailing newlines in templates
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp

v0.38.10:
* libimage: pull: override even --pull=never with custom platfo
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* Allow /etc/containers/containers.conf to be read by non-root
* [0.38] libimage: force remove: only untag on multi tag image

v0.38.9:
* libimage: fix Exists

v0.38.8:
* libmage: Exists: catch corrupted images

v0.38.7:
* libimage: pull: turn image-lookup errors non-fatal

v0.38.6:
* [0.38] Leave default seccomp path empty

v0.38.5:
* pull: don't resolve short names on explicit docker:// reference

v0.38.4:
* Revert "Do not emit warnings about OCI runtime paths"
* libimage: lookup: tolerate corrupted image

v0.38.3:
* build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1
* libimage: fix manifest list lookup

-------------------------------------------------------------------
Tue May 18 09:28:28 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Update image to 5.12.0

v0.38.2:
* libimage: add save tests
* libimage/Image.HasDifferentDigest: handle manifest lists
* libimage: push: ignore image platform
* Cirrus: Use config. in common with all repos.
* libimage: add import test
* Fix handling of all capabilities
* libimage: add save tests
* containers.conf: don't set default logging driver

v0.38.1:
* libimage: add save tests
* libimage/Image.HasDifferentDigest: handle manifest lists
* libimage: push: ignore image platform
* Cirrus: Use config. in common with all repos.
* libimage: add import test
* Fix handling of all capabilities
* libimage: add save tests
* containers.conf: don't set default logging driver

v0.38.1:
* adjust log-driver defaults
* Do not emit warnings about OCI runtime paths
* build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3
* [NO TESTS NEEDED] Fix reading configs on mac and windows
* libimage: add push tests
* build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
* libimage: fix pull from dir
* libimage: add load unit tests
* Only close EventChannel if it has been created.

v0.38:
* build(deps): bump github.com/docker/docker
* libimage: add an events system
* libimage: add unit tests
* libimage: rename dockerTransport to registryTransport
* Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
* pull: simplify transports switch
* Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix
* Add support for codespell, and fix issues found
* libimage: restore the ability to pull from docker-daemon and tarball
* Swap default logging to journald
* fix image tree
* Add support for creating default CNI network
* Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
* Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
* Add a default network creation package
* Add ability to specify a subnet for the default network
* libimage: follow-up changes

v0.37.1:
* Bump github.com/containers/storage from 1.30.0 to 1.30.1
* Add support for the runsc OCI Runtime
* Add support for machine_enabled in containers.conf
* modify README.md: Contributing section finetuning
* Add support for image_parallel_copies in containers.conf
* Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1

- Update common to 0.38.2

0.38.2:

libimage: add save tests
    libimage/Image.HasDifferentDigest: handle manifest lists
    libimage: push: ignore image platform
    Cirrus: Use config. in common with all repos.
    libimage: add import test
    Fix handling of all capabilities
    libimage: add save tests
    containers.conf: don't set default logging driver

0.38.1:

adjust log-driver defaults
    Do not emit warnings about OCI runtime paths
    build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
    build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3
    [NO TESTS NEEDED] Fix reading configs on mac and windows
    libimage: add push tests
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
    libimage: fix pull from dir
    libimage: add load unit tests
    Only close EventChannel if it has been created.

0.38.0:

build(deps): bump github.com/docker/docker
    libimage: add an events system
    libimage: add unit tests
    libimage: rename dockerTransport to registryTransport
    Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
    pull: simplify transports switch
    Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix
    Add support for codespell, and fix issues found
    libimage: restore the ability to pull from docker-daemon and tarball
    Swap default logging to journald
    fix image tree
    Add support for creating default CNI network
    Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
    Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
    Add a default network creation package
    Add ability to specify a subnet for the default network
    libimage: follow-up changes

0.37.1:

Bump github.com/containers/storage from 1.30.0 to 1.30.1
    Add support for the runsc OCI Runtime
    Add support for machine_enabled in containers.conf
    modify README.md: Contributing section finetuning
    Add support for image_parallel_copies in containers.conf
    Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1

- Update storage to 1.31.0

1.31.0:

Update docs/containers-storage.conf.5.md
    store: add option to disable volatile
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.16 to 0.8.17
    Enable zstd:chunked support in containers/image
    overlay: honor DisableShifting
    store: allow shifting only with contiguous mappings
    idtools: new function IsContiguous
    store: replace Modified+Load with ReloadIfChanged
    store: new method ROFileBasedStore.ReloadIfChanged()
    Expand the scope of transaction in the process of deleting device
    Remove unlock/lock caused by Incorrect assumption

1.30.3:

Update to F34 and U2104
    Update vendor opencontainers/selinux v1.8.1
    AUFS not supported in Ubuntu 21.04+
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
    TestMatch: handle cases where NewPatternMatcher catches syntax errors

1.30.2:

Switch from ffjson to json-iterator
    Remove dependencies on ffjson
    Expand Variables on rootlessStoragePath
    Log expected rootless overlay mount failures as debug level

-------------------------------------------------------------------
Thu Apr 29 09:06:07 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Update common to 0.37.0

0.37.0:

new libimage package
    Bump github.com/containers/storage from 1.29.0 to 1.30.0
    config: suggest enable-linger only if euid != 0
    Change log message in findRuntime()
    Add setns to default seccomp.json
    Cleanup debugf information to make debugging more useful

- Update podman to 3.1.2

3.1.2:

### Bugfixes
- Fixed a bug where images with empty layers were stored incorrectly, causing them to be unable to be pushed or saved.
- Fixed a bug where the `podman rmi` command could fail to remove corrupt images from storage.
- Fixed a bug where the remote Podman client's `podman save` command did not support the `oci-dir` and `docker-dir` formats ([#9742](https://github.com/containers/podman/issues/9742)).
- Fixed a bug where volume mounts from `podman play kube` created with a trailing `/` in the container path were were not properly superceding named volumes from the image ([#9618](https://github.com/containers/podman/issues/9618)).
- Fixed a bug where Podman could fail to build on 32-bit architectures.

### Misc
- Updated the containers/image library to v5.11.1

- Update storage to 1.30.1

1.30.1:

Allow users to tag images in read/only image stores
    build(deps): bump github.com/klauspost/compress from 1.12.1 to 1.12.2
    Validate selinux label before attempting to use it

1.30.0:

unshare: new function HasCapSysAdmin
    btrfs: Do not disable quota on cleanup
    build(deps): bump github.com/klauspost/compress from 1.11.13 to 1.12.1

- Update image to 5.11.1

* new libimage package
* Bump github.com/containers/storage from 1.29.0 to 1.30.0
* config: suggest enable-linger only if euid != 0
* Change log message in findRuntime()
* Add setns to default seccomp.json
* Cleanup debugf information to make debugging more useful

-------------------------------------------------------------------
Mon Apr 19 12:21:56 UTC 2021 - Richard Brown <rbrown@suse.com>

- Force overlay as default storage driver if system is not btrfs
  (gh#containers/buildah#3153)

-------------------------------------------------------------------
Mon Apr 19 11:03:30 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Update common to 0.36.0

0.36.0:

no changelog found

0.35.4:

pkg/seccomp: simplify and fix IsSupported
    pkg/seccomp: use sync.Once to speed up IsSupported
    capabilities: ALL returns the bounding set
    capabilities: memoize BoundingSet
    capabilities: add new method BoundingSet()
    Update pause image to 3.5

- Update podman to 3.1.1

3.1.1:

### Changes
- Podman now recognizes `trace` as a valid argument to the `--log-level` command. Trace logging is now the most verbose level of logging available.
- The `:z` and `:Z` options for volume mounts are now ignored when the container is privileged or is run with SELinux isolation disabled (`--security-opt label=disable`). This matches better matches Docker's behavior in this case.

### Bugfixes
- Fixed a bug where pruning images with the `podman image prune` or `podman system prune` commands could cause Podman to panic.
- Fixed a bug where the `podman save` command did not properly error when the `--compress` flag was used with incompatible format types.
- Fixed a bug where the `--security-opt` and `--ulimit` options to the remote Podman client's `podman build` command were nonfunctional.
- Fixed a bug where the `--log-rusage` option to the remote Podman client's `podman build` command was nonfunctional ([#9489](https://github.com/containers/podman/issues/9889)).
- Fixed a bug where the `podman build` command could, in some circumstances, use the wrong OCI runtime ([#9459](https://github.com/containers/podman/issues/9459)).
- Fixed a bug where the remote Podman client's `podman build` command could return 0 despite failing ([#10029](https://github.com/containers/podman/issues/10029)).
- Fixed a bug where the `podman container runlabel` command did not properly expand the `IMAGE` and `NAME` variables in the label ([#9405](https://github.com/containers/podman/issues/9405)).
- Fixed a bug where poststop OCI hooks would be executed twice on containers started with the `--rm` argument ([#9983](https://github.com/containers/podman/issues/9983)).
- Fixed a bug where rootless Podman could fail to launch containers on cgroups v2 systems when the `cgroupfs` cgroup manager was in use.
- Fixed a bug where the `podman stats` command could error when statistics tracked exceeded the maximum size of a 32-bit signed integer ([#9979](https://github.com/containers/podman/issues/9979)).
- Fixed a bug where rootless Podman containers run with `--userns=keepid` (without a `--user` flag in addition) would grant exec sessions run in them too many capabilities ([#9919](https://github.com/containers/podman/issues/9919)).
- Fixed a bug where the `--authfile` option to `podman build` did not validate that the path given existed ([#9572](https://github.com/containers/podman/issues/9572)).
- Fixed a bug where the `--storage-opt` option to Podman was appending to, instead of overriding (as is documented), the default storage options.
- Fixed a bug where the `podman system service` connection did not function properly when run in a socket-activated systemd unit file as a non-root user.
- Fixed a bug where the `--network` option to the `podman play kube` command of the remote Podman client was being ignored ([#9698](https://github.com/containers/podman/issues/9698)).
- Fixed a bug where the `--log-driver` option to the `podman play kube` command was nonfunctional ([#10015](https://github.com/containers/podman/issues/10015)).

### API
- Fixed a bug where the Libpod Create endpoint for Manifests did not properly validate the image the manifest was being created with.
- Fixed a bug where the Libpod DF endpoint could, in error cases, append an extra null to the JSON response, causing decode errors.
- Fixed a bug where the Libpod and Compat Top endpoint for Containers would return process names that included extra whitespace.
- Fixed a bug where the Compat Prune endpoint for Containers accepted too many types of filter.

### Misc
- Updated Buildah to v1.20.1
- Updated the containers/storage library to v1.29.0
- Updated the containers/image library to v5.11.0
- Updated the containers/common library to v0.36.0

- Update storage to 1.29.0

1.29.0:

ReloadConfigurationFile should Reset storage options
    rootless overlay: use user.* instead of trusted.*
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.15 to 0.8.16
    Support additional layer store
    overlay, rootless: use user.* instead of trusted.*
    archive, rootless: use user.* instead of trusted.*
    copy, rootless: skip copying trusted.* xattr
    Make sure rootless mounts support the userxattr flag
    Rework autons ID mapping generation.
    Set default to overlay from storage.conf
    build(deps): bump github.com/klauspost/compress from 1.11.12 to 1.11.13

- Update image to 5.11.0

* no changelog found

-------------------------------------------------------------------
Tue Mar 30 08:37:09 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Update common to 0.35.3

0.35.3:

* capabilities: add new method BoundingSet()
* Bump github.com/containers/storage from 1.27.0 to 1.28.0
* Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
* Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
* Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
* Remove `vendor` from dependabot config
* Add dependabot config file to support vendoring
* Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
* Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
* Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5

0.35.2:

Vendor in containers/common and start using types subdir.
            shrink the vendoring size of containers/common/pkg/config
    Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4

- Update podman to 3.1.0

3.1.0:

### Features
- A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.
- A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)).
- The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)).
- Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists.
- The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container.
- The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)).
- The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options.
- The Podman remote client's `podman push` command now supports the `--format` option.
- The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options.
- The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options.
- The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)).
- The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files.
- The `podman generate kube` command can now generate `PersistentVolumeClaim` YAML for Podman named volumes ([#5788](https://github.com/containers/podman/issues/5788)).
- The `podman generate kube` command can now generate YAML files containing multiple resources (pods or deployments) ([#9129](https://github.com/containers/podman/issues/9129)).

### Security
- This release resolves CVE-2021-20291, a deadlock vulnerability in the storage library caused by pulling a specially-crafted container image.

### Changes
- The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.
- The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID.
- When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)).
- The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.
- The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.
- Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)).
- The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.
- The `podman generate systemd` command now generates `RequiresMountsFor` lines to ensure necessary storage directories are mounted before systemd starts Podman.
- Podman will now emit a warning when `--tty` and `--interactive` are both passed, but `STDIN` is not a TTY. This will be made into an error in the next major Podman release some time next year.

### Bugfixes
- Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)).
- Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)).
- Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)).
- Fixed a bug where the `podman generate kube` command could not be used with containers that were not running.
- Fixed a bug where the `podman generate systemd` command could duplicate some parameters to Podman in generated unit files ([#9776](https://github.com/containers/podman/issues/9776)).
- Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers.
- Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers.
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend.
- Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly.
- Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)).
- Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)).
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)).
- Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)).
- Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)).
- Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist.
- Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers.
- Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)).
- Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)).
- Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)).
- Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances.
- Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)).
- Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)).
- Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build.
- Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)).
- Fixed a bug where the `--pull-never` option to `podman build` was nonfunctional ([#9573](https://github.com/containers/podman/issues/9573)).
- Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)).
- Fixed a bug where the `--isolation` option to `podman build` in the remote Podman client was nonfunctional.
- Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)).
- Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)).
- Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)).
- Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)).
- Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)).
- Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman.
- Fixed a bug where `podman commit` did not use the `TMPDIR` environment variable to place temporary files created during the commit ([#9825](https://github.com/containers/podman/issues/9825)).
- Fixed a bug where remote Podman could error when attempting to resize short-lived containers ([#9831](https://github.com/containers/podman/issues/9831)).
- Fixed a bug where Podman was unusable on kernels built without `CONFIG_USER_NS`.
- Fixed a bug where the ownership of volumes created by `podman volume create` and then mounted into a container could be incorrect ([#9608](https://github.com/containers/podman/issues/9608)).
- Fixed a bug where Podman volumes using a volume plugin could not pass certain options, and could not be used as non-root users.
- Fixed a bug where the `--tz` option to `podman create` and `podman run` did not properly validate its input.

### API
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value.
- A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)).
- Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now.
- Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response.
- Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response.
- Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter).
- Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body.
- Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)).
- Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options.
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)).
- Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)).
- The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)).
- Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)).
- Fixed a bug where the Libpod create endpoint for Containers has a misnamed field in its JSON.
- Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553))
- Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)).
- Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0.
- Fixed a bug where the compat and libpod Resize endpoints for Containers did not set the correct terminal sizes (dimensions were reversed) ([#9756](https://github.com/containers/podman/issues/9756)).
- Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)).
- Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified.
- Numerous bugs related to filters have been addressed.

### Misc
- Updated Buildah to v1.20.0
- Updated the containers/storage library to v1.28.1
- Updated the containers/image library to v5.10.5
- Updated the containers/common library to v0.35.4

3.1.0-RC2:

This is the second release candidate for Podman v3.1.0

Preliminary release notes are below. Please note that these are subject to change until the final release.

### Bugfixes
- Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)).
- Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)).
- Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)).
- Fixed a bug where the `podman generate kube` command could not be used with containers that were not running.
- Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers.
- Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers.
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend.
- Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly.
- Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)).
- Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)).
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)).
- Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)).
- Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)).
- Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist.
- Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers.
- Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)).
- Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)).
- Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)).
- Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances.
- Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)).
- Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)).
- Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build.
- Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)).
- Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)).
- Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)).
- Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)).
- Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)).
- Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)).
- Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)).
- Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman.

### API
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value.
- A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)).
- Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now.
- Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response.
- Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response.
- Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter).
- Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body.
- Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)).
- Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options.
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)).
- Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)).
- The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)).
- Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)).
- Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553))
- Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)).
- Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0.
- Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)).
- Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified.

### Misc
- Updated Buildah to v1.19.8
- Updated the containers/storage library to v1.28.0
- Updated the containers/image library to v5.10.5
- Updated the containers/common library to v0.35.3

3.1.0-RC1:

This is the first release candidate for Podman v3.1.0. Release is expected later this week.

- Update storage to 1.28.1

1.28.1:

overlay.recreateSymlinks: handle missing "link" files, add a test
    TestLockfileWriteConcurrent: stay below 8192 goroutines
    Use an xz library instead of shelling out to xz for decompression
    overlay: check selinux label support

1.28.0:

Add dependabot.yml configuration file
    Add more mount information to errors
    Inherit system storage driver in rootless configurations
    archive: make getFileOwner public
    archive: make getWhiteoutConverter public
    archive: whiteout creation with a handler
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.14 to 0.8.15
    build(deps): bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
    build(deps): bump github.com/klauspost/compress from 1.11.7 to 1.11.12
    build(deps): bump github.com/moby/sys/mountinfo from 0.4.0 to 0.4.1
    build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
    chown: ignore both pkg/system.EOPNOTSUPP and pkg/system.ErrNotSupportedPlatform
    containers-storage: add --volatile to container create
    copy: create a unix socket with os.ModeSocket
    drivers: make copyRegular public
    drivers: new function CopyRegularToFile
    fswriters: honor nosync option
    overlay: add detection for overlay support in a user namespace
    overlay: allow to reset mount_program
    overlay: factor function out
    overlay: fix path to incompat/volatile
    overlay: improve overlay error message
    overlay: public function to check for overlay support
    overlay: record if using mount_program
    overlay: rootless move error to debug message
    overlay: use direct mount instead of mountFrom
    support patches to prepare #775
    tests: test mount/unmount volatile container
    types: check for native overlay support

1.27.0:

Move storageOpts structures into types subdir to shrink bindings.
    (*store).Diff: add missing unlock in error case
    pkg/lockfile: fix a race and re-enable unit tests
    Add warning about possible storage corruption
    pkg/chrootarchive.TestChrootUntarWithHugeExcludesList: fix compile error
    pkg/archive.TestCopyWithTarSrcFile(): update for NoOverwriteDirNonDir
    drivers/devmapper: default the rootfs directory to 0555
    TestRootlessRuntimeDir: iterate tests using testing.T.Run()
    Fix TestDefaultStoreOpts()
    getRootlessRuntimeDirIsolated(): don't use an empty tmpPerUserDir
    drivers/zfs: default the base layer to 0555
    drivers/btrfs: default the base layer to 0555
    drivers/aufs: inherit permissions on "/" from parent layers
    drivers/vfs: inherit permissions on "/" from parent layers
    graphtest: expect 0555 permissions
    pkg/archive.parseDirent(): adjust to avoid unsafe pointer conversion
    Add warning about possible storage corruption
    pkg/idtools.TestParseSubidFileWithNewlinesAndComments(): clean up
    pkg/mount.TestSubtreeUnbindable(): check for wrapped EINVAL
    pkg/directory: count inodes of directories
    Makefile local-test-unit: use -race if it's available
    pkg/mount: don't complain if the filesystem volunteers inode32/inode64
    CI: run unit tests again
    pkg/lockfile: fix a race and an incorrect unit test

1.26.0:

build(deps): bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
    homedir: add GetCacheHome
    Call recreateSymlinks when not found during Readlink
    build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
    We should ignore metacopy option on kernels that do not support it
    drivers: add support for volatile to overlay
    store: support volatile containers
    overlay: support native rootless mounts
    overlay: force metacopy=on for naivediff
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc93

1.25.0:

layers: support BigData
    Fix FreeBSD support
    Remove empty line as per feedback
     Improve project quota to support querying disk usage
    Use unix.Statfs instead of syscall.Statfs
    overlay: use XFS quota when possible
    drivers/quota: add GetDiskUsage endpoint

- Update image to 5.10.5

v0.35.3:
* capabilities: add new method BoundingSet()
* Bump github.com/containers/storage from 1.27.0 to 1.28.0
* Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
* Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
* Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
* Remove vendor from dependabot config
* Add dependabot config file to support vendoring
* Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
* Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
* Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5

v0.35.2:
Vendor in containers/common and start using types subdir.
        shrink the vendoring size of containers/common/pkg/config
Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4

-------------------------------------------------------------------
Tue Mar 23 09:39:45 UTC 2021 - Richard Brown <rbrown@suse.com>

- Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems

-------------------------------------------------------------------
Thu Mar  4 18:14:43 UTC 2021 - Richard Brown <rbrown@suse.com>

- Require util-linux-systemd for %post scripts (findmnt) (boo#1182998)

-------------------------------------------------------------------
Thu Feb 25 16:15:46 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Update commonver to 0.35.1

v0.35.1:
Bump github.com/containers/image/v5 from 5.10.2 to 5.10.3
Stop logging messages about using DOCKER_CONFIG
Add autocompletions to be shared between buildah and podman
Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
Export error constants from pkg/secrets

v0.35:
Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
Move EnforceRange and HasTable out of Podman and into common
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
Bump github.com/containers/image/v5 from 5.10.1 to 5.10.2
Add missing values to containers.conf man page
update pause image to 3.4.1

v0.34:
Add image_default_format
Change default log driver to journald
Add compatible template functions
Add U volume flag to chown source volumes
Bump github.com/containers/image/v5 from 5.09.0 to 5.10.1
seccomp: various updates
pkg: check ownership for XDG_RUNTIME_DIR
seccomp: update profile to Linux 5.11 list
seccomp: add CI check for up-to-date seccomp.json
seccomp: re-add generation script
seccomp: deduplicate default profile
Add image_parallel_copies engine config
Fix secret create prefix
cgroupv2: fix typo in comment
Add accessor for log-driver
Fix secret name validation
Fix name validation and dir mode in secrets
Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
config: fix runtime_supports_nocgroup key name
fix - make target all on osx
Fix secret name regex
Rename internal functions to make them easier to understand

- Update podmanver to 3.0.1

3.0.1:

### Changes
- Several frequently-occurring `WARN` level log messages have been downgraded to `INFO` or `DEBUG` to not clutter terminal output.

### Bugfixes
- Fixed a bug where the `Created` field of `podman ps --format=json` was formatted as a string instead of an Unix timestamp (integer) ([#9315](https://github.com/containers/podman/issues/9315)).
- Fixed a bug where failing lookups of individual layers during the `podman images` command would cause the whole command to fail without printing output.
- Fixed a bug where `--cgroups=split` did not function properly on cgroups v1 systems.
- Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail ([#9393](https://github.com/containers/podman/issues/9393)).
- Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume ([#9415](https://github.com/containers/podman/pull/9415)).
- Fixed a bug where Podman would treat the `--entrypoint=[""]` option to `podman run` and `podman create` as a literal empty string in the entrypoint, when instead it should have been ignored ([#9377](https://github.com/containers/podman/issues/9377)).
- Fixed a bug where Podman would set the `HOME` environment variable to `""` when the container ran as a user without an assigned home directory ([#9378](https://github.com/containers/podman/issues/9378)).
- Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause `podman pod create` to panic ([#9374](https://github.com/containers/podman/issues/9374)).
- Fixed a bug where the `--runtime` option was not properly handled by the `podman build` command ([#9365](https://github.com/containers/podman/issues/9365)).
- Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
- Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed ([#9387](https://github.com/containers/podman/issues/9387)).
- Fixed a bug where the `podman generate systemd --new` command would incorrectly escape `%t` when generating the path for the PID file ([#9373](https://github.com/containers/podman/issues/9373)).
- Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in ([#9191](https://github.com/containers/podman/issues/9191)).
- Fixed a bug where some options of the `podman build` command (including but not limited to `--jobs`) were nonfunctional ([#9247](https://github.com/containers/podman/issues/9247)).

### API
- Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 ([#9351](https://github.com/containers/podman/issues/9351)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
- Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
- Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry ([#9232](https://github.com/containers/podman/issues/9232)).
- The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the `docker-java` library.

### Misc
- Updated Buildah to v1.19.4
- Updated the containers/storage library to v1.24.6

3.0.0:

### Features
- Podman now features initial support for Docker Compose.
- Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)).
- The Podman remote client now supports the `podman copy` command.
- A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`).
- Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
- Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them.
- The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)).
- The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes.
- The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times.
- The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
- The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them.
- The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)).
- The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)).
- The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)).
- The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)).
- The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option.
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`.
- The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container.
- The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths.
- The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945).
- The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)).
- The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter.
- The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option.
- The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned.
- The `podman volume prune` commands now supports filtering what volumes will be pruned.
- The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)).
- The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems.
- The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)).
- The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list.
- The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`.
- Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`.
- The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`).

### Security
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.

### Changes
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
- The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)).
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md).
- The legacy Varlink API has been completely removed from Podman.
- The default log level for Podman has been changed from Error to Warn.
- The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year.
- The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included.
- The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)).
- The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)).
- Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected.
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
- Error messages for `podman run` when an invalid SELinux is specified have been improved.
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
- Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share.
- SSH public key handling for remote Podman has been improved.

### Bugfixes
- Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)).
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)).
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)).
- Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176)
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)).
- Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)).
- Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)).
- Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable.
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
- Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)).
- Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)).
- Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers.
- Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)).
- Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)).
- Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)).
- Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)).
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)).
- Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)).
- Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)).
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)).
- Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)).
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
- Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)).
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`.
- Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)).
- Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)).
- Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)).
- Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)).
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)).
- Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)).
- Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`.
- Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)).
- Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile.
- Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)).
- Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)).
- Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)).
- Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)).
- Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored.
- Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)).
- Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)).
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)).
- Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined.
- Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)).
- Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)).
- Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)).
- Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)).
- Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)).
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
- Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)).
- Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option.
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
- Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)).
- Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)).
- Fixed a bug where specifying Go templates to the `--format` option to multiple Podman commands did not support the `join` function ([#8773](https://github.com/containers/podman/issues/8773)).
- Fixed a bug where the `podman rmi` command could, when run in parallel on multiple images, return `layer not known` errors ([#6510](https://github.com/containers/podman/issues/6510)).
- Fixed a bug where the `podman inspect` command on containers displayed unlimited ulimits incorrectly ([#9303](https://github.com/containers/podman/issues/9303)).
- Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories ([#6003](https://github.com/containers/podman/issues/6003)).

### API
- Libpod API version has been bumped to v3.0.0.
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)).
- The Compat API for Containers now supports the Rename and Copy APIs.
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281))
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)).
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly.
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used).
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)).
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)).
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
- Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)).
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)).
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)).
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
- Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.

### Misc
- Updated Buildah to v1.19.2
- Updated the containers/storage library to v1.24.5
- Updated the containers/image library to v5.10.2
- Updated the containers/common library to v0.33.4

3.0.0-RC3:

Please note that these release notes are preliminary until v3.0.0 final is released

### Misc
- Updated Buildah to v1.19.2
- Updated the containers/storage library to v1.24.5
- Updated the containers/common library to v0.33.4

3.0.0-rc2:

This is the second release candidate of Podman v3.0.

