diff options
33 files changed, 1139 insertions, 287 deletions
@@ -46,7 +46,7 @@ if test -z "${INSIDE_CONTAINER:-}"; then -e PYTHON=$PYTHON \ ${IMAGE} /go/src/github.com/projectatomic/libpod/.papr.sh systemd-detect-virt - ./test/test_runner.sh + script -qefc ./test/test_runner.sh exit 0 fi @@ -10,7 +10,7 @@ PREFIX ?= ${DESTDIR}/usr/local BINDIR ?= ${PREFIX}/bin LIBEXECDIR ?= ${PREFIX}/libexec MANDIR ?= ${PREFIX}/share/man -ETCDIR ?= /etc +ETCDIR ?= ${DESTDIR}/etc ETCDIR_LIBPOD ?= ${ETCDIR}/crio BUILDTAGS ?= seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) $(shell hack/btrfs_installed_tag.sh) $(shell hack/ostree_tag.sh) $(shell hack/selinux_tag.sh) diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 7ee364fab..262be129c 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -218,8 +218,6 @@ func createCmd(c *cli.Context) error { return nil } -const seccompDefaultPath = "/etc/crio/seccomp.json" - func parseSecurityOpt(config *createConfig, securityOpts []string) error { var ( labelOpts []string @@ -269,12 +267,19 @@ func parseSecurityOpt(config *createConfig, securityOpts []string) error { } if config.SeccompProfilePath == "" { - if _, err := os.Stat(seccompDefaultPath); err != nil { + if _, err := os.Stat(libpod.SeccompOverridePath); err == nil { + config.SeccompProfilePath = libpod.SeccompOverridePath + } else { if !os.IsNotExist(err) { - return errors.Wrapf(err, "can't check if %q exists", seccompDefaultPath) + return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath) + } + if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil { + if !os.IsNotExist(err) { + return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath) + } + } else { + config.SeccompProfilePath = libpod.SeccompDefaultPath } - } else { - config.SeccompProfilePath = seccompDefaultPath } } config.ProcessLabel, config.MountLabel, err = label.InitLabels(labelOpts) diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index c674c9d1e..944664c68 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -412,7 +412,7 @@ func getTemplateOutput(containers []*libpod.Container, opts psOptions) ([]psTemp status = "Up " + runningFor + " ago" case libpod.ContainerStatePaused: status = "Paused" - case libpod.ContainerStateCreated: + case libpod.ContainerStateCreated, libpod.ContainerStateConfigured: status = "Created" default: status = "Dead" diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go index 8dd3475c0..182089e8e 100644 --- a/cmd/podman/rm.go +++ b/cmd/podman/rm.go @@ -80,13 +80,6 @@ func rmCmd(c *cli.Context) error { } } for _, container := range delContainers { - if err != nil { - if lastError != nil { - fmt.Fprintln(os.Stderr, lastError) - } - lastError = errors.Wrapf(err, "failed to find container %s", container.ID()) - continue - } err = runtime.RemoveContainer(container, c.Bool("force")) if err != nil { if lastError != nil { diff --git a/cmd/podman/run_test.go b/cmd/podman/run_test.go index f083b39af..b82df86db 100644 --- a/cmd/podman/run_test.go +++ b/cmd/podman/run_test.go @@ -66,11 +66,24 @@ func createCLI() cli.App { return a } -func getRuntimeSpec(c *cli.Context) *spec.Spec { - runtime, _ := getRuntime(c) - createConfig, _ := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData()) - runtimeSpec, _ := createConfigToOCISpec(createConfig) - return runtimeSpec +func getRuntimeSpec(c *cli.Context) (*spec.Spec, error) { + /* + TODO: This test has never worked. Need to install content + runtime, err := getRuntime(c) + if err != nil { + return nil, err + } + createConfig, err := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData()) + */ + createConfig, err := parseCreateOpts(c, nil, "alpine", generateAlpineImageData()) + if err != nil { + return nil, err + } + runtimeSpec, err := createConfigToOCISpec(createConfig) + if err != nil { + return nil, err + } + return runtimeSpec, nil } // TestPIDsLimit verifies the inputed pid-limit is correctly defined in the spec @@ -78,7 +91,10 @@ func TestPIDsLimit(t *testing.T) { a := createCLI() args := []string{"--pids-limit", "22"} a.Run(append(cmd, args...)) - runtimeSpec := getRuntimeSpec(CLI) + runtimeSpec, err := getRuntimeSpec(CLI) + if err != nil { + t.Fatalf(err.Error()) + } assert.Equal(t, runtimeSpec.Linux.Resources.Pids.Limit, int64(22)) } @@ -87,7 +103,10 @@ func TestBLKIOWeightDevice(t *testing.T) { a := createCLI() args := []string{"--blkio-weight-device", "/dev/sda:100"} a.Run(append(cmd, args...)) - runtimeSpec := getRuntimeSpec(CLI) + runtimeSpec, err := getRuntimeSpec(CLI) + if err != nil { + t.Fatalf(err.Error()) + } assert.Equal(t, *runtimeSpec.Linux.Resources.BlockIO.WeightDevice[0].Weight, uint16(100)) } @@ -96,7 +115,10 @@ func TestMemorySwap(t *testing.T) { a := createCLI() args := []string{"--memory-swap", "45m", "--memory", "40m"} a.Run(append(cmd, args...)) - runtimeSpec := getRuntimeSpec(CLI) + runtimeSpec, err := getRuntimeSpec(CLI) + if err != nil { + t.Fatalf(err.Error()) + } mem, _ := units.RAMInBytes("45m") assert.Equal(t, *runtimeSpec.Linux.Resources.Memory.Swap, mem) } diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go index df1c54d50..59ea5685a 100644 --- a/cmd/podman/spec.go +++ b/cmd/podman/spec.go @@ -1,13 +1,13 @@ package main import ( - "encoding/json" "io/ioutil" "strings" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" + "github.com/docker/docker/profiles/seccomp" "github.com/docker/go-units" "github.com/opencontainers/runc/libcontainer/devices" spec "github.com/opencontainers/runtime-spec/specs-go" @@ -290,16 +290,31 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { } configSpec := g.Spec() - if config.SeccompProfilePath != "" && config.SeccompProfilePath != "unconfined" { - seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath) - if err != nil { - return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath) - } - var seccompConfig spec.LinuxSeccomp - if err := json.Unmarshal(seccompProfile, &seccompConfig); err != nil { - return nil, errors.Wrapf(err, "decoding seccomp profile (%s) failed", config.SeccompProfilePath) + // HANDLE CAPABILITIES + // NOTE: Must happen before SECCOMP + if err := setupCapabilities(config, configSpec); err != nil { + return nil, err + } + + // HANDLE SECCOMP + if config.SeccompProfilePath != "unconfined" { + if config.SeccompProfilePath != "" { + seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath) + if