aboutsummaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-08-11 15:00:57 -0400
committerGitHub <noreply@github.com>2020-08-11 15:00:57 -0400
commit1deb4d1d70efb6d62f4fe5e735c94523f930b6d7 (patch)
tree394020b1a48f76cd283e450d6952cf08a4f53dde /test
parent9a9ad853cb6781460829cb139cecbf9aff37896d (diff)
parent3f2cab86433859a1facf1996ad68dac23c9899b9 (diff)
downloadpodman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.tar.gz
podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.tar.bz2
podman-1deb4d1d70efb6d62f4fe5e735c94523f930b6d7.zip
Merge pull request #7289 from vrothberg/v2-backports
V2 backports
Diffstat (limited to 'test')
-rw-r--r--test/apiv2/01-basic.at8
-rw-r--r--test/apiv2/35-networks.at8
-rw-r--r--test/apiv2/rest_api/test_rest_v1_0_0.py21
-rw-r--r--test/e2e/generate_systemd_test.go12
-rw-r--r--test/e2e/image_sign_test.go62
-rw-r--r--test/e2e/logs_test.go8
-rw-r--r--test/e2e/run_networking_test.go12
-rw-r--r--test/e2e/run_passwd_test.go8
-rw-r--r--test/e2e/run_test.go6
-rw-r--r--test/e2e/run_userns_test.go35
-rw-r--r--test/e2e/sign/secret-key.asc57
-rw-r--r--test/e2e/start_test.go12
-rw-r--r--test/system/030-run.bats66
-rw-r--r--test/system/035-logs.bats2
-rw-r--r--test/system/050-stop.bats7
-rw-r--r--test/system/055-rm.bats2
-rw-r--r--test/system/070-build.bats153
-rw-r--r--test/system/075-exec.bats31
-rw-r--r--test/system/110-history.bats2
-rw-r--r--test/system/120-load.bats4
-rw-r--r--test/system/130-kill.bats2
-rw-r--r--test/system/140-diff.bats13
-rw-r--r--test/system/160-volumes.bats2
-rw-r--r--test/system/200-pod.bats14
-rw-r--r--test/system/220-healthcheck.bats1
-rw-r--r--test/system/400-unprivileged-access.bats68
-rw-r--r--test/system/410-selinux.bats9
-rw-r--r--test/system/helpers.bash62
-rwxr-xr-xtest/system/helpers.t70
29 files changed, 712 insertions, 45 deletions
diff --git a/test/apiv2/01-basic.at b/test/apiv2/01-basic.at
index 79dac990a..96b6aef7c 100644
--- a/test/apiv2/01-basic.at
+++ b/test/apiv2/01-basic.at
@@ -5,9 +5,15 @@
# NOTE: paths with a leading slash will be interpreted as-is;
# paths without will have '/v1.40/' prepended.
-t GET /_ping 200 OK
+t GET /_ping 200 OK
t HEAD /_ping 200
t GET /libpod/_ping 200 OK
+t HEAD /libpod/_ping 200
+
+t GET _ping 200 OK
+t HEAD _ping 200
+t GET libpod/_ping 200 OK
+t HEAD libpod/_ping 200
for i in /version version; do
t GET $i 200 \
diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at
new file mode 100644
index 000000000..fff3f3b1f
--- /dev/null
+++ b/test/apiv2/35-networks.at
@@ -0,0 +1,8 @@
+# -*- sh -*-
+#
+# network-related tests
+#
+
+t GET /networks/non-existing-network 404
+
+# vim: filetype=sh
diff --git a/test/apiv2/rest_api/test_rest_v1_0_0.py b/test/apiv2/rest_api/test_rest_v1_0_0.py
index 7c53623cb..2e574e015 100644
--- a/test/apiv2/rest_api/test_rest_v1_0_0.py
+++ b/test/apiv2/rest_api/test_rest_v1_0_0.py
@@ -13,9 +13,11 @@ from multiprocessing import Process
import requests
from dateutil.parser import parse
+PODMAN_URL = "http://localhost:8080"
+
def _url(path):
- return "http://localhost:8080/v1.0.0/libpod" + path
+ return PODMAN_URL + "/v1.0.0/libpod" + path
def podman():
@@ -205,7 +207,21 @@ class TestApi(unittest.TestCase):
search.join(timeout=10)
self.assertFalse(search.is_alive(), "/images/search took too long")
- def validateObjectFields(self, buffer):
+ def test_ping(self):
+ r = requests.get(PODMAN_URL + "/_ping")
+ self.assertEqual(r.status_code, 200, r.text)
+
+ r = requests.head(PODMAN_URL + "/_ping")
+ self.assertEqual(r.status_code, 200, r.text)
+
+ r = requests.get(_url("/_ping"))
+ self.assertEqual(r.status_code, 200, r.text)
+
+ r = requests.get(_url("/_ping"))
+ self.assertEqual(r.status_code, 200, r.text)
+
+
+def validateObjectFields(self, buffer):
objs = json.loads(buffer)
if not isinstance(objs, dict):
for o in objs:
@@ -214,6 +230,5 @@ class TestApi(unittest.TestCase):
_ = objs["Id"]
return objs
-
if __name__ == '__main__':
unittest.main()
diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go
index 654e99531..151d3f6fc 100644
--- a/test/e2e/generate_systemd_test.go
+++ b/test/e2e/generate_systemd_test.go
@@ -53,6 +53,18 @@ var _ = Describe("Podman generate systemd", func() {
Expect(session).To(ExitWithError())
})
+ It("podman generate systemd bad restart-policy value", func() {
+ session := podmanTest.Podman([]string{"create", "--name", "foobar", "alpine", "top"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"generate", "systemd", "--restart-policy", "bogus", "foobar"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).To(ExitWithError())
+ found, _ := session.ErrorGrepString("Error: bogus is not a valid restart policy")
+ Expect(found).Should(BeTrue())
+ })
+
It("podman generate systemd good timeout value", func() {
session := podmanTest.Podman([]string{"create", "--name", "foobar", "alpine", "top"})
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/image_sign_test.go b/test/e2e/image_sign_test.go
new file mode 100644
index 000000000..d5d460b38
--- /dev/null
+++ b/test/e2e/image_sign_test.go
@@ -0,0 +1,62 @@
+// +build !remote
+
+package integration
+
+import (
+ "os"
+ "os/exec"
+ "path/filepath"
+
