aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-x.papr.sh2
-rw-r--r--Makefile2
-rw-r--r--README.md74
-rw-r--r--cmd/podman/create.go17
-rw-r--r--cmd/podman/ps.go2
-rw-r--r--cmd/podman/rm.go7
-rw-r--r--cmd/podman/run_test.go38
-rw-r--r--cmd/podman/spec.go40
-rw-r--r--commands.md42
-rw-r--r--docs/tutorials/podman_tutorial.md (renamed from podman_tutorial.md)0
-rw-r--r--docs/tutorials/tutorials.md9
-rw-r--r--libpod/runtime.go4
-rw-r--r--test/podman_attach.bats6
-rw-r--r--test/podman_commit.bats72
-rw-r--r--test/podman_diff.bats1
-rw-r--r--test/podman_export.bats6
-rw-r--r--test/podman_images.bats2
-rw-r--r--test/podman_inspect.bats6
-rw-r--r--test/podman_kill.bats36
-rw-r--r--test/podman_load.bats32
-rw-r--r--test/podman_logs.bats18
-rw-r--r--test/podman_mount.bats10
-rw-r--r--test/podman_pause.bats48
-rw-r--r--test/podman_ps.bats78
-rw-r--r--test/podman_pull.bats42
-rw-r--r--test/podman_push.bats16
-rw-r--r--test/podman_rm.bats6
-rw-r--r--test/podman_run.bats26
-rw-r--r--test/podman_save.bats12
-rw-r--r--test/podman_stop.bats28
-rw-r--r--test/podman_tag.bats18
-rw-r--r--test/podman_top.bats6
-rw-r--r--test/podman_version.bats2
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/generate.go32
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/seccomp.go160
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go639
-rw-r--r--vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go12
37 files changed, 1209 insertions, 342 deletions
diff --git a/.papr.sh b/.papr.sh
index b69576ce3..a7aa119ce 100755
--- a/.papr.sh
+++ b/.papr.sh
@@ -46,7 +46,7 @@ if test -z "${INSIDE_CONTAINER:-}"; then
-e PYTHON=$PYTHON \
${IMAGE} /go/src/github.com/projectatomic/libpod/.papr.sh
systemd-detect-virt
- ./test/test_runner.sh
+ script -qefc ./test/test_runner.sh
exit 0
fi
diff --git a/Makefile b/Makefile
index 807499f18..c6e44a622 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ PREFIX ?= ${DESTDIR}/usr/local
BINDIR ?= ${PREFIX}/bin
LIBEXECDIR ?= ${PREFIX}/libexec
MANDIR ?= ${PREFIX}/share/man
-ETCDIR ?= /etc
+ETCDIR ?= ${DESTDIR}/etc
ETCDIR_LIBPOD ?= ${ETCDIR}/crio
BUILDTAGS ?= seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) $(shell hack/btrfs_installed_tag.sh) $(shell hack/ostree_tag.sh) $(shell hack/selinux_tag.sh)
diff --git a/README.md b/README.md
index 5b445033b..df0c0b5bb 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
![PODMAN logo](https://cdn.rawgit.com/kubernetes-incubator/cri-o/master/logo/crio-logo.svg)
# libpod - library for running OCI-based containers in Pods
-### Status: Development
+### Status: Active Development
## What is the scope of this project?
@@ -28,65 +28,29 @@ The plan is to use OCI projects and best of breed libraries for different aspect
- Storage: Storage and management of image layers using [containers/storage](https://github.com/containers/storage)
- Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni)
-libpod is currently in active development.
-
-## Commands
-| Command | Description | Demo|
-| :------------------------------------------------------- | :------------------------------------------------------------------------ | :----|
-| [podman(1)](/docs/podman.1.md) | Simple management tool for pods and images ||
-| [podman-attach(1)](/docs/podman-attach.1.md) | Attach to a running container |[![...](/docs/play.png)](https://asciinema.org/a/XDlocUrHVETFECg4zlO9nBbLf)|
-| [podman-build(1)](/docs/podman-build.1.md) | Build an image using instructions from Dockerfiles ||
-| [podman-commit(1)](/docs/podman-commit.1.md) | Create new image based on the changed container ||
-| [podman-cp(1)](/docs/podman-cp.1.md) | Instead of providing a `podman cp` command, the man page `podman-cp` describes how to use the `podman mount` command to have even more flexibility and functionality||
-| [podman-create(1)](/docs/podman-create.1.md) | Create a new container ||
-| [podman-diff(1)](/docs/podman-diff.1.md) | Inspect changes on a container or image's filesystem |[![...](/docs/play.png)](https://asciinema.org/a/FXfWB9CKYFwYM4EfqW3NSZy1G)|
-| [podman-exec(1)](/docs/podman-exec.1.md) | Execute a command in a running container
-| [podman-export(1)](/docs/podman-export.1.md) | Export container's filesystem contents as a tar archive |[![...](/docs/play.png)](https://asciinema.org/a/913lBIRAg5hK8asyIhhkQVLtV)|
-| [podman-history(1)](/docs/podman-history.1.md) | Shows the history of an image |[![...](/docs/play.png)](https://asciinema.org/a/bCvUQJ6DkxInMELZdc5DinNSx)|
-| [podman-images(1)](/docs/podman-images.1.md) | List images in local storage |[![...](/docs/play.png)](https://asciinema.org/a/133649)|
-| [podman-import(1)](/docs/podman-import.1.md) | Import a tarball and save it as a filesystem image ||
-| [podman-info(1)](/docs/podman-info.1.md) | Display system information |[![...](/docs/play.png)](https://asciinema.org/a/yKbi5fQ89y5TJ8e1RfJd4ivTD)|
-| [podman-inspect(1)](/docs/podman-inspect.1.md) | Display the configuration of a container or image |[![...](/docs/play.png)](https://asciinema.org/a/133418)|
-| [podman-kill(1)](/docs/podman-kill.1.md) | Kill the main process in one or more running containers |[![...](/docs/play.png)](https://asciinema.org/a/3jNos0A5yzO4hChu7ddKkUPw7)|
-| [podman-load(1)](/docs/podman-load.1.md) | Load an image from docker archive or oci |[![...](/docs/play.png)](https://asciinema.org/a/kp8kOaexEhEa20P1KLZ3L5X4g)|
-| [podman-login(1)](/docs/podman-login.1.md) | Login to a container registry |[![...](/docs/play.png)](https://asciinema.org/a/oNiPgmfo1FjV2YdesiLpvihtV)|
-| [podman-logout(1)](/docs/podman-logout.1.md) | Logout of a container registry |[![...](/docs/play.png)](https://asciinema.org/a/oNiPgmfo1FjV2YdesiLpvihtV)|
-| [podman-logs(1)](/docs/podman-logs.1.md) | Display the logs of a container |[![...](/docs/play.png)](https://asciinema.org/a/MZPTWD5CVs3dMREkBxQBY9C5z)|
-| [podman-mount(1)](/docs/podman-mount.1.md) | Mount a working container's root filesystem |[![...](/docs/play.png)](https://asciinema.org/a/YSP6hNvZo0RGeMHDA97PhPAf3)|
-| [podman-pause(1)](/docs/podman-pause.1.md) | Pause one or more running containers |[![...](/docs/play.png)](https://asciinema.org/a/141292)|
-| [podman-ps(1)](/docs/podman-ps.1.md) | Prints out information about containers |[![...](/docs/play.png)](https://asciinema.org/a/bbT41kac6CwZ5giESmZLIaTLR)|
-| [podman-pull(1)](/docs/podman-pull.1.md) | Pull an image from a registry |[![...](/docs/play.png)](https://asciinema.org/a/lr4zfoynHJOUNu1KaXa1dwG2X)|
-| [podman-push(1)](/docs/podman-push.1.md) | Push an image to a specified destination |[![...](/docs/play.png)](https://asciinema.org/a/133276)|
-| [podman-rm(1)](/docs/podman-rm.1.md) | Removes one or more containers |[![...](/docs/play.png)](https://asciinema.org/a/7EMk22WrfGtKWmgHJX9Nze1Qp)|
