Skip to content

chore(deps): update quay.io/podman/stable docker tag to v4.7.2

Renovate Bot requested to merge renovate/quay.io-podman-stable-4.x into main

This MR contains the following updates:

Package Type Update Change
quay.io/podman/stable image minor v4.6.1 -> v4.7.2

Release Notes

containers/podman (quay.io/podman/stable)

v4.7.2

Compare Source

Security
Bugfixes
  • WSL: Fixed podman compose command.
  • Fixed a bug in podman compose to try all configured providers before throwing an error (#​20502).

v4.7.0

Compare Source

Security
  • Now the io.containers.capabilities LABEL in an image can be an empty string.
Features
  • New command set: podman farm [create,list,remove,update] has been created to "farm" out builds to machines running Podman for different architectures.
  • New command: podman compose as a thin wrapper around an external compose provider such as docker-compose or podman-compose.
  • FreeBSD: podman run --device is now supported.
  • Linux: Add a new --module flag for Podman.
  • Podmansh: Timeout is now configurable using the podmansh_timeout option in containers.conf.
  • SELinux: Add support for confined users to create containers but restrict them from creating privileged containers.
  • WSL: Registers shared socket bindings on Windows, to allow other WSL distributions easy remote access (#​15190).
  • WSL: Enabling user-mode-networking on older WSL2 generations will now detect an error with upgrade guidance.
  • The podman build command now supports two new options: --layer-label and --cw.
  • The podman kube generate command now supports generation of k8s DaemonSet kind (#​18899).
  • The podman kube generate and podman kube play commands now support the k8s TerminationGracePeriodSeconds field (RH BZ#2218061).
  • The podman kube generate and podman kube play commands now support securityContext.procMount: Unmasked (#​19881).
  • The podman generate kube command now supports a --podman-only flag to allow podman-only reserved annotations to be used in the generated YAML file. These annotations cannot be used by Kubernetes.
  • The podman kube generate now supports a --no-trunc flag that supports YAML files with annotations longer than 63 characters. Warning: if an annotation is longer than 63 chars, then the generated yaml file is not Kubernetes compatible.
  • An infra name annotation io.podman.annotations.infra.name is added in the generated yaml when the pod create command has --infra-name set. This annotation can also be used with kube play when wanting to customize the infra container name (#​18312).
  • The syntax of --uidmap and --gidmap has been extended to lookup the parent user namespace and to extend default mappings (#​18333).
  • The podman kube commands now support the List kind (#​19052).
  • The podman kube play command now supports environment variables in kube.yaml (#​15983).
  • The podman push and podman manifest push commands now support the --force-compression optionto prevent reusing other blobs (#​18860).
  • The podman manifest push command now supports --add-compression to push with compressed variants.
  • The podman manifest push command now honors the add_compression field from containers.conf if --add-compression is not set.
  • The podman run and podman create --mount commands now support the ramfs type (#​19659).
  • When running under systemd (e.g., via Quadlet), Podman will extend the start timeout in 30 second steps up to a maximum of 5 minutes when pulling an image.
  • The --add-host option now accepts the special string host-gateway instead of an IP Address, which will be mapped to the host IP address.
  • The podman generate systemd command is deprecated. Use Quadlet for running containers and pods under systemd.
  • The podman secret rm command now supports an --ignore option.
  • The --env-file option now supports multiline variables (#​18724).
  • The --read-only-tmpfs flag now affects /dev and /dev/shm as well as /run, /tmp, /var/tmp (#​12937).
  • The Podman --mount option now supports bind mounts passed as globs.
  • The --mount option can now be specified in containers.conf using the mounts field.
  • The podman stats now has an --all option to get all containers stats (#​19252).
  • There is now a new --sdnotify=healthy policy where Podman sends the READY message once the container turns healthy (#​6160).
  • Temporary files created when dealing with images in /var/tmp will automatically be cleaned up on reboot.
  • There is now a new filter option since for podman volume ls and podman volume prune (#​19228).
  • The podman inspect command now has tab-completion support (#​18672).
  • The podman kube play command now has support for the use of reserved annotations in the generated YAML.
  • The progress bar is now displayed when decompressing a Podman machine image (#​19240).
  • The podman secret inspect command supports a new option --showsecret which will output the actual secret.
  • The podman secret create now supports a --replace option, which allows you to modify secrets without replacing containers.
  • The podman login command can now read the secret for a registry from its secret database created with podman secret create (#​18667).
  • The remote Podman client’s podman play kube command now works with the --userns option (#​17392).
Changes
  • The /tmp and /var/tmp inside of a podman kube play will no longer be noexec.