+ . "github.com/containers/libpod/v2/test/utils"
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+)
+
+var _ = Describe("Podman image sign", func() {
+ var (
+ origGNUPGHOME string
+ tempdir string
+ err error
+ podmanTest *PodmanTestIntegration
+ )
+
+ BeforeEach(func() {
+ tempdir, err = CreateTempDirInTempDir()
+ if err != nil {
+ os.Exit(1)
+ }
+ podmanTest = PodmanTestCreate(tempdir)
+ podmanTest.Setup()
+ podmanTest.SeedImages()
+
+ tempGNUPGHOME := filepath.Join(podmanTest.TempDir, "tmpGPG")
+ err := os.Mkdir(tempGNUPGHOME, os.ModePerm)
+ Expect(err).To(BeNil())
+
+ origGNUPGHOME = os.Getenv("GNUPGHOME")
+ err = os.Setenv("GNUPGHOME", tempGNUPGHOME)
+ Expect(err).To(BeNil())
+
+ })
+
+ AfterEach(func() {
+ podmanTest.Cleanup()
+ f := CurrentGinkgoTestDescription()
+ processTestResult(f)
+ os.Setenv("GNUPGHOME", origGNUPGHOME)
+ })
+
+ It("podman sign image", func() {
+ cmd := exec.Command("gpg", "--import", "sign/secret-key.asc")
+ err := cmd.Run()
+ Expect(err).To(BeNil())
+ sigDir := filepath.Join(podmanTest.TempDir, "test-sign")
+ err = os.MkdirAll(sigDir, os.ModePerm)
+ Expect(err).To(BeNil())
+ session := podmanTest.Podman([]string{"image", "sign", "--directory", sigDir, "--sign-by", "foo@bar.com", "docker://library/alpine"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ _, err = os.Stat(filepath.Join(sigDir, "library"))
+ Expect(err).To(BeNil())
+ })
+})
diff --git a/test/e2e/logs_test.go b/test/e2e/logs_test.go
index 298174a63..20af3daa3 100644
--- a/test/e2e/logs_test.go
+++ b/test/e2e/logs_test.go
@@ -72,16 +72,16 @@ var _ = Describe("Podman logs", func() {
Expect(len(results.OutputToStringArray())).To(Equal(0))
})
- It("tail 99 lines", func() {
- logc := podmanTest.Podman([]string{"run", "-dt", ALPINE, "sh", "-c", "echo podman; echo podman; echo podman"})
+ It("tail 800 lines", func() {
+ logc := podmanTest.Podman([]string{"run", "-dt", ALPINE, "sh", "-c", "i=1; while [ \"$i\" -ne 1000 ]; do echo \"line $i\"; i=$((i + 1)); done"})
logc.WaitWithDefaultTimeout()
Expect(logc).To(Exit(0))
cid := logc.OutputToString()
- results := podmanTest.Podman([]string{"logs", "--tail", "99", cid})
+ results := podmanTest.Podman([]string{"logs", "--tail", "800", cid})
results.WaitWithDefaultTimeout()
Expect(results).To(Exit(0))
- Expect(len(results.OutputToStringArray())).To(Equal(3))
+ Expect(len(results.OutputToStringArray())).To(Equal(800))
})
It("tail 2 lines with timestamps", func() {
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 40cc9e1e6..88e289f1f 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -238,6 +238,18 @@ var _ = Describe("Podman run networking", func() {
Expect((hp1 == "4000" && hp2 == "8000") || (hp1 == "8000" && hp2 == "4000")).To(BeTrue())
})
+ It("podman run -p 0.0.0.0:8080:80", func() {
+ name := "testctr"
+ session := podmanTest.Podman([]string{"create", "-t", "-p", "0.0.0.0:8080:80", "--name", name, ALPINE, "/bin/sh"})
+ session.WaitWithDefaultTimeout()
+ inspectOut := podmanTest.InspectContainer(name)
+ Expect(len(inspectOut)).To(Equal(1))
+ Expect(len(inspectOut[0].NetworkSettings.Ports)).To(Equal(1))
+ Expect(len(inspectOut[0].NetworkSettings.Ports["80/tcp"])).To(Equal(1))
+ Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Equal("8080"))
+ Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal(""))
+ })
+
It("podman run network expose host port 80 to container port 8000", func() {
SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"})
diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go
index d7f3233ef..6caf8a094 100644
--- a/test/e2e/run_passwd_test.go
+++ b/test/e2e/run_passwd_test.go
@@ -35,27 +35,27 @@ var _ = Describe("Podman run passwd", func() {
})
It("podman run no user specified ", func() {
- session := podmanTest.Podman([]string{"run", BB, "mount"})
+ session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeFalse())
})
It("podman run user specified in container", func() {
- session := podmanTest.Podman([]string{"run", "-u", "bin", BB, "mount"})
+ session := podmanTest.Podman([]string{"run", "--read-only", "-u", "bin", BB, "mount"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeFalse())
})
It("podman run UID specified in container", func() {
- session := podmanTest.Podman([]string{"run", "-u", "2:1", BB, "mount"})
+ session := podmanTest.Podman([]string{"run", "--read-only", "-u", "2:1", BB, "mount"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeFalse())
})
It("podman run UID not specified in container", func() {
- session := podmanTest.Podman([]string{"run", "-u", "20001:1", BB, "mount"})
+ session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:1", BB, "mount"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeTrue())
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index d2950ed43..95eecd042 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -797,7 +797,11 @@ USER mail`
})
It("podman run --pod automatically", func() {
- session := podmanTest.Podman([]string{"run", "--pod", "new:foobar", ALPINE, "ls"})
+ session := podmanTest.Podman([]string{"run", "-d", "--pod", "new:foobar", ALPINE, "nc", "-l", "-p", "8080"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "--pod", "foobar", ALPINE, "/bin/sh", "-c", "echo test | nc -w 1 127.0.0.1 8080"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go