-| [podman-rmi(1)](/docs/podman-rmi.1.md) | Removes one or more images |[![...](/docs/play.png)](https://asciinema.org/a/133799)|
-| [podman-save(1)](/docs/podman-save.1.md) | Saves an image to an archive |[![...](/docs/play.png)](https://asciinema.org/a/kp8kOaexEhEa20P1KLZ3L5X4g)|
-| [podman-start(1)](/docs/podman-start.1.md) | Starts one or more containers
-| [podman-stats(1)](/docs/podman-stats.1.md) | Display a live stream of one or more containers' resource usage statistics|[![...](/docs/play.png)](https://asciinema.org/a/vfUPbAA5tsNWhsfB9p25T6xdr)|
-| [podman-stop(1)](/docs/podman-stop.1.md) | Stops one or more running containers |[![...](/docs/play.png)](https://asciinema.org/a/KNRF9xVXeaeNTNjBQVogvZBcp)|
-| [podman-tag(1)](/docs/podman-tag.1.md) | Add an additional name to a local image |[![...](/docs/play.png)](https://asciinema.org/a/133803)|
-| [podman-top(1)](/docs/podman-top.1.md) | Display the running processes of a container |[![...](/docs/play.png)](https://asciinema.org/a/5WCCi1LXwSuRbvaO9cBUYf3fk)|
-| [podman-umount(1)](/docs/podman-umount.1.md) | Unmount a working container's root filesystem |[![...](/docs/play.png)](https://asciinema.org/a/MZPTWD5CVs3dMREkBxQBY9C5z)|
-| [podman-unpause(1)](/docs/podman-unpause.1.md) | Unpause one or more running containers |[![...](/docs/play.png)](https://asciinema.org/a/141292)|
-| [podman-version(1)](/docs/podman-version.1.md) | Display the version information |[![...](/docs/play.png)](https://asciinema.org/a/mfrn61pjZT9Fc8L4NbfdSqfgu)|
-| [podman-wait(1)](/docs/podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes |[![...](/docs/play.png)](https://asciinema.org/a/QNPGKdjWuPgI96GcfkycQtah0)|
-
-## OCI Hooks Support
-
-[PODMAN configures OCI Hooks to run when launching a container](./hooks.md)
-
-## PODMAN Usage Transfer
-
-[Useful information for ops and dev transfer as it relates to infrastructure that utilizes PODMAN](/transfer.md)
-
-## Communication
+## Podman Information for Developers
+
+**[Installation notes](/install.md)**
+Information on how to install Podman in your environment.
+
+**[OCI Hooks Support](/hooks.md)**
+Information on how Podman configures OCI Hooks to run when launching a container.
+
+**[Podman Commands](/commands.md)**
+A list of the Podman commands with links to their man pages and in many cases videos showing the commands in use.
+
+**[Podman Usage Transfer](/transfer.md)**
+Useful information for ops and dev transfer as it relates to infrastructure that utilizes Podman. This page includes tables showing Docker commands and their Podman equivalent commands.
+
+**[Tutorials](docs/tutorials/tutorials.md)**
+Tutorials on the Podman utility.
+
+## Communication with Fellow Developers
For async communication and long running discussions please use issues and pull requests on the github repo. This will be the best place to discuss design and implementation.
For sync communication we have an IRC channel #PODMAN, on chat.freenode.net, that everyone is welcome to join and chat about development.
-## [Podman tutorial](podman_tutorial.md)
-For more information on how to build, install, and use podman, check out the [podman tutorial](podman_tutorial.md).
-
### Current Roadmap
1. Basic pod/container lifecycle, basic image pull (done)
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 7ee364fab..262be129c 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -218,8 +218,6 @@ func createCmd(c *cli.Context) error {
return nil
}
-const seccompDefaultPath = "/etc/crio/seccomp.json"
-
func parseSecurityOpt(config *createConfig, securityOpts []string) error {
var (
labelOpts []string
@@ -269,12 +267,19 @@ func parseSecurityOpt(config *createConfig, securityOpts []string) error {
}
if config.SeccompProfilePath == "" {
- if _, err := os.Stat(seccompDefaultPath); err != nil {
+ if _, err := os.Stat(libpod.SeccompOverridePath); err == nil {
+ config.SeccompProfilePath = libpod.SeccompOverridePath
+ } else {
if !os.IsNotExist(err) {
- return errors.Wrapf(err, "can't check if %q exists", seccompDefaultPath)
+ return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath)
+ }
+ if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil {
+ if !os.IsNotExist(err) {
+ return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath)
+ }
+ } else {
+ config.SeccompProfilePath = libpod.SeccompDefaultPath
}
- } else {
- config.SeccompProfilePath = seccompDefaultPath
}
}
config.ProcessLabel, config.MountLabel, err = label.InitLabels(labelOpts)
diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go
index c674c9d1e..944664c68 100644
--- a/cmd/podman/ps.go
+++ b/cmd/podman/ps.go
@@ -412,7 +412,7 @@ func getTemplateOutput(containers []*libpod.Container, opts psOptions) ([]psTemp
status = "Up " + runningFor + " ago"
case libpod.ContainerStatePaused:
status = "Paused"
- case libpod.ContainerStateCreated:
+ case libpod.ContainerStateCreated, libpod.ContainerStateConfigured:
status = "Created"
default:
status = "Dead"
diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go
index 8dd3475c0..182089e8e 100644
--- a/cmd/podman/rm.go
+++ b/cmd/podman/rm.go
@@ -80,13 +80,6 @@ func rmCmd(c *cli.Context) error {
}
}
for _, container := range delContainers {
- if err != nil {
- if lastError != nil {
- fmt.Fprintln(os.Stderr, lastError)
- }
- lastError = errors.Wrapf(err, "failed to find container %s", container.ID())
- continue
- }
err = runtime.RemoveContainer(container, c.Bool("force"))
if err != nil {
if lastError != nil {
diff --git a/cmd/podman/run_test.go b/cmd/podman/run_test.go
index f083b39af..b82df86db 100644
--- a/cmd/podman/run_test.go
+++ b/cmd/podman/run_test.go
@@ -66,11 +66,24 @@ func createCLI() cli.App {
return a
}
-func getRuntimeSpec(c *cli.Context) *spec.Spec {
- runtime, _ := getRuntime(c)
- createConfig, _ := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData())
- runtimeSpec, _ := createConfigToOCISpec(createConfig)
- return runtimeSpec
+func getRuntimeSpec(c *cli.Context) (*spec.Spec, error) {
+ /*
+ TODO: This test has never worked. Need to install content
+ runtime, err := getRuntime(c)
+ if err != nil {
+ return nil, err
+ }
+ createConfig, err := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData())
+ */
+ createConfig, err := parseCreateOpts(c, nil, "alpine", generateAlpineImageData())
+ if err != nil {
+ return nil, err
+ }
+ runtimeSpec, err := createConfigToOCISpec(createConfig)
+ if err != nil {
+ return nil, err
+ }
+ return runtimeSpec, nil
}
// TestPIDsLimit verifies the inputed pid-limit is correctly defined in the spec
@@ -78,7 +91,10 @@ func TestPIDsLimit(t *testing.T) {
a := createCLI()
args := []string{"--pids-limit", "22"}
a.Run(append(cmd, args...))
