Skip to content

chore(deps): update quay.io/containers/podman docker tag to v4.5.0

Botaniker (Bot) requested to merge renovate/quay.io-containers-podman-4.x into main

This MR contains the following updates:

Package Type Update Change
quay.io/containers/podman image-name minor v4.4.4 -> v4.5.0

Release Notes

containers/podman

v4.5.0

Compare Source

Features
  • The podman kube play command now supports the hostIPC field (#​17157).
  • The podman kube play command now supports a new flag, --wait, that keeps the workload running in foreground until killed with a sigkill or sigterm. The workloads are cleaned up and removed when killed (#​14522).
  • The podman kube generate and podman kube play commands now support SELinux filetype labels.
  • The podman kube play command now supports sysctl options (#​16711).
  • The podman kube generate command now supports generating the Deployments (#​17712).
  • The podman machine inspect command now shows information about named pipe addresses on Windows (#​16860).
  • The --userns=keep-id option for podman create, run, and kube play now works for root containers by copying the current mapping into a new user namespace (#​17337).
  • A new command has been added, podman secret exists, to verify if a secret with the given name exists.
  • The podman kube generate and podman kube play commands now support ulimit annotations (#​16404).
  • The podman create, run, pod create, and pod clone commands now support a new option, --shm-size-systemd, that allows limiting tmpfs sizes for systemd-specific mounts (#​17037).
  • The podman create and run commands now support a new option, --group-entry which customizes the entry that is written to the /etc/group file within the container when the --user option is used (#​14965).
  • The podman create and podman run commands now support a new option, --security-opt label=nested, which allows SELinux labeling within a confined container.
  • A new command, podman machine os apply has been added, which applies OS changes to a Podman machine, from an OCI image.
  • The podman search command now supports two new options: --cert-dir and --creds.
  • Defaults for the --cgroup-config option for podman create and podman run can now be set in containers.conf.
  • Podman now supports auto updates for containers running inside a pod (#​17181).
  • Podman can now use a SQLite database as a backend for increased stability. The default remains the old database, BoltDB. The database to use is selected through the database_backend field in containers.conf.
  • Netavark plugin support has been added. The netavark network backend now allows users to create custom network drivers. podman network create -d <plugin> can be used to create a network config for your plugin and then Podman will use it like any other config and takes care of setup/teardown on container start/stop. This requires at least Netavark version 1.6.
  • DHCP with macvlan and the netavark backend is now supported.
Changes
  • Remote builds using the podman build command no longer allows .containerignore or .dockerignore files to be symlinks outside the build context.
  • The podman system reset command now clears build caches.
  • The podman play kube command now adds ctrName as an alias to the pod network (#​16544).
  • The podman kube generate command no longer adds hostPort to the pod spec when generating service kinds.
  • Using a private cgroup namespace with systemd containers on a cgroups v1 system will explicitly error (this configuration has never worked) (#​17727).
  • The SYS_CHROOT capability has been re-added to the default set of capabilities.
  • Listing large quantities of images with the podman images command has seen a significant performance improvement (#​17828).
Quadlet
  • Quadlet now supports the Rootfs= option, allowing containers to be based on rootfs in addition to image.
  • Quadlet now supports the Secret key in the Container group.
  • Quadlet now supports the Logdriver key in .container and .kube units.
  • Quadlet now supports the Mount key in .container files (#​17632).
  • Quadlet now supports specifying static IPv4 and IPv6 addresses in .container files via the IP= and IP6= options.
  • Quadlet now supports health check configuration in .container files.
  • Quadlet now supports relative paths in the Volume key in .container files (#​17418).
  • Quadlet now supports setting the UID and GID options for --userns=keep-id (#​17908).
  • Quadlet now supports adding tmpfs filesystems through the Tmpfs key in .container files (#​17907).
  • Quadlet now supports the UserNS option in .container files, which will replace the existing RemapGid, RemapUid, RemapUidSize and RemapUsers options in a future release (#​17984).
  • Quadlet now includes a --version option.
  • Quadlet now forbids specifying SELinux label types, including disabling selinux separation.
  • Quadlet now does not set log-driver by default.
  • Fixed a bug where Quadlet did not recognize paths starting with systemd specifiers as absolute (#​17906).
Bugfixes
  • Fixed a bug in the network list API where a race condition would cause the list to fail if a container had just been removed (#​17341).
  • Fixed a bug in the podman image scp command to correctly use identity settings.
  • Fixed a bug in the remote Podman client's podman build command where building from stdin would fail. podman --remote build -f - now works correctly (#​17495).
  • Fixed a bug in the podman volume prune command where exclusive (!=) filters would fail (#​17051).
  • Fixed a bug in the --volume option in the podman create, run, pod create, and pod clone commands where specifying relative mappings or idmapped mounts would fail (#​17517).
  • Fixed a bug in the podman kube play command where a secret would be created, but nothing would be printed on the terminal (#​17071).
  • Fixed a bug in the podman kube down command where secrets were not removed.
  • Fixed a bug where cleaning up after an exited container could segfault on non-Linux operating systems.
  • Fixed a bug where the podman inspect command did not properly list the network configuration of containers created with --net=none or --net=host (#​17385).
  • Fixed a bug where containers created with user-specified SELinux labels that created anonymous or named volumes would create those volumes with incorrect labels.
  • Fixed a bug where the podman checkpoint restore command could panic.
  • Fixed a bug in the podman events command where events could be returned more than once after a log file rotation (#​17665).
  • Fixed a bug where errors from systemd when restarting units during a podman auto-update command were not reported.
  • Fixed a bug where containers created with the --health-on-failure=restart option were not restarting when the health state turned unhealthy (#​17777).
  • Fixed a bug where containers using the slirp4netns network mode with the cidr option and a custom user namespace did not set proper DNS IPs in resolv.conf.
  • Fixed a bug where the podman auto-update command could fail to restart systemd units (#​17607).
  • Fixed a bug where the podman play kube command did not properly handle secret.items in volumes (#​17829).
  • Fixed a bug where the podman generate kube command could generate pods with invalid names and hostnames (#​18054).
  • Fixed a bug where names of limits (such as RLIMIT_NOFILE) passed to the --ulimit option to podman create and podman run were case-sensitive (#​18077).
  • Fixed a possible corruption issue with the configuration state of podman machine during system failures on Mac, Linux, and Windows.
API
  • The Compat Stats endpoint for Containers now returns the Id key as lowercase id to match Docker (#​17869).
  • Fixed a bug where the Compat top endpoint incorrectly returned titles as a string instead of a list (#​17524).
Misc
  • The podman version command no longer joins the rootless user namespace (#​17657).
  • The podman-events --stream option is no longer hidden and is now documented.
  • Updated Buildah to v1.30.0
  • Updated the containers/storage library to v1.46.1
  • Updated the containers/image library to v5.25.0
  • Updated the containers/common library to v0.52.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.

Edited by Botaniker (Bot)

Merge request reports