index c0d98f7b1..fef125e60 100644
--- a/test/e2e/run_userns_test.go
+++ b/test/e2e/run_userns_test.go
@@ -89,6 +89,16 @@ var _ = Describe("Podman UserNS support", func() {
Expect(ok).To(BeTrue())
})
+ It("podman --userns=keep-id check passwd", func() {
+ session := podmanTest.Podman([]string{"run", "--userns=keep-id", "alpine", "id", "-un"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ u, err := user.Current()
+ Expect(err).To(BeNil())
+ ok, _ := session.GrepString(u.Name)
+ Expect(ok).To(BeTrue())
+ })
+
It("podman --userns=keep-id root owns /usr", func() {
session := podmanTest.Podman([]string{"run", "--userns=keep-id", "alpine", "stat", "-c%u", "/usr"})
session.WaitWithDefaultTimeout()
@@ -103,6 +113,31 @@ var _ = Describe("Podman UserNS support", func() {
Expect(session.OutputToString()).To(Equal("0"))
})
+ It("podman run --userns=keep-id can add users", func() {
+ if os.Geteuid() == 0 {
+ Skip("Test only runs without root")
+ }
+
+ userName := os.Getenv("USER")
+ if userName == "" {
+ Skip("Can't complete test if no username available")
+ }
+
+ ctrName := "ctr-name"
+ session := podmanTest.Podman([]string{"run", "--userns=keep-id", "--user", "root:root", "-d", "--stop-signal", "9", "--name", ctrName, fedoraMinimal, "sleep", "600"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ exec1 := podmanTest.Podman([]string{"exec", "-t", "-i", ctrName, "cat", "/etc/passwd"})
+ exec1.WaitWithDefaultTimeout()
+ Expect(exec1.ExitCode()).To(Equal(0))
+ Expect(exec1.OutputToString()).To(ContainSubstring(userName))
+
+ exec2 := podmanTest.Podman([]string{"exec", "-t", "-i", ctrName, "useradd", "testuser"})
+ exec2.WaitWithDefaultTimeout()
+ Expect(exec2.ExitCode()).To(Equal(0))
+ })
+
It("podman --userns=auto", func() {
u, err := user.Current()
Expect(err).To(BeNil())
diff --git a/test/e2e/sign/secret-key.asc b/test/e2e/sign/secret-key.asc
new file mode 100644
index 000000000..23c0d05c3
--- /dev/null
+++ b/test/e2e/sign/secret-key.asc
@@ -0,0 +1,57 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQOYBF8kNqwBCAC0x3Kog+WlDNwcR6rWIP8Gj2T6LrQ2/3knSyAWzTgC/OBB6Oh0
+KAokXLjy8J3diG3EaSltE7erGG/bZCz8jYvMiwDJScON4zzidotqjoY80E+NeRDg
+CC0gqvqmh0ftJIjYNBHzSxqrGRQwzwZU+u6ezlE8+0dvsHcHY+MRnxXJQrdM07EP
+Prp85kKckChDlJ1tyGUB/YHieFQmOW5+TERA7ZqQOAQ12Vviv6V4kNfEJJq3MS2c
+csZpO323tcHt3oebqsZCIElhX7uVw6GAeCw1tm4NZXs4g1yIC21Of/hzPeC18F72
+splCgKaAOiE9w/nMGLNEYy2NzgEclZLs2Y7jABEBAAEAB/9VOcwHvvrWN3xThsP2
+5CJmxNZtjfQfE4zZ5fRwW3pjCjVtTTC9hhzV7LKysZYzGPzqwksp5chKjKA7VXxR
+6ic0nHmX68MaEr2i5BExAJUveWNvxloazC/+PS0ishdKKNWs28t0n/0oGZAnvIn3
+KT+ytYCeF7ajZJWQ8dncdlvuf86I8GdmqP2Og9A67LUpJfH2rtpBjzH25nLSZ3Qz
+QbHoUIv318Wwb1sIidkmPsZufZG3pMsYjtFtJjkWt0lRsJQnSE9AQOpQTkLsVsh2
+FYQZ2ODhH8+NE86UNAAr2JiMZHoTrEUL2SLwpXEthFIR78N009dOS4nw8CLB61BL
+pr6lBADH6yoF95rI0LR3jphfr7e8K3BViTPK97wke6EqwTlVo0TCdR785sa8T8O8
+HvlYx4a+h3e6D4D0vjDPzxtevjdTjYmxqI3cwE2N3NFALgGBwHs01qRRIw4qxZlC
+1L1byJ8rUVi5z3YMO7X4RcXSAtg3fM2fx2x+sdpyH30jafuKPwQA533PVRo/Rlgt
+pOak9Fs+3KOIb+oO8ypy7RRQcnsTKajts0sUE9scBhT4tSDeSa/HaDvzLiE8KKCK
+3rhn8ZKLTW1fvKNZBj6oGlIRyfOFjtN/jMRjo0WVHSUDJ59Zr8C0khpP5J73yhTr
+fDhcuTPWiCjlDYeSFHV/a4Z45GG2Kl0EAL1I31kxnSQR9bN5ZmvV+aOhTRKOuHDm
+6nISF/XnVwuGHCvMbFRKsTxGkGrPO5VQZflFOqVab9umIQkOIcrzeKj+slYlm5VA
+zKfCQ1vZ2f74QYCNP8oeRa1r3D46fszcElZJQxtZZewYRKX63bvU4F+hql8dJTqe
+e3wVq8QD657yRwC0FGZvb2JhciA8Zm9vQGJhci5jb20+iQFUBBMBCAA+FiEERyT4
+ac7LLibByeabqaoHAy6P2bIFAl8kNqwCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYC
+AwECHgECF4AACgkQqaoHAy6P2bKtuggAgv54/F8wgi+uMrtFr8rqNtZMDyXRxfXa
+XUy5uGNfqHD83yqxweEqxiA8lmFkRHixPWtgZ2MniFXMVc9kVmg8GNIIuzewXrPq
+tXztvuURQo9phK68v8fXEqqT6K25wtq8TiQZ0J3mQIJPPTMe3pCCOyR6+W3iMtQp
+2AmitxKbzLP3J3GG2i0rG5S147A2rPnzTeMYhds819+JE7jNMD7FkV+TcQlOVl4w
+yOQhNEJcjb6rA6EUe5+s85pIFTBSyPMJpJ03Y0dLdcSGpKdncGTK2X9+hS96G1+F
+P/t8hRIDblqUHtBRXe3Ozz6zSqpqu1DbAQSMbIrLYxXfnZEN+ro0dJ0DmARfJDas
+AQgAncvLLZUHZkJWDPka3ocysJ7+/lmrXyAjT3D4r7UM4oaLBOMKjvaKSDw1uW5q
+YmTxnnsqFDI0O5+XJxD1/0qEf6l2oUpnILdxVruf28FuvymbsyhDgs+MBoHz0jLW
+WPHUW2oWLIqcvaF0BePQ1GS6UoZlmZejsLwwcSpbaAHJng7An/iLuqOBr5EdUA5X
+MXqmdMFDrjh0uZezImJ2Eacu/hshBdu3IY49J5XP18GWrSdUnP27cv3tOii9j5Lf
+l8QAvCN89vkALIU3eZtnMlWZqLgl5o6COVFmzpyx+iHOoCznQBt0aGoSNmE/dAqW
+IQS/xCSFqMHI6kNd9N0oR0rEHwARAQABAAf+L3mAhBLJ2qDLrfSGenv3qr7zXggR
+cLnFFeIZ2BdjLIYpLku2wgN34DrJOSR4umi/bxyEMPZX07Z0rgrC0E+VpKkSKX2u
+oF/AqEUj1+SPEtGMaC8NfL4/1Tdk6ZFk/vanGufEixsbBEyekSUVD8nMawbHa5n9
+ZC+CbZG+VYDwLW6u0Pb26CIhqpFNQL3E88uLeVNhnE+nNJfgB2Nyo8gUQszovUxk
+hv64UlXYA3wt49mpc9ORs9qKMZkuKdJfYmJkmvqLE35YpRRz6i1+hg71doj7Sjel
+naBV3qIrIbcN6I2/9ZUwVwCzttpeHDfKOxQk5szWFop6H79TZGRsrV6boQQAwnFO
+v5pjsZLhqHIZPty3zXz7Tv3LmaatwA260n6NcLBuQFiuEoh2QsMfVtLU8bBzyuC8
+Znx3kPlGCCognSjkEis+aEjsZgvCzR3aP+FWejkhnZnFiSJDvgEftODLF3gSPVp3
+dhc6q5GLysc0iN/gkBZN8Qm1lL/kEyeri4mbWT8EAM/AczrXL0tPEV3YzyeyM972
+HP9OnIYoyIkCa4M0PA0qhUPJ+vBHl/1+p5WZD/eokXqJ2M8IqNSlinuou3azbg+r
+N3xTaB0a+Vx6O/RRI73+4UK2fyN9gYRH437eliNBRTkZeZCQ6Dd5eYcABaL2DbSs
+1dyGXzRWfzdvGVu/r/0hBACER5u/uac+y9sXr79imoLVya25XkjvswGrDxmrlmNg
+cfn/bix9Z93TXScYPiyxzLwlDDd7ovlpv1+mbHNgj6krSGG+R+uLQ2+nm+9glMmz