err != nil { + return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath) + } + seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), configSpec) + if err != nil { + return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath) + } + configSpec.Linux.Seccomp = seccompConfig + } else { + seccompConfig, err := seccomp.GetDefaultProfile(configSpec) + if err != nil { + return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath) + } + configSpec.Linux.Seccomp = seccompConfig } - configSpec.Linux.Seccomp = &seccompConfig } // BIND MOUNTS @@ -319,11 +334,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { } } - // HANDLE CAPABILITIES - if err := setupCapabilities(config, configSpec); err != nil { - return nil, err - } - // BLOCK IO blkio, err := config.CreateBlockIO() if err != nil { diff --git a/libpod/runtime.go b/libpod/runtime.go index d0362ec79..804f69c9e 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -27,6 +27,10 @@ const ( InMemoryStateStore RuntimeStateStore = iota // SQLiteStateStore is a state backed by a SQLite database SQLiteStateStore RuntimeStateStore = iota + // SeccompDefaultPath defines the default seccomp path + SeccompDefaultPath = "/usr/share/containers/seccomp.json" + // SeccompOverridePath if this exists it overrides the default seccomp path + SeccompOverridePath = "/etc/crio/seccomp.json" ) // A RuntimeOption is a functional option which alters the Runtime created by diff --git a/test/podman_attach.bats b/test/podman_attach.bats index 8676b2e43..605a44789 100644 --- a/test/podman_attach.bats +++ b/test/podman_attach.bats @@ -11,14 +11,14 @@ function setup() { } @test "attach to a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar echo "$output" [ "$status" -eq 125 ] } @test "attach to non-running container" { ${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name foobar -d -i ${ALPINE} ls - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar echo "$output" [ "$status" -eq 125 ] } @@ -26,7 +26,7 @@ function setup() { @test "attach to multiple containers" { ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name foobar1 -d -i ${ALPINE} /bin/sh ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name foobar2 -d -i ${ALPINE} /bin/sh - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar1 foobar2" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar1 foobar2 echo "$output" [ "$status" -eq 125 ] } diff --git a/test/podman_commit.bats b/test/podman_commit.bats index 9257743e9..45c2b010e 100644 --- a/test/podman_commit.bats +++ b/test/podman_commit.bats @@ -13,109 +13,85 @@ function setup() { } @test "podman commit default" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit with message flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --message testing-commit my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --message testing-commit my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep testing-commit" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit with author flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --author author-name my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --author author-name my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep author-name" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit with change flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --change LABEL=image=blue my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --change LABEL=image=blue my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep blue" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit with pause flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --pause=false my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --pause=false my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit non-running container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name my_ctr ${FEDORA_MINIMAL} ls" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name my_ctr ${FEDORA_MINIMAL} ls + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm my_ctr } diff --git a/test/podman_diff.bats b/test/podman_diff.bats index 9ed088807..ed1a17309 100644 --- a/test/podman_diff.bats +++ b/test/podman_diff.bats @@ -23,7 +23,6 @@ function teardown() { } @test "test diff with json output" { - # run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} diff --format json $IMAGE | python -m json.tool" run ${PODMAN_BINARY} $PODMAN_OPTIONS diff --format json $BB echo "$output" [ "$status" -eq 0 ] diff --git a/test/podman_export.bats b/test/podman_export.bats index 3847ab14c..40fc7bb4f 100644 --- a/test/podman_export.bats +++ b/test/podman_export.bats @@ -11,14 +11,14 @@ function setup() { } @test "podman export output flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} export -o container.tar $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} export -o container.tar $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 0 ] rm -f container.tar diff --git a/test/podman_images.bats b/test/podman_images.bats index 3ea8af793..5812e8f8b 100644 --- a/test/podman_images.bats +++ b/test/podman_images.bats @@ -10,7 +10,7 @@ function setup() { copy_images } @test "podman images" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} images + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} images echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_inspect.bats b/test/podman_inspect.bats index 9f9336f48..19e5a0a9b 100644 --- a/test/podman_inspect.bats +++ b/test/podman_inspect.bats @@ -23,11 +23,11 @@ function setup() { } @test "podman inspect with format" { - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS inspect --format {{.ID}} ${ALPINE} + run ${PODMAN_BINARY} $PODMAN_OPTIONS inspect --format {{.ID}} ${ALPINE} echo "$output" [ "$status" -eq 0 ] inspectOutput="$output" - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS images --no-trunc --quiet ${ALPINE} + bash -c run ${PODMAN_BINARY} $PODMAN_OPTIONS images --no-trunc --quiet ${ALPINE} | sed -e 's/sha256://g' echo "$output" [ "$status" -eq 0 ] [ "$output" = "$inspectOutput" ] @@ -42,7 +42,7 @@ function setup() { } @test "podman inspect container with size" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create ${BB} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create ${BB} ls echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS inspect --size -l | python -m json.tool | grep SizeRootFs" diff --git a/test/podman_kill.bats b/test/podman_kill.bats index bb55ed31d..f24bd0971 100644 --- a/test/podman_kill.bats +++ b/test/podman_kill.bats @@ -11,61 +11,61 @@ function setup() { } @test "kill a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill foobar echo "$output" [ "$status" -ne 0 ] } @test "kill a running container by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill $ctr_id [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] } @test "kill a running container by id with TERM" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM $ctr_id [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc [ "$status" -eq 0 ] } @test "kill a running container by name" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM test1" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM test1 [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc [ "$status" -eq 0 ] } @test "kill a running container by id with a bogus signal" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s foobar $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s foobar $ctr_id [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc [ "$status" -eq 0 ] } @test "kill the latest container run" { ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -l" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -l echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_load.bats b/test/podman_load.bats index 6fe8638b6..ca93a5522 100644 --- a/test/podman_load.bats +++ b/test/podman_load.bats @@ -10,36 +10,36 @@ function teardown() { cleanup_test } @test "podman load input flag" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman load oci-archive image" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman load oci-archive image with signature-policy" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE [ "$status" -eq 0 ] cp /etc/containers/policy.json /tmp - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar echo "$output" [ "$status" -eq 0 ] rm -f /tmp/policy.json @@ -47,29 +47,29 @@ function teardown() { } @test "podman load using quiet flag" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -q -i alpine.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -q -i alpine.tar echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman load directory" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alp-dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alp-dir echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alp-dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alp-dir echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_logs.bats b/test/podman_logs.bats index 342ffac5e..e76bf665a 100644 --- a/test/podman_logs.bats +++ b/test/podman_logs.bats @@ -11,41 +11,41 @@ function setup() { } @test "display logs for container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "tail three lines of logs for container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --tail 3 $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --tail 3 $ctr_id echo "$output" lines=$(echo "$output" | wc -l) [ "$status" -eq 0 ] [[ $(wc -l < "$output" ) -le 3 ]] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "display logs for container since a given time" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --since 2017-08-07T10:10:09.056611202-04:00 -l" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --since 2017-08-07T10:10:09.056611202-04:00 -l echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -l" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -l echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_mount.bats b/test/podman_mount.bats index bc6be1a19..f3d04fb98 100644 --- a/test/podman_mount.bats +++ b/test/podman_mount.bats @@ -13,26 +13,26 @@ function setup() { } @test "mount" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount --notruncate | grep $ctr_id" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount --format=json | python -m json.tool | grep $ctr_id" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_pause.bats b/test/podman_pause.bats index b8f0a8746..4e98eb130 100644 --- a/test/podman_pause.bats +++ b/test/podman_pause.bats @@ -11,102 +11,102 @@ function teardown() { } @test "pause a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause foobar echo "$output" [ "$status" -eq 125 ] } @test "unpause a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause foobar echo "$output" [ "$status" -eq 125 ] } @test "pause a created container by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "pause a running container by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "unpause a running container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id echo "$output" [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "remove a paused container by id" { skip "Test needs to wait for --force to work for podman rm" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm --force $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm --force $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "stop a paused container created by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id echo "$output" [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id echo "$output" [ "$status" -eq 0 ] # Container should be running after unpause and shouldn't # be removable without the force flag. - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_ps.bats b/test/podman_ps.bats index b99c84304..8f2232cbf 100644 --- a/test/podman_ps.bats +++ b/test/podman_ps.bats @@ -12,92 +12,92 @@ function teardown() { } @test "podman ps with no containers" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps echo "$output" [ "$status" -eq 0 ] } @test "podman ps default" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps echo "$output" [ "$status" -eq 0 ] } @test "podman ps all flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a echo "$output" [ "$status" -eq 0 ] } @test "podman ps size flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --size" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --size echo "$output" [ "$status" -eq 0 ] } @test "podman ps quiet flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls ctr_id="$output" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --quiet" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --quiet