diff options
| author | Ed Santiago <santiago@redhat.com> | 2021-05-03 13:41:53 -0600 |
|---|---|---|
| committer | Ed Santiago <santiago@redhat.com> | 2021-05-03 20:15:21 -0600 |
| commit | 9fd7ab50f82c7eaccd2b9daca84e516367f610a2 (patch) | |
| tree | 85df0c24985f6f639aa1c4874d31957adb5a805a /test/system/170-run-userns.bats | |
| parent | b01ec314f58941c955a7b6f878ce995ab3239656 (diff) | |
| download | podman-9fd7ab50f82c7eaccd2b9daca84e516367f610a2.tar.gz podman-9fd7ab50f82c7eaccd2b9daca84e516367f610a2.tar.bz2 podman-9fd7ab50f82c7eaccd2b9daca84e516367f610a2.zip | |
System tests: honor $OCI_RUNTIME (for CI)
Some CI systems set $OCI_RUNTIME as a way to override the
default crun. Integration (e2e) tests honor this, but system
tests were not aware of the convention; this means we haven't
been testing system tests with runc, which means RHEL gating
tests are now failing.
The proper solution would be to edit containers.conf on CI
systems. Sorry, that would involve too much CI-VM work.
Instead, this PR detects $OCI_RUNTIME and creates a dummy
containers.conf file using that runtime.
Add: various skips for tests that don't work with runc.
Refactor: add a helper function so we don't need to do
the complicated 'podman info blah blah .OCIRuntime.blah'
thing in many places.
BUG: we leave a tmp file behind on exit.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Diffstat (limited to 'test/system/170-run-userns.bats')
| -rw-r--r-- | test/system/170-run-userns.bats | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index 2dc5b078f..eb6c4e259 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -6,22 +6,31 @@ load helpers +function _require_crun() { + runtime=$(podman_runtime) + if [[ $runtime != "crun" ]]; then + skip "runtime is $runtime; keep-groups requires crun" + fi +} + @test "podman --group-add keep-groups while in a userns" { - skip_if_rootless "choot is not allowed in rootless mode" + skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" + _require_crun run chroot --groups 1234 / ${PODMAN} run --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id is "$output" ".*65534(nobody)" "Check group leaked into user namespace" } @test "podman --group-add keep-groups while not in a userns" { - skip_if_rootless "choot is not allowed in rootless mode" + skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" + _require_crun run chroot --groups 1234,5678 / ${PODMAN} run --group-add keep-groups $IMAGE id is "$output" ".*1234" "Check group leaked into container" } @test "podman --group-add without keep-groups while in a userns" { - skip_if_rootless "choot is not allowed in rootless mode" + skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" run chroot --groups 1234,5678 / ${PODMAN} run --uidmap 0:200000:5000 --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" |