+KupEYF59lzOgEYScJaHQWBULPRGUy/7HmZGpsDmz8zpj8lHaFNLlqDzrxw3MNKxO
+F0NFiQE8BBgBCAAmFiEERyT4ac7LLibByeabqaoHAy6P2bIFAl8kNqwCGwwFCQPC
+ZwAACgkQqaoHAy6P2bJfjQgAje6YR+p1QaNlTN9l4t2kGzy9RhkfYMrTgI2fEqbS
+9bFJUy3Y3mH+vj/r2gN/kaN8LHH4K1d7fAohBsFqSI0flzHHIx2rfti9zAlbXcAE
+rbnG+f0fk0AaqU7KelU35vjPfNe6Vn7ky6G9CC6jW04NkLZDNFA2GusdYf1aM0LW
+ew5t4WZaquLVFhL36q9eHaogO/fcPR/quvQefHokk+b541ytwMN9l/g43rTbCvAj
+rUDHwipbGbw91Wg2XjbecRiCXDKWds2M149BpxUzY5xHFtD5t5WSEE/SkkryGTMm
+TxS3tuQZ9PdtCPGrNDO6Ts/amORF04Tf+YMJgfv3IWxMeQ==
+=6kcB
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/test/e2e/start_test.go b/test/e2e/start_test.go
index 761b1c4ca..3cc1668e7 100644
--- a/test/e2e/start_test.go
+++ b/test/e2e/start_test.go
@@ -86,6 +86,18 @@ var _ = Describe("Podman start", func() {
Expect(session.OutputToString()).To(Equal(name))
})
+ It("podman start single container with attach and test the signal", func() {
+ SkipIfRemote()
+ session := podmanTest.Podman([]string{"create", "--entrypoint", "sh", ALPINE, "-c", "exit 1"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ cid := session.OutputToString()
+ session = podmanTest.Podman([]string{"start", "--attach", cid})
+ session.WaitWithDefaultTimeout()
+ // It should forward the signal
+ Expect(session.ExitCode()).To(Equal(1))
+ })
+
It("podman start multiple containers", func() {
session := podmanTest.Podman([]string{"create", "-d", "--name", "foobar99", ALPINE, "ls"})
session.WaitWithDefaultTimeout()
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index c7a9bf191..12c82bc4c 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -190,6 +190,8 @@ echo $rand | 0 | $rand
}
@test "podman run docker-archive" {
+ skip_if_remote "FIXME: pending #7116"
+
# Create an image that, when run, outputs a random magic string
expect=$(random_string 20)
run_podman run --name myc --entrypoint="[\"/bin/echo\",\"$expect\"]" $IMAGE
@@ -230,4 +232,68 @@ echo $rand | 0 | $rand
run_podman rmi myi
}
+# #6735 : complex interactions with multiple user namespaces
+# The initial report has to do with bind mounts, but that particular
+# symptom only manifests on a fedora container image -- we have no
+# reproducer on alpine. Checking directory ownership is good enough.
+@test "podman run : user namespace preserved root ownership" {
+ skip_if_remote "FIXME: pending #7195"
+
+ for priv in "" "--privileged"; do
+ for user in "--user=0" "--user=100"; do
+ for keepid in "" "--userns=keep-id"; do
+ opts="$priv $user $keepid"
+
+ for dir in /etc /usr;do
+ run_podman run --rm $opts $IMAGE stat -c '%u:%g:%n' $dir
+ remove_same_dev_warning # grumble
+ is "$output" "0:0:$dir" "run $opts ($dir)"
+ done
+ done
+ done
+ done
+}
+
+# #6829 : add username to /etc/passwd inside container if --userns=keep-id
+@test "podman run : add username to /etc/passwd if --userns=keep-id" {
+ skip_if_remote "FIXME: pending #7195"
+
+ # Default: always run as root
+ run_podman run --rm $IMAGE id -un
+ is "$output" "root" "id -un on regular container"
+
+ # This would always work on root, but is new behavior on rootless: #6829
+ # adds a user entry to /etc/passwd
+ run_podman run --rm --userns=keep-id $IMAGE id -un
+ is "$output" "$(id -un)" "username on container with keep-id"
+
+ # --privileged should make no difference
+ run_podman run --rm --privileged --userns=keep-id $IMAGE id -un
+ remove_same_dev_warning # grumble
+ is "$output" "$(id -un)" "username on container with keep-id"
+
+ # ...but explicitly setting --user should override keep-id
+ run_podman run --rm --privileged --userns=keep-id --user=0 $IMAGE id -un
+ remove_same_dev_warning # grumble
+ is "$output" "root" "--user=0 overrides keep-id"
+}
+
+# #6991 : /etc/passwd is modifiable
+@test "podman run : --userns=keep-id: passwd file is modifiable" {
+ skip_if_remote "FIXME: pending #7195"
+
+ run_podman run -d --userns=keep-id $IMAGE sh -c 'while ! test -e /stop; do sleep 0.1; done'
+ cid="$output"
+
+ gecos="$(random_string 6) $(random_string 8)"
+ run_podman exec --user root $cid adduser -D -g "$gecos" -s /bin/sh newuser3
+ is "$output" "" "output from adduser"
+ run_podman exec $cid tail -1 /etc/passwd
+ is "$output" "newuser3:x:1000:1000:$gecos:/home/newuser3:/bin/sh" \
+ "newuser3 added to /etc/passwd in container"
+
+ run_podman exec $cid touch /stop
+ run_podman wait $cid
+}
+
# vim: filetype=sh
diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats
index 055865c8d..cbb2091e5 100644
--- a/test/system/035-logs.bats
+++ b/test/system/035-logs.bats
@@ -25,6 +25,8 @@ load helpers
}
@test "podman logs - multi" {
+ skip_if_remote "logs does not support multiple containers when run remotely"
+
# Simple helper to make the container starts, below, easier to read
local -a cid
doit() {
diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats
index 093606ece..f604ea2e2 100644
--- a/test/system/050-stop.bats
+++ b/test/system/050-stop.bats
@@ -12,9 +12,12 @@ load helpers
run_podman stop $cid
t1=$SECONDS
- # Confirm that container is stopped
+ # Confirm that container is stopped. Podman-remote unfortunately
+ # cannot tell the difference between "stopped" and "exited", and
+ # spits them out interchangeably, so we need to recognize either.