  • The limit of inotify instances has been bumped from 128 to 524288 for podman machine (#​19848).
  • The podman kube play has been improved to only pull a newer image for the "latest" tag (#​19801).
  • Pulling from an oci transport will use the optional name for naming the image.
  • The podman info command will always display the existence of the Podman socket.
  • The echo server example in socket_activation.md has been rewritten to use quadlet instead of podman generate systemd.
  • Kubernetes support table documentation correctly show volumes support.
  • The podman auto-update manpage and documentation has been updated and now includes references to Quadlet.
Quadlet
  • Quadlet now supports setting Ulimit values.
  • Quadlet now supports setting the PidsLimit option in a container.
  • Quadlet unit files allow DNS field in Network group and DNS, DNSSearch, and DNSOption field in Container group (#​19884).
  • Quadlet now supports ShmSize option in unit files.
  • Quadlet now recursively calls in user directories for unit files.
  • Quadlet now allows the user to set the service working directory relative to the YAML or Unit files (17177).
  • Quadlet now allows setting user-defined names for Volume and Network units via the VolumeName and NetworkName directives, respectively.
  • Kube quadlets can now support autoupdate.
Bugfixes
  • Fixed an issue where containers were being restarted after a podman kill.
  • Fixed a bug where events could report incorrect healthcheck results (#​19237).
  • Fixed a bug where running a container in a pod didn't fail if volumes or mounts were specified in the containers.conf file.
  • Fixed a bug where pod cgroup limits were not being honored after a reboot (#​19175).
  • Fixed a bug where podman rm -af could fail to remove containers under some circumstances (#​18874).
  • Fixed a bug in rootless to clamp oom_score_adj to current value if it is too low (#​19829).
  • Fixed a bug where --hostuser was being parsed in base 8 instead of base 10 (#​19800).
  • Fixed a bug where kube down would error when an object did not exist (#​19711).
  • Fixed a bug where containers created via DOCKER API without specifying StopTimeout had StopTimeout defaulting to 0 seconds (#​19139).
  • Fixed a bug in podman exec to set umask to match the container it's execing into (#​19713).
  • Fixed a bug where podman kube play failed to set a container's Umask to the default 0022.
  • Fixed a bug to automatically reassign Podman's machine ssh port on Windows when it conflicts with in-use system ports (#​19554).
  • Fixed a bug where locales weren't passed to conmon correctly, resulting in a crash if some characters were specified over CLI (containers/common/#​272).
  • Fixed a bug where podman top would sometimes not print the full output (#​19504).
  • Fixed a bug were podman logs --tail could return incorrect lines when the k8s-file logger is used (#​19545).
  • Fixed a bug where podman stop did not ignore cidfile not existing when user specified --ignore flag (#​19546).
  • Fixed a bug where a container with an image volume and an inherited mount from the --volumes-from option that used the same path could not be created (#​19529).
  • Fixed a bug where podman cp via STDIN did not delete temporary files (#​19496).
  • Fixed a bug where Compatibility API did not accept timeout=-1 for stopping containers (#​17542).
  • Fixed a bug where podman run --rmi did not remove the container (#​15640).
  • Fixed a bug to recover from inconsistent podman-machine states with QEMU (#​16054).
  • Fixed a bug where CID Files on remote clients are not removed when container is removed (#​19420).
  • Fixed a bug in podman inspect to show a .NetworkSettings.SandboxKey path for containers created with --net=none (#​16716).
  • Fixed a concurrency bug in podman machine start using the QEMU provider (#​18662).
  • Fixed a bug in podman run and podman create where the command fails if the user specifies a non-existent authfile path (#​18938).
  • Fixed a bug where some distributions added extra quotes around the distribution name removed from podman info output (#​19340).
  • Fixed a crash validating --device argument for create and run (#​19335).
  • Fixed a bug where .HostConfig.PublishAllPorts always evaluates to false when inspecting a container created with --publish-all.
  • Fixed a bug in podman image trust command to allow using the local policy.json file (#​19073).
  • Fixed a bug where the cgroup file system was not correctly mounted when running without a network namespace in rootless mode (#​20073).
  • Fixed a bug where the --syslog flag was not passed to the cleanup process.
API
  • Fixed a bug with parsing of the pull query parameter for the compat /build endpoint (#​17778).
Misc
  • Updated Buildah to v1.32.0.

v4.6.2

Compare Source

Changes
  • Fixed a performance issue when calculating diff sizes in overlay. The podman system df command should see a significant performance improvement (#​19467).
Bugfixes
  • Fixed a bug where containers in a pod would use the pod restart policy over the set container restart policy (#​19671).
API
  • Fixed a bug in the Compat Build endpoint where the pull query parameter did not parse 0/1 as a boolean (#​17778).
Misc
  • Updated the containers/storage library to v1.48.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Renovate Bot

Merge request reports

Loading