3.0.0-rc1:

### Features
- Add ability to set system wide options for slirp4netns
- Add --cidfile to container kill
- Add commas between mount options
- Add compose regression to ci
- Add containerenv information to /run/.containerenv
- Add default sysctls for pod infra containers
- Add --filter to podman system prune
- Adding json formatting to `--list-tags` option in `podman search` command.
- Add mask and unmask option to --security-opt
- Add 'MemUsageBytes' format option
- Add more information and examples on podman and pipes
- Add network filter for podman ps and pod ps
- Add Networks format placeholder to podman ps and pod ps
- Add pod filter for ps
- Add podman network create option for bridge mtu
- Add podman network create option for bridge vlan
- Add pre checkpoint
- Add Security information to podman info
- Add support for Gentoo file to package query
- Add support for network ids
- Add support for pacman package version query
- Add support for persistent volume claims in kube files
- Add support for --platform
- Add systempaths=unconfined option
- Add volume filters to system prune
- Add volume prune --filter support
- Allow podman push to push manifest lists
- Allow users to specify TMPDIR in containers.conf
- Always add the default gateway to the cni config file
- Drop default log-level from error to warn
- Enable short-name aliasing
- Generate kube on multiple containers
- Generate systemd: do not set `KillMode`
- Image sign using per user registries.d
- Implement pod-network-reload
- Include named volumes in container migration
- Initial implementation of renaming containers
- Initial implementation of volume plugins
- Network connect disconnect on non-running containers
- Not use local image create/add manifest
- Podman network label support
- Prepare support in kube play for other volume types than hostPath
- Remote copy
- Remove the ability to use [name:tag] in podman load command
- Remove varlink support from Podman
- Sign multi-arch images
- Support --network=default as if it was private
- Support Unix timestamps for `podman logs --since`
### Changes
- Add LogSize to container inspect
- Allow image errors to bubble up from lower level functions.
- Change name of imageVolumes in container config JSON
- Cleanup CNI Networks on reboot
- Consolidate filter logic to pkg subdirectory
- Make `podman stats` slirp check more robust
- More /var/run -> /run
- Prefer read/write images over read/only images
- Refactor kube.ToSpecGen parameters to struct
- Rename AutocompletePortCommand func
- Repeat system pruning until there is nothing removed
- Switch references of /var/run -> /run
- Use HTTPProxy settings from containers.conf
- Use Libpod tmpdir for pause path
- Use Options as CRImportCheckpoint() argument
- Use Options as exportCheckpoint() argument
- Use PasswordCallback instead of Password for ssh
- Use abi PodPs implementation for libpod/pods/json endpoint
- Validate that the bridge option is supported
- archive: move stat-header handling into copy package
- libpod, conmon: change log level for rootless
- libpod: change function to accept ExecOptions
- libpod: handle single user mapped as root
- make podman play use ENVs from image
- pkg/copy: introduce a Copier
- podman events allow future time for --until
- podman.service should be an exec service not a notify service
- rewrite podman-cp
- rootless: add function to retrieve gid/uid mappings
- rootless: automatically split userns ranges
- runtime: set XDG_* env variables if missing
- shell completion for the network flag
- specgen: improve heuristic for /sys bind mount
- systemd: make rundir always accessible
### Bugfixes
- Close image rawSource when each loop ends
- Containers should not get inheritable caps by default
- Correct port range logic for port generation
- Correct which network commands can be run as rootless
- Disable CGv1 pod stats on net=host post
- Do not error on installing duplicate shutdown handler
- Do not ignore infra command from config files
- Do not mount sysfs as rootless in more cases
- Do not pull if image domain is localhost
- Do not use "true" after "syslog" in exit commands
- Do not validate the volume source path in specgen
- Don't accidently remove XDG_RUNTIME_DIR when reseting storage
- Ensure that `podman play kube` actually reports errors
- Ensure that user-specified HOSTNAME is honored
- Ensure we do not edit container config in Exec
- Exorcise Driver code from libpod/define
- Expose Height/Width fields to decoder
- Expose security attribute errors with their own messages
- Fix Wrong image tag is used when creating a container from an image with multiple tags
- Fix `podman images...` missing headers in table templates
- Fix build for mips architecture
- Fix build for mips architecture follow-up
- Fix custom mac address with a custom cni network
- Fix extra quotation mark in manpages.
- Fix missing options in volumes display while setting uid and gid
- Fix missing podman-container-rename man page link
- Fix network ls --filter invalid value flake
- Fix option names --subuidname and --subgidname
- Fix panic in libpod images exists endpoint
- Fix podman build --logfile
- Fix podman logs read partial log lines
- Fix problems reported by staticcheck
- Fix problems with network remove
- Fix shell completion for ps --filter ancestor
- Fix some nit
- Fix spelling mistakes
- Fix storage.conf to define driver in the VM
- Fix support for rpmbuild < 4.12.0.
- Fix: unpause not supported for CGv1 rootless
- Fxes /etc/hosts duplicated every time after container restarted in a pod
- Handle --rm when starting a container
- Handle podman exec capabilities correctly
- Honor the --layers flag
- Ignore containers.conf sysctls when sharing namespaces
- Improve error message when the the podman service is not enabled
- Make podman generate systemd --new flag parsing more robust
- Pass down EnableKeyring from containers.conf to conmon
- Properly handle --cap-add all when running with a --user flag
- Revert "Allow multiple --network flags for podman run/create"
- Revert e6fbc15f26b2a609936dfc11732037c70ee14cba
- Revert the custom cobra vendor
- Rework pruning to report reclaimed space
- Set NetNS mode instead of value
- The slirp4netns sandbox requires pivot_root
- close journald when reading
- container create: do not clear image name
- container stop: release lock before calling the runtime
- exec: honor --privileged
- fix: disable seccomp by default when privileged.
- image list: ignore bare manifest list
- network: disallow CNI networks with user namespaces
- oci: keep LC_ env variables to conmon
- oci: use /proc/self/fd/FD to open unix socket
- pass full NetworkMode to ParseNetworkNamespace
- play kube: fix args/command handling
- play kube: set entrypoint when interpreting Command
- podman build --force-rm defaults to true in code
- podman logs honor stderr correctly
- podman, exec: move conmon to the correct cgroup
- podman-remote fix sending tar content
- podman: drop checking valid rootless UID
- re-open container log files
- security: honor systempaths=unconfined for ro paths
### API
- Add API for communicating with Docker volume plugins
- Change bindings to stop two API calls for ping
- Close the stdin/tty when using podman as a restAPI.
- Compat api containers/json add support for filters
- Container rename bindings
- Do not pass name argument to Load API
- Docker compat API - /images/search returns wrong structure (#7857)
- Docker compat API - containers create ignores the name
- Fix some network compat api problems
- Jira RUN-1106 Container handlers updates
- Jira RUN-1106 Image handlers updates
- Jira RUN-1106 Network handlers updates
- Jira RUN-1106 System handlers updates
- Jira RUN-1106 Volumes handlers updates
- Makefile: add target to generate bindings
- More docker compat API fixes
- Podman image bindings for 3.0
- REST API v2 - ping - fix typo in header
- REST API v2 - ping - remove newline from response to improve Docker compatibility
- Reduce general binding binary size
- Restore compatible API for prune endpoints
- compat create should use bindings
- hack/podman-socat captures the API stream
- libpod API: pull: fix channel race
- misc bindings to podman v3
- pkg/copy: add parsing API
- podman v3 container bindings
- podman v3 pod bindings
### Misc
- Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0
- Bump github.com/containers/common from 0.30.0 to 0.31.1
- Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0
- Bump github.com/containers/storage from 1.24.1 to 1.24.5
- Bump github.com/cri-o/ocicni to latest master
- Bump github.com/google/uuid from 1.1.2 to 1.1.5
- Bump github.com/onsi/gomega from 1.10.3 to 1.10.4
- Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
- Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
- Bump k8s.io/apimachinery from 0.19.4 to 0.20.2
- Bump master to v3.0.0-dev
- Bump to containers/buildah 1.9.2
- Bump version in README to v2.2.0
- vendor containers/psgo@v1.5.2

- Update storagever to 1.24.8

1.24.8:

Call recreateSymlinks when not found during Readlink
    homedir: add GetCacheHome

1.24.7:

ignore metacopy option on kernels that do not support it

1.24.6:

overlay: force metacopy=on for naivediff

- Update imagever to 5.10.4

5.10.4:

* copy: compute blob compression on reused blobs based on source MediaType
* copy: provide compression info about copied blobs

5.10.3:

* place shortnames in `~/.cache` not `~/.config/.cache`

5.10.2:

* short-name-aliases.conf: use cache folders instead of $HOME

Note: the v5.10.x series is now cut from the `release-v5.10` branch.

5.10.1:

Fix segfault if sys is not defined.

5.10.0:

- tarball: fix example code
- Bump github.com/ulikunitz/xz from 0.5.8 to 0.5.9
- Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
- Bump github.com/vbauerster/mpb/v5 from 5.3.0 to 5.4.0
- Add DockerLogMirrirChoice to ctx for log
- Rename variables in pkg/docker/config tests
- Fix pkg/docker/config tests on non-Linux systems
- Add macOS test cases to GetPathToAuth
- Fix docker tests with recent c/storage
- Fix signature tests with recent c/storage
- Fix sysregistriesv2 tests with recent c/storage
- Fix pkg/docker/config tests with recent c/storage
- Bump github.com/containers/storage from 1.23.7 to 1.24.5
- Bump github.com/klauspost/compress from 1.11.3 to 1.11.6
- Enable subdomain matching in policy.json
- Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
- Bump github.com/klauspost/compress from 1.11.6 to 1.11.7
- ostree.TestReferenceSignaturePath: fix a compiler warning in a test
- manifest: add a test for UpdatedMIMEType
- blobinfocache: track compression types for locations
- Actually make a copy of ctx as the comment claims
- Actually use the SystemContext copy in the one place that matters
- Update golangci-lint
- Clarify the canModifyBlob condition in copyBlobFromStream
- Cleanup description of shortname expansion
- Allow callers to set the MaxParallelDownloads field
- Fix up errors linter is complaining about
- Set a default User-Agent if unset

-------------------------------------------------------------------
Tue Jan 12 08:43:22 UTC 2021 - Sascha Grunert <sgrunert@suse.com>

- Update common to 0.33.0:

v0.33:
seccomp: drop 'vmsplice' from the allowed list
Add new function to setup default environment
Implement secrets pkg: backend and filedriver

v0.32:
Do not retry on most syscall failures
Set http_proxy default to true
Add new completion functions for Arch and Os.

v0.31:
Switch default runtime from runc to crun
Add a volume plugins field to containers.conf
Remove libpod.conf

v0.30:
Add ability to set system wide options for slirp4netns

v0.29:
Remove stutter APIs from pkg/umask and pkg/subscriptions.

v0.28:
Add support for enabling/disabling kernel keyring in engines
We should not be setting a default infra command.
Print the error to log info
Move buildah/pkg/secrets to common/pkg/subscriptions
Move some volume and device parsing from buildah to common

v0.27:
fix: Set ping_group_range to 0 0 by default
Allow users to customer the --remote flag to be on by default.

v0.26:
Consolidate reporting functions from Buildah and Podman.
Update pkg/report to consolidate --format flag handling between Buildah and Podman and eventually Skopeo.

v0.25:
Common library now has pkg/formats pulled out of containers/buildah to make it easier to share with other tools.
Recommended containers.conf is also now available to be used by distros and CI/CD systems.

v0.24:
Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
Add shared autocomplete functions for podman/buildah

v0.23:
Allow users to specify the default format for image builds
Shell Completion with cobra for login/logout flags
remove fchmodat2 from seccomp.json file
Add support for CONTAINER_CONNECTION environment variable
Bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
Allow pidfd_getfd by default in seccomp.json
Fix problems found by codespell

v0.22:
Add new syscalls to allowed seccomp.json
ValidatePullPolicy case-insensitive
Update default seccomp rules to match fedora rules
Bump github.com/onsi/gomega from 1.10.1 to 1.10.2
Bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
Bump github.com/containers/storage from 1.23.3 to 1.23.5
Add seccomp validation unit test for failing BuildProfile()

v0.21:
Add BuildFilter() and ValidateProfile() API
Add FindAppArmorParserBinary() helper
Add mock'able unit tests and move package to `internal`
Add owners file
Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
Bump github.com/containers/storage from 1.23.2 to 1.23.3
Bump golang to 1.15
Change fmt.Errorf calls to be replaced by errors package
Enable retry EOF from http request
Fix all gocritic lints
Fix nested elseif
Migrate seccomp/containers-golang
RetryIfNecessary: add a field for setting the delay in RetryOptions
Update golangci-lint and add config
Update pkg/config/config_darwin.go
Update pkg/config/config_linux.go
Update pkg/config/config_windows.go
Update pkg/retry/retry.go
Validate that apparmor_parser is available on the system
begin migration off travis
containers.conf: Fix ulimits nofile example syntax
fix windows containers.conf path
getCustomConfigFile for windows and darwin

v0.20:
multi_image_archive: add option for `podman save`
Wrap AppArmor errors to provide more debug information
Omit apparmor_parser warnings when parsing the version
Support different zoneinfo locations
Do not mention libpod.conf if no files found

v0.19:
Vendor in containers/storage v1.23.0
Fix duplicated code found by codeverity.
Export NormalizeCapabilities function
Use homedir.GetConfigHome()
Respect XDG_CONFIG_HOME for policy.json and cni
Fix documentation
hooks_dir_path was in wrong location, should be under Enigine section
Fix deprecation warnings about libpod.conf and raise log level

v0.18:
Move retry code to pkg/retry
Bump github.com/containers/storage from 1.21.1 to 1.21.2

v0.17:
Add retry helper functions
Remove extra lock in Reload function

v0.16:
Add support for Umask
Fix config reload race
Add support for multiple service destinations
Bump github.com/containers/storage from 1.21.0 to 1.21.1
Add config reload
Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0

v0.15:
Add support for timezone
Specify container engine in comments of engine env
Add env to [engines] for engine to use
Fix location of stop_timeout in default containers.conf
Bump github.com/containers/image/v5 from 5.4.4 to 5.5.1
Fix testing to not race on containers.conf
pkg/version -> version
Move pkg/version to version to be consistent with other libraries in c/image.
Fixup handling of remote_uri for documentation
Add script to rebuild images on quay.io
Fix AppArmor profile prefix and name
Change AppArmor profile prefix and fix name-check

- Update image to 5.9.0:

v5.5.0:
* Add Security Policy
* Bump to v5.5.0-dev again
* Bump github.com/containers/storage from 1.19.1 to 1.19.2
* Add debug line to get Content-Type from manifests
* Add defaults for using the rootless policy path
* Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0
* Bump github.com/klauspost/pgzip from 1.2.3 to 1.2.4
* pkg/docker/config/ModifyJSON: fix MkdirAll usage
* Bump github.com/vbauerster/mpb/v5 from 5.0.4 to 5.2.1
* Bump github.com/containers/storage from 1.19.2 to 1.20.1
* Bump github.com/klauspost/compress from 1.10.5 to 1.10.6
* Bump github.com/vbauerster/mpb/v5 from 5.2.1 to 5.2.2
* Go module noise
* Fix crash on inspecting an OCI image with no config
* Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2
* Add hardcode Authfile for windows and mac
* docker/config: initialize dockerConfigFile
* docker/config: add `GetAllCredentials`
* Bump github.com/stretchr/testify from 1.5.1 to 1.6.0
* Bump github.com/klauspost/compress from 1.10.6 to 1.10.7
* Bump github.com/containers/storage from 1.20.1 to 1.20.2
* Add documentation for credHelper
* Fix error messages on !canModifyManifest
* Add support for ProgressEventSkipped
* Bump github.com/stretchr/testify from 1.6.0 to 1.6.1
* Bump github.com/klauspost/compress from 1.10.7 to 1.10.8
* oci: don't overwrite tags pointing at the same manifest
* oci test: simplify length calculation

v5.5.1:
because the Go proxy caches an old version of the 5.5.0 tag, making
it difficult to use 5.5.0.

v5.5.2:
* backports pagination fix

v5.6.0:
* When we can't store signatures, point the user at the destination.
* Update for https://github.com/containers/skopeo/pull/932
* Refactor configPath API
* Load the rootless registries.conf.d for override
* docker config: clean up after test
* blobinfocache: clean up after test
* enable search using pagination
* pkg/docker/config: correct default file mode when create auth.json file
* Update to Go 1.13
* Coverity found potential nil dereference
* Look for normalized paths in tarfile.
* Move docker/tarfile.Destination to docker/internal/tarfile.Destination
* Use the docker/internal/tarfile.Destination from docker/daemon and docker/archive
* Remove deprecated non-SystemContext functions from docker/internal.tarfile
* Introduce Destination.configPath and Destination.physicalLayerPath
* Split docker/internal.tarfile.Writer from Destination
* Move createRepositoriesFile to a bit better place
* Split Writer.createManifest from Destination.PutManifest
* Reorganize docker/internal/tarfile.Writer.createManifest a bit
* Move the computation of layerPaths in docker-archive
* Implement writing multiple images in the modern format.
* Split createSingleLegacyLayer from writeLegacyLayerMetadata
* Move legacy layer ID computation to a bit later
* Merge writeLegacyMetadata and createRepositoriesFile
* Implement writing multiple images in the legacy format
* Separate tarfile.Writer creation from Destination creation
* Lock docker/internal/tarfile.Writer to support concurrent uses
* Split openArchiveForWriting from docker/archive/newImageDestination
* Finally, introduce docker/archive.Writer
* use container/storage/pkg/homedir
* Fix an error message on docker-archive:path:name@sha256:$digest
* Move docker/tarfile.Source to docker/internal/tarfile.Source
* Use the docker/internal/tarfile.Source from docker/daemon and docker/archive
* Remove deprecated non-SystemContext functions from docker/internal/tarfile
* Split docker/internal/tarfile.Reader from Source
* Separate tarfile.Reader creation from Source creation
* Read the tarfile manifest already when initializing tarfile.Reader
* Turn tarfile.Source.LoadTarManifest into a TarManifest
* Allow choosing an image from tarfile.Reader by reference
* Introduce docker-archive:path:@index syntax for reading untagged images
* Introduce docker/archive.Reader
* Finally, share a tarfile.Reader across archiveSource objects
* Add docker/archive.NewReaderForReference
* Add docker/archive.Reader.ManifestTagsForReference
* Support per user registries.d
* Move TestInvalidPolicyFormatError
* Reduce duplication in policy_config_test.go
* Eliminate more duplication in signature/policy_config_tests.go
* Return error body if UnexpectedHTTPResponseError
* Set NoLchown to true in untar opts

v5.7.0:
* add comment on CVE-2020-15157
* Bump github.com/containers/storage from 1.23.5 to 1.23.6
* Search credentials under XDG_CONFIG_HOME
* Bump github.com/klauspost/compress from 1.11.0 to 1.11.1
* Use $DOCKER_CONFIG/config.json to match the docker CLI.
* Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
* Regenerate oci/layout fixture certificates
* Extend the lifetime of test certificates to 10 years
* Set default rootless sigstore
* Update copier/imagecopier to fix race
* Fix problems found by codespell

v5.8.0:
* pkg/shortnames
* Finally, split configuration loading and merging
* Reorder merging code in loadConfig to match field order in V2RegistriesConf
* Remove "TODO: separate upper format from internal data below:"
* Move shortNameMode from V2RegistriesConf to parsedConfig
* Behavior change: Move unqualifiedSearchRegistriesOrigin to parsedConfig
* Deprecate TryUpdatingCache return value, warn about parsedConfig.v2
* Some progress: Move aliasCache out of V2RegistriesConf to parsedConfig
* Add a parsedConfig return value to loadConfigFile
* Split shortNameAliasCache.updateWithConfigurationFrom from loadConfig
* Move the creation of shortNameAliasCache to loadConfigFile
* Rename shortNameAliasConf.parseAndValidate to newShortNameAliasCache
* Move the allocation of an empty alias map to editShortNameAlias
* Bump github.com/klauspost/compress from 1.11.1 to 1.11.2
* Split shortNameAliasCache from shortNameAliasConf
* Split the error and success return paths of shortNameAliasConf.parseAndValidate
* Sort Registries in V2RegistriesConf.postProcess
* Make it clearer that .postProcessRegistries() is called on the V2RegistriesConf data
* Make tomlConfig private
* Split loadConfigFile from loadConfig
* Make loadConfig a method on parsedConfig instead of tomlConfig
* Introduce sysregistriesv2.parsedConfig, use it for configCache
* Don't hard-code cache implementation details in tests
* Add a test for correctly merging unqualified-search-registries
* sysregistriesv2: short-name aliasing
* Add GetDigest method to retrieve digest from manifest HEAD request
* Fix misleading network error
* Bump github.com/containers/storage from 1.23.6 to 1.23.7
* docs: update reference to containers-registeries.d.md

v5.9.0:
* copy: check our assumptions about compression
* Add a signedIdentity choice "type": "remapIdentity"
* shortnames: error if there's no alias and no search registries

- Update podman to 2.2.1

v2.2.1

### Changes
- Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using `--mount type=image`) were handled in the database. As a result, containers created in Podman 2.2.0 with image volumes will not have them in v2.2.1, and these containers will need to be re-created.

### Bugfixes
- Fixed a bug where rootless Podman would, on systems without the `XDG_RUNTIME_DIR` environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start ([#8539](https://github.com/containers/podman/issues/8539)).
- Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors ([#8613](https://github.com/containers/podman/issues/8613)).
- Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running.
- Fixed a bug where the `podman system reset` command would print a warning about a duplicate shutdown handler being registered.
- Fixed a bug where rootless Podman would attempt to mount `sysfs` in circumstances where it was not allowed; some OCI runtimes (notably `crun`) would fall back to alternatives and not fail, but others (notably `runc`) would fail to run containers.
- Fixed a bug where the `podman run` and `podman create` commands would fail to create containers from untagged images ([#8558](https://github.com/containers/podman/issues/8558)).
- Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
- Fixed a bug where the `podman exec` command did not move the Conmon process for the exec session into the correct cgroup.
- Fixed a bug where shell completion for the `ancestor` option to `podman ps --filter` did not work correctly.
- Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if `--rm` was set) if the Podman command that created them was invoked with `--log-level=debug`.

### API
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the `Binds` and `Mounts` parameters in `HostConfig`.
- Fixed a bug where the Compat Create endpoint for Containers ignored the `Name` query parameter.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the "default" value for `NetworkMode` (this value is used extensively by `docker-compose`) ([#8544](https://github.com/containers/podman/issues/8544)).
- Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the `target` query parameter as the image's tag.

### Misc
- Podman v2.2.0 vendored a non-released, custom version of the `github.com/spf13/cobra` package; this has been reverted to the latest upstream release to aid in packaging.
- Updated the containers/image library to v5.9.0

v2.2.0

### Features
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing) and [here](https://www.redhat.com/sysadmin/container-image-short-names).
- Initial support has been added for the `podman network connect` and `podman network disconnect` commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify `--network=none` when they were created.
- The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Aliases can also be added and removed using the new `podman network connect` and `podman network disconnect` commands. Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks.
- The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)).
- The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)).
- The `podman play kube` command now supports persistent volumes claims using Podman named volumes.
- The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)).
- The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers.
- The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles.
- The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)).
- The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)).
- The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location.
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added.
- The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)).
- The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)).
- The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster.
- The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository.
- The `podman search` command can now output JSON using the `--format=json` option.
- The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
- The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
- The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman.
- The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)).
- The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option.
- The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option.
- The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`.
- The `name` and `id` filters for `podman pod ps` now match based on a regular expression, instead of requiring an exact match.
- The `podman pod ps` command now supports a new filter `status`, that matches pods in a certain state.

### Changes
- The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)).
- The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given.
- If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
- Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`).
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
- The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release.
- The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work.
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)).
- The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)).
- A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`.
- Podman will now print a warning when conflicting network options related to port forwarding (e.g. `--publish` and `--net=host`) are specified when creating a container.
- The `--restart on-failure` and `--rm` options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly ([#7906](https://github.com/containers/podman/issues/7906)).
- Remote Podman will no longer use settings from the client's `containers.conf`; defaults will instead be provided by the server's `containers.conf` ([#7657](https://github.com/containers/podman/issues/7657)).
- The `podman network rm` command now has a new alias, `podman network remove` ([#8402](https://github.com/containers/podman/issues/8402)).

### Bugfixes
- Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
- Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)).
- Fixed a bug where the `--pull` option to `podman run`, `podman create`,  and `podman build` did not match Docker's behavior.
- Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl.
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
- Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable.
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)).
- Fixed a bug where the `podman untag --all` command was not supported with remote Podman.
- Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)).
- Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present.
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
- Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)).
- Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)).
- Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)).
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)).
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)).
- Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)).
- Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)).
- Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)).
- Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up.
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)).
- Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)).
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
- Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)).
- Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)).
- Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)).
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)).
- Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running.
- Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)).
- Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)).
- Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)).
- Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted.
- Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)).
- Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)).
- Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)).
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations.
- Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)).
- Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)).
- Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing.
- Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions.
- Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)).
- Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context).
- Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)).
- Fixed a bug where the `--extract` option to `podman cp` was nonfunctional.
- Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)).
- Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)).
- Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)).
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)).
- Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)).
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)).
- Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)).
- Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed.
- Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)).
- Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)).
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)).
- Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)).
- Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)).
- Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)).
- Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)).
- Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)).
- Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)).
- Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)).
- Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it).
- Fixed a bug where the `podman network rm` command would error when trying to remove `macvlan` networks and rootless CNI networks ([#8491](https://github.com/containers/podman/issues/8491)).
- Fixed a bug where Podman was not setting sane defaults for missing `XDG_` environment variables.
- Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server ([#8473](https://github.com/containers/podman/issues/8473)).
- Fixed a bug where the `podman manifest create` and `podman manifest add` commands on local images would drop any images in the manifest not pulled by the host.
- Fixed a bug where networks made by `podman network create` did not include the `tuning` plugin, and as such did not support setting custom MAC addresses ([#8385](https://github.com/containers/podman/issues/8385)).
- Fixed a bug where container healthchecks did not use `$PATH` when searching for the Podman executable to run the healthcheck.
- Fixed a bug where the `--ip-range` option to `podman network create` did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment ([#8448](https://github.com/containers/podman/issues/8448)).
- Fixed a bug where the `podman container ps` alias for `podman ps` was missing ([#8445](https://github.com/containers/podman/issues/8445)).

### API
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
- A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)).
- The Compat Network Connect and Network Disconnect endpoints have been added.
- Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration.
- The Compat Create endpoint for images now properly supports specifying images by digest.
- The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions.
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
- Fixed a bug where the Ping endpoint misspelled a header name (`Libpod-Buildha-Version` instead of `Libpod-Buildah-Version`).
- Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)).
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
- Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with `CAP_` (Docker does not do so).
- Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)).
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)).
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)).
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client.
- Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response.
- Fixed a bug where the Compat Inspect endpoint for images would omit the `ParentId` field if the image had no parent, and the `Created` field if the image did not have a creation time.
- Fixed a bug where the Compat Remove endpoint for Networks did not support the `Force` query parameter.

### Misc
- Updated Buildah to v1.18.0
- Updated the containers/storage library to v1.24.1
- Updated the containers/image library to v5.8.1
- Updated the containers/common library to v0.27.0

v2.2.0-rc2

APIv2
*   Fix Bugs and compatability
*   Fix list of images - mandatory Created attribute
*   Add network connect|disconnect compat endpoints
Missing Commands
*   Add alias for podman network rm -> remove
*   Add podman container ps command
Missing Options support
*   Align the podman pod ps --filter behavior with podman ps
*   Allow containers to --restart on-failure with --rm
*   Allow multiple --network flags for podman run/create
Documentation:
*   Containers.conf settings for remote connections
*   Specify what the replace flag replaces in help text
*   Clarify ps(1) fallback of `podman top`
Improve shell completions
Bugs
*  Fix ip-range for classless subnet masks
*  Make c.networks() list include the default network
*  Make podman service log events
*  Set PATH env in systemd timer.
*  Fix container cgroup lookup
v2.2.0-RC1

This is the first release candidate for Podman v2.2.0. Preliminary release notes are below:

## 2.2.0
### Features
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing).
- The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)).
- The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)).
- The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)).
- The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers.
- The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles.
- The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks.
- The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)).
- The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)).
- The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location.
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added.
- The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)).
- The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)).
- The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster.
- The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository.
- The `podman search` command can now output JSON using the `--format=json` option.
- The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
- The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
- The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman.
- The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)).
- The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option.
- The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option.
- The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`.
- The `name` filter for `podman pod ps` now matches based on a regular expression, instead of requiring an exact match.

### API
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
- A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)).
- The Compat Network Connect and Network Disconnect endpoints have been added.
- Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration.
- The Compat Create endpoint for images now properly supports specifying images by digest.
- The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions.
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)).
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not include complete network information on the container.
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)).
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)).
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)).
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client.
- Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response.

### Misc
- Updated Buildah to v1.18.0
- Updated the containers/storage library to v1.24.0
- Updated the containers/image library to v5.8.0
- Updated the containers/common library to v0.27.0

v2.1.1

### Changes
- The `podman info` command now includes the cgroup manager Podman is using.

### Bugfixes
- Fixed a bug where Podman would not build with the `varlink` build tag enabled.
- Fixed a bug where the `podman save` command could, when asked to save multiple images, write its progress bar to the archive instead of the terminal, producing a corrupted archive.
- Fixed a bug where the `json-file` log driver did not write logs.
- Fixed a bug where `podman-remote start --attach` did not properly handle detaching using the detach keys.
- Fixed a bug where `podman pod ps --filter label=...` did not work.
- Fixed a bug where the `podman build` command did not respect the `--runtime` flag.

### API
- The REST API now includes a Server header in all responses.
- Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter.
- Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error.
- Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) ([#7722](https://github.com/containers/podman/issues/7722)).
- The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release.

v2.1.0

### Features
- A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)).
- The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)).
- Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present.
- The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)).
- The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows:  `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
- The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications.
- The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units.
- The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)).
- The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
- The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)).
- The `podman play kube` command now supports read-only mounts.
- The `podman play kube` command now supports setting labels on pods from Kubernetes metadata labels.
- The `podman play kube` command now supports setting container restart policy ([#7656](https://github.com/containers/podman/issues/7656)).
- The `podman play kube` command now properly handles `HostAlias` entries.
- The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries.
- The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods.
- The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container).
- The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container.
- The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)).
- Environment variables for Podman can now be added in the `containers.conf` configuration file.
- The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal.
- The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem.
- Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems.
- The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran.
- A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called.
- The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options.

### Security
- This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API.

### Changes
- Podman will now retry pulling an image 3 times if a pull fails due to network errors.
- The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did.
- Error messages when creating a container or pod with a name that is already in use have been improved.
- For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`.
- The `podman system reset` command no longer removes configuration files for rootless Podman.

### Bugfixes
- Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)).
- Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)).
- Fixed a bug where privileged containers would still configure an AppArmor profile.
- Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)).
- Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman.
- Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)).
- Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)).
- Fixed a bug where input to the `--log-level` option was no longer case-insensitive.
- Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)).
- Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory.
- Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)).
- Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)).
- Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)).
- Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands.
- Fixed a bug where the `podman build --logfile` command would segfault.
- Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)).
- Fixed a bug where the `podman ps` was ignoring the `--latest` flag.
- Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)).
- Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional.
- Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional.
- Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system.
- Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)).
- Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)).
- Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)).
- Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)).
- Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)).
- Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)).
- Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)).
- Fixed a bug where `podman images -a` would break if any image pulled by digest was present in the store ([#7651](https://github.com/containers/podman/issues/7651)).
- Fixed a bug where the `--mount` option to `podman run` and `podman create` required the `type=` parameter to be passed first ([#7628](https://github.com/containers/podman/issues/7628)).
- Fixed a bug where the `--infra-command` parameter to `podman pod create` was nonfunctional.
- Fixed a bug where `podman auto-update` would fail for any container started with `--pull=always` ([#7407](https://github.com/containers/podman/issues/7407)).
- Fixed a bug where the `podman wait` command would only accept a single argument.
- Fixed a bug where the parsing of the `--volumes-from` option to `podman run` and `podman create` was broken, making it impossible to use multiple mount options at the same time ([#7701](https://github.com/containers/podman/issues/7701)).
- Fixed a bug where the `podman exec` command would not join executed processes to the container's supplemental groups if the container was started with both the `--user` and `--group-add` options.
- Fixed a bug where the `--iidfile` option to `podman-remote build` was nonfunctional.