run_podman inspect --format '{{.State.Status}} {{.State.ExitCode}}' $cid
- is "$output" "exited \+137" "Status and exit code of stopped container"
+ is "$output" "\\(stopped\|exited\\) \+137" \
+ "Status and exit code of stopped container"
# The initial SIGTERM is ignored, so this operation should take
# exactly 10 seconds. Give it some leeway.
diff --git a/test/system/055-rm.bats b/test/system/055-rm.bats
index 8ef8a119e..5ff19282e 100644
--- a/test/system/055-rm.bats
+++ b/test/system/055-rm.bats
@@ -32,6 +32,8 @@ load helpers
#
# See https://github.com/containers/libpod/issues/3795
@test "podman rm -f" {
+ skip_if_remote "FIXME: pending #7117"
+
rand=$(random_string 30)
( sleep 3; run_podman rm -f $rand ) &
run_podman 137 run --name $rand $IMAGE sleep 30
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 7d6660270..bdc05a172 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -6,9 +6,7 @@
load helpers
@test "podman build - basic test" {
- if is_remote && is_rootless; then
- skip "unreliable with podman-remote and rootless; #2972"
- fi
+ skip_if_remote "FIXME: pending #7136"
rand_filename=$(random_string 20)
rand_content=$(random_string 50)
@@ -34,6 +32,7 @@ EOF
# Regression from v1.5.0. This test passes fine in v1.5.0, fails in 1.6
@test "podman build - cache (#3920)" {
+ skip_if_remote "FIXME: pending #7136"
if is_remote && is_rootless; then
skip "unreliable with podman-remote and rootless; #2972"
fi
@@ -81,6 +80,8 @@ EOF
}
@test "podman build - URLs" {
+ skip_if_remote "FIXME: pending #7137"
+
tmpdir=$PODMAN_TMPDIR/build-test
mkdir -p $tmpdir
@@ -98,20 +99,156 @@ EOF
is "$output" ".*error building at STEP .*: source can't be a URL for COPY"
}
-@test "podman build - stdin test" {
- if is_remote && is_rootless; then
- skip "unreliable with podman-remote and rootless; #2972"
- fi
+@test "podman build - workdir, cmd, env, label" {
+ skip_if_remote "FIXME: pending #7137"
+
+ tmpdir=$PODMAN_TMPDIR/build-test
+ mkdir -p $tmpdir
# Random workdir, and multiple random strings to verify command & env
workdir=/$(random_string 10)
+ s_echo=$(random_string 15)
+ s_env1=$(random_string 20)
+ s_env2=$(random_string 25)
+ s_env3=$(random_string 30)
+ s_env4=$(random_string 40)
+
+ # Label name: make sure it begins with a letter! jq barfs if you
+ # try to ask it for '.foo.<N>xyz', i.e. any string beginning with digit
+ label_name=l$(random_string 8)
+ label_value=$(random_string 12)
+
+ # Command to run on container startup with no args
+ cat >$tmpdir/mycmd <<EOF
+#!/bin/sh
+PATH=/usr/bin:/bin
+pwd
+echo "\$1"
+printenv | grep MYENV | sort | sed -e 's/^MYENV.=//'
+EOF
+
+ # For overridding with --env-file
+ cat >$PODMAN_TMPDIR/env-file <<EOF
+MYENV3=$s_env3
+http_proxy=http-proxy-in-env-file
+https_proxy=https-proxy-in-env-file
+EOF
+
+ cat >$tmpdir/Containerfile <<EOF
+FROM $IMAGE
+LABEL $label_name=$label_value
+RUN mkdir $workdir
+WORKDIR $workdir
+
+# Test for #7094 - chowning of invalid symlinks
+RUN mkdir -p /a/b/c
+RUN ln -s /no/such/nonesuch /a/b/c/badsymlink
+RUN ln -s /bin/mydefaultcmd /a/b/c/goodsymlink
+RUN touch /a/b/c/myfile
+RUN chown -h 1:2 /a/b/c/badsymlink /a/b/c/goodsymlink && chown -h 4:5 /a/b/c/myfile
+VOLUME /a/b/c
+
+# Test for environment passing and override
+ENV MYENV1=$s_env1
+ENV MYENV2 this-should-be-overridden-by-env-host
+ENV MYENV3 this-should-be-overridden-by-env-file
+ENV MYENV4 this-should-be-overridden-by-cmdline
+ENV http_proxy http-proxy-in-image
+ENV ftp_proxy ftp-proxy-in-image
+ADD mycmd /bin/mydefaultcmd
+RUN chmod 755 /bin/mydefaultcmd
+RUN chown 2:3 /bin/mydefaultcmd
+CMD ["/bin/mydefaultcmd","$s_echo"]
+EOF
+
+ # cd to the dir, so we test relative paths (important for podman-remote)
+ cd $PODMAN_TMPDIR
+ run_podman build -t build_test -f build-test/Containerfile build-test
+
+ # Run without args - should run the above script. Verify its output.
+ export MYENV2="$s_env2"
+ export MYENV3="env-file-should-override-env-host!"
+ run_podman run --rm \
+ --env-file=$PODMAN_TMPDIR/env-file \
+ --env-host \
+ -e MYENV4="$s_env4" \
+ build_test
+ is "${lines[0]}" "$workdir" "container default command: pwd"
+ is "${lines[1]}" "$s_echo" "container default command: output from echo"
+ is "${lines[2]}" "$s_env1" "container default command: env1"
+ is "${lines[3]}" "$s_env2" "container default command: env2"
+ is "${lines[4]}" "$s_env3" "container default command: env3 (from envfile)"
+ is "${lines[5]}" "$s_env4" "container default command: env4 (from cmdline)"
+
+ # Proxies - environment should override container, but not env-file
+ http_proxy=http-proxy-from-env ftp_proxy=ftp-proxy-from-env \
+ run_podman run --rm --env-file=$PODMAN_TMPDIR/env-file \
+ build_test \
+ printenv http_proxy https_proxy ftp_proxy
+ is "${lines[0]}" "http-proxy-in-env-file" "env-file overrides env"
+ is "${lines[1]}" "https-proxy-in-env-file" "env-file sets proxy var"
+ is "${lines[2]}" "ftp-proxy-from-env" "ftp-proxy is passed through"
+
+ # test that workdir is set for command-line commands also
+ run_podman run --rm build_test pwd
+ is "$output" "$workdir" "pwd command in container"
+
+ # Confirm that 'podman inspect' shows the expected values
+ # FIXME: can we rely on .Env[0] being PATH, and the rest being in order??