- runtimeSpec := getRuntimeSpec(CLI)
+ runtimeSpec, err := getRuntimeSpec(CLI)
+ if err != nil {
+ t.Fatalf(err.Error())
+ }
assert.Equal(t, runtimeSpec.Linux.Resources.Pids.Limit, int64(22))
}
@@ -87,7 +103,10 @@ func TestBLKIOWeightDevice(t *testing.T) {
a := createCLI()
args := []string{"--blkio-weight-device", "/dev/sda:100"}
a.Run(append(cmd, args...))
- runtimeSpec := getRuntimeSpec(CLI)
+ runtimeSpec, err := getRuntimeSpec(CLI)
+ if err != nil {
+ t.Fatalf(err.Error())
+ }
assert.Equal(t, *runtimeSpec.Linux.Resources.BlockIO.WeightDevice[0].Weight, uint16(100))
}
@@ -96,7 +115,10 @@ func TestMemorySwap(t *testing.T) {
a := createCLI()
args := []string{"--memory-swap", "45m", "--memory", "40m"}
a.Run(append(cmd, args...))
- runtimeSpec := getRuntimeSpec(CLI)
+ runtimeSpec, err := getRuntimeSpec(CLI)
+ if err != nil {
+ t.Fatalf(err.Error())
+ }
mem, _ := units.RAMInBytes("45m")
assert.Equal(t, *runtimeSpec.Linux.Resources.Memory.Swap, mem)
}
diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go
index df1c54d50..59ea5685a 100644
--- a/cmd/podman/spec.go
+++ b/cmd/podman/spec.go
@@ -1,13 +1,13 @@
package main
import (
- "encoding/json"
"io/ioutil"
"strings"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/docker/docker/daemon/caps"
"github.com/docker/docker/pkg/mount"
+ "github.com/docker/docker/profiles/seccomp"
"github.com/docker/go-units"
"github.com/opencontainers/runc/libcontainer/devices"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -290,16 +290,31 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
}
configSpec := g.Spec()
- if config.SeccompProfilePath != "" && config.SeccompProfilePath != "unconfined" {
- seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath)
- if err != nil {
- return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath)
- }
- var seccompConfig spec.LinuxSeccomp
- if err := json.Unmarshal(seccompProfile, &seccompConfig); err != nil {
- return nil, errors.Wrapf(err, "decoding seccomp profile (%s) failed", config.SeccompProfilePath)
+ // HANDLE CAPABILITIES
+ // NOTE: Must happen before SECCOMP
+ if err := setupCapabilities(config, configSpec); err != nil {
+ return nil, err
+ }
+
+ // HANDLE SECCOMP
+ if config.SeccompProfilePath != "unconfined" {
+ if config.SeccompProfilePath != "" {
+ seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath)
+ if err != nil {
+ return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath)
+ }
+ seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), configSpec)
+ if err != nil {
+ return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath)
+ }
+ configSpec.Linux.Seccomp = seccompConfig
+ } else {
+ seccompConfig, err := seccomp.GetDefaultProfile(configSpec)
+ if err != nil {
+ return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath)
+ }
+ configSpec.Linux.Seccomp = seccompConfig
}
- configSpec.Linux.Seccomp = &seccompConfig
}
// BIND MOUNTS
@@ -319,11 +334,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
}
}
- // HANDLE CAPABILITIES
- if err := setupCapabilities(config, configSpec); err != nil {
- return nil, err
- }
-
// BLOCK IO
blkio, err := config.CreateBlockIO()
if err != nil {
diff --git a/commands.md b/commands.md
new file mode 100644
index 000000000..7ce60d309
--- /dev/null
+++ b/commands.md
@@ -0,0 +1,42 @@
+![PODMAN logo](https://cdn.rawgit.com/kubernetes-incubator/cri-o/master/logo/crio-logo.svg)
+# libpod - library for running OCI-based containers in Pods
+
+## Podman Commands
+| Command | Description | Demo|
+| :------------------------------------------------------- | :------------------------------------------------------------------------ | :----|
+| [podman(1)](/docs/podman.1.md) | Simple management tool for pods and images ||
+| [podman-attach(1)](/docs/podman-attach.1.md) | Attach to a running container |[![...](/docs/play.png)](https://asciinema.org/a/XDlocUrHVETFECg4zlO9nBbLf)|
+| [podman-build(1)](/docs/podman-build.1.md) | Build an image using instructions from Dockerfiles ||
+| [podman-commit(1)](/docs/podman-commit.1.md) | Create new image based on the changed container ||
+| [podman-cp(1)](/docs/podman-cp.1.md) | Instead of providing a `podman cp` command, the man page `podman-cp` describes how to use the `podman mount` command to have even more flexibility and functionality||
+| [podman-create(1)](/docs/podman-create.1.md) | Create a new container ||
+| [podman-diff(1)](/docs/podman-diff.1.md) | Inspect changes on a container or image's filesystem |[![...](/docs/play.png)](https://asciinema.org/a/FXfWB9CKYFwYM4EfqW3NSZy1G)|
+| [podman-exec(1)](/docs/podman-exec.1.md) | Execute a command in a running container
+| [podman-export(1)](/docs/podman-export.1.md) | Export container's filesystem contents as a tar archive |[![...](/docs/play.png)](https://asciinema.org/a/913lBIRAg5hK8asyIhhkQVLtV)|