### API
- The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API.
- Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
- Added an endpoint for generating systemd unit files for containers.
- The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)).
- The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
- The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
- The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)).
- Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
- Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
- Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
- Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
- Added a `noTrunc` option to the Libpod image search endpoint.
- Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)).
- Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)).
- Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
- The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)).
- Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.
- Fixed a bug where Pull endpoints did not stream progress back to the client.
- The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker.
- All non-hijacking responses to API requests should not include headers with the version of the server.
- Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred ([#7263](https://github.com/containers/podman/issues/7263)).
- Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client.
- Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting.
- Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly.
- Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format ([#7196](https://github.com/containers/podman/issues/7196)).

### Misc
- Updated Buildah to v1.16.1
- Updated the containers/storage library to v1.23.5
- Updated the containers/image library to v5.6.0
- Updated the containers/common library to v0.22.0

v2.1.0-RC2

This is the second release candidate for Podman v2.1.0.
v2.1.0-RC1

This is the first release candidate of Podman v2.1.0. Preliminary release notes are attached below:

### Features
- A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)).
- The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)).
- Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present.
- The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)).
- The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows:  `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
- The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications.
- The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units.
- The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)).
- The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
- The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)).
- The `podman play kube` command now supports read-only mounts.
- The `podman play kube` command now properly handles `HostAlias` entries.
- The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries.
- The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods.
- The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container).
- The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container.
- The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)).
- Environment variables for Podman can now be added in the `containers.conf` configuration file.
- The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal.
- The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem.
- Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems.
- The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran.
- A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called.
- The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options.

### API
- Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
- Added an endpoint for generating systemd unit files for containers.
- The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)).
- The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
- The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
- The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)).
- Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
- Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
- Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
- Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
- Added a `noTrunc` option to the Libpod image search endpoint.
- Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)).
- Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)).
- Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
- The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)).
- Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.

### Misc
- Updated Buildah to v1.16.1
- Updated the containers/storage library to v1.23.5
- Updated the containers/common library to v0.22.0

v2.0.6

### Bugfixes
- Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
- Fixed a bug where `/etc/passwd` could be re-created every time a container is restarted if the container's `/etc/passwd` did not contain an entry for the user the container was started as.
- Fixed a bug where containers without an `/etc/passwd` file specifying a non-root user would not start.
- Fixed a bug where the `--remote` flag would sometimes not make remote connections and would instead attempt to run Podman locally.

### Misc
- Updated the containers/common library to v0.14.10

v2.0.6-rc1

This is the first release candidate for Podman v2.0.6. It includes several small bugfixes for issues identified with v2.0.5.
v2.0.5

### Features
- Rootless Podman will now add an entry to `/etc/passwd` for the user who ran Podman if run with `--userns=keep-id`.
- The `podman system connection` command has been reworked to support multiple connections, and reenabled for use!
- Podman now has a new global flag, `--connection`, to specify a connection to a remote Podman API instance.

### Changes
- Podman's automatic systemd integration (activated by the `--systemd=true` flag, set by default) will now activate for containers using `/usr/local/sbin/init` as their command, instead of just `/usr/sbin/init` and `/sbin/init` (and any path ending in `systemd`).
- Seccomp profiles specified by the `--security-opt seccomp=...` flag to `podman create` and `podman run` will now be honored even if the container was created using `--privileged`.

### Bugfixes
- Fixed a bug where the `podman play kube` would not honor the `hostIP` field for port forwarding ([#5964](https://github.com/containers/podman/issues/5964)).
- Fixed a bug where the `podman generate systemd` command would panic on an invalid restart policy being specified ([#7271](https://github.com/containers/podman/issues/7271)).
- Fixed a bug where the `podman images` command could take a very long time (several minutes) to complete when a large number of images were present.
- Fixed a bug where the `podman logs` command with the `--tail` flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com/containers/podman/issues/7230]).
- Fixed a bug where the `podman exec` command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) ([#6893](https://github.com/containers/podman/issues/6893)).
- Fixed a bug where the `podman load` command with remote Podman would did not honor user-specified tags ([#7124](https://github.com/containers/podman/issues/7124)).
- Fixed a bug where the `podman system service` command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result ([#7180](https://github.com/containers/podman/issues/7180)).
- Fixed a bug where the `--publish` flag to `podman create`, `podman run`, and `podman pod create` did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) ([#7104](https://github.com/containers/podman/issues/7014)).
- Fixed a bug where the `podman start --attach` command would not print the container's exit code when the command exited due to the container exiting.
- Fixed a bug where the `podman rm` command with remote Podman would not remove volumes, even if the `--volumes` flag was specified ([#7128](https://github.com/containers/podman/issues/7128)).
- Fixed a bug where the `podman run` command with remote Podman and the `--rm` flag could exit before the container was fully removed.
- Fixed a bug where the `--pod new:...` flag to `podman run` and `podman create` would create a pod that did not share any namespaces.
- Fixed a bug where the `--preserve-fds` flag to `podman run` and `podman exec` could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
- Fixed a bug where default environment variables (`$PATH` and `$TERM`) were not set in containers when not provided by the image.
- Fixed a bug where pod infra containers were not properly unmounted after exiting.
- Fixed a bug where networks created with `podman network create` with an IPv6 subnet did not properly set an IPv6 default route.
- Fixed a bug where the `podman save` command would not work properly when its output was piped to another command ([#7017](https://github.com/containers/podman/issues/7017)).
- Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under `/sys/fs/cgroup/systemd` to the host.
- Fixed a bug where `podman build` would not generate an event on completion ([#7022](https://github.com/containers/podman/issues/7022)).
- Fixed a bug where the `podman history` command with remote Podman printed incorrect creation times for layers ([#7122](https://github.com/containers/podman/issues/7122)).
- Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
- Fixed a bug where Podman did not clear `CMD` from the container image if the user overrode `ENTRYPOINT` ([#7115](https://github.com/containers/podman/issues/7115)).
- Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
- Fixed a bug where the `podman images` command with remote Podman did not support printing image tags in Go templates supplied to the `--format` flag ([#7123](https://github.com/containers/podman/issues/7123)).
- Fixed a bug where the `podman rmi --force` command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
- Fixed a bug where the `podman generate systemd --new` command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files ([#7285](https://github.com/containers/podman/issues/7285)).
- Fixed a bug where the `podman version` command did not properly include build time and Git commit.
- Fixed a bug where running systemd in a Podman container on a system that did not use the `systemd` cgroup manager would fail ([#6734](https://github.com/containers/podman/issues/6734)).
- Fixed a bug where capabilities from `--cap-add` were not properly added when a container was started as a non-root user via `--user`.
- Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues ([#7103](https://github.com/containers/podman/issues/7103)).

### API
- Fixed a bug where the libpod and compat Build endpoints did not accept the `application/tar` content type (instead only accepting `application/x-tar`) ([#7185](https://github.com/containers/podman/issues/7185)).
- Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions ([#7197](https://github.com/containers/podman/issues/7197)).
- Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
- Added a versioned `_ping` endpoint (e.g. `http://localhost/v1.40/_ping`).
- Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when `podman system service` shut down due to its idle timeout ([#7294](https://github.com/containers/podman/issues/7294)).
- Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
- The `Pod` URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the `Pod` boolean will now be included in the response unconditionally.

### Misc
- Updated Buildah to v1.15.1
- Updated containers/image library to v5.5.2

v2.0.4

### Bugfixes
- Fixed a bug where the output of `podman image search` did not populate the Description field as it was mistakenly assigned to the ID field.
- Fixed a bug where `podman build -` and `podman build` on an HTTP target would fail.
- Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes ([#7130](https://github.com/containers/podman/issues/7130)).
- Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output.
- Fixed a bug where the `podman start --attach --interactive` command would print the container ID of the container attached to when exiting ([#7068](https://github.com/containers/podman/pull/7068)).
- Fixed a bug where `podman run --ipc=host --pid=host` would only set `--pid=host` and not `--ipc=host` ([#7100](https://github.com/containers/podman/issues/7100)).
- Fixed a bug where the `--publish` argument to `podman run`, `podman create` and `podman pod create` would not allow binding the same container port to more than one host port ([#7062](https://github.com/containers/podman/issues/7062)).
- Fixed a bug where incorrect arguments to `podman images --format` could cause Podman to segfault.
- Fixed a bug where `podman rmi --force` on an image ID with more than one name and at least one container using the image would not completely remove containers using the image ([#7153](https://github.com/containers/podman/issues/7153)).
- Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of `podman stats --format=json`.

### API
- Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified ([#7078](https://github.com/containers/podman/issues/7078)).
- Fixed a bug where the `CgroupVersion` field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented).

- Update storage to 1.24.5

1.24.5:

Use STORAGE_DRIVER environment variable in rootless mode
    Fix errors about undefined storage driver in vms
    idtools: handle single user mapped as root

1.24.4:

Use /run instead of /var/run
archive: Skip FIFO creation in user namespace

1.24.3:

Revert returning storageOpts early in rootless mode.
    Log message when graphdriver is not set

1.24.2:

Fix reading of ~/.config/containers/storage.conf

1.24.1:

Fix unshare.HomeDir to use entry in /etc/passwd

1.24.0:

Add support for force_mask field, which allows for sharing container image over NFS shares or between different users on the same system. (Experimental)

1.23.9:

Improve handling Get() in pkg/homedir, handling user namespaced homedirs correctly
Improve ID range selection for automatic user namespace range selection.
Restore usage of rootless_storage_path in user storage.conf

1.20.5:

Fix handling of Interrupts while changing file system attributes.

1.23.8:

Tighten permissions on created directory
    Fix handling of EINTR when changing file permissions, being triggered by newer version of golang.
    Fix resource leaks and improve error messages.

1.23.7:

Fix handling of SetDefaultConfigFilePath(path)
Switch to handling EINTR when chowning content.

1.23.6:

Lot's of bug fixes.
Drop some Warning messages down to Info level
Improve error messages for users
Improve imput parsing.
Maintain IMA Attributes in image creation
Fix usage of rootless_storage_path from system storage.conf file
Improve devmapper handling.

1.23.5:

For podman v2.0 we need to use use ignore_chown_errors field if set
    utils_test.go: make test show mismatching items
    Support the rootless storage path from the system file
    build(deps): bump github.com/klauspost/compress from 1.10.11 to 1.11.0

1.20.4:

For podman v2.0 we need to use use ignore_chown_errors field if set

1.23.4:

build(deps): bump github.com/klauspost/pgzip from 1.2.4 to 1.2.5
    fix goroutine leak with close tatLogger in a defer clause

1.23.3:

Switch to moby/sys/mountinfo
    counter: check for external umounts

1.20.3:

counter: check for external umounts

1.23.2:

counter: check for external umounts

1.23.1:

recover use graphLock when mount a layer
    build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11
    Use `bash` binary from env instead of /bin/bash for scripts
    build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11
    Allow users to override imagestores
    Remove dead code

1.23.0:

* Revert "build(deps): bump github.com/opencontainers/runc"
* Allow any env variable for graphroot, runroot, storagepath
* fileutils.Pattern.compile(): end the regex with the right path separator
* archive: preallocate a buffer for io.Copy

1.22.0:

Allow env variables in graphroot and runroot
    userns: make sure host id is not always 0
    store: support mapped layers deletion
    Cirrus: Fix matrix filter
    build(deps): bump github.com/opencontainers/runc
    Cirrus: Add success-accumulator task
    Cirrus: Note matrix filter resolution
    store: support mapped layers deletion
    userns: fix host id calculation when ranges overlap
    userns: simplify function
    Fix leaked fd
    Coverity errors found

1.21.2:

archive: fix the bug of ReadSecurityXattrToTarHeader
    unbreak build on mipsen harder
    unshare: memoize HomeDir()

1.21.1:

userns: fix available range with explicit idmapping
    layer mount: fix RO logic
    When mounting images we have no lowers, but still need to mount
     layerStore: clean residual resources in layerStore when remove an image
    Allow mounting of Non Read Write images read/only
    Always mount the layer via overlay.

1.21.0:

Remove whitelist and replace with allowed
    build(deps): bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
    new interface for MountImage added
    Record security.ima in container images
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc90 to 1.0.0-rc91
    Store the pvcreate --metadatasize option in storage.conf
    new interface Free for deleting Store object
    Just uncommenting this line blew up on me
    build(deps): bump github.com/hashicorp/go-multierror from 1.0.0 to 1.1.0
    Use temp instead of run as fallback directory for rootless mode
    Make lock files world readable
    Lock files should be CLOEXEC
    Stop using golang 1.12
    build(deps): bump github.com/klauspost/compress from 1.10.8 to 1.10.10
    devmapper: allow devmapper devices as directlvm device
    build(deps): bump github.com/stretchr/testify from 1.6.0 to 1.6.1

1.20.2:

Add back skip_mount_home
    Update git validation EPOCH
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90
    build(deps): bump github.com/klauspost/compress from 1.10.5 to 1.10.7
    build(deps): bump github.com/stretchr/testify from 1.5.1 to 1.6.0
    unbreak build on mipsen

- Switch to seccomp profile provided by common instead of podman
- Update containers.conf to match latest version

-------------------------------------------------------------------
Tue Oct 13 15:53:05 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Simplify %setup statements.

-------------------------------------------------------------------
Mon Aug  3 17:10:46 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>

- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)

-------------------------------------------------------------------
Tue Jul 28 13:22:02 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Added containers/common tarball for containers.conf(5) man page
- Install containers.conf default configuration in
  /usr/share/containers
- libpod repository on github got renamed to podman
- Update to image 5.5.1
  - Add documentation for credHelpera
  - Add defaults for using the rootless policy path
- Update libpod/podman to 2.0.3
  - docs: user namespace can't be shared in pods
  - Switch references from libpod.conf to containers.conf
  - Allow empty host port in --publish flag
  - update document login see config.json as valid
- Update storage to 1.20.2
  - Add back skip_mount_home

-------------------------------------------------------------------
Fri Jun 19 09:57:44 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Remove remaining difference between SLE and openSUSE package and
  ship the some mounts.conf default configuration on both platforms.
  As the sources for the mount point do not exist on openSUSE by
  default this config will basically have no effect on openSUSE.
  (jsc#SLE-12122, bsc#1175821)

-------------------------------------------------------------------
Wed Jun  3 14:37:20 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Update to image 5.4.4
  - Remove registries.conf VERSION 2 references from man page
  - Intial authfile man page
  - Add $HOME/.config/containers/certs.d to perHostCertDirPath
  - Add $HOME/.config/containers/registries.conf to config path
  - registries.conf.d: add stances for the registries.conf
- update to libpod 1.9.3
  - userns: support --userns=auto
  - Switch to using --time as opposed to --timeout to better match Docker
  - Add support for specifying CNI networks in podman play kube
  - man pages: fix inconsistencies
- Update to storage 1.19.1
  - userns: add support for auto
  - store: change the default user to containers
  - config: honor XDG_CONFIG_HOME
- Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again.
  It never ended up in SLES and a different way to fix the underlying
  problem is being worked on.

-------------------------------------------------------------------
Wed May 13 12:45:58 UTC 2020 - Richard Brown <rbrown@suse.com>

- Add registry.opensuse.org as default registry [bsc#1171578]

-------------------------------------------------------------------
Fri Apr 24 08:35:54 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts.
  This for making container-suseconnect working in the public
  cloud on-demand images. It needs that file for being able to
  verify the server certificates of the RMT servers hosted
  in the public cloud.
  (https://github.com/SUSE/container-suseconnect/issues/41)

-------------------------------------------------------------------
Fri Mar  6 11:14:24 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- New snaphot (bsc#1165917)
- Update to image 5.2.1
  * Add documentation about rewriting docker.io registries
  * Add registries warning to registries.conf
- Update to libpod 1.8.0
  * Fixed some spelling errors in oci-hooks documentations
  * include containers-mounts.conf(5) man-page into the package
- Update to storage 1.16.1
  * Add `rootless_storage_path` directive to storage.conf
  * Add better documentation for the mount_program in overlay driver

-------------------------------------------------------------------
Wed Dec 11 16:13:32 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to image 5.0.0
  - Clean up various imports primarily so that imports of packages that aren't in the standard library are all in one section.
  - Update to major version v5
  - return resp error message
  - copy.Image(): select the CopySystemImage image using the source context
  - Add manifest list support
  - docker: handle http 429 status codes
  - allow for .dockercfg files to reside in non-home directories
  - Use the correct module path in (make test-skopeo)
- Update to libpod 1.6.3
  - Handling of the libpod.conf configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration.
  - Initial support for the CNI DNS plugin, which allows containers to resolve the IPs of other containers via DNS name, has been added
  - Podman now supports anonymous named volumes, created by specifying only a destination to the -v flag to the podman create and podman run commands
  - Named volumes now support uid and gid options in --opt o=... to set UID and GID of the created volume
- Update to storage 1.15.3
  - overlay: allow storing images with more than 127 layers
  - Lazy initialize the layer store
  - tarlogger: drop state mutex

-------------------------------------------------------------------
Wed Oct  2 08:29:50 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update to image 4.0.0
  - Add http response to log
  - Add tests for parsing OpenShift kubeconfig files
  - Compress: define some consts for the compression algos
  - Compression: add support for the zstd
  - Compression: allow to specify the compression format
  - Copy: add nil checks
  - Copy: compression: default to gzip
  - Copy: don't lose annotations of BlobInfo
  - Copy: fix options.DestinationCtx nil check
  - Copy: use a bigger buffer for the compression
  - Fix cross-compilation by vendoring latest c/storage
  - Internal/testing/explicitfilepath-tmpdir: handle unset TMPDIR
  - Keyctl: clean up after tests
  - Make container tools work with go+openssl
  - Make test-skopeo: replace c/image module instead of copying code
  - Media type checks
  - Move keyctl to internal & func remove auth from keyring
  - Replace vendor.conf by go.mod
  - Update dependencies
  - Update test certificates
  - Update to mergo v0.3.5
  - Vendor.conf: update reference for containers/storage
- Update to storage 1.13.4
  - Update generated files
  - ImageBigData: distinguish between no-such-image and no-such-item
  - ImageSize: don't get tripped up by images with no layers
  - tarlogger: disable raw accouting
- Update to libpod 1.6.0
  - Nothing changed regarding the OCI hooks documentation provided by this
    package

-------------------------------------------------------------------
Mon Sep 23 15:28:02 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to image 1.4.4
  - Hard-code the kernel keyring use to be disabled for now
- Update to libpod 1.5.1
  - The hostname of pods is now set to the pod's name
  - Minor bugfixes
- Update to storage 1.12.16
  - Ignore ro mount options in btrfs and windows drivers

-------------------------------------------------------------------
Mon Sep 23 12:01:53 UTC 2019 - Richard Brown <rbrown@suse.com>

- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)

-------------------------------------------------------------------
Wed Aug  7 10:35:07 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Add missing licenses to spec file

-------------------------------------------------------------------
Tue Aug  6 11:42:17 UTC 2019 - Marco Vedovati <mvedovati@suse.com>

- Add a default registries.d configuration file, used to specify images
  signatures storage location.

-------------------------------------------------------------------
Fri Aug  2 09:46:10 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update to image v3.0.0
  - Add "Env" to ImageInspectInfo
  - Add API function TryUpdatingCache
  - Add ability to install man pages
  - Add user registry auth to kernel keyring
  - Fix policy.json.md -> containers-policy.json.5.md references
  - Fix typo in docs/containers-registries.conf.5.md
  - Remove pkg/sysregistries
  - Touch up transport man page
  - Try harder in storageImageDestination.TryReusingBlob
  - Use the same HTTP client for contacting the bearer token server and the
    registry
  - ci: change GOCACHE to a writeable path
  - config.go: improve debug message
  - config.go: log where credentials come from
  - docker client: error if registry is blocked
  - docker: allow deleting OCI images
  - docker: delete: support all MIME types
  - ostree: default is no OStree support
  - ostree: improve error message
  - progress bar: use spinners for unknown blob sizes
  - use 'containers_image_ostree' as build tag
  - use keyring when authfile empty
- Update to storage v1.12.16
  - Add cirrus vendor check
  - Add storage options to IgnoreChownErrors
  - Add support for UID as well as UserName in /etc/subuid files.
  - Add support for ignoreChownErrors to vfs
  - Add support for installing man pages
  - Fix cross-compilation
  - Keep track of the UIDs and GIDs used in applied layers
  - Move lockfiles to their own package
  - Remove merged directory when it is unmounted
  - Switch to go modules
  - Switch to golangci-lint
  - Update generated files
  - Use same variable name on both commands
  - cirrus: ubuntu: try removing cryptsetup-initramfs
  - compression: add support for the zstd algorithm
  - getLockfile(): use the absolute path
  - loadMounts(): reset counts before merging just-loaded data
  - lockfile: don't bother releasing a lock when closing a file
  - locking test updates
  - locking: take read locks on read-only stores
  - make local-cross more reliable for CI
  - overlay: cache the results of supported/using-metacopy/use-naive-diff
    feature tests
  - overlay: fix small piece of repeated work
  - utils: fix check for missing conf file
  - zstd: use github.com/klauspost/compress directly

-------------------------------------------------------------------
Mon Jul  8 13:18:20 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update to libpod v1.4.4
  - Fixed a bug where rootless Podman would attempt to use the
    entire root configuration if no rootless configuration was
    present for the user, breaking rootless Podman for new
    installations
  - Fixed a bug where rootless Podman's pause process would block
    SIGTERM, preventing graceful system shutdown and hanging until
    the system's init send SIGKILL
  - Fixed a bug where running Podman as root with sudo -E would not
    work after running rootless Podman at least once
  - Fixed a bug where options for tmpfs volumes added with the
    --tmpfs flag were being ignored
  - Fixed a bug where images with no layers could not properly be
    displayed and removed by Podman
  - Fixed a bug where locks were not properly freed on failure to
    create a container or pod
  - Podman now has greatly improved support for containers using
    multiple OCI runtimes. Containers now remember if they were
    created with a different runtime using --runtime and will
    always use that runtime
  - The cached and delegated options for volume mounts are now
    allowed for Docker compatability (#3340)
  - The podman diff command now supports the --latest flag
  - Fixed a bug where podman cp on a single file would create a
    directory at the target and place the file in it (#3384)
  - Fixed a bug where podman inspect --format '{{.Mounts}}' would
    print a hexadecimal address instead of a container's mounts
  - Fixed a bug where rootless Podman would not add an entry to
    container's /etc/hosts files for their own hostname (#3405)
  - Fixed a bug where podman ps --sync would segfault (#3411)
  - Fixed a bug where podman generate kube would produce an invalid
    ports configuration (#3408)
  - Podman now performs much better on systems with heavy I/O load
  - The --cgroup-manager flag to podman now shows the correct
    default setting in help if the default was overridden by
    libpod.conf
  - For backwards compatability, setting --log-driver=json-file in
    podman run is now supported as an alias for
    --log-driver=k8s-file. This is considered deprecated, and
    json-file will be moved to a new implementation in the future
    ([#3363](https://github.com/containers/libpod/issues/3363))
  - Podman's default libpod.conf file now allows the crun OCI
    runtime to be used if it is installed
  - Fixed a bug where Podman could not run containers using an
    older version of Systemd as init (#3295)
  - Updated vendored Buildah to v1.9.0 to resolve a critical bug
    with Dockerfile RUN instructions
  - The error message for running podman kill on containers that
    are not running has been improved
  - The Podman remote client can now log to a file if syslog is not
    available
  - The MacOS dmg file is experimental, use at your own risk.
  - The podman exec command now sets its error code differently
    based on whether the container does not exist, and the command
    in the container does not exist
  - The podman inspect command on containers now outputs Mounts
    JSON that matches that of docker inspect, only including
    user-specified volumes and differentiating bind mounts and
    named volumes
  - The podman inspect command now reports the path to a
    container's OCI spec with the OCIConfigPath key (only included
    when the container is initialized or running)
  - The podman run --mount command now supports the
    bind-nonrecursive option for bind mounts (#3314)
  - Fixed a bug where podman play kube would fail to create
    containers due to an unspecified log driver
  - Fixed a bug where Podman would fail to build with musl libc
    (#3284)
  - Fixed a bug where rootless Podman using slirp4netns networking
    in an environment with no nameservers on the host other than
    localhost would result in nonfunctional networking (#3277)
  - Fixed a bug where podman import would not properly set
    environment variables, discarding their values and retaining
    only keys
  - Fixed a bug where Podman would fail to run when built with
    Apparmor support but run on systems without the Apparmor kernel
    module loaded (#3331)
  - Remote Podman will now default the username it uses to log in
    to remote systems to the username of the current user
  - Podman now uses JSON logging with OCI runtimes that support it,
    allowing for better error reporting
  - Updated vendored Buildah to v1.8.4
  - Updated vendored containers/image to v2.0
- Update to image v2.0.0
  - Add registry mirror support
  - Include missing man pages (bsc#1139526)
- Update to storage v1.12.10
  - Add support for UID as well as UserName in /etc/subuid files.
  - utils: fix check for missing conf file
  - compression: add support for the zstd algorithm
  - overlay: cache the results of
    supported/using-metacopy/use-naive-diff feature tests

-------------------------------------------------------------------
Tue Jun 11 07:06:13 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update to libpod v1.4.0
  - The podman checkpoint and podman restore commands can now be
    used to migrate containers between Podman installations on
    different systems
  - The podman cp command now supports a pause flag to pause
    containers while copying into them
  - The remote client now supports a configuration file for
    pre-configuring connections to remote Podman installations
  - Fixed CVE-2019-10152 - The podman cp command improperly
    dereferenced symlinks in host context
  - Fixed a bug where podman commit could improperly set
    environment variables that contained = characters
  - Fixed a bug where rootless Podman would sometimes fail to start
    containers with forwarded ports
  - Fixed a bug where podman version on the remote client could
    segfault
  - Fixed a bug where podman container runlabel would use
    /proc/self/exe instead of the path of the Podman command when
    printing the command being executed
  - Fixed a bug where filtering images by label did not work
  - Fixed a bug where specifying a bing mount or tmpfs mount over
    an image volume would cause a container to be unable to start
  - Fixed a bug where podman generate kube did not work with
    containers with named volumes
  - Fixed a bug where rootless Podman would receive permission
    denied errors accessing conmon.pid
  - Fixed a bug where podman cp with a folder specified as target
    would replace the folder, as opposed to copying into it
  - Fixed a bug where rootless Podman commands could double-unlock
    a lock, causing a crash
  - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
    mounts, causing errors when using the Kata containers runtime
  - Fixed a bug where podman exec would fail on older kernels
  - The podman commit command is now usable with the Podman remote
    client
  - The --signature-policy flag (used with several image-related
    commands) has been deprecated
  - The podman unshare command now defines two environment
    variables in the spawned shell: CONTAINERS_RUNROOT and
    CONTAINERS_GRAPHROOT, pointing to temporary and permanent
    storage for rootless containers
  - Updated vendored containers/storage and containers/image
    libraries with numerous bugfixes
  - Updated vendored Buildah to v1.8.3
  - Podman now requires Conmon v0.2.0
  - The podman cp command is now aliased as podman container cp
  - Rootless Podman will now default init_path using root Podman's
    configuration files (/etc/containers/libpod.conf and
    /usr/share/containers/libpod.conf) if not overridden in the
    rootless configuration
- Update to image v1.5.1
  - Vendor in latest containers/storage
  - docker/docker_client: Drop redundant Domain(ref.ref) call
  - pkg/blobinfocache: Split implementations into subpackages
  - copy: progress bar: show messages on completion
  - docs: rename manpages to *.5.command
  - add container-certs.d.md manpage
  - pkg/docker/config: Bring auth tests from
    docker/docker_client_test
  - Don't allocate a sync.Mutex separately
- Update to storage v1.12.10
  - Add function to parse out mount options from graphdriver
  - Merge the disparate parts of all of the Unix-like lockfiles
  - Fix unix-but-not-Linux compilation
  - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set
  - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes
  - lockfile: add RecursiveLock() API
  - Update generated files
  - Fix crash on tesing of aufs code
  - Let consumers know when Layers and Images came from read-only stores
  - chown: do not change owner for the mountpoint
  - locks: correctly mark updates to the layers list
  - CreateContainer: don't worry about mapping layers unless necessary
  - docs: fix manpage for containers-storage.conf
  - docs: sort configuration options alphabetically
  - docs: document OSTree file deduplication
  - Add missing options to man page for containers-storage
  - overlay: use the layer idmapping if present
  - vfs: prefer layer custom idmappings
  - layers: propagate down the idmapping settings
  - Recreate symlink when not found
  - docs: fix manpage for configuration file
  - docs: add special handling for manpages in sect 5
  - overlay: fix single-lower test
  - Recreate symlink when not found
  - overlay: propagate errors from mountProgram
  - utils: root in a userns uses global conf file
  - Fix handling of additional stores
  - Correctly check permissions on rootless directory
  - Fix possible integer overflow on 32bit builds
  - Evaluate device path for lvm
  - lockfile test: make concurrent RW test determinisitc
  - lockfile test: make concurrent read tests deterministic
  - drivers.DirCopy: fix filemode detection
  - storage: move the logic to detect rootless into utils.go
  - Don't set (struct flock).l_pid
  - Improve documentation of getLockfile
  - Rename getLockFile to createLockerForPath, and document it
  - Add FILES section to containers-storage.5 man page
  - add digest locks
  - drivers/copy: add a non-cgo fallback
- Add default SLES mounts for container-suseconnect usage

-------------------------------------------------------------------
Tue Jun  4 14:27:15 UTC 2019 - Richard Brown <rbrown@suse.com>

- Add util-linux and grep as Requires(post) to ensure btrfs config gets made correctly

-------------------------------------------------------------------
Mon Apr  1 14:24:17 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to libpod v1.2.0
  * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
  * Move pkg/util default storage functions from libpod to containers/storage
- Update to image v1.5
  * Minor behind the scene bugfixes, no user facing changes
- Update to storage v1.12.1
  * Move pkg/util default storage functions from libpod to containers/storage
  * containers/storage no longer depends on containers/image
- Version 20190401

-------------------------------------------------------------------
Wed Feb 27 14:51:55 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to libpod v1.1.0
   * Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
   * Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf

-------------------------------------------------------------------
Tue Feb 19 15:34:54 UTC 2019 - Richard Brown <rbrown@suse.com>

- Upgrade to storage v1.10
  * enable parallel blob reads
  * Teach images to hold multiple manifests
  * Move structs for storage.conf to pkg/config
- Upgrade to libpod v1.0.1
  * Do not unmarshal into c.config.Spec
  * spec: add nosuid,noexec,nodev to ro bind mount

-------------------------------------------------------------------
Sat Feb  2 11:07:30 UTC 2019 - Richard Brown <rbrown@suse.com>

- Restore non-upstream storage.conf, needed by CRI-O

-------------------------------------------------------------------
Fri Jan 25 14:30:45 UTC 2019 - Richard Brown <rbrown@suse.com>

- Upgrade to storage v1.8
  * Check for the OS when setting btrfs/libdm/ostree tags
- Upgrade to image v1.3
  * vendor: use github.com/klauspost/pgzip instead of compress/gzip
  * vendor latest ostree
- Refactor specfile to use versioned tarballs
- Established package versioning scheme (ISODATE of change)
- Remove non-upstream storage.conf
- Set btrfs as default driver if /var/lib is on btrfs [boo#1123119]
- Version 20190125

-------------------------------------------------------------------
Thu Jan 17 14:20:49 UTC 2019 - Richard Brown <rbrown@suse.com>

- Upgrade to storage v1.6
  * Remove private mount from zfs driver
  * Update zfs driver to be closer to moby driver
  * Use mount options when mounting the chown layer.

