Security
- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
Changes
- The
podman machine rm --forcecommand will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a
podman machineVM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
Bugfixes
- Fixed a bug where devices added to containers by the
--deviceoption topodman runandpodman createwould not be accessible within the container. - Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink (#13346).
- Fixed a bug where pods would be created with cgroups even if cgroups were disabled in
containers.conf(#13411). - Fixed a bug where the
podman play kubecommand would produce confusing errors if invalid YAML with duplicated container named was passed (#13332). - Fixed a bug where the
podman machine rmcommand would not remove the Podman API socket on the host that was associated with the VM. - Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes.
- Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled (#13388).
- Fixed a bug where the
podman versioncommand could sometimes print excess blank lines as part of its output. - Fixed a bug where the
podman generate systemdcommand would sometimes generate systemd services with names beginning with a hyphen (#13272). - Fixed a bug where locally building the pause image could fail if the current directory contained a
.dockerignorefile (#13529). - Fixed a bug where root containers in VMs created by
podman machinecould not bind ports to specific IPs on the host (#13543). - Fixed a bug where the storage utilization percentages displayed by
podman system dfwere incorrect (#13516). - Fixed a bug where the CPU utilization percentages displayed by
podman statswere incorrect (#13597). - Fixed a bug where containers created with the
--no-healthcheckoption would still display healthcheck status inpodman inspect(#13578). - Fixed a bug where the
podman pod rmcommand could print a warning about a missing cgroup (#13382). - Fixed a bug where the
podman execcommand could sometimes print atimed out waiting for fileerror after the process in the container exited (#13227). - Fixed a bug where virtual machines created by
podman machinewere not tolerant of changes to the path to the qemu binary on the host (#13394). - Fixed a bug where the remote Podman client's
podman buildcommand did not properly handle the context directory if a Containerfile was manually specified using-f(#13293). - Fixed a bug where Podman would not properly detect the use of
systemdas PID 1 in a container when the entrypoint was prefixed with/bin/sh -c(#13324). - Fixed a bug where rootless Podman could, on systems that do not use
systemdas init, print a warning message about the rootless network namespace (#13703). - Fixed a bug where the default systemd unit file for
podman system servicedid not delegate all cgroup controllers, resulting inpodman infoqueries against the remote API returning incorrect cgroup controllers (#13710). - Fixed a bug where the
slirp4netnsport forwarder for rootless Podman would only publish the first port of a range (#13643).
API
- Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts (#13108).
Misc
- The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug (#13557).
- Updated Buildah to v1.24.3
- Updated the containers/storage library to v1.38.3
- Updated the containers/image library to v5.19.2
- Updated the containers/common library to v0.47.5