+| [podman-history(1)](/docs/podman-history.1.md) | Shows the history of an image |[![...](/docs/play.png)](https://asciinema.org/a/bCvUQJ6DkxInMELZdc5DinNSx)|
+| [podman-images(1)](/docs/podman-images.1.md) | List images in local storage |[![...](/docs/play.png)](https://asciinema.org/a/133649)|
+| [podman-import(1)](/docs/podman-import.1.md) | Import a tarball and save it as a filesystem image ||
+| [podman-info(1)](/docs/podman-info.1.md) | Display system information |[![...](/docs/play.png)](https://asciinema.org/a/yKbi5fQ89y5TJ8e1RfJd4ivTD)|
+| [podman-inspect(1)](/docs/podman-inspect.1.md) | Display the configuration of a container or image |[![...](/docs/play.png)](https://asciinema.org/a/133418)|
+| [podman-kill(1)](/docs/podman-kill.1.md) | Kill the main process in one or more running containers |[![...](/docs/play.png)](https://asciinema.org/a/3jNos0A5yzO4hChu7ddKkUPw7)|
+| [podman-load(1)](/docs/podman-load.1.md) | Load an image from docker archive or oci |[![...](/docs/play.png)](https://asciinema.org/a/kp8kOaexEhEa20P1KLZ3L5X4g)|
+| [podman-login(1)](/docs/podman-login.1.md) | Login to a container registry |[![...](/docs/play.png)](https://asciinema.org/a/oNiPgmfo1FjV2YdesiLpvihtV)|
+| [podman-logout(1)](/docs/podman-logout.1.md) | Logout of a container registry |[![...](/docs/play.png)](https://asciinema.org/a/oNiPgmfo1FjV2YdesiLpvihtV)|
+| [podman-logs(1)](/docs/podman-logs.1.md) | Display the logs of a container |[![...](/docs/play.png)](https://asciinema.org/a/MZPTWD5CVs3dMREkBxQBY9C5z)|
+| [podman-mount(1)](/docs/podman-mount.1.md) | Mount a working container's root filesystem |[![...](/docs/play.png)](https://asciinema.org/a/YSP6hNvZo0RGeMHDA97PhPAf3)|
+| [podman-pause(1)](/docs/podman-pause.1.md) | Pause one or more running containers |[![...](/docs/play.png)](https://asciinema.org/a/141292)|
+| [podman-ps(1)](/docs/podman-ps.1.md) | Prints out information about containers |[![...](/docs/play.png)](https://asciinema.org/a/bbT41kac6CwZ5giESmZLIaTLR)|
+| [podman-pull(1)](/docs/podman-pull.1.md) | Pull an image from a registry |[![...](/docs/play.png)](https://asciinema.org/a/lr4zfoynHJOUNu1KaXa1dwG2X)|
+| [podman-push(1)](/docs/podman-push.1.md) | Push an image to a specified destination |[![...](/docs/play.png)](https://asciinema.org/a/133276)|
+| [podman-rm(1)](/docs/podman-rm.1.md) | Removes one or more containers |[![...](/docs/play.png)](https://asciinema.org/a/7EMk22WrfGtKWmgHJX9Nze1Qp)|
+| [podman-rmi(1)](/docs/podman-rmi.1.md) | Removes one or more images |[![...](/docs/play.png)](https://asciinema.org/a/133799)|
+| [podman-save(1)](/docs/podman-save.1.md) | Saves an image to an archive |[![...](/docs/play.png)](https://asciinema.org/a/kp8kOaexEhEa20P1KLZ3L5X4g)|
+| [podman-start(1)](/docs/podman-start.1.md) | Starts one or more containers
+| [podman-stats(1)](/docs/podman-stats.1.md) | Display a live stream of one or more containers' resource usage statistics|[![...](/docs/play.png)](https://asciinema.org/a/vfUPbAA5tsNWhsfB9p25T6xdr)|
+| [podman-stop(1)](/docs/podman-stop.1.md) | Stops one or more running containers |[![...](/docs/play.png)](https://asciinema.org/a/KNRF9xVXeaeNTNjBQVogvZBcp)|
+| [podman-tag(1)](/docs/podman-tag.1.md) | Add an additional name to a local image |[![...](/docs/play.png)](https://asciinema.org/a/133803)|
+| [podman-top(1)](/docs/podman-top.1.md) | Display the running processes of a container |[![...](/docs/play.png)](https://asciinema.org/a/5WCCi1LXwSuRbvaO9cBUYf3fk)|
+| [podman-umount(1)](/docs/podman-umount.1.md) | Unmount a working container's root filesystem |[![...](/docs/play.png)](https://asciinema.org/a/MZPTWD5CVs3dMREkBxQBY9C5z)|
+| [podman-unpause(1)](/docs/podman-unpause.1.md) | Unpause one or more running containers |[![...](/docs/play.png)](https://asciinema.org/a/141292)|
+| [podman-version(1)](/docs/podman-version.1.md) | Display the version information |[![...](/docs/play.png)](https://asciinema.org/a/mfrn61pjZT9Fc8L4NbfdSqfgu)|
+| [podman-wait(1)](/docs/podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes |[![...](/docs/play.png)](https://asciinema.org/a/QNPGKdjWuPgI96GcfkycQtah0)|
diff --git a/podman_tutorial.md b/docs/tutorials/podman_tutorial.md
index 619e83c35..619e83c35 100644
--- a/podman_tutorial.md
+++ b/docs/tutorials/podman_tutorial.md
diff --git a/docs/tutorials/tutorials.md b/docs/tutorials/tutorials.md
new file mode 100644
index 000000000..6ada366c0
--- /dev/null
+++ b/docs/tutorials/tutorials.md
@@ -0,0 +1,9 @@
+![PODMAN logo](https://cdn.rawgit.com/kubernetes-incubator/cri-o/master/logo/crio-logo.svg)
+
+# Podman Tutorials
+
+## Links to a number of useful tutorials for the Podman utility.