-------------------------------------------------------------------
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>

- Upgrade to libpod v1.0.0
  * Fixed a bug where storage.conf was sometimes ignored for rootless containers

-------------------------------------------------------------------
Tue Jan  8 11:35:41 UTC 2019 - Richard Brown <rbrown@suse.com>

- Upgrade to libpod v0.12.1.2 and storage v1.4
  * No significant functional or packaging changes

-------------------------------------------------------------------
Sun Jan  6 22:11:02 UTC 2019 - Richard Brown <rbrown@suse.com>

- storage.conf - restore btrfs as the default driver

-------------------------------------------------------------------
Fri Dec  7 10:54:37 UTC 2018 - Richard Brown <rbrown@suse.com>

- Update to latest libpod and storage to support cri-o 1.13

-------------------------------------------------------------------
Wed Dec  5 14:45:37 UTC 2018 - Richard Brown <rbrown@suse.com>

- Use seccomp.json from github.com/containers/libpod, instead of
  installing the tar.xz on users systems (boo#1118444)

-------------------------------------------------------------------
Mon Nov 12 09:21:37 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Add oci-hooks(5) manpage from libpod.

-------------------------------------------------------------------
Mon Nov 12 08:14:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Use seccomp.json from github.com/containers/libpod to align with the
  upstream defaults.

- Update to the latest image and storage to pull in improvements to the
  manpages.

-------------------------------------------------------------------
Mon Aug 27 14:24:51 UTC 2018 - vrothberg@suse.com

- storage.conf: comment out options that are not supported by btrfs.
  This simplifies switching the driver as it avoids the whack-a-mole
  of commenting out "unsupported" options.

-------------------------------------------------------------------
Mon Aug 27 08:48:16 UTC 2018 - vrothberg@suse.com

- Consolidate libcontainers-{common,image,storage} into one package,
  libcontainers-common. That's the way upstream intended all libraries from
  github.com/containers to be packaged. It facilitates updating and maintaining
  the package, as all configs and manpages come from a central source.

Note that the `storage` binary that previously has been provided by the
  libcontainers-storage package is not provided anymore as, despite the claims
  in the manpages, it is not intended for production use.

-------------------------------------------------------------------
Mon Aug 13 11:44:31 UTC 2018 - vrothberg@suse.com

- Make libcontainers-common arch independent.

- Add LICENSE.

-------------------------------------------------------------------
Thu Apr 12 09:36:39 UTC 2018 - fcastelli@suse.com

- Added /usr/share/containers/oci/hooks.d and /etc/containers/oci/hooks.d
  to the package. These are used by tools like cri-o and podman to store
  custom hooks.

-------------------------------------------------------------------
Mon Mar  5 09:30:12 UTC 2018 - vrothberg@suse.com

- Configuration files should generally be tagged as %config(noreplace) in order
  to keep the modified config files and to avoid losing data when the package
  is being updated.

feature#crio

-------------------------------------------------------------------
Thu Feb  8 13:07:24 UTC 2018 - vrothberg@suse.com

- Add libcontainers-common package.

