Podman v4.0.3 Release Notes
-
๐ Security
- ๐ This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
๐ Changes
- ๐ The
podman machine rm --forcecommand will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a
podman machineVM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
๐ Bugfixes
- ๐ Fixed a bug where devices added to containers by the
--deviceoption topodman runandpodman createwould not be accessible within the container. - ๐ Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink (#13346).
- ๐ Fixed a bug where pods would be created with cgroups even if cgroups were disabled in
containers.conf(#13411). - ๐ Fixed a bug where the
podman play kubecommand would produce confusing errors if invalid YAML with duplicated container named was passed (#13332). - ๐ Fixed a bug where the
podman machine rmcommand would not remove the Podman API socket on the host that was associated with the VM. - ๐ Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes.
- ๐ Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled (#13388).
- ๐ Fixed a bug where the
podman versioncommand could sometimes print excess blank lines as part of its output. - ๐ Fixed a bug where the
podman generate systemdcommand would sometimes generate systemd services with names beginning with a hyphen (#13272). - ๐ Fixed a bug where locally building the pause image could fail if the current directory contained a
.dockerignorefile (#13529). - ๐ Fixed a bug where root containers in VMs created by
podman machinecould not bind ports to specific IPs on the host (#13543). - ๐ Fixed a bug where the storage utilization percentages displayed by
podman system dfwere incorrect (#13516). - ๐ Fixed a bug where the CPU utilization percentages displayed by
podman statswere incorrect (#13597). - ๐ Fixed a bug where containers created with the
--no-healthcheckoption would still display healthcheck status inpodman inspect(#13578). - ๐ Fixed a bug where the
podman pod rmcommand could print a warning about a missing cgroup (#13382). - ๐ Fixed a bug where the
podman execcommand could sometimes print atimed out waiting for fileerror after the process in the container exited (#13227). - ๐ Fixed a bug where virtual machines created by
podman machinewere not tolerant of changes to the path to the qemu binary on the host (#13394). - ๐ Fixed a bug where the remote Podman client's
podman buildcommand did not properly handle the context directory if a Containerfile was manually specified using-f(#13293). - ๐ Fixed a bug where Podman would not properly detect the use of
systemdas PID 1 in a container when the entrypoint was prefixed with/bin/sh -c(#13324). - ๐ Fixed a bug where rootless Podman could, on systems that do not use
systemdas init, print a warning message about the rootless network namespace (#13703). - ๐ Fixed a bug where the default systemd unit file for
podman system servicedid not delegate all cgroup controllers, resulting inpodman infoqueries against the remote API returning incorrect cgroup controllers (#13710). - ๐ Fixed a bug where the
slirp4netnsport forwarder for rootless Podman would only publish the first port of a range (#13643).
API
- ๐ Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts (#13108).
Misc
- ๐ง The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug (#13557).
- โก๏ธ Updated Buildah to v1.24.3
- โก๏ธ Updated the containers/storage library to v1.38.3
- โก๏ธ Updated the containers/image library to v5.19.2
- โก๏ธ Updated the containers/common library to v0.47.5