+
+**[Introduction Tutorial](https://github.com/projectatomic/libpod/tree/master/docs/tutorials/podman_tutorial.md)**
+
+Learn how to setup Podman and perform some basic commands with the utility.
diff --git a/libpod/runtime.go b/libpod/runtime.go
index d0362ec79..804f69c9e 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -27,6 +27,10 @@ const (
InMemoryStateStore RuntimeStateStore = iota
// SQLiteStateStore is a state backed by a SQLite database
SQLiteStateStore RuntimeStateStore = iota
+ // SeccompDefaultPath defines the default seccomp path
+ SeccompDefaultPath = "/usr/share/containers/seccomp.json"
+ // SeccompOverridePath if this exists it overrides the default seccomp path
+ SeccompOverridePath = "/etc/crio/seccomp.json"
)
// A RuntimeOption is a functional option which alters the Runtime created by
diff --git a/test/podman_attach.bats b/test/podman_attach.bats
index 8676b2e43..605a44789 100644
--- a/test/podman_attach.bats
+++ b/test/podman_attach.bats
@@ -11,14 +11,14 @@ function setup() {
}
@test "attach to a bogus container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar
echo "$output"
[ "$status" -eq 125 ]
}
@test "attach to non-running container" {
${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name foobar -d -i ${ALPINE} ls
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar
echo "$output"
[ "$status" -eq 125 ]
}
@@ -26,7 +26,7 @@ function setup() {
@test "attach to multiple containers" {
${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name foobar1 -d -i ${ALPINE} /bin/sh
${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name foobar2 -d -i ${ALPINE} /bin/sh
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar1 foobar2"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar1 foobar2
echo "$output"
[ "$status" -eq 125 ]
}
diff --git a/test/podman_commit.bats b/test/podman_commit.bats
index 9257743e9..45c2b010e 100644
--- a/test/podman_commit.bats
+++ b/test/podman_commit.bats
@@ -13,109 +13,85 @@ function setup() {
}
@test "podman commit default" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed"
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed
echo "$output"
[ "$status" -eq 0 ]
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr
}
@test "podman commit with message flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --message testing-commit my_ctr image-committed"
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --message testing-commit my_ctr image-committed
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep testing-commit"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr"
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed
echo "$output"
[ "$status" -eq 0 ]
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr
}
@test "podman commit with author flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --author author-name my_ctr image-committed"
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --author author-name my_ctr image-committed
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep author-name"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed
echo "$output"
[ "$status" -eq 0 ]
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr
}
@test "podman commit with change flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --change LABEL=image=blue my_ctr image-committed"
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --change LABEL=image=blue my_ctr image-committed
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep blue"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed
echo "$output"
[ "$status" -eq 0 ]
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr
}
@test "podman commit with pause flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --pause=false my_ctr image-committed"
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --pause=false my_ctr image-committed
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed
echo "$output"
[ "$status" -eq 0 ]
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr
}
@test "podman commit non-running container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name my_ctr ${FEDORA_MINIMAL} ls"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed"
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name my_ctr ${FEDORA_MINIMAL} ls
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed"
- echo "$output"
- [ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm my_ctr"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed
echo "$output"
[ "$status" -eq 0 ]
+ ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm my_ctr
}
diff --git a/test/podman_diff.bats b/test/podman_diff.bats
index 9ed088807..ed1a17309 100644
--- a/test/podman_diff.bats
+++ b/test/podman_diff.bats
@@ -23,7 +23,6 @@ function teardown() {
}
@test "test diff with json output" {
- # run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} diff --format json $IMAGE | python -m json.tool"
run ${PODMAN_BINARY} $PODMAN_OPTIONS diff --format json $BB
echo "$output"
[ "$status" -eq 0 ]
diff --git a/test/podman_export.bats b/test/podman_export.bats
index 3847ab14c..40fc7bb4f 100644
--- a/test/podman_export.bats
+++ b/test/podman_export.bats
@@ -11,14 +11,14 @@ function setup() {
}
@test "podman export output flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} export -o container.tar $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} export -o container.tar $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id
echo "$output"
[ "$status" -eq 0 ]
rm -f container.tar
diff --git a/test/podman_images.bats b/test/podman_images.bats
index 3ea8af793..5812e8f8b 100644
--- a/test/podman_images.bats
+++ b/test/podman_images.bats
@@ -10,7 +10,7 @@ function setup() {
copy_images
}
@test "podman images" {
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} images
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} images
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_inspect.bats b/test/podman_inspect.bats
index 9f9336f48..19e5a0a9b 100644
--- a/test/podman_inspect.bats
+++ b/test/podman_inspect.bats
@@ -23,11 +23,11 @@ function setup() {
}
@test "podman inspect with format" {
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS inspect --format {{.ID}} ${ALPINE}
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS inspect --format {{.ID}} ${ALPINE}
echo "$output"
[ "$status" -eq 0 ]
inspectOutput="$output"
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS images --no-trunc --quiet ${ALPINE}
+ bash -c run ${PODMAN_BINARY} $PODMAN_OPTIONS images --no-trunc --quiet ${ALPINE} | sed -e 's/sha256://g'
echo "$output"
[ "$status" -eq 0 ]
[ "$output" = "$inspectOutput" ]
@@ -42,7 +42,7 @@ function setup() {
}
@test "podman inspect container with size" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create ${BB} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create ${BB} ls
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS inspect --size -l | python -m json.tool | grep SizeRootFs"
diff --git a/test/podman_kill.bats b/test/podman_kill.bats
index bb55ed31d..f24bd0971 100644
--- a/test/podman_kill.bats
+++ b/test/podman_kill.bats
@@ -11,61 +11,61 @@ function setup() {
}
@test "kill a bogus container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill foobar"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill foobar
echo "$output"
[ "$status" -ne 0 ]
}
@test "kill a running container by id" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill $ctr_id
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
}
@test "kill a running container by id with TERM" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM $ctr_id
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc
[ "$status" -eq 0 ]
}
@test "kill a running container by name" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM test1"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM test1
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc
[ "$status" -eq 0 ]
}
@test "kill a running container by id with a bogus signal" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s foobar $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s foobar $ctr_id
[ "$status" -eq 125 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc
[ "$status" -eq 0 ]
}
@test "kill the latest container run" {
${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -l"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -l
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_load.bats b/test/podman_load.bats
index 6fe8638b6..ca93a5522 100644
--- a/test/podman_load.bats
+++ b/test/podman_load.bats
@@ -10,36 +10,36 @@ function teardown() {
cleanup_test
}
@test "podman load input flag" {
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar
echo "$output"
[ "$status" -eq 0 ]
rm -f alpine.tar
}
@test "podman load oci-archive image" {
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar
echo "$output"
[ "$status" -eq 0 ]
rm -f alpine.tar
}
@test "podman load oci-archive image with signature-policy" {