echo "$output" [ "$status" -eq 0 ] } @test "podman ps latest flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --latest echo "$output" [ "$status" -eq 0 ] } @test "podman ps last flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${BB} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${BB} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls -s" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls -s echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --last 2" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --last 2 echo "$output" [ "$status" -eq 0 ] } @test "podman ps no-trunc flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --no-trunc" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --no-trunc echo "$output" [ "$status" -eq 0 ] } @test "podman ps namespace flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --all --namespace" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --all --namespace echo "$output" [ "$status" -eq 0 ] } @test "podman ps namespace flag and format flag = json" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json | python -m json.tool | grep namespace" @@ -106,7 +106,7 @@ function teardown() { } @test "podman ps without namespace flag and format flag = json" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format json | python -m json.tool | grep namespace" @@ -115,76 +115,76 @@ function teardown() { } @test "podman ps format flag = go template" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format 'table {{.ID}} {{.Image}} {{.Labels}}'" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format 'table {{.ID}} {{.Image}} {{.Labels}}' echo "$output" [ "$status" -eq 0 ] } @test "podman ps filter flag - ancestor" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter ancestor=${ALPINE}" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter ancestor=${ALPINE} echo "$output" [ "$status" -eq 0 ] } @test "podman ps filter flag - id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id echo "$output" [ "$status" -eq 0 ] } @test "podman ps filter flag - status" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99 ctr_id="$output" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter status=running" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter status=running echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "podman ps short options" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99 ctr_id="$output" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aq" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aq echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "podman ps with mutually exclusive flags" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99 ctr_id="$output" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aqs" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aqs echo "$output" [ "$status" -ne 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns -s" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns -s echo "$output" [ "$status" -ne 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns format {{.ID}}" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns format {{.ID}} echo "$output" [ "$status" -ne 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_pull.bats b/test/podman_pull.bats index b0de1a8ab..4052d56d5 100644 --- a/test/podman_pull.bats +++ b/test/podman_pull.bats @@ -10,7 +10,7 @@ function teardown() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian:6.0.10 echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian:6.0.10 + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian:6.0.10 echo "$output" [ "$status" -eq 0 ] } @@ -19,7 +19,7 @@ function teardown() { run ${PODMAN_BINARY} $PODMAN_OPTIONS pull debian echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian echo "$output" [ "$status" -eq 0 ] } @@ -28,7 +28,7 @@ function teardown() { run ${PODMAN_BINARY} $PODMAN_OPTIONS pull registry.fedoraproject.org/fedora:rawhide echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora:rawhide + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora:rawhide echo "$output" [ "$status" -eq 0 ] } @@ -37,7 +37,7 @@ function teardown() { run ${PODMAN_BINARY} $PODMAN_OPTIONS pull registry.fedoraproject.org/fedora echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora echo "$output" [ "$status" -eq 0 ] } @@ -46,7 +46,7 @@ function teardown() { run ${PODMAN_BINARY} $PODMAN_OPTIONS pull alpine@sha256:1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi alpine:latest + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi alpine:latest echo "$output" [ "$status" -eq 0 ] } @@ -61,7 +61,7 @@ function teardown() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:latest + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:latest echo "$output" [ "$status" -eq 0 ] } @@ -70,7 +70,7 @@ function teardown() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian:6.0.10 echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:6.0.10 + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:6.0.10 echo "$output" [ "$status" -eq 0 ] } @@ -79,57 +79,57 @@ function teardown() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alp.tar alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alp.tar alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull docker-archive:alp.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull docker-archive:alp.tar echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] rm -f alp.tar } @test "podman pull from oci-archive" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-archive -o oci-alp.tar alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-archive -o oci-alp.tar alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull oci-archive:oci-alp.