chore(deps): update quay.io/containers/podman docker tag to v4.5.0
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| quay.io/containers/podman | image-name | minor |
v4.4.4 -> v4.5.0
|
Release Notes
containers/podman
v4.5.0
Features
- The
podman kube playcommand now supports the hostIPC field (#17157). - The
podman kube playcommand now supports a new flag,--wait, that keeps the workload running in foreground until killed with a sigkill or sigterm. The workloads are cleaned up and removed when killed (#14522). - The
podman kube generateandpodman kube playcommands now support SELinux filetype labels. - The
podman kube playcommand now supports sysctl options (#16711). - The
podman kube generatecommand now supports generating the Deployments (#17712). - The
podman machine inspectcommand now shows information about named pipe addresses on Windows (#16860). - The
--userns=keep-idoption forpodman create,run, andkube playnow works for root containers by copying the current mapping into a new user namespace (#17337). - A new command has been added,
podman secret exists, to verify if a secret with the given name exists. - The
podman kube generateandpodman kube playcommands now support ulimit annotations (#16404). - The
podman create,run,pod create, andpod clonecommands now support a new option,--shm-size-systemd, that allows limiting tmpfs sizes for systemd-specific mounts (#17037). - The
podman createandruncommands now support a new option,--group-entrywhich customizes the entry that is written to the/etc/groupfile within the container when the--useroption is used (#14965). - The
podman createandpodman runcommands now support a new option,--security-opt label=nested, which allows SELinux labeling within a confined container. - A new command,
podman machine os applyhas been added, which applies OS changes to a Podman machine, from an OCI image. - The
podman searchcommand now supports two new options:--cert-dirand--creds. - Defaults for the
--cgroup-configoption forpodman createandpodman runcan now be set incontainers.conf. - Podman now supports auto updates for containers running inside a pod (#17181).
- Podman can now use a SQLite database as a backend for increased stability. The default remains the old database, BoltDB. The database to use is selected through the
database_backendfield incontainers.conf. - Netavark plugin support has been added. The netavark network backend now allows users to create custom network drivers.
podman network create -d <plugin>can be used to create a network config for your plugin and then Podman will use it like any other config and takes care of setup/teardown on container start/stop. This requires at least Netavark version 1.6. - DHCP with macvlan and the netavark backend is now supported.
Changes
- Remote builds using the
podman buildcommand no longer allows.containerignoreor.dockerignorefiles to be symlinks outside the build context. - The
podman system resetcommand now clears build caches. - The
podman play kubecommand now adds ctrName as an alias to the pod network (#16544). - The
podman kube generatecommand no longer adds hostPort to the pod spec when generating service kinds. - Using a private cgroup namespace with systemd containers on a cgroups v1 system will explicitly error (this configuration has never worked) (#17727).
- The
SYS_CHROOTcapability has been re-added to the default set of capabilities. - Listing large quantities of images with the
podman imagescommand has seen a significant performance improvement (#17828).
Quadlet
- Quadlet now supports the
Rootfs=option, allowing containers to be based on rootfs in addition to image. - Quadlet now supports the Secret key in the Container group.
- Quadlet now supports the Logdriver key in
.containerand.kubeunits. - Quadlet now supports the Mount key in
.containerfiles (#17632). - Quadlet now supports specifying static IPv4 and IPv6 addresses in
.containerfiles via the IP= and IP6= options. - Quadlet now supports health check configuration in
.containerfiles. - Quadlet now supports relative paths in the Volume key in .container files (#17418).
- Quadlet now supports setting the UID and GID options for
--userns=keep-id(#17908). - Quadlet now supports adding
tmpfsfilesystems through theTmpfskey in.containerfiles (#17907). - Quadlet now supports the
UserNSoption in.containerfiles, which will replace the existingRemapGid,RemapUid,RemapUidSizeandRemapUsersoptions in a future release (#17984). - Quadlet now includes a
--versionoption. - Quadlet now forbids specifying SELinux label types, including disabling selinux separation.
- Quadlet now does not set log-driver by default.
- Fixed a bug where Quadlet did not recognize paths starting with systemd specifiers as absolute (#17906).
Bugfixes
- Fixed a bug in the network list API where a race condition would cause the list to fail if a container had just been removed (#17341).
- Fixed a bug in the
podman image scpcommand to correctly use identity settings. - Fixed a bug in the remote Podman client's
podman buildcommand where building from stdin would fail.podman --remote build -f -now works correctly (#17495). - Fixed a bug in the
podman volume prunecommand where exclusive (!=) filters would fail (#17051). - Fixed a bug in the
--volumeoption in thepodman create,run,pod create, andpod clonecommands where specifying relative mappings or idmapped mounts would fail (#17517). - Fixed a bug in the
podman kube playcommand where a secret would be created, but nothing would be printed on the terminal (#17071). - Fixed a bug in the
podman kube downcommand where secrets were not removed. - Fixed a bug where cleaning up after an exited container could segfault on non-Linux operating systems.
- Fixed a bug where the
podman inspectcommand did not properly list the network configuration of containers created with--net=noneor--net=host(#17385). - Fixed a bug where containers created with user-specified SELinux labels that created anonymous or named volumes would create those volumes with incorrect labels.
- Fixed a bug where the
podman checkpoint restorecommand could panic. - Fixed a bug in the
podman eventscommand where events could be returned more than once after a log file rotation (#17665). - Fixed a bug where errors from systemd when restarting units during a
podman auto-updatecommand were not reported. - Fixed a bug where containers created with the
--health-on-failure=restartoption were not restarting when the health state turned unhealthy (#17777). - Fixed a bug where containers using the
slirp4netnsnetwork mode with thecidroption and a custom user namespace did not set proper DNS IPs inresolv.conf. - Fixed a bug where the
podman auto-updatecommand could fail to restart systemd units (#17607). - Fixed a bug where the
podman play kubecommand did not properly handlesecret.itemsin volumes (#17829). - Fixed a bug where the
podman generate kubecommand could generate pods with invalid names and hostnames (#18054). - Fixed a bug where names of limits (such as
RLIMIT_NOFILE) passed to the--ulimitoption topodman createandpodman runwere case-sensitive (#18077). - Fixed a possible corruption issue with the configuration state of
podman machineduring system failures on Mac, Linux, and Windows.
API
- The Compat Stats endpoint for Containers now returns the
Idkey as lowercaseidto match Docker (#17869). - Fixed a bug where the Compat top endpoint incorrectly returned titles as a string instead of a list (#17524).
Misc
- The
podman versioncommand no longer joins the rootless user namespace (#17657). - The
podman-events --streamoption is no longer hidden and is now documented. - Updated Buildah to v1.30.0
- Updated the containers/storage library to v1.46.1
- Updated the containers/image library to v5.25.0
- Updated the containers/common library to v0.52.0
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.
Edited by Botaniker (Bot)