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
[ "$status" -eq 0 ]
cp /etc/containers/policy.json /tmp
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar
echo "$output"
[ "$status" -eq 0 ]
rm -f /tmp/policy.json
@@ -47,29 +47,29 @@ function teardown() {
}
@test "podman load using quiet flag" {
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -q -i alpine.tar
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -q -i alpine.tar
echo "$output"
[ "$status" -eq 0 ]
rm -f alpine.tar
}
@test "podman load directory" {
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alp-dir
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alp-dir
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alp-dir
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alp-dir
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_logs.bats b/test/podman_logs.bats
index 342ffac5e..e76bf665a 100644
--- a/test/podman_logs.bats
+++ b/test/podman_logs.bats
@@ -11,41 +11,41 @@ function setup() {
}
@test "display logs for container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "tail three lines of logs for container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --tail 3 $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --tail 3 $ctr_id
echo "$output"
lines=$(echo "$output" | wc -l)
[ "$status" -eq 0 ]
[[ $(wc -l < "$output" ) -le 3 ]]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "display logs for container since a given time" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --since 2017-08-07T10:10:09.056611202-04:00 -l"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --since 2017-08-07T10:10:09.056611202-04:00 -l
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -l"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -l
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_mount.bats b/test/podman_mount.bats
index bc6be1a19..f3d04fb98 100644
--- a/test/podman_mount.bats
+++ b/test/podman_mount.bats
@@ -13,26 +13,26 @@ function setup() {
}
@test "mount" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount --notruncate | grep $ctr_id"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount --format=json | python -m json.tool | grep $ctr_id"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_pause.bats b/test/podman_pause.bats
index b8f0a8746..4e98eb130 100644
--- a/test/podman_pause.bats
+++ b/test/podman_pause.bats
@@ -11,102 +11,102 @@ function teardown() {
}
@test "pause a bogus container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause foobar"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause foobar
echo "$output"
[ "$status" -eq 125 ]
}
@test "unpause a bogus container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause foobar"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause foobar
echo "$output"
[ "$status" -eq 125 ]
}
@test "pause a created container by id" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60
echo "$output"
[ "$status" -eq 0 ]
ctr_id=`echo "$output" | tail -n 1`
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "pause a running container by id" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60
echo "$output"
[ "$status" -eq 0 ]
ctr_id=`echo "$output" | tail -n 1`
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "unpause a running container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60
echo "$output"
[ "$status" -eq 0 ]
ctr_id=`echo "$output" | tail -n 1`
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id
echo "$output"
[ "$status" -eq 125 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "remove a paused container by id" {
skip "Test needs to wait for --force to work for podman rm"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60
echo "$output"
[ "$status" -eq 0 ]
ctr_id=`echo "$output" | tail -n 1`
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id
echo "$output"
[ "$status" -eq 125 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm --force $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm --force $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "stop a paused container created by id" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60
echo "$output"
[ "$status" -eq 0 ]
ctr_id=`echo "$output" | tail -n 1`
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id
echo "$output"
[ "$status" -eq 125 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id
echo "$output"
[ "$status" -eq 0 ]
# Container should be running after unpause and shouldn't
# be removable without the force flag.
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id
echo "$output"
[ "$status" -eq 125 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_ps.bats b/test/podman_ps.bats
index b99c84304..8f2232cbf 100644
--- a/test/podman_ps.bats
+++ b/test/podman_ps.bats
@@ -12,92 +12,92 @@ function teardown() {
}
@test "podman ps with no containers" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps default" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps all flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps size flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --size"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --size
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps quiet flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
ctr_id="$output"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --quiet"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --quiet
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps latest flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --latest"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --latest
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps last flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${BB} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${BB} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls -s"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls -s
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --last 2"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --last 2
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps no-trunc flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --no-trunc"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --no-trunc
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps namespace flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --all --namespace"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --all --namespace
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps namespace flag and format flag = json" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json | python -m json.tool | grep namespace"
@@ -106,7 +106,7 @@ function teardown() {
}
@test "podman ps without namespace flag and format flag = json" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format json | python -m json.tool | grep namespace"
@@ -115,76 +115,76 @@ function teardown() {
}
@test "podman ps format flag = go template" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format 'table {{.ID}} {{.Image}} {{.Labels}}'"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format 'table {{.ID}} {{.Image}} {{.Labels}}'
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps filter flag - ancestor" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter ancestor=${ALPINE}"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter ancestor=${ALPINE}
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps filter flag - id" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps filter flag - status" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99
ctr_id="$output"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter status=running"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter status=running
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps short options" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99
ctr_id="$output"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aq"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aq
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman ps with mutually exclusive flags" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99
ctr_id="$output"
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aqs"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aqs
echo "$output"
[ "$status" -ne 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns -s"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns -s
echo "$output"
[ "$status" -ne 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns format {{.ID}}"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns format {{.ID}}
echo "$output"
[ "$status" -ne 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_pull.bats b/test/podman_pull.bats
index b0de1a8ab..4052d56d5 100644
--- a/test/podman_pull.bats
+++ b/test/podman_pull.bats
@@ -10,7 +10,7 @@ function teardown() {
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian:6.0.10
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian:6.0.10
