This update for podman fixes the following issues:
podman was updated to version 4.3.1:
4.3.1:
Bugfixes
Fixed a deadlock between the podman ps
and podman container inspect
commands
Misc
Updated the containers/image library to v5.23.1
4.3.0:
Features
A new command, podman generate spec
, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
podman update
, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restartedpodman kube down
, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to podman kube play --down
, but it now has its own command).podman kube play
command now supports Kubernetes secrets using Podman's secrets backend.podman kube play
command now integrate with sd-notify, using the io.containers.sdnotify
annotation (or io.containers.sdnotify/$name
for specific containers).podman kube play
can now be auto-updated, using the io.containers.auto-update
annotation (or io.containers.auto-update/$name
for specific containers).podman kube play
command can now read YAML from URLs, e.g. podman kube play https://example.com/demo.yml
podman kube play
command now supports the emptyDir
volume typepodman kube play
command now supports the HostUsers
field in the pod spec.podman play kube
command now supports binaryData
in ConfigMaps.podman pod create
command can now set additional resource limits for pods using the new --memory-swap
, --cpuset-mems
, --device-read-bps
, --device-write-bps
, --blkio-weight
, --blkio-weight-device
, and --cpu-shares
options.podman machine init
command now supports a new option, --username
, to set the username that will be used to connect to the VM as a non-root userpodman volume create
command's -o timeout=
option can now set a timeout of 0, indicating volume plugin operations will never time out.image
, which allows volumes to be created that are backed by images.podman run
and podman create
commands support a new option, --env-merge
, allowing environment variables to be specified relative to other environment variables in the image (e.g. podman run --env-merge 'PATH=$PATH:/my/app' ...
)podman run
and podman create
commands support a new option, --on-failure
, to allow action to be taken when a container fails health checks, with the following supported actions: none
(take no action, the default), kill
(kill the container), restart
(restart the container), and stop
(stop the container).--keep-id
option to podman create
and podman run
now supports new options, uid
and gid
, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. --userns=keep-id:uid=11
will made the user running Podman to UID 11 in the container)podman generate systemd
command now supports a new option, --env
/-e
, to set environment variables in the generated unit filepodman pause
and podman unpause
commands now support the --latest
, --cidfile
, and --filter
options.podman restart
command now supports the --cidfile
and --filter
options.podman rm
command now supports the --filter
option to select which containers will be removed.podman rmi
command now supports a new option, --no-prune
, to prevent the removal of dangling parents of removed images.--dns-opt
option to podman create
, podman run
, and podman pod create
has received a new alias, --dns-option
, to improve Docker compatibility.podman
command now features a new global flag, --debug
/-D
, which enables debug-level logging (identical to --log-level=debug
), improving Docker compatibility.podman
command now features a new global flag, --config
. This flag is ignored, and is only included for Docker compatibilitypodman manifest create
command now accepts a new option, --amend
/-a
.podman manifest create
, podman manifest add
and podman manifest push
commands now accept a new option, --insecure
(identical to --tls-verify=false
), improving Docker compatibility.podman secret create
command's --driver
and --format
options now have new aliases, -d
for --driver
and -f
for --format
.podman secret create
command now supports a new option, --label
/-l
, to add labels to created secrets.podman secret ls
command now accepts the --quiet
/-q
option.podman secret inspect
command now accepts a new option, --pretty
, to print output in human-readable format.podman stats
command now accepts the --no-trunc
option.podman save
command now accepts the --signature-policy
optionpodman pod inspect
command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected podspodman context
as aliases to existing podman system connection
commands, to improve Docker compatibility.--sig-proxy
option is set-v
option to podman run
, podman create
, and podman pod create
, so long as source, destination, and options all matchpodman generate kube
and podman play kube
commands have been renamed to podman kube generate
and podman kube play
to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.podman init
, podman container checkpoint
, podman container restore
, podman container cleanup
) now print the user-inputted name of the container, instead of its full ID, on success.--cpu-rt-period
and --cpu-rt-runtime
options to podman run
and podman create
now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)/dev/tty*
devices other than /dev/tty
itself into the containerpodman machine
commands has seen a thorough rework, addressing many issues about authentication.--network
option to podman kube play
now allows passing host
to set the pod to use host networking, even if the YAML does not request this.podman inspect
command on containers now includes the digest of the image used to create the container.podman play kube
are now, by default, placed into a network named podman-kube
. If the podman-kube
network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.Update to version 4.2.0:
Features
Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
Added an option to read image signing passphrase from a file.
Changes
Paused containers can now be killed with the podman kill command.
The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
Misc
Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
Update to version 4.1.1:
Fix CVE-2022-27191 / bsc#1197284
Require catatonit >= 0.1.7 for pause functionality needed by pods
Update to version 4.0.3:
Security
Changes
When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
Updated the containers/common library to v0.47.5
This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)