+ run_podman image inspect build_test
+ tests="
+Env[1] | MYENV1=$s_env1
+Env[2] | MYENV2=this-should-be-overridden-by-env-host
+Env[3] | MYENV3=this-should-be-overridden-by-env-file
+Env[4] | MYENV4=this-should-be-overridden-by-cmdline
+Cmd[0] | /bin/mydefaultcmd
+Cmd[1] | $s_echo
+WorkingDir | $workdir
+Labels.$label_name | $label_value
+"
+
+ parse_table "$tests" | while read field expect; do
+ actual=$(jq -r ".[0].Config.$field" <<<"$output")
+ dprint "# actual=<$actual> expect=<$expect}>"
+ is "$actual" "$expect" "jq .Config.$field"
+ done
+
+ # Bad symlink in volume. Prior to #7094, well, we wouldn't actually
+ # get here because any 'podman run' on a volume that had symlinks,
+ # be they dangling or valid, would barf with
+ # Error: chown <mountpath>/_data/symlink: ENOENT
+ run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/badsymlink
+ is "$output" "1:2:'/a/b/c/badsymlink' -> '/no/such/nonesuch'" \
+ "bad symlink to nonexistent file is chowned and preserved"
+
+ run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/goodsymlink
+ is "$output" "1:2:'/a/b/c/goodsymlink' -> '/bin/mydefaultcmd'" \
+ "good symlink to existing file is chowned and preserved"
+
+ run_podman run --rm build_test stat -c'%u:%g' /bin/mydefaultcmd
+ is "$output" "2:3" "target of symlink is not chowned"
+
+ run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/myfile
+ is "$output" "4:5:/a/b/c/myfile" "file in volume is chowned"
+
+ # Clean up
+ run_podman rmi -f build_test
+}
+
+@test "podman build - stdin test" {
+ skip_if_remote "FIXME: pending #7136"
+
+ # Random workdir, and random string to verify build output
+ workdir=/$(random_string 10)
+ random_echo=$(random_string 15)
PODMAN_TIMEOUT=240 run_podman build -t build_test - << EOF
FROM $IMAGE
RUN mkdir $workdir
WORKDIR $workdir
-RUN /bin/echo 'Test'
+RUN /bin/echo $random_echo
EOF
is "$output" ".*STEP 5: COMMIT" "COMMIT seen in log"
+ is "$output" ".*STEP .: RUN /bin/echo $random_echo"
run_podman run --rm build_test pwd
is "$output" "$workdir" "pwd command in container"
diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats
index f8c7f2766..f53a22a3f 100644
--- a/test/system/075-exec.bats
+++ b/test/system/075-exec.bats
@@ -6,8 +6,6 @@
load helpers
@test "podman exec - basic test" {
- skip_if_remote
-
rand_filename=$(random_string 20)
rand_content=$(random_string 50)
@@ -21,6 +19,15 @@ load helpers
run_podman exec $cid sh -c "cat /$rand_filename"
is "$output" "$rand_content" "Can exec and see file in running container"
+
+ # Specially defined situations: exec a dir, or no such command.
+ # We don't check the full error message because runc & crun differ.
+ run_podman 126 exec $cid /etc
+ is "$output" ".*permission denied" "podman exec /etc"
+ run_podman 127 exec $cid /no/such/command
+ is "$output" ".*such file or dir" "podman exec /no/such/command"
+
+ # Done
run_podman exec $cid rm -f /$rand_filename
run_podman wait $cid
@@ -80,4 +87,24 @@ load helpers
run_podman rm $cid
}
+# #6829 : add username to /etc/passwd inside container if --userns=keep-id
+# #6593 : doesn't actually work with podman exec
+@test "podman exec - with keep-id" {
+ skip "Please enable once #6593 is fixed"
+
+ run_podman run -d --userns=keep-id $IMAGE sh -c \
+ "echo READY;while [ ! -f /stop ]; do sleep 1; done"
+ cid="$output"
+ wait_for_ready $cid
+
+ run_podman exec $cid id -un
+ is "$output" "$(id -un)" "container is running as current user"
+
+ # Until #6593 gets fixed, this just hangs. The server process barfs with:
+ # unable to find user <username>: no matching entries in passwd file
+ run_podman exec --user=$(id -un) $cid touch /stop
+ run_podman wait $cid
+ run_podman rm $cid
+}
+
# vim: filetype=sh
diff --git a/test/system/110-history.bats b/test/system/110-history.bats
index 5dc221d61..b83e90fe4 100644
--- a/test/system/110-history.bats
+++ b/test/system/110-history.bats
@@ -3,6 +3,8 @@
load helpers
@test "podman history - basic tests" {
+ skip_if_remote "FIXME: pending #7122"
+
tests="
| .*[0-9a-f]\\\{12\\\} .* CMD .* LABEL
--format '{{.ID}} {{.Created}}' | .*[0-9a-f]\\\{12\\\} .* ago
diff --git a/test/system/120-load.bats b/test/system/120-load.bats
index f290c1888..611799f8d 100644
--- a/test/system/120-load.bats
+++ b/test/system/120-load.bats
@@ -28,6 +28,8 @@ verify_iid_and_name() {
@test "podman load - by image ID" {
+ skip_if_remote "FIXME: pending #7123"
+
# FIXME: how to build a simple archive instead?
get_iid_and_name
@@ -74,7 +76,7 @@ verify_iid_and_name() {
verify_iid_and_name $img_name
}
-@test "podman load - NAME and NAME:TAG arguments work (requires: #2674)" {
+@test "podman load - NAME and NAME:TAG arguments work" {
get_iid_and_name
run_podman save $iid -o $archive
run_podman rmi $iid
diff --git a/test/system/130-kill.bats b/test/system/130-kill.bats
index 7c2b9bed8..1bab089fe 100644
--- a/test/system/130-kill.bats
+++ b/test/system/130-kill.bats
@@ -6,6 +6,8 @@
load helpers
@test "podman kill - test signal handling in containers" {
+ skip_if_remote "FIXME: pending #7135"
+
# podman-remote and crun interact poorly in f31: crun seems to gobble up
# some signals.
# Workaround: run 'env --default-signal sh' instead of just 'sh' in
diff --git a/test/system/140-diff.bats b/test/system/140-diff.bats
index 9f4a2c0de..01ec5430e 100644
--- a/test/system/140-diff.bats
+++ b/test/system/140-diff.bats
@@ -6,9 +6,16 @@
load helpers
@test "podman diff" {
+ n=$(random_string 10) # container name
rand_file=$(random_string 10)
- run_podman run $IMAGE sh -c "touch /$rand_file;rm /etc/services"
- run_podman diff --format json -l
+ run_podman run --name $n $IMAGE sh -c "touch /$rand_file;rm /etc/services"
+
+ # If running local, test `-l` (latest) option. This can't work with remote.