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian:6.0.10
echo "$output"
[ "$status" -eq 0 ]
}
@@ -19,7 +19,7 @@ function teardown() {
run ${PODMAN_BINARY} $PODMAN_OPTIONS pull debian
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian
echo "$output"
[ "$status" -eq 0 ]
}
@@ -28,7 +28,7 @@ function teardown() {
run ${PODMAN_BINARY} $PODMAN_OPTIONS pull registry.fedoraproject.org/fedora:rawhide
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora:rawhide
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora:rawhide
echo "$output"
[ "$status" -eq 0 ]
}
@@ -37,7 +37,7 @@ function teardown() {
run ${PODMAN_BINARY} $PODMAN_OPTIONS pull registry.fedoraproject.org/fedora
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora
echo "$output"
[ "$status" -eq 0 ]
}
@@ -46,7 +46,7 @@ function teardown() {
run ${PODMAN_BINARY} $PODMAN_OPTIONS pull alpine@sha256:1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi alpine:latest
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi alpine:latest
echo "$output"
[ "$status" -eq 0 ]
}
@@ -61,7 +61,7 @@ function teardown() {
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:latest
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:latest
echo "$output"
[ "$status" -eq 0 ]
}
@@ -70,7 +70,7 @@ function teardown() {
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian:6.0.10
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:6.0.10
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:6.0.10
echo "$output"
[ "$status" -eq 0 ]
}
@@ -79,57 +79,57 @@ function teardown() {
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alp.tar alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alp.tar alpine
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull docker-archive:alp.tar
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull docker-archive:alp.tar
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
echo "$output"
[ "$status" -eq 0 ]
rm -f alp.tar
}
@test "podman pull from oci-archive" {
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-archive -o oci-alp.tar alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-archive -o oci-alp.tar alpine
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull oci-archive:oci-alp.tar
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull oci-archive:oci-alp.tar
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
echo "$output"
[ "$status" -eq 0 ]
rm -f oci-alp.tar
}
@test "podman pull from local directory" {
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine
echo "$output"
[ "$status" -eq 0 ]
run mkdir test_pull_dir
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} push alpine dir:test_pull_dir
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} push alpine dir:test_pull_dir
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull dir:test_pull_dir
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull dir:test_pull_dir
echo "$output"
[ "$status" -eq 0 ]
- run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi test_pull_dir
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi test_pull_dir
echo "$output"
[ "$status" -eq 0 ]
rm -rf test_pull_dir
diff --git a/test/podman_push.bats b/test/podman_push.bats
index 82798b3fc..8308f4e83 100644
--- a/test/podman_push.bats
+++ b/test/podman_push.bats
@@ -36,7 +36,7 @@ function setup() {
echo "$output"
[ "$status" -eq 0 ]
rm -rf /tmp/busybox
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
echo "$output"
[ "$status" -eq 0 ]
}
@@ -47,7 +47,7 @@ function setup() {
echo "--->"
[ "$status" -eq 0 ]
rm /tmp/busybox-archive
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
echo "$output"
[ "$status" -eq 0 ]
}
@@ -57,18 +57,18 @@ function setup() {
echo "$output"
[ "$status" -eq 0 ]
rm -f /tmp/oci-busybox.tar
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
echo "$output"
[ "$status" -eq 0 ]
}
@test "podman push without signatures" {
mkdir /tmp/busybox
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS push --remove-signatures $ALPINE dir:/tmp/busybox
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS push --remove-signatures $ALPINE dir:/tmp/busybox
echo "$output"
[ "$status" -eq 0 ]
rm -rf /tmp/busybox
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE
echo "$output"
[ "$status" -eq 0 ]
}
@@ -86,13 +86,13 @@ function setup() {
}
@test "push with manifest type conversion" {
- run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS push --format oci "${BB}" dir:my-dir"
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS push --format oci "${BB}" dir:my-dir
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "grep "application/vnd.oci.image.config.v1+json" my-dir/manifest.json"
+ run grep "application/vnd.oci.image.config.v1+json" my-dir/manifest.json
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS push --compress --format v2s2 "${BB}" dir:my-dir"
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS push --compress --format v2s2 "${BB}" dir:my-dir
echo "$output"
[ "$status" -eq 0 ]
run bash -c "grep "application/vnd.docker.distribution.manifest.v2+json" my-dir/manifest.json"
diff --git a/test/podman_rm.bats b/test/podman_rm.bats
index f6430711f..8382bb3fe 100644
--- a/test/podman_rm.bats
+++ b/test/podman_rm.bats
@@ -15,7 +15,7 @@ function teardown() {
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm "$ctr_id"
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rm "$ctr_id"
echo "$output"
[ "$status" -eq 0 ]
}
@@ -35,7 +35,7 @@ function teardown() {
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id"
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id"
echo "$output"
[ "$status" -eq 0 ]
}
@@ -45,7 +45,7 @@ function teardown() {
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id"
+ run ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id"
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_run.bats b/test/podman_run.bats
index 465468a5c..9fa048439 100644
--- a/test/podman_run.bats
+++ b/test/podman_run.bats
@@ -11,19 +11,19 @@ function setup() {
}
@test "run a container based on local image" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run $BB ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run $BB ls
echo "$output"
[ "$status" -eq 0 ]
}
@test "run a container based on local image with short options" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt $BB ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt $BB ls
echo "$output"
[ "$status" -eq 0 ]
}
@test "run a container based on a remote image" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${BB_GLIBC} ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${BB_GLIBC} ls
echo "$output"
[ "$status" -eq 0 ]
}
@@ -33,11 +33,11 @@ function setup() {
skip "SELinux not enabled"
fi
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current
echo "$output"
firstLabel=$output
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current
echo "$output"
[ "$output" != "${firstLabel}" ]
}
@@ -52,19 +52,19 @@ function setup() {
}
@test "run capabilities test" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} cat /proc/self/status"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} cat /proc/self/status
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add sys_admin ${ALPINE} cat /proc/self/status"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add sys_admin ${ALPINE} cat /proc/self/status
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} cat /proc/self/status"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} cat /proc/self/status
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop setuid ${ALPINE} cat /proc/self/status"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop setuid ${ALPINE} cat /proc/self/status
echo "$output"
[ "$status" -eq 0 ]
@@ -86,7 +86,7 @@ function setup() {
[ "$status" -eq 0 ]
[ "$output" = "BAR" ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --env FOO ${ALPINE} printenv"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --env FOO ${ALPINE} printenv
echo "$output"
[ "$status" -ne 0 ]
@@ -101,7 +101,7 @@ function setup() {
IMAGE="docker.io/library/fedora:latest"
@test "run limits test" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --ulimit rtprio=99 --cap-add=sys_nice ${IMAGE} cat /proc/self/sched"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --ulimit rtprio=99 --cap-add=sys_nice ${IMAGE} cat /proc/self/sched
echo $output
[ "$status" -eq 0 ]
@@ -115,7 +115,7 @@ IMAGE="docker.io/library/fedora:latest"
[ "$status" -eq 0 ]
[ "$output" = 1024 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --oom-kill-disable=true ${IMAGE} echo memory-hog"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --oom-kill-disable=true ${IMAGE} echo memory-hog
echo $output
[ "$status" -eq 0 ]
@@ -139,7 +139,7 @@ IMAGE="docker.io/library/fedora:latest"
}
@test "podman run with cidfile" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cidfile /tmp/cidfile $BB ls"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cidfile /tmp/cidfile $BB ls
