diff options
author | Paul Holzinger <paul.holzinger@web.de> | 2021-05-16 17:42:23 +0200 |
---|---|---|
committer | Paul Holzinger <paul.holzinger@web.de> | 2021-05-17 10:55:02 +0200 |
commit | 4462113c5e1d51b2ac6516afb96a9ae83c00254e (patch) | |
tree | 10727f7d0d237fa4303bc5f0d411a45e5565e882 /test | |
parent | a6a3df0273d19197286d12a805d7bc34c787b25f (diff) | |
download | podman-4462113c5e1d51b2ac6516afb96a9ae83c00254e.tar.gz podman-4462113c5e1d51b2ac6516afb96a9ae83c00254e.tar.bz2 podman-4462113c5e1d51b2ac6516afb96a9ae83c00254e.zip |
podman network reload add rootless support
Allow podman network reload to be run as rootless user. While it is
unlikely that the iptable rules are flushed inside the rootless cni
namespace, it could still happen. Also fix podman network reload --all
to ignore errors when a container does not have the bridge network mode,
e.g. slirp4netns.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Diffstat (limited to 'test')
-rw-r--r-- | test/e2e/network_connect_disconnect_test.go | 4 | ||||
-rw-r--r-- | test/system/500-networking.bats | 44 |
2 files changed, 32 insertions, 16 deletions
diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index 6974c7614..c82aacbe4 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -66,7 +66,7 @@ var _ = Describe("Podman network connect and disconnect", func() { con := podmanTest.Podman([]string{"network", "disconnect", netName, "test"}) con.WaitWithDefaultTimeout() Expect(con.ExitCode()).ToNot(BeZero()) - Expect(con.ErrorToString()).To(ContainSubstring(`network mode "slirp4netns" is not supported`)) + Expect(con.ErrorToString()).To(ContainSubstring(`"slirp4netns" is not supported: invalid network mode`)) }) It("podman network disconnect", func() { @@ -132,7 +132,7 @@ var _ = Describe("Podman network connect and disconnect", func() { con := podmanTest.Podman([]string{"network", "connect", netName, "test"}) con.WaitWithDefaultTimeout() Expect(con.ExitCode()).ToNot(BeZero()) - Expect(con.ErrorToString()).To(ContainSubstring(`network mode "slirp4netns" is not supported`)) + Expect(con.ErrorToString()).To(ContainSubstring(`"slirp4netns" is not supported: invalid network mode`)) }) It("podman connect on a container that already is connected to the network should error", func() { diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 34220829a..f3478fa2f 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -215,7 +215,6 @@ load helpers @test "podman network reload" { skip_if_remote "podman network reload does not have remote support" - skip_if_rootless "podman network reload does not work rootless" random_1=$(random_string 30) HOST_PORT=12345 @@ -225,29 +224,42 @@ load helpers INDEX1=$PODMAN_TMPDIR/hello.txt echo $random_1 > $INDEX1 + # use default network for root + local netname=podman + # for rootless we have to create a custom network since there is no default network + if is_rootless; then + netname=testnet-$(random_string 10) + run_podman network create $netname + is "$output" ".*/cni/net.d/$netname.conflist" "output of 'network create'" + fi + # Bind-mount this file with a different name to a container running httpd run_podman run -d --name myweb -p "$HOST_PORT:80" \ - -v $INDEX1:/var/www/index.txt \ - -w /var/www \ - $IMAGE /bin/busybox-extras httpd -f -p 80 + --network $netname \ + -v $INDEX1:/var/www/index.txt \ + -w /var/www \ + $IMAGE /bin/busybox-extras httpd -f -p 80 cid=$output - run_podman inspect $cid --format "{{.NetworkSettings.IPAddress}}" + run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").IPAddress}}" ip="$output" - run_podman inspect $cid --format "{{.NetworkSettings.MacAddress}}" + run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").MacAddress}}" mac="$output" # Verify http contents: curl from localhost run curl -s $SERVER/index.txt is "$output" "$random_1" "curl 127.0.0.1:/index.txt" - # flush the CNI iptables here - run iptables -t nat -F CNI-HOSTPORT-DNAT + # rootless cannot modify iptables + if ! is_rootless; then + # flush the CNI iptables here + run iptables -t nat -F CNI-HOSTPORT-DNAT - # check that we cannot curl (timeout after 5 sec) - run timeout 5 curl -s $SERVER/index.txt - if [ "$status" -ne 124 ]; then - die "curl did not timeout, status code: $status" + # check that we cannot curl (timeout after 5 sec) + run timeout 5 curl -s $SERVER/index.txt + if [ "$status" -ne 124 ]; then + die "curl did not timeout, status code: $status" + fi fi # reload the network to recreate the iptables rules @@ -255,9 +267,9 @@ load helpers is "$output" "$cid" "Output does not match container ID" # check that we still have the same mac and ip - run_podman inspect $cid --format "{{.NetworkSettings.IPAddress}}" + run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").IPAddress}}" is "$output" "$ip" "IP address changed after podman network reload" - run_podman inspect $cid --format "{{.NetworkSettings.MacAddress}}" + run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").MacAddress}}" is "$output" "$mac" "MAC address changed after podman network reload" # check that we can still curl @@ -275,6 +287,10 @@ load helpers # cleanup the container run_podman rm -f $cid + + if is_rootless; then + run_podman network rm -f $netname + fi } @test "podman rootless cni adds /usr/sbin to PATH" { |