 
-------------------------------------------------------------------
Tue Feb  6 13:35:30 UTC 2024 - Dan Čermák <dcermak@suse.com>
​
- New release 20240206
- bump bundled c/common to 0.57.4
- bump bundled c/image to 0.29.2
- conditionally require libcontainers-sles-mounds for product(SLE-Micro) as well
  (SLE Micro 6.0 now no longer provides product(SUSE_SLE) and instead only
  provides product(SLE-Micro)), fixes bsc#1216443
​
-------------------------------------------------------------------
Mon Dec  4 07:12:17 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- New release 20231204
-  bump c/common to 0.57.0
   * Bump to v0.56.0 by
   * Fix typo in comment
   * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
   * Fix specification of unix:///run
   * libimage/layer_tree: if parent is empty and a manifest list then ignore check.
   * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
   * Split up util package into pkg/password, pkg/copy, pkg/version
   * Remove ActiveDestination method to move into podman
   * Default machine CPUs to Cores/2
   * pkg/config: do NOT set StaticDir and VolumeDir
   * Implement negated label match function
   * chore: import packages only once
   * CoC: fix email link
-  bump c/storage to 1.51.0
   * Bump to v1.50.2
   * overlay, composefs: mount loop device RO
   * Run codespell on code
   * fix(deps): update module github.com/klauspost/compress to v1.17.0
   * store: serialize container deletion
   * pkg/system: reduce retry timeout for EnsureRemoveAll
   * overlay, composefs: use data-only lower layers
   * store: call RecordWrite() before graphDriver Cleanup()
   * fix(deps): update module golang.org/x/sys to v0.13.0
-  bump c/image to 5.29.0
   * Bump to v5.28.0
   * fix(deps): update module github.com/containers/storage to v1.50.2
   * Run codespell on code
   * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
   * Use constants and types from opencontainers/image-spec/specs-go/v1
   * progress: set Current before Refill
   * copy: fix nil pointer dereference when checking compression algorithm
   * fix(deps): update module github.com/klauspost/compress to v1.17.0
   * fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0
   * ociarchive: Add new ArchiveFileNotFoundError
​
-------------------------------------------------------------------
Wed Sep 13 12:48:43 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Require libcontainers-sles-mounts for *all* SLE products,
  and not just SLES. (bsc#1215291)
​
-------------------------------------------------------------------
Wed Sep 13 06:13:53 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- New release 20230913
- bump c/image to 5.28.0
  * Bump to v5.26.0
  * fix(deps): update module github.com/sigstore/rekor to v1.2.2
  * fix(deps): update module github.com/sigstore/fulcio to v1.3.2
  * Adding IO decorator to copy progress bar
  * Ensure we close HTTP connections on all paths
  * fix(deps): update module github.com/containers/storage to v1.48.0
  * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4
  * fix(deps): update github.com/cyberphone/json-canonicalization digest to 91eb5f1
  * fix(deps): update golang.org/x/exp digest to 97b1e66
  * fix(deps): update module github.com/klauspost/compress to v1.16.7
  * fix(deps): update module github.com/docker/docker to v24.0.3+incompatible
  * fix(deps): update module golang.org/x/oauth2 to v0.10.0
  * manifest: ListUpdate add imgspecv1.Platform field
  * fix(deps): update module github.com/docker/docker to v24.0.4+incompatible
  * pkg/docker: use the same default auth path as macOS on FreeBSD
  * fix(deps): update module github.com/sigstore/fulcio to v1.3.4
  * blob: TryReusingBlobWithOptions consider RequiredCompression if set
  * Fix tests of the ostree transport
  * helpers_test,cleanup: correct argument order
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1
  * Make temporary names container/image specific
  * listupdate,oci: instance show read-only annotations and CompressionAlgorithmNames
  * fix(deps): update module github.com/docker/docker-credential-helpers to v0.8.0
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2
  * Fix TestOCI1IndexChooseInstanc
  * Refactor data passing in c/image/copy
  * Update module github.com/sigstore/fulcio to v1.4.0
  * copy/multiple: instanceCopyCopy honor UpdateCompressionAlgorithms
  * Update vendor of containers/storage
  * copy/single: accept custom *Options and wrap arguments in copySingleImageOptions
  * Improve transport documentation
  * fix(deps): update module github.com/vbatts/tar-split to v0.11.5
  * fix(deps): update module github.com/docker/docker to v24.0.5+incompatible
  * copy: implement instanceCopyClone for zstd compression
  * copy/multiple: priority of instanceCopyCopy must be higher than instanceCopyClone
  * Clarify where mirrors are used
  * fix(deps): update github.com/cyberphone/json-canonicalization digest to aa7fe85
  * fix(deps): update github.com/containers/storage digest to c3da76f
  * Update x/exp/slices, and some small slice-related cleanups
  * Use consistent example domains in #2069
  * copy: add support for ForceCompressionFormat
  * fix(deps): update module golang.org/x/term to v0.11.0
  * fix(deps): update module golang.org/x/crypto to v0.12.0
  * fix(deps): update module golang.org/x/oauth2 to v0.11.0
  * [release-5.27] Preparing 5.27 backport
  * Update to Go 1.19
  * storage.storageImageDestination.Commit(): leverage image options
  * Rename SKOPEO_CI_TAG to SKOPEO_CI_BRANCH
  * [CI:DOCS] Add cirrus-cron retry/monitor jobs
  * chore(deps): update dependency containers/automation_images to v20230807
  * [release-5.27] Fix the branch we use for determining a git-validation starting point
  * fix(deps): update golang.org/x/exp digest to 352e893
  * fix(deps): update module github.com/sigstore/sigstore to v1.7.2
  * OCI image-spec / distribution-spec v1.1 updates, first round
  * fix(deps): update module github.com/sylabs/sif/v2 to v2.12.0
  * chore(deps): update dependency containers/automation_images to v20230809
  * Merge release branch into main
  * BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted
  * Update module github.com/containers/ocicrypt to v1.1.8
  * chore(deps): update dependency containers/automation_images to v20230816
  * fix(deps): update module github.com/containers/storage to v1.49.0
  * fix(deps): update module github.com/sylabs/sif/v2 to v2.13.0
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.0
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.1
  * fix(deps): update golang.org/x/exp digest to d852ddb
  * fix(deps): update module golang.org/x/term to v0.12.0
  * fix(deps): update module github.com/sigstore/sigstore to v1.7.3
  * fix removal of temp file in GetBlob on Windows
  * fix(deps): update module golang.org/x/crypto to v0.13.0
  * Fix build with golangci-lint 1.54.2
  * fix(deps): update module golang.org/x/oauth2 to v0.12.0
  * Implement, and default to, a SQLite BlobInfoCache instead of BoltDB
  * fix(deps): update module github.com/docker/docker to v24.0.6+incompatible
  * Update dependencies of docker/docker
  * Correctly handle encryption/decryption changes in non-OCI formats
  * chore(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 [security]
  * fix(deps): update module github.com/containers/storage to v1.50.1
- bump c/storage to 1.50.2
  * Bump to v1.50.1
  * Add an OWNERS file for the merge bot to refer to
- bump c/common to 0.55.4
  * Bump c/image to v0.55.3
​
​
-------------------------------------------------------------------
Mon Aug 14 07:27:59 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- New release 20230814
- bump c/storage to 1.48.0
  * Bump to v1.47.0
  * Fix error if continueWrite/continueRead pipe open fails
  * pkg/regexp: make sure that &Regexp implements the interfaces
  * Remove use of fillGo18FileTypeBits
- bump c/image to 5.27.0
  * fix(deps): update module github.com/docker/docker to v23.0.3+incompatible
  * fix(deps): update module golang.org/x/term to v0.7.0
  * fix(deps): update module github.com/klauspost/compress to v1.16.4
  * fix(deps): update module github.com/sigstore/sigstore to v1.6.1
  * chore(deps): update dependency containers/automation_images to v20230405
  * fix(deps): update module golang.org/x/crypto to v0.8.0
  * fix(deps): update module golang.org/x/oauth2 to v0.7.0
  * fix(deps): update module github.com/containers/storage to v1.46.1
  * fix(deps): update module github.com/sigstore/sigstore to v1.6.2
  * Don't completely silently ignore non-OCI manifests in OCI layouts
  * fix(deps): update module github.com/klauspost/compress to v1.16.5
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0
  * fix(deps): update module github.com/docker/docker to v23.0.4+incompatible
- bump c/common to 0.55.3
  * Change default image volume mode to "nullfs" on FreeBSD
  * [v0.55][CI-DOCS] remove zstd:chunked from docs
  * libimage: harden lookup by digest
  * libimage: HasDifferentDigest: add InsecureSkipTLSVerify option
​
-------------------------------------------------------------------
Mon Jul 31 06:17:22 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Disable CNI related configs on ALP (bsc#1213556)
  (https://github.com/containers/podman/issues/19327)
​
-------------------------------------------------------------------
Tue Jun 27 14:18:18 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Remove unused grep requirement
​
-------------------------------------------------------------------
Mon Jun 26 12:51:12 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Resolve choice on openSUSE distributions for libcontainer-policy
  by suggesting the libcontainers-openSUSE-policy explicitly.
​
-------------------------------------------------------------------
Mon Jun  5 12:04:33 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Enforce BCI verification via Podman on openSUSE distributions
  using the already shipped container signing keys.
  (bsc#1197030)
​
-------------------------------------------------------------------
Tue May 16 12:51:34 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Introduce new subpackage that adds SLE-specific mounts only
  on SLE systems (if sles-release) hence avoiding superfluous
  warnings on non-SLE systems while running podman commands.
  (bsc#1211124)
​
-------------------------------------------------------------------
Wed Apr 26 12:43:41 UTC 2023 - Frederic Crozat <fcrozat@suse.com>
​
- Own /etc/containers/systemd and /usr/share/containers/systemd,
  useful for podman quadlet.
​
-------------------------------------------------------------------
Wed Mar 15 09:17:51 UTC 2023 - Dan Čermák <dcermak@suse.com>
​
- Remove container-storage-driver.sh, we want to default to the overlay driver
  instead of btrfs.
  The btrfs driver is not really supported upstream (see
  e.g. https://github.com/containers/podman/issues/16882), there is no real
  development anymore and it appears to have subtle bugs (e.g. the one linked
  previously).
  To prevent further such issues, we will from now on default to the overlay
  driver.
​
-------------------------------------------------------------------
Wed Mar 15 08:55:24 UTC 2023 - Dan Čermák <dcermak@suse.com>
​
- Remove obsolete Requires(post): util-linux-systemd
​
-------------------------------------------------------------------
Mon Feb 27 10:30:12 UTC 2023 - Dan Čermák <dcermak@suse.com>
​
- Add registry.suse.com to the unqualified-search-registries
​
-------------------------------------------------------------------
Tue Feb 14 13:28:21 UTC 2023 - Dan Čermák <dcermak@suse.com>
​
- New upstream release 20230214
- bump c/storage to 1.45.3
- bump c/image to 5.24.1
- bump c/common to 0.51.0
- containers.conf:
  * add commented out options containers.read_only,
    engine.platform_to_oci_runtime, engine.events_container_create_inspect_data,
    network.volume_plugin_timeout, engine.runtimes.youki, machine.provider
  * remove deprecated setting containers.userns_size
  * add youki to engine.runtime_supports_json
- shortnames.conf: pull in latest upstream version
- storage.conf: add commented out option storage.transient_store
- correct license to APACHE-2.0 only (there's no GPLv3 code to be found)
- add source URLs to spec
- drop pointless copyright year
​
-------------------------------------------------------------------
Wed Jan 25 10:01:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Reverts https://build.opensuse.org/request/show/1060361
  Changes introduced to c/storage's storage.conf which adds
  a driver_priority attribute would break consumers of libcontainer-common
  as long as those packages are vendoring an older c/storage version.
  Instead of patching every consumer, we're reverting this change, until
  those packages have been updated downstream. [boo#1207509]
​
-------------------------------------------------------------------
Fri Jan 13 06:01:46 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- storage.conf: Unset 'driver' and set 'driver_priority' to
  allow podman to use 'btrfs' if available and fallback to
  'overlay' if not.
- .spec: rm %post script to set 'btrfs' as storage driver
  in storage.conf
​
-------------------------------------------------------------------
Mon Dec  5 12:23:07 UTC 2022 - Dan Čermák <dcermak@suse.com>
​
- Remove registry.suse.com from search unqualified-search-registries:
  registry.suse.com responds very slowly to pagination repository listings
  (https://docs.docker.com/registry/spec/api/#pagination) and thereby causes
  every `podman search` to take over 90s. We have to remove it until this
  regression is fixed.
​
-------------------------------------------------------------------
Mon Nov 28 09:08:11 UTC 2022 - Dirk Müller <dmueller@suse.com>
​
- add requires on util-linux-systemd for findmnt in profile script
- only set storage_driver env when no libpod exists
- avoid quoting issue
​
-------------------------------------------------------------------
Tue Nov 22 12:48:38 UTC 2022 - Dan Čermák <dcermak@suse.com>
​
- Update bundled common to 0.50.1
- Update bundled image to 5.23.1
- Update bundled storage to 1.44.0
- Drop bundled podman
- Bump version to 20221122
- Install container-storage-driver.sh in /etc/ on Leap & SLE
​
-------------------------------------------------------------------
Thu Nov 17 10:51:26 UTC 2022 - Dirk Müller <dmueller@suse.com>
​
- add container-storage-driver.sh (bsc#1197093)
​
-------------------------------------------------------------------
Thu Nov 10 11:58:09 UTC 2022 - Dirk Müller <dmueller@suse.com>
​
- postinstall script: slight cleanup, no functional change
​
-------------------------------------------------------------------
Tue Oct 25 10:40:49 UTC 2022 - Dirk Müller <dmueller@suse.com>
​
- set detached sigstore attachments for the SUSE controlled registries
​
-------------------------------------------------------------------
Tue Aug  9 08:49:18 UTC 2022 - Fabian Vogt <fvogt@suse.com>
​
- Fix obvious typo in containers.conf
​
-------------------------------------------------------------------
Wed Aug  3 13:19:58 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
​
- Resync containers.conf / storage.conf with Fedora
- Create /etc/containers/registries.conf.d and 
  add 000-shortnames.conf to it.
​
-------------------------------------------------------------------
Wed Jun 15 10:20:16 UTC 2022 - Fabian Vogt <fvogt@suse.com>
​
- Use $() again in %post, but with a space for POSIX compliance
​
-------------------------------------------------------------------
Tue Jun 14 13:53:43 UTC 2022 - Dan Čermák <dcermak@suse.com>
​
- Add missing Requires(post): sed, fixes boo#1200524
- Make %post compatible with dash
​
-------------------------------------------------------------------
Wed Jun  8 12:39:46 UTC 2022 - Richard Brown <rbrown@suse.com>
​
- Add missing comma to previous change 
​
-------------------------------------------------------------------
Mon Jun  6 12:56:19 UTC 2022 - Lubos Kocman <lubos.kocman@suse.com>
​
- Add registry.suse.com as agreed on oSC22
  Let's advertise usage of BCI images in general
​
-------------------------------------------------------------------
Thu Feb  3 19:43:19 UTC 2022 - Bruno Leon <bruno.leon@suse.com>
​
- Update storage to 1.38.2
- Update image to 5.19.1
- Update Podman to 3.4.4
- Update common to 0.47.3
​
-------------------------------------------------------------------
Tue Jan 11 12:56:24 UTC 2022 - Dan Čermák <dcermak@suse.com>
​
- Switch registries.conf to v2 format
​
-------------------------------------------------------------------
Fri Sep 17 10:20:19 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Update common to 0.44.0
​
0.42.3:
​
* (*libimage.Image).HasDifferentDigest: add authentication
​
0.42.2:
​
    Backports for Podman 3.3.2
    Fix the fallback runtime path
    Switch default Rootless Networking to "CNI" for OSX
    libimage: disk usage: catch corrupted images
    set GOPROXY=https://proxy.golang.org
​
​
0.44.0:
​
    Add HelperBinariesDir field to engine config
    Add space trimming check in sysctl.Validate
    Cirrus: Use fresher VM images
    Fix `pkg/sysctl` path typo
    Fix the fallback runtime path
    Switch default Rootless Networking to "CNI" for OSX
    Update pkg/sysctl/sysctl.go
    add some cni plugin paths
    build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0
    build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0
    build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0
    build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
    build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
    docs/containers.conf.5.md: Fix manpage section
    fix untag + v0.43.2
    libimage: disk usage: catch corrupted images
    libimage: relax untag by digest checks
    path: dest paths inside container should always be treated as *nix type
    remove-image: Add optional `LookupManifest` to RemoveImagesOptions.
    runtime: Add ReturnManifestIfPresent to LookupImageOptions
    runtime: Add `ManifestList` to `LookupImageOptions`
    seccomp: allow memfd_secret
​
0.43.2:
​
* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type
​
0.43.1:
​
Fix spelling mistakes
Fix examples in containers.conf
​
​
0.43.0:
​
    Add documentation for Containerfile and Dockerfile
    Remove no_libsubid flag
    Add machine_image to containers.conf
    build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0
    build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4
    Add machine_image to containers.conf
    Switch default logdriver and eventslogger to journald, if root
    build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
    build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0
    libimage: {un}tag: reject digests
    build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
    style: complete containers#556 to-do list part 4
    build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0
    set GOPROXY=https://proxy.golang.org
​
​
0.42.1:
​
* pull: fallthrough for registry parsing errors
​
0.42.0:
​
* Remove --accept-repositories flag
* pull policy: support camel cases
* Use authfile in options to search image
* vendor in containers/storage v1.33.0
* config: split arguments in DBUS_SESSION_BUS_ADDRESS
* pkg/seccomp: avoid DefaultErrnoRet: null
* Add and use libimage.Runtime.imageIDsForManifest()
* Add libimage/manifests.LockerForImage()
* Add support for path based registry in login/logout
* libimage: pull: normalize docker-daemon
* libimage: report all removed images
* libruntime: layer tree: handle empty images
* refine dangling filters
* libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location
* build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
* pull with custom platform: handle "localhost/"
* User option to prepare container after creation for volume copy-up. Docker does this by default.
* add config option for ChownCopiedFiles
* build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6
* libimage: image tree: fix nil deref
​
​
- Update podman to 3.3.1
​
3.3.1:
​
### Bugfixes
- Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)).
- Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances.
- Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace ([#11303](https://github.com/containers/podman/issues/11303)).
- Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions.
- Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated ([#11158](https://github.com/containers/podman/issues/11158)).
- Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path ([#11358](https://github.com/containers/podman/issues/11358)).
​
### API
- A large number of potential file descriptor leaks from improperly closing client connections have been fixed.
​
​
3.3.0:
​
### Features
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
​
### Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- Systemd unit files generated by `podman generate systemd` now use `Type=notify` by default, instead of using PID files.
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
​
### Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to build when run on Windows ([#11259](https://github.com/containers/podman/issues/11259)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where named volumes created using a volume plugin would be removed from Podman, even if the plugin reported a failure to remove the volume ([#11214](https://github.com/containers/podman/issues/11214)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
- Fixed a bug where rootless Podman containers joined to a CNI network would not have functional DNS when the host used systemd-resolved without the resolved stub resolver being enabled ([#11222](https://github.com/containers/podman/issues/11222)).
- Fixed a bug where `podman network connect` and `podman network disconnect` of rootless containers could sometimes break port forwarding to the container ([#11248](https://github.com/containers/podman/issues/11248)).
- Fixed a bug where joining a container to a CNI network by ID and adding network aliases to this network would cause the container to fail to start ([#11285](https://github.com/containers/podman/issues/11285)).
​
### API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Build endpoint for Images was too strict when validating the `Content-Type` header, rejecting content that Docker would have accepted ([#11022](https://github.com/containers/podman/issues/11012)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
​
### Misc
- Updated Buildah to v1.22.3
- Updated the containers/storage library to v1.34.1
- Updated the containers/image library to v5.15.2
- Updated the containers/common library to v0.42.1
​
​
3.3.0-RC3:
​
This is the third release candidate of Podman v3.3.0
​
Preliminary release notes follow:
### Features
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
​
### Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
​
### Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
​
### API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
​
### Misc
- Updated Buildah to v1.22.0
- Updated the containers/storage library to v1.34.1
- Updated the containers/image library to v5.15.1
- Updated the containers/common library to v0.42.1
​
​
3.3.0-RC2:
​
### Features
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
​
### Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
​
### Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
​
### API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
​
### Misc
- Updated Buildah to v1.22.0
- Updated the containers/storage library to v1.33.1
- Updated the containers/image library to v5.15.0
- Updated the containers/common library to v0.42.1
​
​
- Update storage to 1.36.0
​
1.36.0:
​
    (*Store)Layer(): fix race when loading layers
    Add Inodes to OverlayOptionsConfig
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.8.22
    build(deps): bump github.com/containerd/stargz-snapshotter/estargz
    build(deps): bump github.com/klauspost/compress from 1.13.4 to 1.13.5
    build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
    chunked: cache all the files with the same digest
    chunked: do not store the digest if it is empty
    chunked: estargz support
    chunked: fix linkat for rootless
    chunked: restrict dedup with hard links
​
​
1.35.0:
​
    chunked: add new pull options use_hard_links and enable_partial_images
    build(deps): bump github.com/vbatts/tar-split from 0.11.1 to 0.11.2
    build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
    Update golang.org/x/sys
    Add LayerOptions.OriginalDigest and LayerOptions.UncompressedDigest
    Separate the IDMappingOptions logic from other LayerOptions work
    Reorganize uncompressedCounter
    Only compute {un,}compressedDigester.Digest() once
    Reorganize the "defragmented" reader construction a bit.
    Rename {un,}compressedDigest to {un,}compressedDigester
    Have NewReadCloserWrapper pass through io.WriterTo
    chunked: remove unused args
    chunked: fix fd leak on error
    chunked: remove unused argument missingDirsMode
    chunked: add new pull option use_hard_links
    chunked: allow to disable partial images feature
​
​
1.34.1:
​
    types: on error fallback to filepath.Clean()
    build(deps): bump github.com/klauspost/compress from 1.13.3 to 1.13.4
    Add codespell fixes
    ApplyDiff: compress saved headers without concurrency
    build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
​
​
1.34.0:
​
    overlay: check for aufs-style whiteout at startup
    Invert libsubid tag
​
​
1.33.2:
​
    build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
    Follow symlinks if they exists
    idtools: add support for libsubid
    Makefile: use buildtags for golangci-lint
    Cirrus: Use fresh VM & Container images
    build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
    build(deps): bump github.com/klauspost/compress from 1.13.1 to 1.13.3
​
​
1.33.1:
​
    Fix handling of quota on volumes
​
​
1.33.0:
​
    Add inode support to quota
    Creating fifo files while non root should be supported
    Revert #952, we don't want to use /run/user on non systemd systems
    Split pkg/chunked.ZstdCompressor into a separate subpackage
    Update docs/containers-storage.conf.5.md
    build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
    overlay: check if we can mknod() kernel whiteout
​
​
- Update image to 5.16.0
​
v0.44.0:
* Add HelperBinariesDir field to engine config
* Add space trimming check in sysctl.Validate
* Cirrus: Use fresher VM images
* Fix `pkg/sysctl` path typo
* Fix the fallback runtime path
* Switch default Rootless Networking to "CNI" for OSX
* Update pkg/sysctl/sysctl.go
* add some cni plugin paths
* build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0
* build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0
* build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0
* build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
* build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
* docs/containers.conf.5.md: Fix manpage section
* fix untag + v0.43.2
* libimage: disk usage: catch corrupted images
* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type
* remove-image: Add optional `LookupManifest` to RemoveImagesOptions.
* runtime: Add ReturnManifestIfPresent to LookupImageOptions
* runtime: Add `ManifestList` to `LookupImageOptions`
* seccomp: allow memfd_secret
​
v0.43.2:
* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type
​
v0.43.1:
* Fix spelling mistakes
* Fix examples in containers.conf
​
v0.43.0:
* Add documentation for Containerfile and Dockerfile
* Remove no_libsubid flag
* Add machine_image to containers.conf
* build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0
* build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4
* Add machine_image to containers.conf
* Switch default logdriver and eventslogger to journald, if root
* build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
* build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0
* libimage: {un}tag: reject digests
* build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
* style: complete containers#556 to-do list part 4
* build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0
* set GOPROXY=https://proxy.golang.org
​
v0.42.1:
* pull: fallthrough for registry parsing errors
​
v0.42.0:
* Remove --accept-repositories flag
* pull policy: support camel cases
* Use authfile in options to search image
* vendor in containers/storage v1.33.0
* config: split arguments in DBUS_SESSION_BUS_ADDRESS
* pkg/seccomp: avoid DefaultErrnoRet: null
* Add and use libimage.Runtime.imageIDsForManifest()
* Add libimage/manifests.LockerForImage()
* Add support for path based registry in login/logout
* libimage: pull: normalize docker-daemon
* libimage: report all removed images
* libruntime: layer tree: handle empty images
* refine dangling filters
* libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location
* build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
* pull with custom platform: handle "localhost/"
* User option to prepare container after creation for volume copy-up. Docker does this by default.
* add config option for ChownCopiedFiles
* build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6
* libimage: image tree: fix nil deref
​
​
-------------------------------------------------------------------
Fri Sep 17 09:23:33 UTC 2021 - Richard Brown <rbrown@suse.com>
​
- Comment out ostree_repo if it's blank [boo#1189893]
​
-------------------------------------------------------------------
Mon Sep  6 16:08:36 UTC 2021 - Richard Brown <rbrown@suse.com>
​
- Comment out ostree_repo [boo#1189893]
​
-------------------------------------------------------------------
Fri Jul 23 08:31:52 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Update common to 0.41.0
​
0.38.18:
​
    [0.38] seccomp: add support for defaultErrnoRet
​
​
0.41.0:
​
    Allow /etc/containers/containers.conf to be read by non-root
    Created numMem_linux.go and numMem.go and nummem_unsupported.go
    Fix default definition of secrets in containers.conf
    Report bad entries in containers.conf to the user
    add shelldriver.
    build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
    build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5
    build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1
    build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0
    build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1
    feat: add shell secret driver.
    libimage: LookupImage: remove IgnorePlatform option
    libimage: `(*Runtime).SystemContext()`
    libimage: events: deferred write
    libimage: force internal image lookups to ignore arch
    libimage: import: fix tags
    libimage: pull: enforce pull policy for custom platforms
    libimage: pull: ignore platform for local image lookup
    libimage: pull: override even --pull=never with custom platform
    pull: custom platform: do not use local image name
​
​
0.38.13:
​
* libimage: events: deferred write
​
0.38.12:
​
* pull: custom platform: do not use local image name
​
0.40.1:
​
    Vendor in containers/image v5.13.2
    seccomp: tweak default profile (followup for #573)
    libimage: lookup images by custom platform
    libimage: force remove: only untag on multi tag image
    build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1
    Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
    seccomp: always allow get_mempolicy, set_mempolicy, mbind
    seccomp: let membarrier fail with ENOSYS
    seccomp: allow rseq
    seccomp: allow pkey_*
    seccomp: let io_uring_* fail with ENOSYS
    seccomp: allow clone3
​
0.40.0:
​
    Add default for log-tag
    Add support for config drop in directories
    Do not set the default netns
    Don't use systemd defaults if /proc/1/comm != systemd
    Fix spacing on name value pairs to be consistent
    Leave default seccomp path empty
    Sort containers.conf and containers.conf.5.md
    Strip extra trailing newlines in templates
    Tests are writing customer config to host machine
    Use SetCredentials and add verbose to loginopts
    [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md
    add 'secret' section to the containers.conf struct.
    add @Luap99 to OWNERS
    add passdriver for secrets.
    build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0
    build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2
    build(deps): bump github.com/docker/docker
    build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2
    build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4
    build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0
    build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
    fix autodiscovery of the secret passdriver.
    fixed comments
    libimage: fix Exists
    libimage: pull: turn image-lookup errors non-fatal
    libmage: Exists: catch corrupted images
    made necessary changes to handle OS/Arch while importing an image
    pkg/config: fix systemd compile errors
    pull: don't resolve short names on explicit docker:// reference
    seccomp: add support for defaultErrnoRet
    seccomp: allow more *_time64 syscalls
    seccomp: allow timer_settime64
    seccomp: switch default to ENOSYS
    secrets: fix build with go 1.15
    support tag@digest notation
​
​
0.39.0:
​
    Vendor in containers/storage v1.32.0
    Ensure configuration directory is created for networks
    Include gateway in generated default networks
    Use Private as default for rootless when we want CNI
    rootless networking
    libimage: add some comments
    libimage: add more image tests
    build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0
    rootless_networking = "slirp4netns | cni"
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
​
​
- Update podman to 3.2.3
​
3.2.3:
​
### Security
- This release addresses CVE-2021-3602, an issue with the `podman build` command with the `--isolation chroot` flag that results in environment variables from the host leaking into build containers.
​
### Bugfixes
- Fixed a bug where events related to images could occur before the relevant operation had completed (e.g. an image pull event could be written before the pull was finished) ([#10812](https://github.com/containers/podman/issues/10812)).
- Fixed a bug where `podman save` would refuse to save images with an architecture different from that of the host ([#10835](https://github.com/containers/podman/issues/10835)).
- Fixed a bug where the `podman import` command did not correctly handle images without tags ([#10854](https://github.com/containers/podman/issues/10854)).
- Fixed a bug where Podman's journald events backend would fail and prevent Podman from running when run on a host with systemd as PID1 but in an environment (e.g. a container) without systemd ([#10863](https://github.com/containers/podman/issues/10863)).
- Fixed a bug where containers using rootless CNI networking would fail to start when the `dnsname` CNI plugin was in use and the host system's `/etc/resolv.conf` was a symlink ([#10855](https://github.com/containers/podman/issues/10855) and [#10929](https://github.com/containers/podman/issues/10929)).
- Fixed a bug where containers using rootless CNI networking could fail to start due to a race in rootless CNI initialization ([#10930](https://github.com/containers/podman/issues/10930)).
​
### Misc
- Updated Buildah to v1.21.3
- Updated the containers/common library to v0.38.16
​
​
- Update storage to 1.32.6
​
1.32.6:
​
    Fix runtime panic for opening lockfile if parent dir got removed
    Cleanup exclude exceptions path
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.17 to 0.8.20
    Add test for bad entries in storage.conf
    chunked: fix the path used for layers dedup
    Report bad entries in storage.conf to the user
    Use /run/user/UID in rootless mode if writable
​
- Update image to 5.14.0
​
v0.41.0:
* Allow /etc/containers/containers.conf to be read by non-root
* Created numMem_linux.go and numMem.go and nummem_unsupported.go
* Fix default definition of secrets in containers.conf
* Report bad entries in containers.conf to the user
* add shelldriver.
* build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
* build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5
* build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1
* build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0
* build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1
* feat: add shell secret driver.
* libimage: LookupImage: remove IgnorePlatform option
* libimage: `(*Runtime).SystemContext()`
* libimage: events: deferred write
* libimage: force internal image lookups to ignore arch
* libimage: import: fix tags
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* libimage: pull: override even --pull=never with custom platform
* pull: custom platform: do not use local image name
​
​
v0.40.1:
* Vendor in containers/image v5.13.2
* seccomp: tweak default profile (followup for #573)
* libimage: lookup images by custom platform
* libimage: force remove: only untag on multi tag image
* build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
* seccomp: always allow get_mempolicy, set_mempolicy, mbind
* seccomp: let membarrier fail with ENOSYS
* seccomp: allow rseq
* seccomp: allow pkey_*
* seccomp: let io_uring_* fail with ENOSYS
* seccomp: allow clone3
​
v0.40.0:
* Add default for log-tag
* Add support for config drop in directories
* Do not set the default netns
* Don't use systemd defaults if /proc/1/comm != systemd
* Fix spacing on name value pairs to be consistent
* Leave default seccomp path empty
* Sort containers.conf and containers.conf.5.md
* Strip extra trailing newlines in templates
* Tests are writing customer config to host machine
* Use SetCredentials and add verbose to loginopts
* [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md
* add 'secret' section to the containers.conf struct.
* add @Luap99 to OWNERS
* add passdriver for secrets.
* build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0
* build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2
* build(deps): bump github.com/docker/docker
* build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2
* build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4
* build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0
* build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
* fix autodiscovery of the secret passdriver.
* fixed comments
* libimage: fix Exists
* libimage: pull: turn image-lookup errors non-fatal
* libmage: Exists: catch corrupted images
* made necessary changes to handle OS/Arch while importing an image
* pkg/config: fix systemd compile errors
* pull: don't resolve short names on explicit docker:// reference
* seccomp: add support for defaultErrnoRet
* seccomp: allow more *_time64 syscalls
* seccomp: allow timer_settime64
* seccomp: switch default to ENOSYS
* secrets: fix build with go 1.15
* support tag@digest notation
​
v0.39:
* Vendor in containers/storage v1.32.0
* Ensure configuration directory is created for networks
* Include gateway in generated default networks
* Use Private as default for rootless when we want CNI
* rootless networking
* libimage: add some comments
* libimage: add more image tests
* build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0
* rootless_networking = "slirp4netns | cni"
* build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
​
-------------------------------------------------------------------
Tue Jun 29 07:38:39 UTC 2021 - Fabian Vogt <fvogt@suse.com>
​
- Mention libcontainers-common.rpmlintrc as source
- Use versioned obsoletes
​
-------------------------------------------------------------------
Fri Jun 25 22:37:43 UTC 2021 - Enrico Belleri <idesmi@protonmail.com>
​
- Update common to 0.38.11
​
0.38.11:
​
* Strip extra trailing newlines in templates
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
​
0.38.10:
​
* libimage: pull: override even --pull=never with custom platfo
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* Allow /etc/containers/containers.conf to be read by non-root
* [0.38] libimage: force remove: only untag on multi tag image
​
0.38.9:
​
* libimage: fix Exists
​
0.38.8:
​
* libmage: Exists: catch corrupted images
​
0.38.7:
​
* libimage: pull: turn image-lookup errors non-fatal
​
0.38.6:
​
* [0.38] Leave default seccomp path empty
​
0.38.5:
​
* pull: don't resolve short names on explicit docker:// reference
​
0.38.4:
​
    Revert "Do not emit warnings about OCI runtime paths"
    libimage: lookup: tolerate corrupted image
​
​
0.38.3:
​
    build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1
    libimage: fix manifest list lookup
​
​
- Update podman to 3.2.2
​
3.2.2:
​
### Changes
- Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based on an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)).
- Podman no longer uses inotify to monitor for changes to CNI configurations. This removes potential issues where Podman cannot be run because a user has exhausted their available inotify sessions ([#10686](https://github.com/containers/podman/issues/10686)).
​
### Bugfixes
- Fixed a bug where the `podman cp` would, when given a directory as its source and a target that existed and was a file, copy the contents of the directory into the parent directory of the file; this now results in an error.
- Fixed a bug where the `podman logs` command would, when following a running container's logs, not include the last line of output from the container when it exited when the `k8s-file` driver was in use ([#10675](https://github.com/containers/podman/issues/10675)).
- Fixed a bug where Podman would fail to run containers if `systemd-resolved` was incorrectly detected as the system's DNS server ([#10733](https://github.com/containers/podman/issues/10733)).
- Fixed a bug where the `podman exec -t` command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set ([#10560](https://github.com/containers/podman/issues/10560)).
- Fixed a bug where Podman containers using the `slirp4netns` network mode would add an incorrect entry to `/etc/hosts` pointing the container's hostname to the wrong IP address.
- Fixed a bug where Podman would create volumes specified by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)).
- Fixed a bug where Podman would not respect the `uid` and `gid` options to `podman volume create -o` ([#10620](https://github.com/containers/podman/issues/10620)).
- Fixed a bug where the `podman run` command could panic when parsing the system's cgroup configuration ([#10666](https://github.com/containers/podman/issues/10666)).
- Fixed a bug where the remote Podman client's `podman build -f - ...` command did not read a Containerfile from STDIN ([#10621](https://github.com/containers/podman/issues/10621)).
- Fixed a bug where the `podman container restore --import` command would fail to restore checkpoints created from privileged containers ([#10615](https://github.com/containers/podman/issues/10615)).
- Fixed a bug where Podman was not respecting the `TMPDIR` environment variable when pulling images ([#10698](https://github.com/containers/podman/issues/10698)).
- Fixed a bug where a number of Podman commands did not properly support using Go templates as an argument to the `--format` option.
​
### API
- Fixed a bug where the Compat Inspect endpoint for Containers did not include information on container healthchecks ([#10457](https://github.com/containers/podman/issues/10457)).
- Fixed a bug where the Libpod and Compat Build endpoints for Images did not properly handle the `devices` query parameter ([#10614](https://github.com/containers/podman/issues/10614)).
​
### Misc
- Fixed a bug where the Makefile's `make podman-remote-static` target to build a statically-linked `podman-remote` binary was instead producing dynamic binaries ([#10656](https://github.com/containers/podman/issues/10656)).
- Updated the containers/common library to v0.38.11
​
​
3.2.1:
​
### Changes
- Podman now allows corrupt images (e.g. from restarting the system during an image pull) to be replaced by a `podman pull` of the same image (instead of requiring they be removed first, then re-pulled).
​
### Bugfixes
- Fixed a bug where Podman would fail to start containers if a Seccomp profile was not available at `/usr/share/containers/seccomp.json` ([#10556](https://github.com/containers/podman/issues/10556)).
- Fixed a bug where the `podman machine start` command failed on OS X machines with the AMD64 architecture and certain QEMU versions ([#10555](https://github.com/containers/podman/issues/10555)).
- Fixed a bug where Podman would always use the slow path for joining the rootless user namespace.
- Fixed a bug where the `podman stats` command would fail on Cgroups v1 systems when run on a container running systemd ([#10602](https://github.com/containers/podman/issues/10602)).
- Fixed a bug where pre-checkpoint support for `podman container checkpoint` did not function correctly.
- Fixed a bug where the remote Podman client's `podman build` command did not properly handle the `-f` option ([#9871](https://github.com/containers/podman/issues/9871)).
- Fixed a bug where the remote Podman client's `podman run` command would sometimes not resize the container's terminal before execution began ([#9859](https://github.com/containers/podman/issues/9859)).
- Fixed a bug where the `--filter` option to the `podman image prune` command was nonfunctional.
- Fixed a bug where the `podman logs -f` command would exit before all output for a container was printed when the `k8s-file` log driver was in use ([#10596](https://github.com/containers/podman/issues/10596)).
- Fixed a bug where Podman would not correctly detect that systemd-resolved was in use on the host and adjust DNS servers in the container appropriately under some circumstances ([#10570](https://github.com/containers/podman/issues/10570)).
- Fixed a bug where the `podman network connect` and `podman network disconnect` commands acted improperly when containers were in the Created state, marking the changes as done but not actually performing them.
​
### API
- Fixed a bug where the Compat and Libpod Prune endpoints for Networks returned null, instead of an empty array, when nothing was pruned.
- Fixed a bug where the Create API for Images would continue to pull images even if a client closed the connection mid-pull ([#7558](https://github.com/containers/podman/issues/7558)).
- Fixed a bug where the Events API did not include some information (including labels) when sending events.
- Fixed a bug where the Events API would, when streaming was not requested, send at most one event ([#10529](https://github.com/containers/podman/issues/10529)).
​
### Misc
- Updated the containers/common library to v0.38.9
​
​
3.2.0:
​
### Features
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
​
### Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.
​
### Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate systemd --new` command would generate unit files that did not include `RequiresMountsFor` lines ([#10493](https://github.com/containers/podman/issues/10493)).
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
- Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)).
- Fixed a bug where filters to the `podman events` command could not be specified twice (if a filter is specified more than once, it will match if any of the given values match - logical or) ([#10507](https://github.com/containers/podman/issues/10507)).
- Fixed a bug where Podman would include IPv6 nameservers in `resolv.conf` in containers without IPv6 connectivity ([#10158](https://github.com/containers/podman/issues/10158)).
- Fixed a bug where containers could not be created with static IP addresses when connecting to a network using the `macvlan` driver ([#10283](https://github.com/containers/podman/issues/10283)).
​
### API
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
- Fixed a bug where the Compat Push endpoint for Images could leak goroutines if the remote end closed the connection prematurely.
​
### Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.5
- Updated the containers/storage library to v1.31.3
​
​
​
3.2.0-RC3:
​
This is the third release candidate for Podman v3.2.0. We expect it will be the final RC.
​
Preliminary release notes follow:
​
### Features
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
​
### Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.
​
### Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
- Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)).
​
### API
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
​
### Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.4
- Updated the containers/storage library to v1.31.1
​
​
3.2.0-RC2:
​
This is the second release candidate for Podman v3.2.0. We expect a final RC early next week, and a final release late next week if all goes well
​
Preliminary release notes follow:
​
### Features
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
​
### Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile Podman is using, and whether Podman is connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.
​
### Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
​
### API
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
​
### Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.4
- Updated the containers/storage library to v1.31.1
​
​
3.2.0-RC1:
​
This is the first release candidate for the Podman v3.2.0 release. Podman 3.2.0 features improved rootless networking (including support for rootless Docker compose), a rewritten image backend, and numerous other changes.
