Remove user-facing CLI options for CNI network backend:
CLI flags:
- Keep --network-backend global flag as hidden and deprecated for
backward compatibility with cleanup commands from 5.x containers
- Map flag to a throwaway variable (value is ignored)
- Remove shell completion for network backend values
Shell completions:
- Remove AutocompleteNetworkBackend() function
- Remove references to CNI and Netavark type constants
Backward compatibility:
- Remove --rootless-cni flag alias for podman unshare
- Remove SetNormalizeFunc that mapped rootless-cni to rootless-netns
- Update --rootless-netns flag description to mention only netavark
The --network-backend flag remains as a hidden deprecated flag to
prevent failures when upgrading from 5.x where containers may have
cleanup commands that include this flag. The flag is accepted but
ignored. Users can no longer specify CNI as a network backend option.
The --rootless-cni alias is removed; users must use --rootless-netns.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove test framework code that supported dual network backends:
Test utilities:
- Remove NetworkBackend enum type and constants (CNI, Netavark)
- Remove NetworkBackend.ToString() method
- Remove NetworkBackend field from PodmanTest struct
Test infrastructure:
- Remove SkipIfCNI() helper function
- Remove SkipIfNetavark() helper function
- Remove network backend selection logic based on NETWORK_BACKEND env var
- Remove CNI-specific network config directory setup
- Hardcode "netavark" in podman command line construction (flag will be removed in later commit)
Simplify test helpers:
- Simplify generateNetworkConfig() to only generate Netavark configs
- Remove conditional CNI vs Netavark network ID logic
- Update IP allocation comment to remove CNI-specific behavior description
Remove SkipIfCNI() calls from tests:
- Remove skip guards from Netavark-only feature tests
- These tests now run universally since Netavark is the only backend
Documentation:
- Remove NETWORK_BACKEND environment variable from test/README.md
All tests that were previously skipped with SkipIfCNI (Netavark-only
features) will now run for all users since Netavark is the only
supported network backend.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Remove test cases that only tested CNI-specific functionality:
- Remove "podman --cni-config-dir backwards compat" test
- Remove "podman CNI network create with internal should not have dnsname" test
Update CNI-specific test names to be network-backend agnostic:
- Rename "podman inspect container single CNI network" to "podman inspect container single network"
- Rename "podman inspect container two CNI networks (container not running)" to "podman inspect container two networks (container not running)"
- Rename "podman inspect container two CNI networks" to "podman inspect container two networks"
- Rename "podman run in custom CNI network with --static-ip" to "podman run in custom network with --static-ip"
- Rename "podman rootless cni adds /usr/sbin to PATH" to "podman rootless adds /usr/sbin to PATH"
Update test content to be backend-agnostic:
- Update skip reasons from "Requires root CNI networking" to "Requires root networking"
- Change --rootless-cni flag usage to --rootless-netns
- Update comments from "CNI network" to "network"
- Update comments from "iptables" to "nftables" for netavark
- Update test assertions to remove CNI-specific messaging
Remove CNI-related test documentation and comments:
- Remove commented-out CNI error messages from Python API tests
- Remove CNI network namespace error documentation from upgrade tests
- Remove CNI-related comments from BATS tests
Remove unused import of github.com/containernetworking/plugins/pkg/ns
from test/e2e/run_networking_test.go (test-only usage).
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
use name_to_handle_at and open_by_handle_at to persist rootless
namespaces without needing a pause process.
The namespace file handles are stored in a file and can be used to
rejoin the namespaces, as long as the namespaces still exist.
Fall back to the pause process approach only when the kernel doesn't
support nsfs handles (EOPNOTSUPP).
The feature is currently only enabled when the PODMAN_NO_PAUSE_PROCESS
environment variable is set.
These changes in the kernel are required (landed in Linux 6.18):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ab378cfa793
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The test was assuming v1.41, set v1.40 explicitly for the call.
And assume that the default version is using the newer syntax.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
All API versions before version 1.44 are now deprecated,
starting with Docker client version 1.29 giving an error:
"API version 1.41 is not supported by this client"
Previously it was backward-compatible for more than 10 years,
with version 1.24 being the version in classic Docker 1.12.
It seems like API code changes were already added?
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
Previously, `secret create` required stdin to be a pipe when using `-`,
blocking interactive stdin forcing users to use insecure patterns like
`echo "secret" | podman secret create <name>`.
Remove the pipe check to allow interactive stdin.
Closes #18591, #27879
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
The test for issue #19800 depended on finding a system user with an
octal UID. This approach was fragile because system users found on the
host may have a different UID in the testing image.
Use the rootless user ID instead which is likely to be octal anyway as
new user IDs start with 1000.
Signed-off-by: Ricardo Branco <rbranco@suse.de>
I happened to run `podman run --config=/path/to/file` and got
an error without a trailing newline, which was a bit jarring.
Fix the instances I noticed.
Assisted-by: OpenCode (Claude Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
We do not use that package that we install for the test anyway and doing
this networking connection is causing heavy flakes at the moment.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It fails due selinux, it is unlcear why so I filled #27759 for now to
track that so we can get the image update merged.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
