summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorPaul Holzinger <paul.holzinger@web.de>2021-05-16 17:42:23 +0200
committerPaul Holzinger <paul.holzinger@web.de>2021-05-17 10:55:02 +0200
commit4462113c5e1d51b2ac6516afb96a9ae83c00254e (patch)
tree10727f7d0d237fa4303bc5f0d411a45e5565e882 /test
parenta6a3df0273d19197286d12a805d7bc34c787b25f (diff)
downloadpodman-4462113c5e1d51b2ac6516afb96a9ae83c00254e.tar.gz
podman-4462113c5e1d51b2ac6516afb96a9ae83c00254e.tar.bz2
podman-4462113c5e1d51b2ac6516afb96a9ae83c00254e.zip
podman network reload add rootless support
Allow podman network reload to be run as rootless user. While it is unlikely that the iptable rules are flushed inside the rootless cni namespace, it could still happen. Also fix podman network reload --all to ignore errors when a container does not have the bridge network mode, e.g. slirp4netns. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Diffstat (limited to 'test')
-rw-r--r--test/e2e/network_connect_disconnect_test.go4
-rw-r--r--test/system/500-networking.bats44
2 files changed, 32 insertions, 16 deletions
diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go
index 6974c7614..c82aacbe4 100644
--- a/test/e2e/network_connect_disconnect_test.go
+++ b/test/e2e/network_connect_disconnect_test.go
@@ -66,7 +66,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
con := podmanTest.Podman([]string{"network", "disconnect", netName, "test"})
con.WaitWithDefaultTimeout()
Expect(con.ExitCode()).ToNot(BeZero())
- Expect(con.ErrorToString()).To(ContainSubstring(`network mode "slirp4netns" is not supported`))
+ Expect(con.ErrorToString()).To(ContainSubstring(`"slirp4netns" is not supported: invalid network mode`))
})
It("podman network disconnect", func() {
@@ -132,7 +132,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
con := podmanTest.Podman([]string{"network", "connect", netName, "test"})
con.WaitWithDefaultTimeout()
Expect(con.ExitCode()).ToNot(BeZero())
- Expect(con.ErrorToString()).To(ContainSubstring(`network mode "slirp4netns" is not supported`))
+ Expect(con.ErrorToString()).To(ContainSubstring(`"slirp4netns" is not supported: invalid network mode`))
})
It("podman connect on a container that already is connected to the network should error", func() {
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 34220829a..f3478fa2f 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -215,7 +215,6 @@ load helpers
@test "podman network reload" {
skip_if_remote "podman network reload does not have remote support"
- skip_if_rootless "podman network reload does not work rootless"
random_1=$(random_string 30)
HOST_PORT=12345
@@ -225,29 +224,42 @@ load helpers
INDEX1=$PODMAN_TMPDIR/hello.txt
echo $random_1 > $INDEX1
+ # use default network for root
+ local netname=podman
+ # for rootless we have to create a custom network since there is no default network
+ if is_rootless; then
+ netname=testnet-$(random_string 10)
+ run_podman network create $netname
+ is "$output" ".*/cni/net.d/$netname.conflist" "output of 'network create'"
+ fi
+
# Bind-mount this file with a different name to a container running httpd
run_podman run -d --name myweb -p "$HOST_PORT:80" \
- -v $INDEX1:/var/www/index.txt \
- -w /var/www \
- $IMAGE /bin/busybox-extras httpd -f -p 80
+ --network $netname \
+ -v $INDEX1:/var/www/index.txt \
+ -w /var/www \
+ $IMAGE /bin/busybox-extras httpd -f -p 80
cid=$output
- run_podman inspect $cid --format "{{.NetworkSettings.IPAddress}}"
+ run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").IPAddress}}"
ip="$output"
- run_podman inspect $cid --format "{{.NetworkSettings.MacAddress}}"
+ run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").MacAddress}}"
mac="$output"
# Verify http contents: curl from localhost
run curl -s $SERVER/index.txt
is "$output" "$random_1" "curl 127.0.0.1:/index.txt"
- # flush the CNI iptables here
- run iptables -t nat -F CNI-HOSTPORT-DNAT
+ # rootless cannot modify iptables
+ if ! is_rootless; then
+ # flush the CNI iptables here
+ run iptables -t nat -F CNI-HOSTPORT-DNAT
- # check that we cannot curl (timeout after 5 sec)
- run timeout 5 curl -s $SERVER/index.txt
- if [ "$status" -ne 124 ]; then
- die "curl did not timeout, status code: $status"
+ # check that we cannot curl (timeout after 5 sec)
+ run timeout 5 curl -s $SERVER/index.txt
+ if [ "$status" -ne 124 ]; then
+ die "curl did not timeout, status code: $status"
+ fi
fi
# reload the network to recreate the iptables rules
@@ -255,9 +267,9 @@ load helpers
is "$output" "$cid" "Output does not match container ID"
# check that we still have the same mac and ip
- run_podman inspect $cid --format "{{.NetworkSettings.IPAddress}}"
+ run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").IPAddress}}"
is "$output" "$ip" "IP address changed after podman network reload"
- run_podman inspect $cid --format "{{.NetworkSettings.MacAddress}}"
+ run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").MacAddress}}"
is "$output" "$mac" "MAC address changed after podman network reload"
# check that we can still curl
@@ -275,6 +287,10 @@ load helpers
# cleanup the container
run_podman rm -f $cid
+
+ if is_rootless; then
+ run_podman network rm -f $netname
+ fi
}
@test "podman rootless cni adds /usr/sbin to PATH" {