+ if ! is_remote; then
+ n=-l
+ fi
+
+ run_podman diff --format json $n
# Expected results for each type of diff
declare -A expect=(
@@ -22,7 +29,7 @@ load helpers
is "$result" "${expect[$field]}" "$field"
done
- run_podman rm -l
+ run_podman rm $n
}
# vim: filetype=sh
diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats
index 3233e6f04..3f50bd3c4 100644
--- a/test/system/160-volumes.bats
+++ b/test/system/160-volumes.bats
@@ -140,7 +140,6 @@ EOF
# Anonymous temporary volumes, and persistent autocreated named ones
@test "podman volume, implicit creation with run" {
-
# No hostdir arg: create anonymous container with random name
rand=$(random_string)
run_podman run -v /myvol $IMAGE sh -c "echo $rand >/myvol/myfile"
@@ -187,6 +186,7 @@ EOF
# Confirm that container sees the correct id
@test "podman volume with --userns=keep-id" {
is_rootless || skip "only meaningful when run rootless"
+ skip_if_remote "FIXME: pending #7195"
myvoldir=${PODMAN_TMPDIR}/volume_$(random_string)
mkdir $myvoldir
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index 478ff06bb..93a7d7b5e 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -18,7 +18,9 @@ function teardown() {
@test "podman pod top - containers in different PID namespaces" {
- skip_if_remote "podman-pod does not work with podman-remote"
+ if is_remote && is_rootless; then
+ skip "FIXME: pending #7139"
+ fi
# With infra=false, we don't get a /pause container (we also
# don't pull k8s.gcr.io/pause )
@@ -53,7 +55,9 @@ function teardown() {
@test "podman pod - communicating between pods" {
- skip_if_remote "podman-pod does not work with podman-remote"
+ if is_remote && is_rootless; then
+ skip "FIXME: pending #7139"
+ fi
podname=pod$(random_string)
run_podman 1 pod exists $podname
@@ -77,7 +81,7 @@ function teardown() {
run_podman ps --format '{{.Pod}}'
newline="
"
- is "$output" "${podid:0:12}${newline}${podid:0:12}" "sdfdsf"
+ is "$output" "${podid:0:12}${newline}${podid:0:12}" "ps shows 2 pod IDs"
# Talker: send the message via common port on localhost
message=$(random_string 15)
@@ -135,6 +139,10 @@ function random_ip() {
}
@test "podman pod create - hashtag AllTheOptions" {
+ if is_remote && is_rootless; then
+ skip "FIXME: pending #7139"
+ fi
+
mac=$(random_mac)
add_host_ip=$(random_ip)
add_host_n=$(random_string | tr A-Z a-z).$(random_string | tr A-Z a-z).xyz
diff --git a/test/system/220-healthcheck.bats b/test/system/220-healthcheck.bats
index e649ad3d2..3405029c1 100644
--- a/test/system/220-healthcheck.bats
+++ b/test/system/220-healthcheck.bats
@@ -25,6 +25,7 @@ function _check_health {
@test "podman healthcheck" {
+ skip_if_remote "FIXME: pending #7137"
# Create an image with a healthcheck script; said script will
# pass until the file /uh-oh gets created (by us, via exec)
diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats
index 98f8b8211..acf0f0ba2 100644
--- a/test/system/400-unprivileged-access.bats
+++ b/test/system/400-unprivileged-access.bats
@@ -97,4 +97,72 @@ EOF
run_podman rm c_uidmap c_uidmap_v
}
+# #6957 - mask out /proc/acpi, /sys/dev, and other sensitive system files
+@test "sensitive mount points are masked without --privileged" {
+ # Weird error, maybe a flake?
+ # can only attach to created or running containers: container state improper
+ # https://github.com/containers/podman/pull/7111#issuecomment-666858715
+ skip_if_remote "FIXME: Weird flake"
+
+ # FIXME: this should match the list in pkg/specgen/generate/config_linux.go
+ local -a mps=(
+ /proc/acpi
+ /proc/kcore
+ /proc/keys
+ /proc/latency_stats
+ /proc/timer_list
+ /proc/timer_stats
+ /proc/sched_debug
+ /proc/scsi
+ /sys/firmware
+ /sys/fs/selinux
+ /sys/dev
+ )
+
+ # Some of the above may not exist on our host. Find only the ones that do.
+ local -a subset=()
+ for mp in ${mps[@]}; do
+ if [ -e $mp ]; then
+ subset+=($mp)
+ fi
+ done
+
+ # Run 'stat' on all the files, plus /dev/null. Get path, file type,
+ # number of links, major, and minor (see below for why). Do it all
+ # in one go, to avoid multiple podman-runs
+ run_podman run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]}
+ local devnull=
+ for result in "${lines[@]}"; do
+ # e.g. /proc/acpi:character special file:1:3:1
+ local IFS=:
+ read path type nlinks major minor <<<"$result"
+
+ if [[ $path = "/dev/null" ]]; then
+ # /dev/null is our reference point: masked *files* (not directories)
+ # will be created as /dev/null clones.
+ # This depends on 'stat' returning results in argv order,
+ # so /dev/null is first, so we have a reference for others.
+ # If that ever breaks, this test will have to be done in two passes.
+ devnull="$major:$minor"
+ elif [[ $type = "character special file" ]]; then
+ # Container file is a character device: it must match /dev/null
+ is "$major:$minor" "$devnull" "$path: major/minor matches /dev/null"
+ elif [[ $type = "directory" ]]; then
+ # Directories: must be empty (only two links).
+ # FIXME: this is a horrible almost-worthless test! It does not
+ # actually check for files in the directory (expect: zero),
+ # merely for the nonexistence of any subdirectories! It relies
+ # on the observed (by Ed) fact that all the masked directories
+ # contain further subdirectories on the host. If there's ever
+ # a new masked directory that contains only files, this test
+ # will silently pass without any indication of error.
+ # If you can think of a better way to do this check,
+ # please feel free to fix it.