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull oci-archive:oci-alp.tar echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] rm -f oci-alp.tar } @test "podman pull from local directory" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine echo "$output" [ "$status" -eq 0 ] run mkdir test_pull_dir echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} push alpine dir:test_pull_dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} push alpine dir:test_pull_dir echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull dir:test_pull_dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull dir:test_pull_dir echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi test_pull_dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi test_pull_dir echo "$output" [ "$status" -eq 0 ] rm -rf test_pull_dir diff --git a/test/podman_push.bats b/test/podman_push.bats index 82798b3fc..8308f4e83 100644 --- a/test/podman_push.bats +++ b/test/podman_push.bats @@ -36,7 +36,7 @@ function setup() { echo "$output" [ "$status" -eq 0 ] rm -rf /tmp/busybox - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE echo "$output" [ "$status" -eq 0 ] } @@ -47,7 +47,7 @@ function setup() { echo "--->" [ "$status" -eq 0 ] rm /tmp/busybox-archive - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE echo "$output" [ "$status" -eq 0 ] } @@ -57,18 +57,18 @@ function setup() { echo "$output" [ "$status" -eq 0 ] rm -f /tmp/oci-busybox.tar - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE echo "$output" [ "$status" -eq 0 ] } @test "podman push without signatures" { mkdir /tmp/busybox - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS push --remove-signatures $ALPINE dir:/tmp/busybox + run ${PODMAN_BINARY} $PODMAN_OPTIONS push --remove-signatures $ALPINE dir:/tmp/busybox echo "$output" [ "$status" -eq 0 ] rm -rf /tmp/busybox - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE echo "$output" [ "$status" -eq 0 ] } @@ -86,13 +86,13 @@ function setup() { } @test "push with manifest type conversion" { - run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS push --format oci "${BB}" dir:my-dir" + run ${PODMAN_BINARY} $PODMAN_OPTIONS push --format oci "${BB}" dir:my-dir echo "$output" [ "$status" -eq 0 ] - run bash -c "grep "application/vnd.oci.image.config.v1+json" my-dir/manifest.json" + run grep "application/vnd.oci.image.config.v1+json" my-dir/manifest.json echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS push --compress --format v2s2 "${BB}" dir:my-dir" + run ${PODMAN_BINARY} $PODMAN_OPTIONS push --compress --format v2s2 "${BB}" dir:my-dir echo "$output" [ "$status" -eq 0 ] run bash -c "grep "application/vnd.docker.distribution.manifest.v2+json" my-dir/manifest.json" diff --git a/test/podman_rm.bats b/test/podman_rm.bats index f6430711f..8382bb3fe 100644 --- a/test/podman_rm.bats +++ b/test/podman_rm.bats @@ -15,7 +15,7 @@ function teardown() { echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm "$ctr_id" + run ${PODMAN_BINARY} $PODMAN_OPTIONS rm "$ctr_id" echo "$output" [ "$status" -eq 0 ] } @@ -35,7 +35,7 @@ function teardown() { echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id" + run ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id" echo "$output" [ "$status" -eq 0 ] } @@ -45,7 +45,7 @@ function teardown() { echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id" + run ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id" echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_run.bats b/test/podman_run.bats index 465468a5c..9fa048439 100644 --- a/test/podman_run.bats +++ b/test/podman_run.bats @@ -11,19 +11,19 @@ function setup() { } @test "run a container based on local image" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run $BB ls echo "$output" [ "$status" -eq 0 ] } @test "run a container based on local image with short options" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt $BB ls echo "$output" [ "$status" -eq 0 ] } @test "run a container based on a remote image" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${BB_GLIBC} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${BB_GLIBC} ls echo "$output" [ "$status" -eq 0 ] } @@ -33,11 +33,11 @@ function setup() { skip "SELinux not enabled" fi - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current echo "$output" firstLabel=$output - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current echo "$output" [ "$output" != "${firstLabel}" ] } @@ -52,19 +52,19 @@ function setup() { } @test "run capabilities test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} cat /proc/self/status" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} cat /proc/self/status echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add sys_admin ${ALPINE} cat /proc/self/status" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add sys_admin ${ALPINE} cat /proc/self/status echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} cat /proc/self/status" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} cat /proc/self/status echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop setuid ${ALPINE} cat /proc/self/status" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop setuid ${ALPINE} cat /proc/self/status echo "$output" [ "$status" -eq 0 ] @@ -86,7 +86,7 @@ function setup() { [ "$status" -eq 0 ] [ "$output" = "BAR" ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --env FOO ${ALPINE} printenv" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --env FOO ${ALPINE} printenv echo "$output" [ "$status" -ne 0 ] @@ -101,7 +101,7 @@ function setup() { IMAGE="docker.io/library/fedora:latest" @test "run limits test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --ulimit rtprio=99 --cap-add=sys_nice ${IMAGE} cat /proc/self/sched" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --ulimit rtprio=99 --cap-add=sys_nice ${IMAGE} cat /proc/self/sched echo $output [ "$status" -eq 0 ] @@ -115,7 +115,7 @@ IMAGE="docker.io/library/fedora:latest" [ "$status" -eq 0 ] [ "$output" = 1024 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --oom-kill-disable=true ${IMAGE} echo memory-hog" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --oom-kill-disable=true ${IMAGE} echo memory-hog echo $output [ "$status" -eq 0 ] @@ -139,7 +139,7 @@ IMAGE="docker.io/library/fedora:latest" } @test "podman run with cidfile" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cidfile /tmp/cidfile $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cidfile /tmp/cidfile $BB ls echo "$output" [ "$status" -eq 0 ] run rm /tmp/cidfile diff --git a/test/podman_save.bats b/test/podman_save.bats index 27e627b8f..9c6fa8b86 100644 --- a/test/podman_save.bats +++ b/test/podman_save.bats @@ -11,14 +11,14 @@ function setup() { } @test "podman save output flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman save oci flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar @@ -31,27 +31,27 @@ function setup() { } @test "podman save quiet flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -q -o alpine.tar $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -q -o alpine.tar $ALPINE echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman save non-existent image" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar FOOBAR" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar FOOBAR echo "$output" [ "$status" -ne 0 ] } @test "podman save to directory wit oci format" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE echo "$output" [ "$status" -eq 0 ] rm -rf alp-dir } @test "podman save to directory wit v2s2 (docker) format" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format docker-dir -o alp-dir $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format docker-dir -o alp-dir $ALPINE echo "$output" [ "$status" -eq 0 ] rm -rf alp-dir diff --git a/test/podman_stop.bats b/test/podman_stop.bats index 839301435..7675ee9a9 100644 --- a/test/podman_stop.bats +++ b/test/podman_stop.bats @@ -11,46 +11,46 @@ function setup() { } @test "stop a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop foobar echo "$output" [ "$status" -eq 125 ] } @test "stop a running container by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] } @test "stop a running container by name" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop test1" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop test1 [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] } @test "stop all containers" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test2 -d ${ALPINE} sleep 9999" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test3 -d ${ALPINE} sleep 9999" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -a -t 1" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test2 -d ${ALPINE} sleep 9999 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test3 -d ${ALPINE} sleep 9999 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -a -t 1 echo "$output" [ "$status" -eq 0 ] } @test "stop a container with latest" { ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -t 1 -l" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -t 1 -l echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_tag.bats b/test/podman_tag.bats index 024cf6295..749c3ae2c 100644 --- a/test/podman_tag.bats +++ b/test/podman_tag.bats @@ -11,33 +11,33 @@ function setup() { } @test "podman tag with shortname:latest" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:latest [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest [ "$status" -eq 0 ] } @test "podman tag with shortname" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest [ "$status" -eq 0 ] } @test "podman tag with shortname:tag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:v" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:v echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:v" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:v echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:v" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:v [ "$status" -eq 0 ] } diff --git a/test/podman_top.bats b/test/podman_top.bats index a8b92cd44..cfa037aa6 100644 --- a/test/podman_top.bats +++ b/test/podman_top.bats @@ -26,7 +26,7 @@ function setup() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create -d ${ALPINE} sleep 60 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id echo "$output" [ "$status" -eq 125 ] } @@ -36,7 +36,7 @@ function setup() { [ "$status" -eq 0 ] ctr_id="$output" echo $ctr_id - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id echo "$output" [ "$status" -eq 0 ] } @@ -45,7 +45,7 @@ function setup() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 60 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id -o fuser,f,comm,label" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id -o fuser,f,comm,label echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_version.bats b/test/podman_version.bats index 0f959277b..a44da5943 100644 --- a/test/podman_version.bats +++ b/test/podman_version.bats @@ -7,7 +7,7 @@ function teardown() { } @test "podman version test" { - run bash -c "${PODMAN_BINARY} version" + run ${PODMAN_BINARY} version echo "$output" [ "$status" -eq 0 ] } diff --git a/vendor/github.com/docker/docker/profiles/seccomp/generate.go b/vendor/github.com/docker/docker/profiles/seccomp/generate.go new file mode 100644 index 000000000..32f22bb37 --- /dev/null +++ b/vendor/github.com/docker/docker/profiles/seccomp/generate.go @@ -0,0 +1,32 @@ +// +build ignore + +package main + +import ( + "encoding/json" + "io/ioutil" + "os" + "path/filepath" + + "github.com/docker/docker/profiles/seccomp" +) + +// saves the default seccomp profile as a json file so people can use it as a +// base for their own custom profiles +func main() { + wd, err := os.Getwd() + if err != nil { + panic(err) + } + f := filepath.Join(wd, "default.json") + + // write the default profile to the file + b, err := json.MarshalIndent(seccomp.DefaultProfile(), "", "\t") + if err != nil { + panic(err) + } + + if err := ioutil.WriteFile(f, b, 0644); err != nil { + panic(err) + } +} diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go new file mode 100644 index 000000000..07d522aad --- /dev/null +++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go @@ -0,0 +1,160 @@ +// +build linux + +package seccomp + +import ( + "encoding/json" + "errors" + "fmt" + + "github.com/docker/docker/api/types" + "github.com/opencontainers/runtime-spec/specs-go" + libseccomp "github.com/seccomp/libseccomp-golang" +) + +//go:generate go run -tags 'seccomp' generate.go + +// GetDefaultProfile returns the default seccomp profile. +func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) { + return setupSeccomp(DefaultProfile(), rs) +} + +// LoadProfile takes a json string and decodes the seccomp profile. +func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) { + var config types.Seccomp + if err := json.Unmarshal([]byte(body), &config); err != nil { + return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err) + } + return setupSeccomp(&config, rs) +} + +var nativeToSeccomp = map[string]types.Arch{ + "amd64": types.ArchX86_64, + "arm64": types.ArchAARCH64, + "mips64": types.ArchMIPS64, + "mips64n32": types.ArchMIPS64N32, + "mipsel64": types.ArchMIPSEL64, + "mipsel64n32": types.ArchMIPSEL64N32, + "s390x": types.ArchS390X, +} + +// inSlice tests whether a string is contained in a slice of strings or not. +// Comparison is case sensitive +func inSlice(slice []string, s string) bool { + for _, ss := range slice { + if s == ss { + return true + } + } + return false +} + +func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error) { + if config == nil { + return nil, nil + } + + // No default action specified, no syscalls listed, assume seccomp disabled + if config.DefaultAction == "" && len(config.Syscalls) == 0 { + return nil, nil + } + + newConfig := &specs.LinuxSeccomp{} + + var arch string + var native, err = libseccomp.GetNativeArch() + if err == nil { + arch = native.String() + } + + if len(config.Architectures) != 0 && len(config.ArchMap) != 0 { + return nil, errors.New("'architectures' and 'archMap' were specified in the seccomp profile, use either 'architectures' or 'archMap'") + } + + // if config.Architectures == 0 then libseccomp will figure out the architecture to use + if len(config.Architectures) != 0 { + for _, a := range config.Architectures { + newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a)) + } + } + + if len(config.ArchMap) != 0 { + for _, a := range config.ArchMap { + seccompArch, ok := nativeToSeccomp[arch] + if ok { + if a.Arch == seccompArch { + newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a.Arch)) + for _, sa := range a.SubArches { + newConfig.Architectures = append(newConfig.Architectures, specs.Arch(sa)) + } + break + } + } + } + } + + newConfig.DefaultAction = specs.LinuxSeccompAction(config.DefaultAction) + +Loop: + // Loop through all syscall blocks and convert them to libcontainer format after filtering them + for _, call := range config.Syscalls { + if len(call.Excludes.Arches) > 0 { + if inSlice(call.Excludes.Arches, arch) { + continue Loop + } + } + if len(call.Excludes.Caps) > 0 { + for _, c := range call.Excludes.Caps { + if inSlice(rs.Process.Capabilities.Effective, c) { + continue Loop + } + } + } + if len(call.Includes.Arches) > 0 { + if !inSlice(call.Includes.Arches, arch) { + continue Loop + } + } + if len(call.Includes.Caps) > 0 { + for _, c := range call.Includes.Caps { + if !inSlice(rs.Process.Capabilities.Effective, c) { + continue Loop + } + } + } + + if call.Name != "" && len(call.Names) != 0 { + return nil, errors.New("'name' and 'names' were specified in the seccomp profile, use either 'name' or 'names'") + } + + if call.Name != "" { + newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Name, call.Action, call.Args)) + } + + for _, n := range call.Names { + newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(n, call.Action, call.Args)) + } + } + + return newConfig, nil +} + +func createSpecsSyscall(name string, action types.Action, args []*types.Arg) specs.LinuxSyscall { + newCall := specs.LinuxSyscall{ + Names: []string{name}, + Action: specs.LinuxSeccompAction(action), + } + + // Loop through all the arguments of the syscall and convert them + for _, arg := range args { + newArg := specs.LinuxSeccompArg{ + Index: arg.Index, + Value: arg.Value, + ValueTwo: arg.ValueTwo, + Op: specs.LinuxSeccompOperator(arg.Op), + } + + newCall.Args = append(newCall.Args, newArg) + } + return newCall +} diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go new file mode 100644 index 000000000..1b5179c70 --- /dev/null +++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go @@ -0,0 +1,639 @@ +// +build linux,seccomp + +package seccomp + +import ( + "github.com/docker/docker/api/types" + "golang.org/x/sys/unix" +) + +func arches() []types.Architecture { + return []types.Architecture{ + { + Arch: types.ArchX86_64, + SubArches: []types.Arch{types.ArchX86, types.ArchX32}, + }, + { + Arch: types.ArchAARCH64, + SubArches: []types.Arch{types.ArchARM}, + }, + { + Arch: types.ArchMIPS64, + SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64N32}, + }, + { + Arch: types.ArchMIPS64N32, + SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64}, + }, + { + Arch: types.ArchMIPSEL64, + SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64N32}, + }, + { + Arch: types.ArchMIPSEL64N32, + SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64}, + }, + { + Arch: types.ArchS390X, + SubArches: []types.Arch{types.ArchS390}, + }, + } +} + +// DefaultProfile defines the whitelist for the default seccomp profile. +func DefaultProfile() *types.Seccomp { + syscalls := []*types.Syscall{ + { + Names: []string{ + "accept", + "accept4", + "access", + "adjtimex", + "alarm", + "bind", + "brk", + "capget", + "capset", + "chdir", + "chmod", + "chown", + "chown32", + "clock_getres", + "clock_gettime", + "clock_nanosleep", + "close", + "connect", + "copy_file_range", + "creat", + "dup", + "dup2", + "dup3", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", + "epoll_wait", + "epoll_wait_old", + "eventfd", + "eventfd2", + "execve", + "execveat", + "exit", + "exit_group", + "faccessat", + "fadvise64", + "fadvise64_64", + "fallocate", + "fanotify_mark", + "fchdir", + "fchmod", + "fchmodat", + "fchown", + "fchown32", + "fchownat", + "fcntl", + "fcntl64", + "fdatasync", + "fgetxattr", + "flistxattr", + "flock", + "fork", + "fremovexattr", + "fsetxattr", + "fstat", + "fstat64", + "fstatat64", + "fstatfs", + "fstatfs64", + "fsync", + "ftruncate", + "ftruncate64", + "futex", + "futimesat", + "getcpu", + "getcwd", + "getdents", + "getdents64", + "getegid", + "getegid32", + "geteuid", + "geteuid32", + "getgid", + "getgid32", + "getgroups", + "getgroups32", + "getitimer", + "getpeername", + "getpgid", + "getpgrp", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresgid32", + "getresuid", + "getresuid32", + "getrlimit", + "get_robust_list", + "getrusage", + "getsid", + "getsockname", + "getsockopt", + "get_thread_area", + "gettid", + "gettimeofday", + "getuid", + "getuid32", + "getxattr", + "inotify_add_watch", + "inotify_init", + "inotify_init1", + "inotify_rm_watch", + "io_cancel", + "ioctl", + "io_destroy", + "io_getevents", + "ioprio_get", + "ioprio_set", + "io_setup", + "io_submit", + "ipc", + "kill", + "lchown", + "lchown32", + "lgetxattr", + "link", + "linkat", + "listen", + "listxattr", + "llistxattr", + "_llseek", + "lremovexattr", + "lseek", + "lsetxattr", + "lstat", + "lstat64", + "madvise", + "memfd_create", + "mincore", + "mkdir", + "mkdirat", + "mknod", + "mknodat", + "mlock", + "mlock2", + "mlockall", + "mmap", + "mmap2", + "mprotect", + "mq_getsetattr", + "mq_notify", + "mq_open", + "mq_timedreceive", + "mq_timedsend", + "mq_unlink", + "mremap", + "msgctl", + "msgget", + "msgrcv", + "msgsnd", + "msync", + "munlock", + "munlockall", + "munmap", + "nanosleep", + "newfstatat", + "_newselect", + "open", + "openat", + "pause", + "pipe", + "pipe2", + "poll", + "ppoll", + "prctl", + "pread64", + "preadv", + "preadv2", + "prlimit64", + "pselect6", + "pwrite64", + "pwritev", + "pwritev2", + "read", + "readahead", + "readlink", + "readlinkat", + "readv", + "recv", + "recvfrom", + "recvmmsg", + "recvmsg", + "remap_file_pages", + "removexattr", + "rename", + "renameat", + "renameat2", + "restart_syscall", + "rmdir", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", + "rt_sigqueueinfo", + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_getattr", + "sched_getparam", + "sched_get_priority_max", + "sched_get_priority_min", + "sched_getscheduler", + "sched_rr_get_interval", + "sched_setaffinity", + "sched_setattr", + "sched_setparam", + "sched_setscheduler", + "sched_yield", + "seccomp", + "select", + "semctl", + "semget", + "semop", + "semtimedop", + "send", + "sendfile", + "sendfile64", + "sendmmsg", + "sendmsg", + "sendto", + "setfsgid", + "setfsgid32", + "setfsuid", + "setfsuid32", + "setgid", + "setgid32", + "setgroups", + "setgroups32", + "setitimer", + "setpgid", + "setpriority", + "setregid", + "setregid32", + "setresgid", + "setresgid32", + "setresuid", + "setresuid32", + "setreuid", + "setreuid32", + "setrlimit", + "set_robust_list", + "setsid", + "setsockopt", + "set_thread_area", + "set_tid_address", + "setuid", + "setuid32", + "setxattr", + "shmat", + "shmctl", + "shmdt", + "shmget", + "shutdown", + "sigaltstack", + "signalfd", + "signalfd4", + "sigreturn", + "socket", + "socketcall", + "socketpair", + "splice", + "stat", + "stat64", + "statfs", + "statfs64", + "symlink", + "symlinkat", + "sync", + "sync_file_range", + "syncfs", + "sysinfo", + "syslog", + "tee", + "tgkill", + "time", + "timer_create", + "timer_delete", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", + "timer_getoverrun", + "timer_gettime", + "timer_settime", + "times", + "tkill", + "truncate", + "truncate64", + "ugetrlimit", + "umask", + "uname", + "unlink", + "unlinkat", + "utime", + "utimensat", + "utimes", + "vfork", + "vmsplice", + "wait4", + "waitid", + "waitpid", + "write", + "writev", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0x0, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0x0008, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0x20000, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0x20008, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0xffffffff, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{ + "sync_file_range2", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"ppc64le"}, + }, + }, + { + Names: []string{ + "arm_fadvise64_64", + "arm_sync_file_range", + "sync_file_range2", + "breakpoint", + "cacheflush", + "set_tls", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"arm", "arm64"}, + }, + }, + { + Names: []string{ + "arch_prctl", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"amd64", "x32"}, + }, + }, + { + Names: []string{ + "modify_ldt", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"amd64", "x32", "x86"}, + }, + }, + { + Names: []string{ + "s390_pci_mmio_read", + "s390_pci_mmio_write", + "s390_runtime_instr", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"s390", "s390x"}, + }, + }, + { + Names: []string{ + "open_by_handle_at", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_DAC_READ_SEARCH"}, + }, + }, + { + Names: []string{ + "bpf", + "clone", + "fanotify_init", + "lookup_dcookie", + "mount", + "name_to_handle_at", + "perf_event_open", + "quotactl", + "setdomainname", + "sethostname", + "setns", + "umount", + "umount2", + "unshare", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_ADMIN"}, + }, + }, + { + Names: []string{ + "clone", + }, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET, + ValueTwo: 0, + Op: types.OpMaskedEqual, + }, + }, + Excludes: types.Filter{ + Caps: []string{"CAP_SYS_ADMIN"}, + Arches: []string{"s390", "s390x"}, + }, + }, + { + Names: []string{ + "clone", + }, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 1, + Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET, + ValueTwo: 0, + Op: types.OpMaskedEqual, + }, + }, + Comment: "s390 parameter ordering for clone is different", + Includes: types.Filter{ + Arches: []string{"s390", "s390x"}, + }, + Excludes: types.Filter{ + Caps: []string{"CAP_SYS_ADMIN"}, + }, + }, + { + Names: []string{ + "reboot", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_BOOT"}, + }, + }, + { + Names: []string{ + "chroot", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_CHROOT"}, + }, + }, + { + Names: []string{ + "delete_module", + "init_module", + "finit_module", + "query_module", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_MODULE"}, + }, + }, + { + Names: []string{ + "acct", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_PACCT"}, + }, + }, + { + Names: []string{ + "kcmp", + "process_vm_readv", + "process_vm_writev", + "ptrace", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_PTRACE"}, + }, + }, + { + Names: []string{ + "iopl", + "ioperm", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_RAWIO"}, + }, + }, + { + Names: []string{ + "settimeofday", + "stime", + "clock_settime", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_TIME"}, + }, + }, + { + Names: []string{ + "vhangup", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_TTY_CONFIG"}, + }, + }, + } + + return &types.Seccomp{ + DefaultAction: types.ActErrno, + ArchMap: arches(), + Syscalls: syscalls, + } +} diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go new file mode 100644 index 000000000..0130effa6 --- /dev/null +++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go @@ -0,0 +1,12 @@ +// +build linux,!seccomp + +package seccomp + +import ( + "github.com/docker/docker/api/types" +) + +// DefaultProfile returns a nil pointer on unsupported systems. +func DefaultProfile() *types.Seccomp { + return nil +} |