​
Full release notes will be available with the release of RC2 next week.
​
- Update storage to 1.32.5
​
1.32.5:
​
    Fix handling of user namespace
​
​
1.32.4:
​
    Vendor in opencontainers/runc v1.0.0
    overlay: fix check for rootless native diff
​
​
1.32.3:
​
    Reload layer storage if layers.json got externally modified
    build(deps): bump github.com/klauspost/compress from 1.13.0 to 1.13.1
    Fix cancel deferred remove bug
    Cirrus: Fix references to master branch
    [CI:DOCS] Fix docs links due to branch rename
​
​
1.32.2:
​
    lockfile: merge Seek+Read/Write into Pread/Pwrite
    Added support for CONTAINERS_STORAGE_CONF override
    canUseShifting can segfault
    build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12
    build(deps): bump github.com/klauspost/compress from 1.12.3 to 1.13.0
    overlay: make userxattr,metacopy=on debug message
    build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
​
​
1.31.3:
​
* store: ReloadIfChanged propagates errors from Modified()
* store: load additional image stores once
* store: fix graphLock reload
​
​
1.32.1:
​
    store: fix graphLock reload
    store: ReloadIfChanged propagates errors from Modified()
    store: load additional image stores once
    delete_internal: return error early
    build(deps): bump github.com/klauspost/compress from 1.12.2 to 1.12.3
​
1.32.0:
​
    chunked: fix build on other platforms
    Avoid failure when umount an unmounted mountpoint
    overlay: enable native diff for fuse-overlayfs
    Enable to export layers from Additional Layer Store
​
1.31.2:
​
    build(deps): bump github.com/Microsoft/go-winio from 0.4.17 to 0.5.0
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
    reintroduce store: allow shifting only with contiguous mappings
    overlay: check for unix.ENOTSUP
    archive/overlay: ignore failures from nested whiteouts
    overlay: honor DisableShifting
    store: allow shifting only with contiguous mappings
​
1.31.1:
​
    Revert "store: allow shifting only with contiguous mappings"
​
- Update image to 5.13.2
​
v0.38.11:
* Strip extra trailing newlines in templates
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
​
v0.38.10:
* libimage: pull: override even --pull=never with custom platfo
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* Allow /etc/containers/containers.conf to be read by non-root
* [0.38] libimage: force remove: only untag on multi tag image
​
v0.38.9:
* libimage: fix Exists
​
v0.38.8:
* libmage: Exists: catch corrupted images
​
v0.38.7:
* libimage: pull: turn image-lookup errors non-fatal
​
v0.38.6:
* [0.38] Leave default seccomp path empty
​
v0.38.5:
* pull: don't resolve short names on explicit docker:// reference
​
v0.38.4:
* Revert "Do not emit warnings about OCI runtime paths"
* libimage: lookup: tolerate corrupted image
​
v0.38.3:
* build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1
* libimage: fix manifest list lookup
​
-------------------------------------------------------------------
Tue May 18 09:28:28 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Update image to 5.12.0
​
v0.38.2:
* libimage: add save tests
* libimage/Image.HasDifferentDigest: handle manifest lists
* libimage: push: ignore image platform
* Cirrus: Use config. in common with all repos.
* libimage: add import test
* Fix handling of all capabilities
* libimage: add save tests
* containers.conf: don't set default logging driver
​
v0.38.1:
* libimage: add save tests
* libimage/Image.HasDifferentDigest: handle manifest lists
* libimage: push: ignore image platform
* Cirrus: Use config. in common with all repos.
* libimage: add import test
* Fix handling of all capabilities
* libimage: add save tests
* containers.conf: don't set default logging driver
​
v0.38.1:
* adjust log-driver defaults
* Do not emit warnings about OCI runtime paths
* build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3
* [NO TESTS NEEDED] Fix reading configs on mac and windows
* libimage: add push tests
* build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
* libimage: fix pull from dir
* libimage: add load unit tests
* Only close EventChannel if it has been created.
​
v0.38:
* build(deps): bump github.com/docker/docker
* libimage: add an events system
* libimage: add unit tests
* libimage: rename dockerTransport to registryTransport
* Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
* pull: simplify transports switch
* Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix
* Add support for codespell, and fix issues found
* libimage: restore the ability to pull from docker-daemon and tarball
* Swap default logging to journald
* fix image tree
* Add support for creating default CNI network
* Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
* Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
* Add a default network creation package
* Add ability to specify a subnet for the default network
* libimage: follow-up changes
​
v0.37.1:
* Bump github.com/containers/storage from 1.30.0 to 1.30.1
* Add support for the runsc OCI Runtime
* Add support for machine_enabled in containers.conf
* modify README.md: Contributing section finetuning
* Add support for image_parallel_copies in containers.conf
* Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
​
- Update common to 0.38.2
​
0.38.2:
​
    libimage: add save tests
    libimage/Image.HasDifferentDigest: handle manifest lists
    libimage: push: ignore image platform
    Cirrus: Use config. in common with all repos.
    libimage: add import test
    Fix handling of all capabilities
    libimage: add save tests
    containers.conf: don't set default logging driver
​
​
0.38.1:
​
    adjust log-driver defaults
    Do not emit warnings about OCI runtime paths
    build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
    build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3
    [NO TESTS NEEDED] Fix reading configs on mac and windows
    libimage: add push tests
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
    libimage: fix pull from dir
    libimage: add load unit tests
    Only close EventChannel if it has been created.
​
0.38.0:
​
    build(deps): bump github.com/docker/docker
    libimage: add an events system
    libimage: add unit tests
    libimage: rename dockerTransport to registryTransport
    Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
    pull: simplify transports switch
    Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix
    Add support for codespell, and fix issues found
    libimage: restore the ability to pull from docker-daemon and tarball
    Swap default logging to journald
    fix image tree
    Add support for creating default CNI network
    Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
    Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
    Add a default network creation package
    Add ability to specify a subnet for the default network
    libimage: follow-up changes
​
​
0.37.1:
​
    Bump github.com/containers/storage from 1.30.0 to 1.30.1
    Add support for the runsc OCI Runtime
    Add support for machine_enabled in containers.conf
    modify README.md: Contributing section finetuning
    Add support for image_parallel_copies in containers.conf
    Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
​
- Update storage to 1.31.0
​
1.31.0:
​
​
    Update docs/containers-storage.conf.5.md
    store: add option to disable volatile
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.16 to 0.8.17
    Enable zstd:chunked support in containers/image
    overlay: honor DisableShifting
    store: allow shifting only with contiguous mappings
    idtools: new function IsContiguous
    store: replace Modified+Load with ReloadIfChanged
    store: new method ROFileBasedStore.ReloadIfChanged()
    Expand the scope of transaction in the process of deleting device
    Remove unlock/lock caused by Incorrect assumption
​
​
1.30.3:
​
    Update to F34 and U2104
    Update vendor opencontainers/selinux v1.8.1
    AUFS not supported in Ubuntu 21.04+
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
    TestMatch: handle cases where NewPatternMatcher catches syntax errors
​
1.30.2:
​
    Switch from ffjson to json-iterator
    Remove dependencies on ffjson
    Expand Variables on rootlessStoragePath
    Log expected rootless overlay mount failures as debug level
​
-------------------------------------------------------------------
Thu Apr 29 09:06:07 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Update common to 0.37.0
​
0.37.0:
​
    new libimage package
    Bump github.com/containers/storage from 1.29.0 to 1.30.0
    config: suggest enable-linger only if euid != 0
    Change log message in findRuntime()
    Add setns to default seccomp.json
    Cleanup debugf information to make debugging more useful
​
- Update podman to 3.1.2
​
3.1.2:
​
### Bugfixes
- Fixed a bug where images with empty layers were stored incorrectly, causing them to be unable to be pushed or saved.
- Fixed a bug where the `podman rmi` command could fail to remove corrupt images from storage.
- Fixed a bug where the remote Podman client's `podman save` command did not support the `oci-dir` and `docker-dir` formats ([#9742](https://github.com/containers/podman/issues/9742)).
- Fixed a bug where volume mounts from `podman play kube` created with a trailing `/` in the container path were were not properly superceding named volumes from the image ([#9618](https://github.com/containers/podman/issues/9618)).
- Fixed a bug where Podman could fail to build on 32-bit architectures.
​
### Misc
- Updated the containers/image library to v5.11.1
​
​
- Update storage to 1.30.1
​
1.30.1:
​
    Allow users to tag images in read/only image stores
    build(deps): bump github.com/klauspost/compress from 1.12.1 to 1.12.2
    Validate selinux label before attempting to use it
​
​
1.30.0:
​
    unshare: new function HasCapSysAdmin
    btrfs: Do not disable quota on cleanup
    build(deps): bump github.com/klauspost/compress from 1.11.13 to 1.12.1
​
​
- Update image to 5.11.1
​
* new libimage package
* Bump github.com/containers/storage from 1.29.0 to 1.30.0
* config: suggest enable-linger only if euid != 0
* Change log message in findRuntime()
* Add setns to default seccomp.json
* Cleanup debugf information to make debugging more useful
​
-------------------------------------------------------------------
Mon Apr 19 12:21:56 UTC 2021 - Richard Brown <rbrown@suse.com>
​
- Force overlay as default storage driver if system is not btrfs
  (gh#containers/buildah#3153)
​
-------------------------------------------------------------------
Mon Apr 19 11:03:30 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Update common to 0.36.0
​
0.36.0:
​
no changelog found
​
0.35.4:
​
    pkg/seccomp: simplify and fix IsSupported
    pkg/seccomp: use sync.Once to speed up IsSupported
    capabilities: ALL returns the bounding set
    capabilities: memoize BoundingSet
    capabilities: add new method BoundingSet()
    Update pause image to 3.5
​
​
- Update podman to 3.1.1
​
3.1.1:
​
### Changes
- Podman now recognizes `trace` as a valid argument to the `--log-level` command. Trace logging is now the most verbose level of logging available.
- The `:z` and `:Z` options for volume mounts are now ignored when the container is privileged or is run with SELinux isolation disabled (`--security-opt label=disable`). This matches better matches Docker's behavior in this case.
​
### Bugfixes
- Fixed a bug where pruning images with the `podman image prune` or `podman system prune` commands could cause Podman to panic.
- Fixed a bug where the `podman save` command did not properly error when the `--compress` flag was used with incompatible format types.
- Fixed a bug where the `--security-opt` and `--ulimit` options to the remote Podman client's `podman build` command were nonfunctional.
- Fixed a bug where the `--log-rusage` option to the remote Podman client's `podman build` command was nonfunctional ([#9489](https://github.com/containers/podman/issues/9889)).
- Fixed a bug where the `podman build` command could, in some circumstances, use the wrong OCI runtime ([#9459](https://github.com/containers/podman/issues/9459)).
- Fixed a bug where the remote Podman client's `podman build` command could return 0 despite failing ([#10029](https://github.com/containers/podman/issues/10029)).
- Fixed a bug where the `podman container runlabel` command did not properly expand the `IMAGE` and `NAME` variables in the label ([#9405](https://github.com/containers/podman/issues/9405)).
- Fixed a bug where poststop OCI hooks would be executed twice on containers started with the `--rm` argument ([#9983](https://github.com/containers/podman/issues/9983)).
- Fixed a bug where rootless Podman could fail to launch containers on cgroups v2 systems when the `cgroupfs` cgroup manager was in use.
- Fixed a bug where the `podman stats` command could error when statistics tracked exceeded the maximum size of a 32-bit signed integer ([#9979](https://github.com/containers/podman/issues/9979)).
- Fixed a bug where rootless Podman containers run with `--userns=keepid` (without a `--user` flag in addition) would grant exec sessions run in them too many capabilities ([#9919](https://github.com/containers/podman/issues/9919)).
- Fixed a bug where the `--authfile` option to `podman build` did not validate that the path given existed ([#9572](https://github.com/containers/podman/issues/9572)).
- Fixed a bug where the `--storage-opt` option to Podman was appending to, instead of overriding (as is documented), the default storage options.
- Fixed a bug where the `podman system service` connection did not function properly when run in a socket-activated systemd unit file as a non-root user.
- Fixed a bug where the `--network` option to the `podman play kube` command of the remote Podman client was being ignored ([#9698](https://github.com/containers/podman/issues/9698)).
- Fixed a bug where the `--log-driver` option to the `podman play kube` command was nonfunctional ([#10015](https://github.com/containers/podman/issues/10015)).
​
### API
- Fixed a bug where the Libpod Create endpoint for Manifests did not properly validate the image the manifest was being created with.
- Fixed a bug where the Libpod DF endpoint could, in error cases, append an extra null to the JSON response, causing decode errors.
- Fixed a bug where the Libpod and Compat Top endpoint for Containers would return process names that included extra whitespace.
- Fixed a bug where the Compat Prune endpoint for Containers accepted too many types of filter.
​
### Misc
- Updated Buildah to v1.20.1
- Updated the containers/storage library to v1.29.0
- Updated the containers/image library to v5.11.0
- Updated the containers/common library to v0.36.0
​
- Update storage to 1.29.0
​
1.29.0:
​
    ReloadConfigurationFile should Reset storage options
    rootless overlay: use user.* instead of trusted.*
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.15 to 0.8.16
    Support additional layer store
    overlay, rootless: use user.* instead of trusted.*
    archive, rootless: use user.* instead of trusted.*
    copy, rootless: skip copying trusted.* xattr
    Make sure rootless mounts support the userxattr flag
    Rework autons ID mapping generation.
    Set default to overlay from storage.conf
    build(deps): bump github.com/klauspost/compress from 1.11.12 to 1.11.13
​
- Update image to 5.11.0
​
* no changelog found
​
-------------------------------------------------------------------
Tue Mar 30 08:37:09 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Update common to 0.35.3
​
0.35.3:
​
* capabilities: add new method BoundingSet()
* Bump github.com/containers/storage from 1.27.0 to 1.28.0
* Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
* Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
* Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
* Remove `vendor` from dependabot config
* Add dependabot config file to support vendoring
* Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
* Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
* Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5
​
​
0.35.2:
​
    Vendor in containers/common and start using types subdir.
            shrink the vendoring size of containers/common/pkg/config
    Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4
​
- Update podman to 3.1.0
​
3.1.0:
​
### Features
- A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.
- A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)).
- The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)).
- Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists.
- The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container.
- The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)).
- The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options.
- The Podman remote client's `podman push` command now supports the `--format` option.
- The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options.
- The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options.
- The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)).
- The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files.
- The `podman generate kube` command can now generate `PersistentVolumeClaim` YAML for Podman named volumes ([#5788](https://github.com/containers/podman/issues/5788)).
- The `podman generate kube` command can now generate YAML files containing multiple resources (pods or deployments) ([#9129](https://github.com/containers/podman/issues/9129)).
​
### Security
- This release resolves CVE-2021-20291, a deadlock vulnerability in the storage library caused by pulling a specially-crafted container image.
​
### Changes
- The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.
- The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID.
- When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)).
- The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.
- The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.
- Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)).
- The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.
- The `podman generate systemd` command now generates `RequiresMountsFor` lines to ensure necessary storage directories are mounted before systemd starts Podman.
- Podman will now emit a warning when `--tty` and `--interactive` are both passed, but `STDIN` is not a TTY. This will be made into an error in the next major Podman release some time next year.
​
### Bugfixes
- Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)).
- Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)).
- Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)).
- Fixed a bug where the `podman generate kube` command could not be used with containers that were not running.
- Fixed a bug where the `podman generate systemd` command could duplicate some parameters to Podman in generated unit files ([#9776](https://github.com/containers/podman/issues/9776)).
- Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers.
- Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers.
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend.
- Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly.
- Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)).
- Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)).
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)).
- Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)).
- Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)).
- Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist.
- Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers.
- Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)).
- Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)).
- Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)).
- Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances.
- Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)).
- Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)).
- Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build.
- Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)).
- Fixed a bug where the `--pull-never` option to `podman build` was nonfunctional ([#9573](https://github.com/containers/podman/issues/9573)).
- Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)).
- Fixed a bug where the `--isolation` option to `podman build` in the remote Podman client was nonfunctional.
- Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)).
- Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)).
- Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)).
- Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)).
- Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)).
- Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman.
- Fixed a bug where `podman commit` did not use the `TMPDIR` environment variable to place temporary files created during the commit ([#9825](https://github.com/containers/podman/issues/9825)).
- Fixed a bug where remote Podman could error when attempting to resize short-lived containers ([#9831](https://github.com/containers/podman/issues/9831)).
- Fixed a bug where Podman was unusable on kernels built without `CONFIG_USER_NS`.
- Fixed a bug where the ownership of volumes created by `podman volume create` and then mounted into a container could be incorrect ([#9608](https://github.com/containers/podman/issues/9608)).
- Fixed a bug where Podman volumes using a volume plugin could not pass certain options, and could not be used as non-root users.
- Fixed a bug where the `--tz` option to `podman create` and `podman run` did not properly validate its input.
​
### API
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value.
- A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)).
- Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now.
- Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response.
- Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response.
- Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter).
- Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body.
- Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)).
- Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options.
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)).
- Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)).
- The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)).
- Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)).
- Fixed a bug where the Libpod create endpoint for Containers has a misnamed field in its JSON.
- Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553))
- Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)).
- Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0.
- Fixed a bug where the compat and libpod Resize endpoints for Containers did not set the correct terminal sizes (dimensions were reversed) ([#9756](https://github.com/containers/podman/issues/9756)).
- Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)).
- Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified.
- Numerous bugs related to filters have been addressed.
​
### Misc
- Updated Buildah to v1.20.0
- Updated the containers/storage library to v1.28.1
- Updated the containers/image library to v5.10.5
- Updated the containers/common library to v0.35.4
​
​
3.1.0-RC2:
​
This is the second release candidate for Podman v3.1.0
​
Preliminary release notes are below. Please note that these are subject to change until the final release.
​
### Features
- A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.
- A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)).
- The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)).
- Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists.
- The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container.
- The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)).
- The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options.
- The Podman remote client's `podman push` command now supports the `--format` option.
- The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options.
- The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options.
- The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)).
- The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files.
​
### Changes
- The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.
- The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID.
- When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)).
- The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.
- The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.
- Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)).
- The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.
​
### Bugfixes
- Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)).
- Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)).
- Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)).
- Fixed a bug where the `podman generate kube` command could not be used with containers that were not running.
- Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers.
- Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers.
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend.
- Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly.
- Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)).
- Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)).
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)).
- Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)).
- Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)).
- Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist.
- Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers.
- Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)).
- Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)).
- Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)).
- Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances.
- Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)).
- Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)).
- Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build.
- Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)).
- Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)).
- Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)).
- Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)).
- Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)).
- Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)).
- Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)).
- Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman.
​
### API
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value.
- A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)).
- Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now.
- Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response.
- Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response.
- Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter).
- Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body.
- Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)).
- Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options.
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)).
- Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)).
- The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)).
- Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)).
- Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553))
- Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)).
- Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0.
- Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)).
- Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified.
​
### Misc
- Updated Buildah to v1.19.8
- Updated the containers/storage library to v1.28.0
- Updated the containers/image library to v5.10.5
- Updated the containers/common library to v0.35.3
​
​
3.1.0-RC1:
​
This is the first release candidate for Podman v3.1.0. Release is expected later this week.
​
​
- Update storage to 1.28.1
​
1.28.1:
​
    overlay.recreateSymlinks: handle missing "link" files, add a test
    TestLockfileWriteConcurrent: stay below 8192 goroutines
    Use an xz library instead of shelling out to xz for decompression
    overlay: check selinux label support
​
1.28.0:
​
    Add dependabot.yml configuration file
    Add more mount information to errors
    Inherit system storage driver in rootless configurations
    archive: make getFileOwner public
    archive: make getWhiteoutConverter public
    archive: whiteout creation with a handler
    build(deps): bump github.com/Microsoft/hcsshim from 0.8.14 to 0.8.15
    build(deps): bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
    build(deps): bump github.com/klauspost/compress from 1.11.7 to 1.11.12
    build(deps): bump github.com/moby/sys/mountinfo from 0.4.0 to 0.4.1
    build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
    chown: ignore both pkg/system.EOPNOTSUPP and pkg/system.ErrNotSupportedPlatform
    containers-storage: add --volatile to container create
    copy: create a unix socket with os.ModeSocket
    drivers: make copyRegular public
    drivers: new function CopyRegularToFile
    fswriters: honor nosync option
    overlay: add detection for overlay support in a user namespace
    overlay: allow to reset mount_program
    overlay: factor function out
    overlay: fix path to incompat/volatile
    overlay: improve overlay error message
    overlay: public function to check for overlay support
    overlay: record if using mount_program
    overlay: rootless move error to debug message
    overlay: use direct mount instead of mountFrom
    support patches to prepare #775
    tests: test mount/unmount volatile container
    types: check for native overlay support
​
​
1.27.0:
​
    Move storageOpts structures into types subdir to shrink bindings.
    (*store).Diff: add missing unlock in error case
    pkg/lockfile: fix a race and re-enable unit tests
    Add warning about possible storage corruption
    pkg/chrootarchive.TestChrootUntarWithHugeExcludesList: fix compile error
    pkg/archive.TestCopyWithTarSrcFile(): update for NoOverwriteDirNonDir
    drivers/devmapper: default the rootfs directory to 0555
    TestRootlessRuntimeDir: iterate tests using testing.T.Run()
    Fix TestDefaultStoreOpts()
    getRootlessRuntimeDirIsolated(): don't use an empty tmpPerUserDir
    drivers/zfs: default the base layer to 0555
    drivers/btrfs: default the base layer to 0555
    drivers/aufs: inherit permissions on "/" from parent layers
    drivers/vfs: inherit permissions on "/" from parent layers
    graphtest: expect 0555 permissions
    pkg/archive.parseDirent(): adjust to avoid unsafe pointer conversion
    Add warning about possible storage corruption
    pkg/idtools.TestParseSubidFileWithNewlinesAndComments(): clean up
    pkg/mount.TestSubtreeUnbindable(): check for wrapped EINVAL
    pkg/directory: count inodes of directories
    Makefile local-test-unit: use -race if it's available
    pkg/mount: don't complain if the filesystem volunteers inode32/inode64
    CI: run unit tests again
    pkg/lockfile: fix a race and an incorrect unit test
​
​
1.26.0:
​
   build(deps): bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
    homedir: add GetCacheHome
    Call recreateSymlinks when not found during Readlink
    build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
    We should ignore metacopy option on kernels that do not support it
    drivers: add support for volatile to overlay
    store: support volatile containers
    overlay: support native rootless mounts
    overlay: force metacopy=on for naivediff
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc93
​
1.25.0:
​
    layers: support BigData
    Fix FreeBSD support
    Remove empty line as per feedback
     Improve project quota to support querying disk usage
    Use unix.Statfs instead of syscall.Statfs
    overlay: use XFS quota when possible
    drivers/quota: add GetDiskUsage endpoint
​
- Update image to 5.10.5
​
v0.35.3:
* capabilities: add new method BoundingSet()
* Bump github.com/containers/storage from 1.27.0 to 1.28.0
* Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
* Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
* Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
* Remove vendor from dependabot config
* Add dependabot config file to support vendoring
* Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
* Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
* Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5
​
​
v0.35.2:
Vendor in containers/common and start using types subdir.
        shrink the vendoring size of containers/common/pkg/config
Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4
​
-------------------------------------------------------------------
Tue Mar 23 09:39:45 UTC 2021 - Richard Brown <rbrown@suse.com>
​
- Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems
​
-------------------------------------------------------------------
Thu Mar  4 18:14:43 UTC 2021 - Richard Brown <rbrown@suse.com>
​
- Require util-linux-systemd for %post scripts (findmnt) (boo#1182998)
​
-------------------------------------------------------------------
Thu Feb 25 16:15:46 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Update commonver to 0.35.1
​
v0.35.1:
Bump github.com/containers/image/v5 from 5.10.2 to 5.10.3
Stop logging messages about using DOCKER_CONFIG
Add autocompletions to be shared between buildah and podman
Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
Export error constants from pkg/secrets
​
v0.35:
Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
Move EnforceRange and HasTable out of Podman and into common
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
Bump github.com/containers/image/v5 from 5.10.1 to 5.10.2
Add missing values to containers.conf man page
update pause image to 3.4.1
​
v0.34:
Add image_default_format
Change default log driver to journald
Add compatible template functions
Add U volume flag to chown source volumes
Bump github.com/containers/image/v5 from 5.09.0 to 5.10.1
seccomp: various updates
pkg: check ownership for XDG_RUNTIME_DIR
seccomp: update profile to Linux 5.11 list
seccomp: add CI check for up-to-date seccomp.json
seccomp: re-add generation script
seccomp: deduplicate default profile
Add image_parallel_copies engine config
Fix secret create prefix
cgroupv2: fix typo in comment
Add accessor for log-driver
Fix secret name validation
Fix name validation and dir mode in secrets
Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
config: fix runtime_supports_nocgroup key name
fix - make target all on osx
Fix secret name regex
Rename internal functions to make them easier to understand
​
- Update podmanver to 3.0.1
​
3.0.1:
​
### Changes
- Several frequently-occurring `WARN` level log messages have been downgraded to `INFO` or `DEBUG` to not clutter terminal output.
​
### Bugfixes
- Fixed a bug where the `Created` field of `podman ps --format=json` was formatted as a string instead of an Unix timestamp (integer) ([#9315](https://github.com/containers/podman/issues/9315)).
- Fixed a bug where failing lookups of individual layers during the `podman images` command would cause the whole command to fail without printing output.
- Fixed a bug where `--cgroups=split` did not function properly on cgroups v1 systems.
- Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail ([#9393](https://github.com/containers/podman/issues/9393)).
- Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume ([#9415](https://github.com/containers/podman/pull/9415)).
- Fixed a bug where Podman would treat the `--entrypoint=[""]` option to `podman run` and `podman create` as a literal empty string in the entrypoint, when instead it should have been ignored ([#9377](https://github.com/containers/podman/issues/9377)).
- Fixed a bug where Podman would set the `HOME` environment variable to `""` when the container ran as a user without an assigned home directory ([#9378](https://github.com/containers/podman/issues/9378)).
- Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause `podman pod create` to panic ([#9374](https://github.com/containers/podman/issues/9374)).
- Fixed a bug where the `--runtime` option was not properly handled by the `podman build` command ([#9365](https://github.com/containers/podman/issues/9365)).
- Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
- Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed ([#9387](https://github.com/containers/podman/issues/9387)).
- Fixed a bug where the `podman generate systemd --new` command would incorrectly escape `%t` when generating the path for the PID file ([#9373](https://github.com/containers/podman/issues/9373)).
- Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in ([#9191](https://github.com/containers/podman/issues/9191)).
- Fixed a bug where some options of the `podman build` command (including but not limited to `--jobs`) were nonfunctional ([#9247](https://github.com/containers/podman/issues/9247)).
​
### API
- Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 ([#9351](https://github.com/containers/podman/issues/9351)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
- Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
- Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry ([#9232](https://github.com/containers/podman/issues/9232)).
- The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the `docker-java` library.
​
### Misc
- Updated Buildah to v1.19.4
- Updated the containers/storage library to v1.24.6
​
​
3.0.0:
​
### Features
- Podman now features initial support for Docker Compose.
- Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)).
- The Podman remote client now supports the `podman copy` command.
- A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`).
- Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
- Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them.
- The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)).
- The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes.
- The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times.
- The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
- The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them.
- The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)).
- The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)).
- The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)).
- The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)).
- The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option.
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`.
- The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container.
- The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths.
- The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945).
- The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)).
- The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter.
- The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option.
- The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned.
- The `podman volume prune` commands now supports filtering what volumes will be pruned.
- The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)).
- The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems.
- The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)).
- The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list.
- The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`.
- Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`.
- The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`).
​
### Security
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
​
### Changes
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
- The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)).
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md).
- The legacy Varlink API has been completely removed from Podman.
- The default log level for Podman has been changed from Error to Warn.
- The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year.
- The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included.
- The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)).
- The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)).
- Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected.
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
- Error messages for `podman run` when an invalid SELinux is specified have been improved.
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
- Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share.
- SSH public key handling for remote Podman has been improved.
​
### Bugfixes
- Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)).
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)).
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)).
- Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176)
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)).
- Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)).
- Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)).
- Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable.
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
- Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)).
- Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)).
- Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers.
- Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)).
- Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)).
- Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)).
- Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)).
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)).
- Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)).
- Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)).
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)).
- Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)).
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
- Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)).
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`.
- Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)).
- Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)).
- Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)).
- Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)).
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)).
- Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)).
- Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`.
- Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)).
- Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile.
- Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)).
- Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)).
- Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)).
- Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)).
- Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored.
- Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)).
- Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)).
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)).
- Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined.
- Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)).
- Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)).
- Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)).
- Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)).
- Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)).
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
- Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)).
- Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option.
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
- Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)).
- Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)).
- Fixed a bug where specifying Go templates to the `--format` option to multiple Podman commands did not support the `join` function ([#8773](https://github.com/containers/podman/issues/8773)).
- Fixed a bug where the `podman rmi` command could, when run in parallel on multiple images, return `layer not known` errors ([#6510](https://github.com/containers/podman/issues/6510)).
- Fixed a bug where the `podman inspect` command on containers displayed unlimited ulimits incorrectly ([#9303](https://github.com/containers/podman/issues/9303)).
- Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories ([#6003](https://github.com/containers/podman/issues/6003)).
​
### API
- Libpod API version has been bumped to v3.0.0.
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)).
- The Compat API for Containers now supports the Rename and Copy APIs.
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281))
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)).
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly.
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used).
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)).
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)).
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
- Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)).
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)).
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)).
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
- Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
​
### Misc
- Updated Buildah to v1.19.2
- Updated the containers/storage library to v1.24.5
- Updated the containers/image library to v5.10.2
- Updated the containers/common library to v0.33.4
​
​
3.0.0-RC3:
​
Please note that these release notes are preliminary until v3.0.0 final is released
​
### Features
- Podman now features initial support for Docker Compose.
- Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)).
- The Podman remote client now supports the `podman copy` command.
- A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`).
- Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
- Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them.
- The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)).
- The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes.
- The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times.
- The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
- The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them.
- The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)).
- The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)).
- The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)).
- The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)).
- The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option.
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`.
- The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container.
- The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths.
- The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945).
- The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)).
- The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter.
- The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option.
- The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned.
- The `podman volume prune` commands now supports filtering what volumes will be pruned.
- The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)).
- The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems.
- The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)).
- The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list.
- The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`.
- Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`.
- The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`).
​
### Security
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
​
### Changes
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
- The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)).
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md).
- The legacy Varlink API has been completely removed from Podman.
- The default log level for Podman has been changed from Error to Warn.
- The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year.
- The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included.
- The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)).
- The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)).
- Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected.
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
- Error messages for `podman run` when an invalid SELinux is specified have been improved.
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
- Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share.
- SSH public key handling for remote Podman has been improved.
​
### Bugfixes
- Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)).
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)).
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)).
- Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176)
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)).
- Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)).
- Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)).
- Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable.
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
- Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)).
- Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)).
- Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers.
- Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)).
- Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)).
- Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)).
- Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)).
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)).
- Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)).
- Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)).
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)).
- Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)).
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
- Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)).
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`.
- Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)).
- Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)).
- Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)).
- Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)).
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)).
- Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)).
- Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`.
- Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)).
- Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile.
- Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)).
- Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)).
- Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)).
- Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)).
- Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored.
- Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)).
- Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)).
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)).
- Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined.
- Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)).
- Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)).
- Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)).
- Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)).
- Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)).
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
- Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)).
- Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option.
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
- Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)).
- Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)).
​
### API
- Libpod API version has been bumped to v3.0.0.
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)).
- The Compat API for Containers now supports the Rename and Copy APIs.
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281))
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)).
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly.
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used).
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)).
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)).
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
- Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)).
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)).
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)).
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
​
### Misc
- Updated Buildah to v1.19.2
- Updated the containers/storage library to v1.24.5
- Updated the containers/common library to v0.33.4
​
​
3.0.0-rc2:
​
This is the second release candidate of Podman v3.0.
​
3.0.0-rc1:
​
### Features
- Add ability to set system wide options for slirp4netns
- Add --cidfile to container kill
- Add commas between mount options
- Add compose regression to ci
- Add containerenv information to /run/.containerenv
- Add default sysctls for pod infra containers
- Add --filter to podman system prune
- Adding json formatting to `--list-tags` option in `podman search` command.
- Add mask and unmask option to --security-opt
- Add 'MemUsageBytes' format option
- Add more information and examples on podman and pipes
- Add network filter for podman ps and pod ps
- Add Networks format placeholder to podman ps and pod ps
- Add pod filter for ps
- Add podman network create option for bridge mtu
- Add podman network create option for bridge vlan
- Add pre checkpoint
- Add Security information to podman info
- Add support for Gentoo file to package query
- Add support for network ids
- Add support for pacman package version query
- Add support for persistent volume claims in kube files
- Add support for --platform
- Add systempaths=unconfined option
- Add volume filters to system prune
- Add volume prune --filter support
- Allow podman push to push manifest lists
- Allow users to specify TMPDIR in containers.conf
- Always add the default gateway to the cni config file
- Drop default log-level from error to warn
- Enable short-name aliasing
- Generate kube on multiple containers
- Generate systemd: do not set `KillMode`
- Image sign using per user registries.d
- Implement pod-network-reload
- Include named volumes in container migration
- Initial implementation of renaming containers
- Initial implementation of volume plugins
- Network connect disconnect on non-running containers
- Not use local image create/add manifest
- Podman network label support
- Prepare support in kube play for other volume types than hostPath
- Remote copy
- Remove the ability to use [name:tag] in podman load command
- Remove varlink support from Podman
- Sign multi-arch images
- Support --network=default as if it was private
- Support Unix timestamps for `podman logs --since`
### Changes
- Add LogSize to container inspect
- Allow image errors to bubble up from lower level functions.
- Change name of imageVolumes in container config JSON
- Cleanup CNI Networks on reboot
- Consolidate filter logic to pkg subdirectory
- Make `podman stats` slirp check more robust
- More /var/run -> /run
- Prefer read/write images over read/only images
- Refactor kube.ToSpecGen parameters to struct
- Rename AutocompletePortCommand func
- Repeat system pruning until there is nothing removed
- Switch references of /var/run -> /run
- Use HTTPProxy settings from containers.conf
- Use Libpod tmpdir for pause path
- Use Options as CRImportCheckpoint() argument
- Use Options as exportCheckpoint() argument
- Use PasswordCallback instead of Password for ssh
- Use abi PodPs implementation for libpod/pods/json endpoint
- Validate that the bridge option is supported
- archive: move stat-header handling into copy package
- libpod, conmon: change log level for rootless
- libpod: change function to accept ExecOptions
- libpod: handle single user mapped as root
- make podman play use ENVs from image
- pkg/copy: introduce a Copier
- podman events allow future time for --until
- podman.service should be an exec service not a notify service
- rewrite podman-cp
- rootless: add function to retrieve gid/uid mappings
- rootless: automatically split userns ranges
- runtime: set XDG_* env variables if missing
- shell completion for the network flag
- specgen: improve heuristic for /sys bind mount
- systemd: make rundir always accessible
### Bugfixes
- Close image rawSource when each loop ends
- Containers should not get inheritable caps by default
- Correct port range logic for port generation
- Correct which network commands can be run as rootless
- Disable CGv1 pod stats on net=host post
- Do not error on installing duplicate shutdown handler
- Do not ignore infra command from config files
- Do not mount sysfs as rootless in more cases
- Do not pull if image domain is localhost
- Do not use "true" after "syslog" in exit commands
- Do not validate the volume source path in specgen
- Don't accidently remove XDG_RUNTIME_DIR when reseting storage
- Ensure that `podman play kube` actually reports errors
- Ensure that user-specified HOSTNAME is honored
- Ensure we do not edit container config in Exec
- Exorcise Driver code from libpod/define
- Expose Height/Width fields to decoder
- Expose security attribute errors with their own messages
- Fix Wrong image tag is used when creating a container from an image with multiple tags
- Fix `podman images...` missing headers in table templates
- Fix build for mips architecture
- Fix build for mips architecture follow-up
- Fix custom mac address with a custom cni network
- Fix extra quotation mark in manpages.
- Fix missing options in volumes display while setting uid and gid
- Fix missing podman-container-rename man page link
- Fix network ls --filter invalid value flake
- Fix option names --subuidname and --subgidname
- Fix panic in libpod images exists endpoint
- Fix podman build --logfile
- Fix podman logs read partial log lines
- Fix problems reported by staticcheck
- Fix problems with network remove
- Fix shell completion for ps --filter ancestor
- Fix some nit
- Fix spelling mistakes
- Fix storage.conf to define driver in the VM
- Fix support for rpmbuild < 4.12.0.
- Fix: unpause not supported for CGv1 rootless
- Fxes /etc/hosts duplicated every time after container restarted in a pod
- Handle --rm when starting a container
- Handle podman exec capabilities correctly
- Honor the --layers flag
- Ignore containers.conf sysctls when sharing namespaces
- Improve error message when the the podman service is not enabled
- Make podman generate systemd --new flag parsing more robust
- Pass down EnableKeyring from containers.conf to conmon
- Properly handle --cap-add all when running with a --user flag
- Revert "Allow multiple --network flags for podman run/create"
- Revert e6fbc15f26b2a609936dfc11732037c70ee14cba
- Revert the custom cobra vendor
- Rework pruning to report reclaimed space
- Set NetNS mode instead of value
- The slirp4netns sandbox requires pivot_root
- close journald when reading
- container create: do not clear image name
- container stop: release lock before calling the runtime
- exec: honor --privileged
- fix: disable seccomp by default when privileged.
- image list: ignore bare manifest list
- network: disallow CNI networks with user namespaces
- oci: keep LC_ env variables to conmon
- oci: use /proc/self/fd/FD to open unix socket
- pass full NetworkMode to ParseNetworkNamespace
- play kube: fix args/command handling
- play kube: set entrypoint when interpreting Command
- podman build --force-rm defaults to true in code
- podman logs honor stderr correctly
- podman, exec: move conmon to the correct cgroup
- podman-remote fix sending tar content
- podman: drop checking valid rootless UID
- re-open container log files
- security: honor systempaths=unconfined for ro paths
### API
- Add API for communicating with Docker volume plugins
- Change bindings to stop two API calls for ping
- Close the stdin/tty when using podman as a restAPI.
- Compat api containers/json add support for filters
- Container rename bindings
- Do not pass name argument to Load API
- Docker compat API - /images/search returns wrong structure (#7857)
- Docker compat API - containers create ignores the name
- Fix some network compat api problems
- Jira RUN-1106 Container handlers updates
- Jira RUN-1106 Image handlers updates
- Jira RUN-1106 Network handlers updates
- Jira RUN-1106 System handlers updates
- Jira RUN-1106 Volumes handlers updates
- Makefile: add target to generate bindings
- More docker compat API fixes
- Podman image bindings for 3.0
- REST API v2 - ping - fix typo in header
- REST API v2 - ping - remove newline from response to improve Docker compatibility
- Reduce general binding binary size
- Restore compatible API for prune endpoints
- compat create should use bindings
- hack/podman-socat captures the API stream
- libpod API: pull: fix channel race
- misc bindings to podman v3
- pkg/copy: add parsing API
- podman v3 container bindings
- podman v3 pod bindings
### Misc
- Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0
- Bump github.com/containers/common from 0.30.0 to 0.31.1
- Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0
- Bump github.com/containers/storage from 1.24.1 to 1.24.5
- Bump github.com/cri-o/ocicni to latest master
- Bump github.com/google/uuid from 1.1.2 to 1.1.5
- Bump github.com/onsi/gomega from 1.10.3 to 1.10.4
- Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
- Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
- Bump k8s.io/apimachinery from 0.19.4 to 0.20.2
- Bump master to v3.0.0-dev
- Bump to containers/buildah 1.9.2
- Bump version in README to v2.2.0
- vendor containers/psgo@v1.5.2
​
- Update storagever to 1.24.8
​
1.24.8:
​
    Call recreateSymlinks when not found during Readlink
    homedir: add GetCacheHome
​
​
1.24.7:
​
ignore metacopy option on kernels that do not support it
​
​
1.24.6:
​
    overlay: force metacopy=on for naivediff
​
- Update imagever to 5.10.4
​
5.10.4:
​
* copy: compute blob compression on reused blobs based on source MediaType
* copy: provide compression info about copied blobs
​
5.10.3:
​
* place shortnames in `~/.cache` not `~/.config/.cache`
​
5.10.2:
​
* short-name-aliases.conf: use cache folders instead of $HOME
​
Note: the v5.10.x series is now cut from the `release-v5.10` branch.
​
5.10.1:
​
Fix segfault if sys is not defined.
​
5.10.0:
​
- tarball: fix example code
- Bump github.com/ulikunitz/xz from 0.5.8 to 0.5.9
- Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
- Bump github.com/vbauerster/mpb/v5 from 5.3.0 to 5.4.0
- Add DockerLogMirrirChoice to ctx for log
- Rename variables in pkg/docker/config tests
- Fix pkg/docker/config tests on non-Linux systems
- Add macOS test cases to GetPathToAuth
- Fix docker tests with recent c/storage
- Fix signature tests with recent c/storage
- Fix sysregistriesv2 tests with recent c/storage
- Fix pkg/docker/config tests with recent c/storage
- Bump github.com/containers/storage from 1.23.7 to 1.24.5
- Bump github.com/klauspost/compress from 1.11.3 to 1.11.6
- Enable subdomain matching in policy.json
- Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
- Bump github.com/klauspost/compress from 1.11.6 to 1.11.7
- ostree.TestReferenceSignaturePath: fix a compiler warning in a test
- manifest: add a test for UpdatedMIMEType
- blobinfocache: track compression types for locations
- Actually make a copy of ctx as the comment claims
- Actually use the SystemContext copy in the one place that matters
- Update golangci-lint
- Clarify the canModifyBlob condition in copyBlobFromStream
- Cleanup description of shortname expansion
- Allow callers to set the MaxParallelDownloads field
- Fix up errors linter is complaining about
- Set a default User-Agent if unset
​
-------------------------------------------------------------------
Tue Jan 12 08:43:22 UTC 2021 - Sascha Grunert <sgrunert@suse.com>
​
- Update common to 0.33.0:
​
v0.33:
seccomp: drop 'vmsplice' from the allowed list
Add new function to setup default environment
Implement secrets pkg: backend and filedriver
​
v0.32:
Do not retry on most syscall failures
Set http_proxy default to true
Add new completion functions for Arch and Os.
​
v0.31:
Switch default runtime from runc to crun
Add a volume plugins field to containers.conf
Remove libpod.conf
​
v0.30:
Add ability to set system wide options for slirp4netns
​
v0.29:
Remove stutter APIs from pkg/umask and pkg/subscriptions.
​
v0.28:
Add support for enabling/disabling kernel keyring in engines
We should not be setting a default infra command.
Print the error to log info
Move buildah/pkg/secrets to common/pkg/subscriptions
Move some volume and device parsing from buildah to common
​
v0.27:
fix: Set ping_group_range to 0 0 by default
Allow users to customer the --remote flag to be on by default.
​
v0.26:
Consolidate reporting functions from Buildah and Podman.
Update pkg/report to consolidate --format flag handling between Buildah and Podman and eventually Skopeo.
​
v0.25:
Common library now has pkg/formats pulled out of containers/buildah to make it easier to share with other tools.
Recommended containers.conf is also now available to be used by distros and CI/CD systems.
​
v0.24:
Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
Add shared autocomplete functions for podman/buildah
​
v0.23:
Allow users to specify the default format for image builds
Shell Completion with cobra for login/logout flags
remove fchmodat2 from seccomp.json file
Add support for CONTAINER_CONNECTION environment variable
Bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
Allow pidfd_getfd by default in seccomp.json
Fix problems found by codespell
​
v0.22:
Add new syscalls to allowed seccomp.json
ValidatePullPolicy case-insensitive
Update default seccomp rules to match fedora rules
Bump github.com/onsi/gomega from 1.10.1 to 1.10.2
Bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
Bump github.com/containers/storage from 1.23.3 to 1.23.5
Add seccomp validation unit test for failing BuildProfile()
​
v0.21:
Add BuildFilter() and ValidateProfile() API
Add FindAppArmorParserBinary() helper
Add mock'able unit tests and move package to `internal`
Add owners file
Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
Bump github.com/containers/storage from 1.23.2 to 1.23.3
Bump golang to 1.15
Change fmt.Errorf calls to be replaced by errors package
Enable retry EOF from http request
Fix all gocritic lints
Fix nested elseif
Migrate seccomp/containers-golang
RetryIfNecessary: add a field for setting the delay in RetryOptions
Update golangci-lint and add config
Update pkg/config/config_darwin.go
Update pkg/config/config_linux.go
Update pkg/config/config_windows.go
Update pkg/retry/retry.go
Validate that apparmor_parser is available on the system
begin migration off travis
containers.conf: Fix ulimits nofile example syntax
fix windows containers.conf path
getCustomConfigFile for windows and darwin
​
v0.20:
multi_image_archive: add option for `podman save`
Wrap AppArmor errors to provide more debug information
Omit apparmor_parser warnings when parsing the version
Support different zoneinfo locations
Do not mention libpod.conf if no files found
​
v0.19:
Vendor in containers/storage v1.23.0
Fix duplicated code found by codeverity.
Export NormalizeCapabilities function
Use homedir.GetConfigHome()
Respect XDG_CONFIG_HOME for policy.json and cni
Fix documentation
hooks_dir_path was in wrong location, should be under Enigine section
Fix deprecation warnings about libpod.conf and raise log level
​
v0.18:
Move retry code to pkg/retry
Bump github.com/containers/storage from 1.21.1 to 1.21.2
​
v0.17:
Add retry helper functions
Remove extra lock in Reload function
​
v0.16:
Add support for Umask
Fix config reload race
Add support for multiple service destinations
Bump github.com/containers/storage from 1.21.0 to 1.21.1
Add config reload
Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
​
v0.15:
Add support for timezone
Specify container engine in comments of engine env
Add env to [engines] for engine to use
Fix location of stop_timeout in default containers.conf
Bump github.com/containers/image/v5 from 5.4.4 to 5.5.1
Fix testing to not race on containers.conf
pkg/version -> version
Move pkg/version to version to be consistent with other libraries in c/image.
Fixup handling of remote_uri for documentation
Add script to rebuild images on quay.io
Fix AppArmor profile prefix and name
Change AppArmor profile prefix and fix name-check
​
- Update image to 5.9.0:
​
v5.5.0:
* Add Security Policy
* Bump to v5.5.0-dev again
* Bump github.com/containers/storage from 1.19.1 to 1.19.2
* Add debug line to get Content-Type from manifests
* Add defaults for using the rootless policy path
* Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0
* Bump github.com/klauspost/pgzip from 1.2.3 to 1.2.4
* pkg/docker/config/ModifyJSON: fix MkdirAll usage
* Bump github.com/vbauerster/mpb/v5 from 5.0.4 to 5.2.1
* Bump github.com/containers/storage from 1.19.2 to 1.20.1
* Bump github.com/klauspost/compress from 1.10.5 to 1.10.6
* Bump github.com/vbauerster/mpb/v5 from 5.2.1 to 5.2.2
* Go module noise
* Fix crash on inspecting an OCI image with no config
* Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2
* Add hardcode Authfile for windows and mac
* docker/config: initialize dockerConfigFile
* docker/config: add `GetAllCredentials`
* Bump github.com/stretchr/testify from 1.5.1 to 1.6.0
* Bump github.com/klauspost/compress from 1.10.6 to 1.10.7
* Bump github.com/containers/storage from 1.20.1 to 1.20.2
* Add documentation for credHelper
* Fix error messages on !canModifyManifest
* Add support for ProgressEventSkipped
* Bump github.com/stretchr/testify from 1.6.0 to 1.6.1
* Bump github.com/klauspost/compress from 1.10.7 to 1.10.8
* oci: don't overwrite tags pointing at the same manifest
* oci test: simplify length calculation
​
v5.5.1:
because the Go proxy caches an old version of the 5.5.0 tag, making
it difficult to use 5.5.0.
​
v5.5.2:
* backports pagination fix
​
v5.6.0:
* When we can't store signatures, point the user at the destination.
* Update for https://github.com/containers/skopeo/pull/932
* Refactor configPath API
* Load the rootless registries.conf.d for override
* docker config: clean up after test
* blobinfocache: clean up after test
* enable search using pagination
* pkg/docker/config: correct default file mode when create auth.json file
* Update to Go 1.13
* Coverity found potential nil dereference
* Look for normalized paths in tarfile.
* Move docker/tarfile.Destination to docker/internal/tarfile.Destination
* Use the docker/internal/tarfile.Destination from docker/daemon and docker/archive
* Remove deprecated non-SystemContext functions from docker/internal.tarfile
* Introduce Destination.configPath and Destination.physicalLayerPath
* Split docker/internal.tarfile.Writer from Destination
* Move createRepositoriesFile to a bit better place
* Split Writer.createManifest from Destination.PutManifest
* Reorganize docker/internal/tarfile.Writer.createManifest a bit
* Move the computation of layerPaths in docker-archive
* Implement writing multiple images in the modern format.
* Split createSingleLegacyLayer from writeLegacyLayerMetadata
* Move legacy layer ID computation to a bit later
* Merge writeLegacyMetadata and createRepositoriesFile
* Implement writing multiple images in the legacy format
* Separate tarfile.Writer creation from Destination creation
* Lock docker/internal/tarfile.Writer to support concurrent uses
* Split openArchiveForWriting from docker/archive/newImageDestination
* Finally, introduce docker/archive.Writer
* use container/storage/pkg/homedir
* Fix an error message on docker-archive:path:name@sha256:$digest
* Move docker/tarfile.Source to docker/internal/tarfile.Source
* Use the docker/internal/tarfile.Source from docker/daemon and docker/archive
* Remove deprecated non-SystemContext functions from docker/internal/tarfile
* Split docker/internal/tarfile.Reader from Source
* Separate tarfile.Reader creation from Source creation
* Read the tarfile manifest already when initializing tarfile.Reader
* Turn tarfile.Source.LoadTarManifest into a TarManifest
* Allow choosing an image from tarfile.Reader by reference
* Introduce docker-archive:path:@index syntax for reading untagged images
* Introduce docker/archive.Reader
* Finally, share a tarfile.Reader across archiveSource objects
* Add docker/archive.NewReaderForReference
* Add docker/archive.Reader.ManifestTagsForReference
* Support per user registries.d
* Move TestInvalidPolicyFormatError
* Reduce duplication in policy_config_test.go
* Eliminate more duplication in signature/policy_config_tests.go
* Return error body if UnexpectedHTTPResponseError
* Set NoLchown to true in untar opts
​
v5.7.0:
* add comment on CVE-2020-15157
* Bump github.com/containers/storage from 1.23.5 to 1.23.6
* Search credentials under XDG_CONFIG_HOME
* Bump github.com/klauspost/compress from 1.11.0 to 1.11.1
* Use $DOCKER_CONFIG/config.json to match the docker CLI.
* Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
* Regenerate oci/layout fixture certificates
* Extend the lifetime of test certificates to 10 years
* Set default rootless sigstore
* Update copier/imagecopier to fix race
* Fix problems found by codespell
​
v5.8.0:
* pkg/shortnames
* Finally, split configuration loading and merging
* Reorder merging code in loadConfig to match field order in V2RegistriesConf
* Remove "TODO: separate upper format from internal data below:"
* Move shortNameMode from V2RegistriesConf to parsedConfig
* Behavior change: Move unqualifiedSearchRegistriesOrigin to parsedConfig
* Deprecate TryUpdatingCache return value, warn about parsedConfig.v2
* Some progress: Move aliasCache out of V2RegistriesConf to parsedConfig
* Add a parsedConfig return value to loadConfigFile
* Split shortNameAliasCache.updateWithConfigurationFrom from loadConfig
* Move the creation of shortNameAliasCache to loadConfigFile
* Rename shortNameAliasConf.parseAndValidate to newShortNameAliasCache
* Move the allocation of an empty alias map to editShortNameAlias
* Bump github.com/klauspost/compress from 1.11.1 to 1.11.2
* Split shortNameAliasCache from shortNameAliasConf
* Split the error and success return paths of shortNameAliasConf.parseAndValidate
* Sort Registries in V2RegistriesConf.postProcess
* Make it clearer that .postProcessRegistries() is called on the V2RegistriesConf data
* Make tomlConfig private
* Split loadConfigFile from loadConfig
* Make loadConfig a method on parsedConfig instead of tomlConfig
* Introduce sysregistriesv2.parsedConfig, use it for configCache
* Don't hard-code cache implementation details in tests
* Add a test for correctly merging unqualified-search-registries
* sysregistriesv2: short-name aliasing
* Add GetDigest method to retrieve digest from manifest HEAD request
* Fix misleading network error
* Bump github.com/containers/storage from 1.23.6 to 1.23.7
* docs: update reference to containers-registeries.d.md
​
v5.9.0:
* copy: check our assumptions about compression
* Add a signedIdentity choice "type": "remapIdentity"
* shortnames: error if there's no alias and no search registries
​
- Update podman to 2.2.1
​
v2.2.1
​
### Changes
- Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using `--mount type=image`) were handled in the database. As a result, containers created in Podman 2.2.0 with image volumes will not have them in v2.2.1, and these containers will need to be re-created.
​
### Bugfixes
- Fixed a bug where rootless Podman would, on systems without the `XDG_RUNTIME_DIR` environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start ([#8539](https://github.com/containers/podman/issues/8539)).
- Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors ([#8613](https://github.com/containers/podman/issues/8613)).
- Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running.
- Fixed a bug where the `podman system reset` command would print a warning about a duplicate shutdown handler being registered.
- Fixed a bug where rootless Podman would attempt to mount `sysfs` in circumstances where it was not allowed; some OCI runtimes (notably `crun`) would fall back to alternatives and not fail, but others (notably `runc`) would fail to run containers.
- Fixed a bug where the `podman run` and `podman create` commands would fail to create containers from untagged images ([#8558](https://github.com/containers/podman/issues/8558)).
- Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
- Fixed a bug where the `podman exec` command did not move the Conmon process for the exec session into the correct cgroup.
- Fixed a bug where shell completion for the `ancestor` option to `podman ps --filter` did not work correctly.
- Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if `--rm` was set) if the Podman command that created them was invoked with `--log-level=debug`.
​
### API
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the `Binds` and `Mounts` parameters in `HostConfig`.
- Fixed a bug where the Compat Create endpoint for Containers ignored the `Name` query parameter.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the "default" value for `NetworkMode` (this value is used extensively by `docker-compose`) ([#8544](https://github.com/containers/podman/issues/8544)).
- Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the `target` query parameter as the image's tag.
​
### Misc
- Podman v2.2.0 vendored a non-released, custom version of the `github.com/spf13/cobra` package; this has been reverted to the latest upstream release to aid in packaging.
- Updated the containers/image library to v5.9.0
​
v2.2.0
​
### Features
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing) and [here](https://www.redhat.com/sysadmin/container-image-short-names).
- Initial support has been added for the `podman network connect` and `podman network disconnect` commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify `--network=none` when they were created.
- The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Aliases can also be added and removed using the new `podman network connect` and `podman network disconnect` commands. Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks.
- The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)).
- The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)).
- The `podman play kube` command now supports persistent volumes claims using Podman named volumes.
- The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)).
- The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers.
- The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles.
- The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)).
- The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)).
- The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location.
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added.
- The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)).
- The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)).
- The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster.
- The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository.
- The `podman search` command can now output JSON using the `--format=json` option.
- The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
- The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
- The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman.
- The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)).
- The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option.
- The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option.
- The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`.
- The `name` and `id` filters for `podman pod ps` now match based on a regular expression, instead of requiring an exact match.
- The `podman pod ps` command now supports a new filter `status`, that matches pods in a certain state.
​
### Changes
- The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)).
- The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given.
- If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
- Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`).
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
- The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release.
- The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work.
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)).
- The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)).
- A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`.
- Podman will now print a warning when conflicting network options related to port forwarding (e.g. `--publish` and `--net=host`) are specified when creating a container.
- The `--restart on-failure` and `--rm` options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly ([#7906](https://github.com/containers/podman/issues/7906)).
- Remote Podman will no longer use settings from the client's `containers.conf`; defaults will instead be provided by the server's `containers.conf` ([#7657](https://github.com/containers/podman/issues/7657)).
- The `podman network rm` command now has a new alias, `podman network remove` ([#8402](https://github.com/containers/podman/issues/8402)).
​
### Bugfixes
- Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
- Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)).
- Fixed a bug where the `--pull` option to `podman run`, `podman create`,  and `podman build` did not match Docker's behavior.
- Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl.
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
- Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable.
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)).
- Fixed a bug where the `podman untag --all` command was not supported with remote Podman.
- Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)).
- Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present.
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
- Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)).
- Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)).
- Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)).
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)).
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)).
- Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)).
- Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)).
- Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)).
- Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up.
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)).
- Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)).
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
- Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)).
- Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)).
- Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)).
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)).
- Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running.
- Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)).
- Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)).
- Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)).
- Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted.
- Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)).
- Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)).
- Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)).
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations.
- Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)).
- Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)).
- Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing.
- Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions.
- Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)).
- Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context).
- Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)).
- Fixed a bug where the `--extract` option to `podman cp` was nonfunctional.
- Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)).
- Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)).
- Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)).
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)).
- Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)).
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)).
- Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)).
- Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed.
- Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)).
- Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)).
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)).
- Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)).
- Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)).
- Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)).
- Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)).
- Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)).
- Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)).
- Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)).
- Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it).
- Fixed a bug where the `podman network rm` command would error when trying to remove `macvlan` networks and rootless CNI networks ([#8491](https://github.com/containers/podman/issues/8491)).
- Fixed a bug where Podman was not setting sane defaults for missing `XDG_` environment variables.
- Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server ([#8473](https://github.com/containers/podman/issues/8473)).
- Fixed a bug where the `podman manifest create` and `podman manifest add` commands on local images would drop any images in the manifest not pulled by the host.
- Fixed a bug where networks made by `podman network create` did not include the `tuning` plugin, and as such did not support setting custom MAC addresses ([#8385](https://github.com/containers/podman/issues/8385)).
- Fixed a bug where container healthchecks did not use `$PATH` when searching for the Podman executable to run the healthcheck.
- Fixed a bug where the `--ip-range` option to `podman network create` did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment ([#8448](https://github.com/containers/podman/issues/8448)).
- Fixed a bug where the `podman container ps` alias for `podman ps` was missing ([#8445](https://github.com/containers/podman/issues/8445)).
​
### API
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
- A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)).
- The Compat Network Connect and Network Disconnect endpoints have been added.
- Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration.
- The Compat Create endpoint for images now properly supports specifying images by digest.
- The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions.
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
- Fixed a bug where the Ping endpoint misspelled a header name (`Libpod-Buildha-Version` instead of `Libpod-Buildah-Version`).
- Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)).
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
- Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with `CAP_` (Docker does not do so).
- Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)).
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)).
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)).
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client.
- Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response.
- Fixed a bug where the Compat Inspect endpoint for images would omit the `ParentId` field if the image had no parent, and the `Created` field if the image did not have a creation time.
- Fixed a bug where the Compat Remove endpoint for Networks did not support the `Force` query parameter.
​
### Misc
- Updated Buildah to v1.18.0
- Updated the containers/storage library to v1.24.1
- Updated the containers/image library to v5.8.1
- Updated the containers/common library to v0.27.0
​
v2.2.0-rc2
​
APIv2
*   Fix Bugs and compatability
*   Fix list of images - mandatory Created attribute
*   Add network connect|disconnect compat endpoints
Missing Commands
*   Add alias for podman network rm -> remove
*   Add podman container ps command
Missing Options support
*   Align the podman pod ps --filter behavior with podman ps
*   Allow containers to --restart on-failure with --rm
*   Allow multiple --network flags for podman run/create
Documentation:
*   Containers.conf settings for remote connections
*   Specify what the replace flag replaces in help text
*   Clarify ps(1) fallback of `podman top`
Improve shell completions
Bugs
*  Fix ip-range for classless subnet masks
*  Make c.networks() list include the default network
*  Make podman service log events
*  Set PATH env in systemd timer.
*  Fix container cgroup lookup
v2.2.0-RC1
​
This is the first release candidate for Podman v2.2.0. Preliminary release notes are below:
​
## 2.2.0
### Features
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing).
- The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)).
- The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)).
- The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)).
- The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers.
- The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles.
- The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks.
- The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)).
- The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)).
- The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location.
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added.
- The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)).
- The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)).
- The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster.
- The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository.
- The `podman search` command can now output JSON using the `--format=json` option.
- The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
- The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
- The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman.
- The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)).
- The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option.
- The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option.
- The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`.
- The `name` filter for `podman pod ps` now matches based on a regular expression, instead of requiring an exact match.
​
### Changes
- The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)).
- The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given.
- If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
- Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`).
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
- The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release.
- The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work.
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)).
- The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)).
- A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`.
​
### Bugfixes
- Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
- Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)).
- Fixed a bug where the `--pull` option to `podman run`, `podman create`,  and `podman build` did not match Docker's behavior.
- Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl.
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
- Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable.
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)).
- Fixed a bug where the `podman untag --all` command was not supported with remote Podman.
- Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)).
- Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present.
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
- Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)).
- Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)).
- Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)).
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)).
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)).
- Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)).
- Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)).
- Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)).
- Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up.
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)).
- Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)).
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
- Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)).
- Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)).
- Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)).
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)).
- Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running.
- Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)).
- Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)).
- Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)).
- Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted.
- Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)).
- Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)).
- Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)).
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations.
- Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)).
- Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)).
- Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing.
- Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions.
- Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)).
- Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context).
- Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)).
- Fixed a bug where the `--extract` option to `podman cp` was nonfunctional.
- Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)).
- Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)).
- Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)).
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)).
- Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)).
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)).
- Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)).
- Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed.
- Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)).
- Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)).
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)).
- Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)).
- Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)).
- Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)).
- Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)).
- Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)).
- Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)).
- Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)).
- Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it).
​
### API
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
- A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)).
- The Compat Network Connect and Network Disconnect endpoints have been added.
- Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration.
- The Compat Create endpoint for images now properly supports specifying images by digest.
- The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions.
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)).
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not include complete network information on the container.
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)).
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)).
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)).
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client.
- Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response.
​
### Misc
- Updated Buildah to v1.18.0
- Updated the containers/storage library to v1.24.0
- Updated the containers/image library to v5.8.0
- Updated the containers/common library to v0.27.0
​
v2.1.1
​
### Changes
- The `podman info` command now includes the cgroup manager Podman is using.
​
### Bugfixes
- Fixed a bug where Podman would not build with the `varlink` build tag enabled.
- Fixed a bug where the `podman save` command could, when asked to save multiple images, write its progress bar to the archive instead of the terminal, producing a corrupted archive.
- Fixed a bug where the `json-file` log driver did not write logs.
- Fixed a bug where `podman-remote start --attach` did not properly handle detaching using the detach keys.
- Fixed a bug where `podman pod ps --filter label=...` did not work.
- Fixed a bug where the `podman build` command did not respect the `--runtime` flag.
​
### API
- The REST API now includes a Server header in all responses.
- Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter.
- Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error.
- Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) ([#7722](https://github.com/containers/podman/issues/7722)).
- The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release.
​
v2.1.0
​
### Features
- A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)).
- The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)).
- Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present.
- The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)).
- The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows:  `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
- The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications.
- The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units.
- The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)).
- The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
- The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)).
- The `podman play kube` command now supports read-only mounts.
- The `podman play kube` command now supports setting labels on pods from Kubernetes metadata labels.
- The `podman play kube` command now supports setting container restart policy ([#7656](https://github.com/containers/podman/issues/7656)).
- The `podman play kube` command now properly handles `HostAlias` entries.
- The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries.
- The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods.
- The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container).
- The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container.
- The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)).
- Environment variables for Podman can now be added in the `containers.conf` configuration file.
- The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal.
- The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem.
- Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems.
- The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran.
- A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called.
- The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options.
​
### Security
- This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API.
​
### Changes
- Podman will now retry pulling an image 3 times if a pull fails due to network errors.
- The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did.
- Error messages when creating a container or pod with a name that is already in use have been improved.
- For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`.
- The `podman system reset` command no longer removes configuration files for rootless Podman.