+ is "$nlinks" "2" "$path: directory link count"
+ else
+ die "$path: Unknown file type '$type'"
+ fi
+ done
+}
+
# vim: filetype=sh
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index 8a0477eff..3dca59641 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -19,15 +19,8 @@ function check_label() {
# FIXME: on some CI systems, 'run --privileged' emits a spurious
# warning line about dup devices. Ignore it.
+ remove_same_dev_warning
local context="$output"
- if [ ${#lines[@]} -gt 1 ]; then
- if expr "${lines[0]}" : "WARNING: .* type, major" >/dev/null; then
- echo "# ${lines[0]} [ignored]" >&3
- context="${lines[1]}"
- else
- die "FAILED: too much output, expected one single line"
- fi
- fi
is "$context" ".*_u:system_r:.*" "SELinux role should always be system_r"
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 7ec2105d1..0975effe7 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -16,6 +16,12 @@ IMAGE=$PODMAN_TEST_IMAGE_FQN
# Default timeout for a podman command.
PODMAN_TIMEOUT=${PODMAN_TIMEOUT:-60}
+# Prompt to display when logging podman commands; distinguish root/rootless
+_LOG_PROMPT='$'
+if [ $(id -u) -eq 0 ]; then
+ _LOG_PROMPT='#'
+fi
+
###############################################################################
# BEGIN setup/teardown tools
@@ -132,7 +138,7 @@ function run_podman() {
esac
# stdout is only emitted upon error; this echo is to help a debugger
- echo "\$ $PODMAN $*"
+ echo "$_LOG_PROMPT $PODMAN $*"
# BATS hangs if a subprocess remains and keeps FD 3 open; this happens
# if podman crashes unexpectedly without cleaning up subprocesses.
run timeout --foreground -v --kill=10 $PODMAN_TIMEOUT $PODMAN "$@" 3>/dev/null
@@ -234,12 +240,29 @@ function is_remote() {
[[ "$PODMAN" =~ -remote ]]
}
+###########################
+# _add_label_if_missing # make sure skip messages include rootless/remote
+###########################
+function _add_label_if_missing() {
+ local msg="$1"
+ local want="$2"
+
+ if [ -z "$msg" ]; then
+ echo
+ elif expr "$msg" : ".*$want" &>/dev/null; then
+ echo "$msg"
+ else
+ echo "[$want] $msg"
+ fi
+}
+
######################
# skip_if_rootless # ...with an optional message
######################
function skip_if_rootless() {
if is_rootless; then
- skip "${1:-not applicable under rootless podman}"
+ local msg=$(_add_label_if_missing "$1" "rootless")
+ skip "${msg:-not applicable under rootless podman}"
fi
}
@@ -248,7 +271,8 @@ function skip_if_rootless() {
####################
function skip_if_remote() {
if is_remote; then
- skip "${1:-test does not work with podman-remote}"
+ local msg=$(_add_label_if_missing "$1" "remote")
+ skip "${msg:-test does not work with podman-remote}"
fi
}
@@ -386,5 +410,37 @@ function find_exec_pid_files() {
find $storage_path -type f -iname 'exec_pid_*'
fi
}
+
+
+#############################
+# remove_same_dev_warning # Filter out useless warning from output
+#############################
+#
+# On some CI systems, 'podman run --privileged' emits a useless warning:
+#
+# WARNING: The same type, major and minor should not be used for multiple devices.
+#
+# This obviously screws us up when we look at output results.
+#
+# This function removes the warning from $output and $lines
+#
+function remove_same_dev_warning() {
+ # No input arguments. We operate in-place on $output and $lines
+
+ local i=0
+ local -a new_lines=()
+ while [[ $i -lt ${#lines[@]} ]]; do
+ if expr "${lines[$i]}" : 'WARNING: .* same type, major.* multiple' >/dev/null; then
+ :
+ else
+ new_lines+=("${lines[$i]}")
+ fi
+ i=$(( i + 1 ))
+ done
+
+ lines=("${new_lines[@]}")
+ output=$(printf '%s\n' "${lines[@]}")
+}
+
# END miscellaneous tools
###############################################################################
diff --git a/test/system/helpers.t b/test/system/helpers.t
index 7b4e48a84..a022f11c4 100755
--- a/test/system/helpers.t
+++ b/test/system/helpers.t
@@ -23,7 +23,8 @@ rc=0
function check_result {
testnum=$(expr $testnum + 1)
if [ "$1" = "$2" ]; then
- echo "ok $testnum $3 = $1"
+ # Multi-level echo flattens newlines, makes success messages readable
+ echo $(echo "ok $testnum $3 = $1")
else
echo "not ok $testnum $3"
echo "# expected: $2"
@@ -141,5 +142,72 @@ done < <(parse_table "$table")
# END dprint
###############################################################################
+# BEGIN remove_same_dev_warning
+
+# Test-helper function: runs remove_same_dev_warning, compares resulting
+# value of $lines and $output to expected values given on command line
+function check_same_dev() {
+ local testname="$1"; shift
+ local -a expect_lines=("$@")
+ local nl="
+"
+
+ remove_same_dev_warning
+
+ # After processing, check the expected number of lines
+ check_result "${#lines[@]}" "${#@}" "$testname: expected # of lines"
+
+ # ...and each expected line
+ local expect_output=""
+ local i=0
+ while [ $i -lt ${#expect_lines[@]} ]; do
+ check_result "${lines[$i]}" "${expect_lines[$i]}" "$testname: line $i"
+ expect_output+="${expect_lines[$i]}$nl"
+ i=$(( i + 1 ))
+ done
+
+ # ...and the possibly-multi-line $output
+ check_result "$output" "${expect_output%%$nl}" "$testname: output"
+}
+
+# Simplest case: nothing removed.
+declare -a lines=("a b c" "d" "e f")
+check_same_dev "abc" "a b c" "d" "e f"
+
+# Confirm that the warning message is removed from the beginning
+declare -a lines=(
+ "WARNING: The same type, major and minor should not be used for multiple devices."
+ "a"
+ "b"
+ "c"
+)
+check_same_dev "warning is removed" a b c
+
+# ...and from the middle (we do not expect to see this)
+declare -a lines=(
+ "WARNING: The same type, major and minor should not be used for multiple devices."
+ "a"
+ "b"
+ "WARNING: The same type, major and minor should not be used for multiple devices."
+ "c"
+)
+check_same_dev "multiple warnings removed" a b c
+
+# Corner case: two lines of output, only one of which we care about
+declare -a lines=(
+ "WARNING: The same type, major and minor should not be used for multiple devices."
+ "this is the only line we care about"
+)
+check_same_dev "one-line output" "this is the only line we care about"
+
+# Corner case: one line of output, but we expect zero.
+declare -a lines=(
+ "WARNING: The same type, major and minor should not be used for multiple devices."
+)
+check_same_dev "zero-line output"
+
+
+# END remove_same_dev_warning
+###############################################################################
exit $rc