​
### Bugfixes
- Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)).
- Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)).
- Fixed a bug where privileged containers would still configure an AppArmor profile.
- Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)).
- Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman.
- Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)).
- Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)).
- Fixed a bug where input to the `--log-level` option was no longer case-insensitive.
- Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)).
- Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory.
- Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)).
- Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)).
- Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)).
- Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands.
- Fixed a bug where the `podman build --logfile` command would segfault.
- Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)).
- Fixed a bug where the `podman ps` was ignoring the `--latest` flag.
- Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)).
- Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional.
- Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional.
- Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system.
- Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)).
- Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)).
- Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)).
- Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)).
- Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)).
- Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)).
- Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)).
- Fixed a bug where `podman images -a` would break if any image pulled by digest was present in the store ([#7651](https://github.com/containers/podman/issues/7651)).
- Fixed a bug where the `--mount` option to `podman run` and `podman create` required the `type=` parameter to be passed first ([#7628](https://github.com/containers/podman/issues/7628)).
- Fixed a bug where the `--infra-command` parameter to `podman pod create` was nonfunctional.
- Fixed a bug where `podman auto-update` would fail for any container started with `--pull=always` ([#7407](https://github.com/containers/podman/issues/7407)).
- Fixed a bug where the `podman wait` command would only accept a single argument.
- Fixed a bug where the parsing of the `--volumes-from` option to `podman run` and `podman create` was broken, making it impossible to use multiple mount options at the same time ([#7701](https://github.com/containers/podman/issues/7701)).
- Fixed a bug where the `podman exec` command would not join executed processes to the container's supplemental groups if the container was started with both the `--user` and `--group-add` options.
- Fixed a bug where the `--iidfile` option to `podman-remote build` was nonfunctional.
​
### API
- The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API.
- Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
- Added an endpoint for generating systemd unit files for containers.
- The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)).
- The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
- The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
- The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)).
- Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
- Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
- Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
- Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
- Added a `noTrunc` option to the Libpod image search endpoint.
- Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)).
- Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)).
- Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
- The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)).
- Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.
- Fixed a bug where Pull endpoints did not stream progress back to the client.
- The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker.
- All non-hijacking responses to API requests should not include headers with the version of the server.
- Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred ([#7263](https://github.com/containers/podman/issues/7263)).
- Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client.
- Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting.
- Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly.
- Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format ([#7196](https://github.com/containers/podman/issues/7196)).
​
### Misc
- Updated Buildah to v1.16.1
- Updated the containers/storage library to v1.23.5
- Updated the containers/image library to v5.6.0
- Updated the containers/common library to v0.22.0
​
v2.1.0-RC2
​
This is the second release candidate for Podman v2.1.0.
v2.1.0-RC1
​
This is the first release candidate of Podman v2.1.0. Preliminary release notes are attached below:
​
### Features
- A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)).
- The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)).
- Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present.
- The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)).
- The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows:  `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
- The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications.
- The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units.
- The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)).
- The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
- The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)).
- The `podman play kube` command now supports read-only mounts.
- The `podman play kube` command now properly handles `HostAlias` entries.
- The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries.
- The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods.
- The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container).
- The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container.
- The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)).
- Environment variables for Podman can now be added in the `containers.conf` configuration file.
- The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal.
- The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem.
- Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems.
- The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran.
- A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called.
- The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options.
​
### Changes
- Podman will now retry pulling an image 3 times if a pull fails due to network errors.
- The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did.
- Error messages when creating a container or pod with a name that is already in use have been improved.
- For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`.
- The `podman system reset` command no longer removes configuration files for rootless Podman.
​
### Bugfixes
- Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)).
- Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)).
- Fixed a bug where privileged containers would still configure an AppArmor profile.
- Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)).
- Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman.
- Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)).
- Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)).
- Fixed a bug where input to the `--log-level` option was no longer case-insensitive.
- Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)).
- Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory.
- Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)).
- Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)).
- Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)).
- Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands.
- Fixed a bug where the `podman build --logfile` command would segfault.
- Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)).
- Fixed a bug where the `podman ps` was ignoring the `--latest` flag.
- Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)).
- Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional.
- Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional.
- Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system.
- Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)).
- Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)).
- Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)).
- Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)).
- Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)).
- Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)).
- Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)).
​
### API
- Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
- Added an endpoint for generating systemd unit files for containers.
- The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)).
- The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
- The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
- The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)).
- Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
- Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
- Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
- Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
- Added a `noTrunc` option to the Libpod image search endpoint.
- Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)).
- Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)).
- Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
- The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)).
- Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.
​
### Misc
- Updated Buildah to v1.16.1
- Updated the containers/storage library to v1.23.5
- Updated the containers/common library to v0.22.0
​
v2.0.6
​
### Bugfixes
- Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
- Fixed a bug where `/etc/passwd` could be re-created every time a container is restarted if the container's `/etc/passwd` did not contain an entry for the user the container was started as.
- Fixed a bug where containers without an `/etc/passwd` file specifying a non-root user would not start.
- Fixed a bug where the `--remote` flag would sometimes not make remote connections and would instead attempt to run Podman locally.
​
### Misc
- Updated the containers/common library to v0.14.10
​
v2.0.6-rc1
​
This is the first release candidate for Podman v2.0.6. It includes several small bugfixes for issues identified with v2.0.5.
v2.0.5
​
### Features
- Rootless Podman will now add an entry to `/etc/passwd` for the user who ran Podman if run with `--userns=keep-id`.
- The `podman system connection` command has been reworked to support multiple connections, and reenabled for use!
- Podman now has a new global flag, `--connection`, to specify a connection to a remote Podman API instance.
​
### Changes
- Podman's automatic systemd integration (activated by the `--systemd=true` flag, set by default) will now activate for containers using `/usr/local/sbin/init` as their command, instead of just `/usr/sbin/init` and `/sbin/init` (and any path ending in `systemd`).
- Seccomp profiles specified by the `--security-opt seccomp=...` flag to `podman create` and `podman run` will now be honored even if the container was created using `--privileged`.
​
### Bugfixes
- Fixed a bug where the `podman play kube` would not honor the `hostIP` field for port forwarding ([#5964](https://github.com/containers/podman/issues/5964)).
- Fixed a bug where the `podman generate systemd` command would panic on an invalid restart policy being specified ([#7271](https://github.com/containers/podman/issues/7271)).
- Fixed a bug where the `podman images` command could take a very long time (several minutes) to complete when a large number of images were present.
- Fixed a bug where the `podman logs` command with the `--tail` flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com/containers/podman/issues/7230]).
- Fixed a bug where the `podman exec` command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) ([#6893](https://github.com/containers/podman/issues/6893)).
- Fixed a bug where the `podman load` command with remote Podman would did not honor user-specified tags ([#7124](https://github.com/containers/podman/issues/7124)).
- Fixed a bug where the `podman system service` command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result ([#7180](https://github.com/containers/podman/issues/7180)).
- Fixed a bug where the `--publish` flag to `podman create`, `podman run`, and `podman pod create` did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) ([#7104](https://github.com/containers/podman/issues/7014)).
- Fixed a bug where the `podman start --attach` command would not print the container's exit code when the command exited due to the container exiting.
- Fixed a bug where the `podman rm` command with remote Podman would not remove volumes, even if the `--volumes` flag was specified ([#7128](https://github.com/containers/podman/issues/7128)).
- Fixed a bug where the `podman run` command with remote Podman and the `--rm` flag could exit before the container was fully removed.
- Fixed a bug where the `--pod new:...` flag to `podman run` and `podman create` would create a pod that did not share any namespaces.
- Fixed a bug where the `--preserve-fds` flag to `podman run` and `podman exec` could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
- Fixed a bug where default environment variables (`$PATH` and `$TERM`) were not set in containers when not provided by the image.
- Fixed a bug where pod infra containers were not properly unmounted after exiting.
- Fixed a bug where networks created with `podman network create` with an IPv6 subnet did not properly set an IPv6 default route.
- Fixed a bug where the `podman save` command would not work properly when its output was piped to another command ([#7017](https://github.com/containers/podman/issues/7017)).
- Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under `/sys/fs/cgroup/systemd` to the host.
- Fixed a bug where `podman build` would not generate an event on completion ([#7022](https://github.com/containers/podman/issues/7022)).
- Fixed a bug where the `podman history` command with remote Podman printed incorrect creation times for layers ([#7122](https://github.com/containers/podman/issues/7122)).
- Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
- Fixed a bug where Podman did not clear `CMD` from the container image if the user overrode `ENTRYPOINT` ([#7115](https://github.com/containers/podman/issues/7115)).
- Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
- Fixed a bug where the `podman images` command with remote Podman did not support printing image tags in Go templates supplied to the `--format` flag ([#7123](https://github.com/containers/podman/issues/7123)).
- Fixed a bug where the `podman rmi --force` command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
- Fixed a bug where the `podman generate systemd --new` command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files ([#7285](https://github.com/containers/podman/issues/7285)).
- Fixed a bug where the `podman version` command did not properly include build time and Git commit.
- Fixed a bug where running systemd in a Podman container on a system that did not use the `systemd` cgroup manager would fail ([#6734](https://github.com/containers/podman/issues/6734)).
- Fixed a bug where capabilities from `--cap-add` were not properly added when a container was started as a non-root user via `--user`.
- Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues ([#7103](https://github.com/containers/podman/issues/7103)).
​
### API
- Fixed a bug where the libpod and compat Build endpoints did not accept the `application/tar` content type (instead only accepting `application/x-tar`) ([#7185](https://github.com/containers/podman/issues/7185)).
- Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions ([#7197](https://github.com/containers/podman/issues/7197)).
- Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
- Added a versioned `_ping` endpoint (e.g. `http://localhost/v1.40/_ping`).
- Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when `podman system service` shut down due to its idle timeout ([#7294](https://github.com/containers/podman/issues/7294)).
- Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
- The `Pod` URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the `Pod` boolean will now be included in the response unconditionally.
​
### Misc
- Updated Buildah to v1.15.1
- Updated containers/image library to v5.5.2
​
v2.0.4
​
### Bugfixes
- Fixed a bug where the output of `podman image search` did not populate the Description field as it was mistakenly assigned to the ID field.
- Fixed a bug where `podman build -` and `podman build` on an HTTP target would fail.
- Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes ([#7130](https://github.com/containers/podman/issues/7130)).
- Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output.
- Fixed a bug where the `podman start --attach --interactive` command would print the container ID of the container attached to when exiting ([#7068](https://github.com/containers/podman/pull/7068)).
- Fixed a bug where `podman run --ipc=host --pid=host` would only set `--pid=host` and not `--ipc=host` ([#7100](https://github.com/containers/podman/issues/7100)).
- Fixed a bug where the `--publish` argument to `podman run`, `podman create` and `podman pod create` would not allow binding the same container port to more than one host port ([#7062](https://github.com/containers/podman/issues/7062)).
- Fixed a bug where incorrect arguments to `podman images --format` could cause Podman to segfault.
- Fixed a bug where `podman rmi --force` on an image ID with more than one name and at least one container using the image would not completely remove containers using the image ([#7153](https://github.com/containers/podman/issues/7153)).
- Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of `podman stats --format=json`.
​
### API
- Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified ([#7078](https://github.com/containers/podman/issues/7078)).
- Fixed a bug where the `CgroupVersion` field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented).
​
- Update storage to 1.24.5
​
1.24.5:
​
    Use STORAGE_DRIVER environment variable in rootless mode
    Fix errors about undefined storage driver in vms
    idtools: handle single user mapped as root
​
​
1.24.4:
​
Use /run instead of /var/run
archive: Skip FIFO creation in user namespace
​
​
1.24.3:
​
    Revert returning storageOpts early in rootless mode.
    Log message when graphdriver is not set
​
​
1.24.2:
​
    Fix reading of ~/.config/containers/storage.conf
​
​
1.24.1:
​
    Fix unshare.HomeDir to use entry in /etc/passwd
​
​
1.24.0:
​
Add support for force_mask field, which allows for sharing container image over NFS shares or between different users on the same system. (Experimental)
​
​
​
1.23.9:
​
Improve handling Get() in pkg/homedir, handling user namespaced homedirs correctly
Improve ID range selection for automatic user namespace range selection.
Restore usage of rootless_storage_path in user storage.conf
​
​
1.20.5:
​
Fix handling of Interrupts while changing file system attributes.
​
1.23.8:
​
    Tighten permissions on created directory
    Fix handling of EINTR when changing file permissions, being triggered by newer version of golang.
    Fix resource leaks and improve error messages.
​
​
1.23.7:
​
Fix handling of SetDefaultConfigFilePath(path)
Switch to handling EINTR when chowning content.
​
​
​
1.23.6:
​
Lot's of bug fixes.
Drop some Warning messages down to Info level
Improve error messages for users
Improve imput parsing.
Maintain IMA Attributes in image creation
Fix usage of rootless_storage_path from system storage.conf file
Improve devmapper handling.
​
​
1.23.5:
​
    For podman v2.0 we need to use use ignore_chown_errors field if set
    utils_test.go: make test show mismatching items
    Support the rootless storage path from the system file
    build(deps): bump github.com/klauspost/compress from 1.10.11 to 1.11.0
​
1.20.4:
​
    For podman v2.0 we need to use use ignore_chown_errors field if set
​
​
1.23.4:
​
    build(deps): bump github.com/klauspost/pgzip from 1.2.4 to 1.2.5
    fix goroutine leak with close tatLogger in a defer clause
​
​
1.23.3:
​
    Switch to moby/sys/mountinfo
    counter: check for external umounts
​
​
1.20.3:
​
    counter: check for external umounts
​
​
1.23.2:
​
    counter: check for external umounts
​
​
1.23.1:
​
    recover use graphLock when mount a layer
    build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11
    Use `bash` binary from env instead of /bin/bash for scripts
    build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11
    Allow users to override imagestores
    Remove dead code
​
​
1.23.0:
​
* Revert "build(deps): bump github.com/opencontainers/runc"
* Allow any env variable for graphroot, runroot, storagepath
* fileutils.Pattern.compile(): end the regex with the right path separator
* archive: preallocate a buffer for io.Copy
​
1.22.0:
​
    Allow env variables in graphroot and runroot
    userns: make sure host id is not always 0
    store: support mapped layers deletion
    Cirrus: Fix matrix filter
    build(deps): bump github.com/opencontainers/runc
    Cirrus: Add success-accumulator task
    Cirrus: Note matrix filter resolution
    store: support mapped layers deletion
    userns: fix host id calculation when ranges overlap
    userns: simplify function
    Fix leaked fd
    Coverity errors found
​
1.21.2:
​
    archive: fix the bug of ReadSecurityXattrToTarHeader
    unbreak build on mipsen harder
    unshare: memoize HomeDir()
​
​
1.21.1:
​
    userns: fix available range with explicit idmapping
    layer mount: fix RO logic
    When mounting images we have no lowers, but still need to mount
     layerStore: clean residual resources in layerStore when remove an image
    Allow mounting of Non Read Write images read/only
    Always mount the layer via overlay.
​
​
1.21.0:
​
    Remove whitelist and replace with allowed
    build(deps): bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
    new interface for MountImage added
    Record security.ima in container images
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc90 to 1.0.0-rc91
    Store the pvcreate --metadatasize option in storage.conf
    new interface Free for deleting Store object
    Just uncommenting this line blew up on me
    build(deps): bump github.com/hashicorp/go-multierror from 1.0.0 to 1.1.0
    Use temp instead of run as fallback directory for rootless mode
    Make lock files world readable
    Lock files should be CLOEXEC
    Stop using golang 1.12
    build(deps): bump github.com/klauspost/compress from 1.10.8 to 1.10.10
    devmapper: allow devmapper devices as directlvm device
    build(deps): bump github.com/stretchr/testify from 1.6.0 to 1.6.1
​
​
​
1.20.2:
​
    Add back skip_mount_home
    Update git validation EPOCH
    build(deps): bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90
    build(deps): bump github.com/klauspost/compress from 1.10.5 to 1.10.7
    build(deps): bump github.com/stretchr/testify from 1.5.1 to 1.6.0
    unbreak build on mipsen
​
​
- Switch to seccomp profile provided by common instead of podman
- Update containers.conf to match latest version
​
-------------------------------------------------------------------
Tue Oct 13 15:53:05 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
​
- Simplify %setup statements.
​
-------------------------------------------------------------------
Mon Aug  3 17:10:46 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
​
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
​
-------------------------------------------------------------------
Tue Jul 28 13:22:02 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Added containers/common tarball for containers.conf(5) man page
- Install containers.conf default configuration in
  /usr/share/containers
- libpod repository on github got renamed to podman
- Update to image 5.5.1
  - Add documentation for credHelpera
  - Add defaults for using the rootless policy path
- Update libpod/podman to 2.0.3
  - docs: user namespace can't be shared in pods
  - Switch references from libpod.conf to containers.conf
  - Allow empty host port in --publish flag
  - update document login see config.json as valid
- Update storage to 1.20.2
  - Add back skip_mount_home
​
-------------------------------------------------------------------
Fri Jun 19 09:57:44 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Remove remaining difference between SLE and openSUSE package and
  ship the some mounts.conf default configuration on both platforms.
  As the sources for the mount point do not exist on openSUSE by
  default this config will basically have no effect on openSUSE.
  (jsc#SLE-12122, bsc#1175821)
​
-------------------------------------------------------------------
Wed Jun  3 14:37:20 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Update to image 5.4.4
  - Remove registries.conf VERSION 2 references from man page
  - Intial authfile man page
  - Add $HOME/.config/containers/certs.d to perHostCertDirPath
  - Add $HOME/.config/containers/registries.conf to config path
  - registries.conf.d: add stances for the registries.conf
- update to libpod 1.9.3
  - userns: support --userns=auto
  - Switch to using --time as opposed to --timeout to better match Docker
  - Add support for specifying CNI networks in podman play kube
  - man pages: fix inconsistencies
- Update to storage 1.19.1
  - userns: add support for auto
  - store: change the default user to containers
  - config: honor XDG_CONFIG_HOME
- Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again.
  It never ended up in SLES and a different way to fix the underlying
  problem is being worked on.
​
-------------------------------------------------------------------
Wed May 13 12:45:58 UTC 2020 - Richard Brown <rbrown@suse.com>
​
- Add registry.opensuse.org as default registry [bsc#1171578]
​
-------------------------------------------------------------------
Fri Apr 24 08:35:54 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts.
  This for making container-suseconnect working in the public
  cloud on-demand images. It needs that file for being able to
  verify the server certificates of the RMT servers hosted
  in the public cloud.
  (https://github.com/SUSE/container-suseconnect/issues/41)
​
-------------------------------------------------------------------
Fri Mar  6 11:14:24 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- New snaphot (bsc#1165917)
- Update to image 5.2.1
  * Add documentation about rewriting docker.io registries
  * Add registries warning to registries.conf
- Update to libpod 1.8.0
  * Fixed some spelling errors in oci-hooks documentations
  * include containers-mounts.conf(5) man-page into the package
- Update to storage 1.16.1
  * Add `rootless_storage_path` directive to storage.conf
  * Add better documentation for the mount_program in overlay driver
​
-------------------------------------------------------------------
Wed Dec 11 16:13:32 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to image 5.0.0
  - Clean up various imports primarily so that imports of packages that aren't in the standard library are all in one section.
  - Update to major version v5
  - return resp error message
  - copy.Image(): select the CopySystemImage image using the source context
  - Add manifest list support
  - docker: handle http 429 status codes
  - allow for .dockercfg files to reside in non-home directories
  - Use the correct module path in (make test-skopeo)
- Update to libpod 1.6.3
  - Handling of the libpod.conf configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration.
  - Initial support for the CNI DNS plugin, which allows containers to resolve the IPs of other containers via DNS name, has been added
  - Podman now supports anonymous named volumes, created by specifying only a destination to the -v flag to the podman create and podman run commands
  - Named volumes now support uid and gid options in --opt o=... to set UID and GID of the created volume
- Update to storage 1.15.3
  - overlay: allow storing images with more than 127 layers
  - Lazy initialize the layer store
  - tarlogger: drop state mutex
​
-------------------------------------------------------------------
Wed Oct  2 08:29:50 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update to image 4.0.0
  - Add http response to log
  - Add tests for parsing OpenShift kubeconfig files
  - Compress: define some consts for the compression algos
  - Compression: add support for the zstd
  - Compression: allow to specify the compression format
  - Copy: add nil checks
  - Copy: compression: default to gzip
  - Copy: don't lose annotations of BlobInfo
  - Copy: fix options.DestinationCtx nil check
  - Copy: use a bigger buffer for the compression
  - Fix cross-compilation by vendoring latest c/storage
  - Internal/testing/explicitfilepath-tmpdir: handle unset TMPDIR
  - Keyctl: clean up after tests
  - Make container tools work with go+openssl
  - Make test-skopeo: replace c/image module instead of copying code
  - Media type checks
  - Move keyctl to internal & func remove auth from keyring
  - Replace vendor.conf by go.mod
  - Update dependencies
  - Update test certificates
  - Update to mergo v0.3.5
  - Vendor.conf: update reference for containers/storage
- Update to storage 1.13.4
  - Update generated files
  - ImageBigData: distinguish between no-such-image and no-such-item
  - ImageSize: don't get tripped up by images with no layers
  - tarlogger: disable raw accouting
- Update to libpod 1.6.0
  - Nothing changed regarding the OCI hooks documentation provided by this
    package
​
-------------------------------------------------------------------
Mon Sep 23 15:28:02 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to image 1.4.4
  - Hard-code the kernel keyring use to be disabled for now
- Update to libpod 1.5.1
  - The hostname of pods is now set to the pod's name
  - Minor bugfixes
- Update to storage 1.12.16
  - Ignore ro mount options in btrfs and windows drivers
​
-------------------------------------------------------------------
Mon Sep 23 12:01:53 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)
​
-------------------------------------------------------------------
Wed Aug  7 10:35:07 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Add missing licenses to spec file
​
-------------------------------------------------------------------
Tue Aug  6 11:42:17 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
​
- Add a default registries.d configuration file, used to specify images
  signatures storage location.
​
-------------------------------------------------------------------
Fri Aug  2 09:46:10 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update to image v3.0.0
  - Add "Env" to ImageInspectInfo
  - Add API function TryUpdatingCache
  - Add ability to install man pages
  - Add user registry auth to kernel keyring
  - Fix policy.json.md -> containers-policy.json.5.md references
  - Fix typo in docs/containers-registries.conf.5.md
  - Remove pkg/sysregistries
  - Touch up transport man page
  - Try harder in storageImageDestination.TryReusingBlob
  - Use the same HTTP client for contacting the bearer token server and the
    registry
  - ci: change GOCACHE to a writeable path
  - config.go: improve debug message
  - config.go: log where credentials come from
  - docker client: error if registry is blocked
  - docker: allow deleting OCI images
  - docker: delete: support all MIME types
  - ostree: default is no OStree support
  - ostree: improve error message
  - progress bar: use spinners for unknown blob sizes
  - use 'containers_image_ostree' as build tag
  - use keyring when authfile empty
- Update to storage v1.12.16
  - Add cirrus vendor check
  - Add storage options to IgnoreChownErrors
  - Add support for UID as well as UserName in /etc/subuid files.
  - Add support for ignoreChownErrors to vfs
  - Add support for installing man pages
  - Fix cross-compilation
  - Keep track of the UIDs and GIDs used in applied layers
  - Move lockfiles to their own package
  - Remove merged directory when it is unmounted
  - Switch to go modules
  - Switch to golangci-lint
  - Update generated files
  - Use same variable name on both commands
  - cirrus: ubuntu: try removing cryptsetup-initramfs
  - compression: add support for the zstd algorithm
  - getLockfile(): use the absolute path
  - loadMounts(): reset counts before merging just-loaded data
  - lockfile: don't bother releasing a lock when closing a file
  - locking test updates
  - locking: take read locks on read-only stores
  - make local-cross more reliable for CI
  - overlay: cache the results of supported/using-metacopy/use-naive-diff
    feature tests
  - overlay: fix small piece of repeated work
  - utils: fix check for missing conf file
  - zstd: use github.com/klauspost/compress directly
​
-------------------------------------------------------------------
Mon Jul  8 13:18:20 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update to libpod v1.4.4
  - Fixed a bug where rootless Podman would attempt to use the
    entire root configuration if no rootless configuration was
    present for the user, breaking rootless Podman for new
    installations
  - Fixed a bug where rootless Podman's pause process would block
    SIGTERM, preventing graceful system shutdown and hanging until
    the system's init send SIGKILL
  - Fixed a bug where running Podman as root with sudo -E would not
    work after running rootless Podman at least once
  - Fixed a bug where options for tmpfs volumes added with the
    --tmpfs flag were being ignored
  - Fixed a bug where images with no layers could not properly be
    displayed and removed by Podman
  - Fixed a bug where locks were not properly freed on failure to
    create a container or pod
  - Podman now has greatly improved support for containers using
    multiple OCI runtimes. Containers now remember if they were
    created with a different runtime using --runtime and will
    always use that runtime
  - The cached and delegated options for volume mounts are now
    allowed for Docker compatability (#3340)
  - The podman diff command now supports the --latest flag
  - Fixed a bug where podman cp on a single file would create a
    directory at the target and place the file in it (#3384)
  - Fixed a bug where podman inspect --format '{{.Mounts}}' would
    print a hexadecimal address instead of a container's mounts
  - Fixed a bug where rootless Podman would not add an entry to
    container's /etc/hosts files for their own hostname (#3405)
  - Fixed a bug where podman ps --sync would segfault (#3411)
  - Fixed a bug where podman generate kube would produce an invalid
    ports configuration (#3408)
  - Podman now performs much better on systems with heavy I/O load
  - The --cgroup-manager flag to podman now shows the correct
    default setting in help if the default was overridden by
    libpod.conf
  - For backwards compatability, setting --log-driver=json-file in
    podman run is now supported as an alias for
    --log-driver=k8s-file. This is considered deprecated, and
    json-file will be moved to a new implementation in the future
    ([#3363](https://github.com/containers/libpod/issues/3363))
  - Podman's default libpod.conf file now allows the crun OCI
    runtime to be used if it is installed
  - Fixed a bug where Podman could not run containers using an
    older version of Systemd as init (#3295)
  - Updated vendored Buildah to v1.9.0 to resolve a critical bug
    with Dockerfile RUN instructions
  - The error message for running podman kill on containers that
    are not running has been improved
  - The Podman remote client can now log to a file if syslog is not
    available
  - The MacOS dmg file is experimental, use at your own risk.
  - The podman exec command now sets its error code differently
    based on whether the container does not exist, and the command
    in the container does not exist
  - The podman inspect command on containers now outputs Mounts
    JSON that matches that of docker inspect, only including
    user-specified volumes and differentiating bind mounts and
    named volumes
  - The podman inspect command now reports the path to a
    container's OCI spec with the OCIConfigPath key (only included
    when the container is initialized or running)
  - The podman run --mount command now supports the
    bind-nonrecursive option for bind mounts (#3314)
  - Fixed a bug where podman play kube would fail to create
    containers due to an unspecified log driver
  - Fixed a bug where Podman would fail to build with musl libc
    (#3284)
  - Fixed a bug where rootless Podman using slirp4netns networking
    in an environment with no nameservers on the host other than
    localhost would result in nonfunctional networking (#3277)
  - Fixed a bug where podman import would not properly set
    environment variables, discarding their values and retaining
    only keys
  - Fixed a bug where Podman would fail to run when built with
    Apparmor support but run on systems without the Apparmor kernel
    module loaded (#3331)
  - Remote Podman will now default the username it uses to log in
    to remote systems to the username of the current user
  - Podman now uses JSON logging with OCI runtimes that support it,
    allowing for better error reporting
  - Updated vendored Buildah to v1.8.4
  - Updated vendored containers/image to v2.0
- Update to image v2.0.0
  - Add registry mirror support
  - Include missing man pages (bsc#1139526)
- Update to storage v1.12.10
  - Add support for UID as well as UserName in /etc/subuid files.
  - utils: fix check for missing conf file
  - compression: add support for the zstd algorithm
  - overlay: cache the results of
    supported/using-metacopy/use-naive-diff feature tests
​
-------------------------------------------------------------------
Tue Jun 11 07:06:13 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update to libpod v1.4.0
  - The podman checkpoint and podman restore commands can now be
    used to migrate containers between Podman installations on
    different systems
  - The podman cp command now supports a pause flag to pause
    containers while copying into them
  - The remote client now supports a configuration file for
    pre-configuring connections to remote Podman installations
  - Fixed CVE-2019-10152 - The podman cp command improperly
    dereferenced symlinks in host context
  - Fixed a bug where podman commit could improperly set
    environment variables that contained = characters
  - Fixed a bug where rootless Podman would sometimes fail to start
    containers with forwarded ports
  - Fixed a bug where podman version on the remote client could
    segfault
  - Fixed a bug where podman container runlabel would use
    /proc/self/exe instead of the path of the Podman command when
    printing the command being executed
  - Fixed a bug where filtering images by label did not work
  - Fixed a bug where specifying a bing mount or tmpfs mount over
    an image volume would cause a container to be unable to start
  - Fixed a bug where podman generate kube did not work with
    containers with named volumes
  - Fixed a bug where rootless Podman would receive permission
    denied errors accessing conmon.pid
  - Fixed a bug where podman cp with a folder specified as target
    would replace the folder, as opposed to copying into it
  - Fixed a bug where rootless Podman commands could double-unlock
    a lock, causing a crash
  - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
    mounts, causing errors when using the Kata containers runtime
  - Fixed a bug where podman exec would fail on older kernels
  - The podman commit command is now usable with the Podman remote
    client
  - The --signature-policy flag (used with several image-related
    commands) has been deprecated
  - The podman unshare command now defines two environment
    variables in the spawned shell: CONTAINERS_RUNROOT and
    CONTAINERS_GRAPHROOT, pointing to temporary and permanent
    storage for rootless containers
  - Updated vendored containers/storage and containers/image
    libraries with numerous bugfixes
  - Updated vendored Buildah to v1.8.3
  - Podman now requires Conmon v0.2.0
  - The podman cp command is now aliased as podman container cp
  - Rootless Podman will now default init_path using root Podman's
    configuration files (/etc/containers/libpod.conf and
    /usr/share/containers/libpod.conf) if not overridden in the
    rootless configuration
- Update to image v1.5.1
  - Vendor in latest containers/storage
  - docker/docker_client: Drop redundant Domain(ref.ref) call
  - pkg/blobinfocache: Split implementations into subpackages
  - copy: progress bar: show messages on completion
  - docs: rename manpages to *.5.command
  - add container-certs.d.md manpage
  - pkg/docker/config: Bring auth tests from
    docker/docker_client_test
  - Don't allocate a sync.Mutex separately
- Update to storage v1.12.10
  - Add function to parse out mount options from graphdriver
  - Merge the disparate parts of all of the Unix-like lockfiles
  - Fix unix-but-not-Linux compilation
  - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set
  - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes
  - lockfile: add RecursiveLock() API
  - Update generated files
  - Fix crash on tesing of aufs code
  - Let consumers know when Layers and Images came from read-only stores
  - chown: do not change owner for the mountpoint
  - locks: correctly mark updates to the layers list
  - CreateContainer: don't worry about mapping layers unless necessary
  - docs: fix manpage for containers-storage.conf
  - docs: sort configuration options alphabetically
  - docs: document OSTree file deduplication
  - Add missing options to man page for containers-storage
  - overlay: use the layer idmapping if present
  - vfs: prefer layer custom idmappings
  - layers: propagate down the idmapping settings
  - Recreate symlink when not found
  - docs: fix manpage for configuration file
  - docs: add special handling for manpages in sect 5
  - overlay: fix single-lower test
  - Recreate symlink when not found
  - overlay: propagate errors from mountProgram
  - utils: root in a userns uses global conf file
  - Fix handling of additional stores
  - Correctly check permissions on rootless directory
  - Fix possible integer overflow on 32bit builds
  - Evaluate device path for lvm
  - lockfile test: make concurrent RW test determinisitc
  - lockfile test: make concurrent read tests deterministic
  - drivers.DirCopy: fix filemode detection
  - storage: move the logic to detect rootless into utils.go
  - Don't set (struct flock).l_pid
  - Improve documentation of getLockfile
  - Rename getLockFile to createLockerForPath, and document it
  - Add FILES section to containers-storage.5 man page
  - add digest locks
  - drivers/copy: add a non-cgo fallback
- Add default SLES mounts for container-suseconnect usage
​
-------------------------------------------------------------------
Tue Jun  4 14:27:15 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Add util-linux and grep as Requires(post) to ensure btrfs config gets made correctly
​
-------------------------------------------------------------------
Mon Apr  1 14:24:17 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to libpod v1.2.0
  * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
  * Move pkg/util default storage functions from libpod to containers/storage
- Update to image v1.5
  * Minor behind the scene bugfixes, no user facing changes
- Update to storage v1.12.1
  * Move pkg/util default storage functions from libpod to containers/storage
  * containers/storage no longer depends on containers/image
- Version 20190401
​
-------------------------------------------------------------------
Wed Feb 27 14:51:55 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to libpod v1.1.0
   * Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
   * Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
​
-------------------------------------------------------------------
Tue Feb 19 15:34:54 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Upgrade to storage v1.10
  * enable parallel blob reads
  * Teach images to hold multiple manifests
  * Move structs for storage.conf to pkg/config
- Upgrade to libpod v1.0.1
  * Do not unmarshal into c.config.Spec
  * spec: add nosuid,noexec,nodev to ro bind mount
​
-------------------------------------------------------------------
Sat Feb  2 11:07:30 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Restore non-upstream storage.conf, needed by CRI-O
​
-------------------------------------------------------------------
Fri Jan 25 14:30:45 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Upgrade to storage v1.8
  * Check for the OS when setting btrfs/libdm/ostree tags
- Upgrade to image v1.3
  * vendor: use github.com/klauspost/pgzip instead of compress/gzip
  * vendor latest ostree
- Refactor specfile to use versioned tarballs
- Established package versioning scheme (ISODATE of change)
- Remove non-upstream storage.conf
- Set btrfs as default driver if /var/lib is on btrfs [boo#1123119]
- Version 20190125
​
-------------------------------------------------------------------
Thu Jan 17 14:20:49 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Upgrade to storage v1.6
  * Remove private mount from zfs driver
  * Update zfs driver to be closer to moby driver
  * Use mount options when mounting the chown layer.
​
-------------------------------------------------------------------
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Upgrade to libpod v1.0.0
  * Fixed a bug where storage.conf was sometimes ignored for rootless containers
​
-------------------------------------------------------------------
Tue Jan  8 11:35:41 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Upgrade to libpod v0.12.1.2 and storage v1.4
  * No significant functional or packaging changes
​
-------------------------------------------------------------------
Sun Jan  6 22:11:02 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- storage.conf - restore btrfs as the default driver
​
-------------------------------------------------------------------
Fri Dec  7 10:54:37 UTC 2018 - Richard Brown <rbrown@suse.com>
​
- Update to latest libpod and storage to support cri-o 1.13
​
-------------------------------------------------------------------
Wed Dec  5 14:45:37 UTC 2018 - Richard Brown <rbrown@suse.com>
​
- Use seccomp.json from github.com/containers/libpod, instead of
  installing the tar.xz on users systems (boo#1118444)
​
-------------------------------------------------------------------
Mon Nov 12 09:21:37 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Add oci-hooks(5) manpage from libpod.
​
-------------------------------------------------------------------
Mon Nov 12 08:14:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Use seccomp.json from github.com/containers/libpod to align with the
  upstream defaults.
​
- Update to the latest image and storage to pull in improvements to the
  manpages.
​
-------------------------------------------------------------------
Mon Aug 27 14:24:51 UTC 2018 - vrothberg@suse.com
​
- storage.conf: comment out options that are not supported by btrfs.
  This simplifies switching the driver as it avoids the whack-a-mole
  of commenting out "unsupported" options.
​
-------------------------------------------------------------------
Mon Aug 27 08:48:16 UTC 2018 - vrothberg@suse.com
​
- Consolidate libcontainers-{common,image,storage} into one package,
  libcontainers-common. That's the way upstream intended all libraries from
  github.com/containers to be packaged. It facilitates updating and maintaining
  the package, as all configs and manpages come from a central source.
​
  Note that the `storage` binary that previously has been provided by the
  libcontainers-storage package is not provided anymore as, despite the claims
  in the manpages, it is not intended for production use.
​
-------------------------------------------------------------------
Mon Aug 13 11:44:31 UTC 2018 - vrothberg@suse.com
​
- Make libcontainers-common arch independent.
​
- Add LICENSE.
​
-------------------------------------------------------------------
Thu Apr 12 09:36:39 UTC 2018 - fcastelli@suse.com
​
- Added /usr/share/containers/oci/hooks.d and /etc/containers/oci/hooks.d
  to the package. These are used by tools like cri-o and podman to store
  custom hooks.
​
-------------------------------------------------------------------
Mon Mar  5 09:30:12 UTC 2018 - vrothberg@suse.com
​
- Configuration files should generally be tagged as %config(noreplace) in order
  to keep the modified config files and to avoid losing data when the package
  is being updated.
​
  feature#crio
​
-------------------------------------------------------------------
Thu Feb  8 13:07:24 UTC 2018 - vrothberg@suse.com
​
- Add libcontainers-common package.
​

Places

File libcontainers-common.changes of Package libcontainers-common

Places