echo "$output"
[ "$status" -eq 0 ]
run rm /tmp/cidfile
diff --git a/test/podman_save.bats b/test/podman_save.bats
index 27e627b8f..9c6fa8b86 100644
--- a/test/podman_save.bats
+++ b/test/podman_save.bats
@@ -11,14 +11,14 @@ function setup() {
}
@test "podman save output flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE
echo "$output"
[ "$status" -eq 0 ]
rm -f alpine.tar
}
@test "podman save oci flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE
echo "$output"
[ "$status" -eq 0 ]
rm -f alpine.tar
@@ -31,27 +31,27 @@ function setup() {
}
@test "podman save quiet flag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -q -o alpine.tar $ALPINE"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -q -o alpine.tar $ALPINE
echo "$output"
[ "$status" -eq 0 ]
rm -f alpine.tar
}
@test "podman save non-existent image" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar FOOBAR"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar FOOBAR
echo "$output"
[ "$status" -ne 0 ]
}
@test "podman save to directory wit oci format" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE
echo "$output"
[ "$status" -eq 0 ]
rm -rf alp-dir
}
@test "podman save to directory wit v2s2 (docker) format" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format docker-dir -o alp-dir $ALPINE"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format docker-dir -o alp-dir $ALPINE
echo "$output"
[ "$status" -eq 0 ]
rm -rf alp-dir
diff --git a/test/podman_stop.bats b/test/podman_stop.bats
index 839301435..7675ee9a9 100644
--- a/test/podman_stop.bats
+++ b/test/podman_stop.bats
@@ -11,46 +11,46 @@ function setup() {
}
@test "stop a bogus container" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop foobar"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop foobar
echo "$output"
[ "$status" -eq 125 ]
}
@test "stop a running container by id" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
}
@test "stop a running container by name" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop test1"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop test1
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps
[ "$status" -eq 0 ]
}
@test "stop all containers" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test2 -d ${ALPINE} sleep 9999"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test3 -d ${ALPINE} sleep 9999"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -a -t 1"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test2 -d ${ALPINE} sleep 9999
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test3 -d ${ALPINE} sleep 9999
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -a -t 1
echo "$output"
[ "$status" -eq 0 ]
}
@test "stop a container with latest" {
${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -t 1 -l"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -t 1 -l
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_tag.bats b/test/podman_tag.bats
index 024cf6295..749c3ae2c 100644
--- a/test/podman_tag.bats
+++ b/test/podman_tag.bats
@@ -11,33 +11,33 @@ function setup() {
}
@test "podman tag with shortname:latest" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:latest"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:latest
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest
[ "$status" -eq 0 ]
}
@test "podman tag with shortname" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest
[ "$status" -eq 0 ]
}
@test "podman tag with shortname:tag" {
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:v"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:v
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:v"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:v
echo "$output"
[ "$status" -eq 0 ]
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:v"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:v
[ "$status" -eq 0 ]
}
diff --git a/test/podman_top.bats b/test/podman_top.bats
index a8b92cd44..cfa037aa6 100644
--- a/test/podman_top.bats
+++ b/test/podman_top.bats
@@ -26,7 +26,7 @@ function setup() {
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create -d ${ALPINE} sleep 60
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id
echo "$output"
[ "$status" -eq 125 ]
}
@@ -36,7 +36,7 @@ function setup() {
[ "$status" -eq 0 ]
ctr_id="$output"
echo $ctr_id
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id
echo "$output"
[ "$status" -eq 0 ]
}
@@ -45,7 +45,7 @@ function setup() {
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 60
[ "$status" -eq 0 ]
ctr_id="$output"
- run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id -o fuser,f,comm,label"
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id -o fuser,f,comm,label
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/test/podman_version.bats b/test/podman_version.bats
index 0f959277b..a44da5943 100644
--- a/test/podman_version.bats
+++ b/test/podman_version.bats
@@ -7,7 +7,7 @@ function teardown() {
}
@test "podman version test" {
- run bash -c "${PODMAN_BINARY} version"
+ run ${PODMAN_BINARY} version
echo "$output"
[ "$status" -eq 0 ]
}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/generate.go b/vendor/github.com/docker/docker/profiles/seccomp/generate.go
new file mode 100644
index 000000000..32f22bb37
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/generate.go
@@ -0,0 +1,32 @@
+// +build ignore
+
+package main
+
+import (
+ "encoding/json"
+ "io/ioutil"
+ "os"
+ "path/filepath"
+
+ "github.com/docker/docker/profiles/seccomp"
+)
+
+// saves the default seccomp profile as a json file so people can use it as a
+// base for their own custom profiles
+func main() {
+ wd, err := os.Getwd()
+ if err != nil {
+ panic(err)
+ }
+ f := filepath.Join(wd, "default.json")
+
+ // write the default profile to the file
+ b, err := json.MarshalIndent(seccomp.DefaultProfile(), "", "\t")
+ if err != nil {
+ panic(err)
+ }
+
+ if err := ioutil.WriteFile(f, b, 0644); err != nil {
+ panic(err)
+ }
+}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
new file mode 100644
index 000000000..07d522aad
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go
@@ -0,0 +1,160 @@
+// +build linux
+
+package seccomp
+
+import (
+ "encoding/json"
+ "errors"
+ "fmt"
+
+ "github.com/docker/docker/api/types"
+ "github.com/opencontainers/runtime-spec/specs-go"
+ libseccomp "github.com/seccomp/libseccomp-golang"
+)
+
+//go:generate go run -tags 'seccomp' generate.go
+
+// GetDefaultProfile returns the default seccomp profile.
+func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) {
+ return setupSeccomp(DefaultProfile(), rs)
+}
+
+// LoadProfile takes a json string and decodes the seccomp profile.
+func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
+ var config types.Seccomp
+ if err := json.Unmarshal([]byte(body), &config); err != nil {
+ return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err)
+ }
+ return setupSeccomp(&config, rs)
+}
+
+var nativeToSeccomp = map[string]types.Arch{
+ "amd64": types.ArchX86_64,
+ "arm64": types.ArchAARCH64,
+ "mips64": types.ArchMIPS64,
+ "mips64n32": types.ArchMIPS64N32,
+ "mipsel64": types.ArchMIPSEL64,
+ "mipsel64n32": types.ArchMIPSEL64N32,
+ "s390x": types.ArchS390X,
+}
+
+// inSlice tests whether a string is contained in a slice of strings or not.
+// Comparison is case sensitive
+func inSlice(slice []string, s string) bool {
+ for _, ss := range slice {
+ if s == ss {
+ return true
+ }
+ }
+ return false
+}
+
+func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error) {
+ if config == nil {
+ return nil, nil
+ }
+
+ // No default action specified, no syscalls listed, assume seccomp disabled
+ if config.DefaultAction == "" && len(config.Syscalls) == 0 {
+ return nil, nil
+ }
+
+ newConfig := &specs.LinuxSeccomp{}
+
+ var arch string
+ var native, err = libseccomp.GetNativeArch()
+ if err == nil {
+ arch = native.String()
+ }
+
+ if len(config.Architectures) != 0 && len(config.ArchMap) != 0 {
+ return nil, errors.New("'architectures' and 'archMap' were specified in the seccomp profile, use either 'architectures' or 'archMap'")
+ }
+
+ // if config.Architectures == 0 then libseccomp will figure out the architecture to use
+ if len(config.Architectures) != 0 {
+ for _, a := range config.Architectures {
+ newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a))
+ }
+ }
+
+ if len(config.ArchMap) != 0 {
+ for _, a := range config.ArchMap {
+ seccompArch, ok := nativeToSeccomp[arch]
+ if ok {
+ if a.Arch == seccompArch {
+ newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a.Arch))
+ for _, sa := range a.SubArches {
+ newConfig.Architectures = append(newConfig.Architectures, specs.Arch(sa))
+ }
+ break
+ }
+ }
+ }
+ }
+
+ newConfig.DefaultAction = specs.LinuxSeccompAction(config.DefaultAction)
+
+Loop:
+ // Loop through all syscall blocks and convert them to libcontainer format after filtering them
+ for _, call := range config.Syscalls {
+ if len(call.Excludes.Arches) > 0 {
+ if inSlice(call.Excludes.Arches, arch) {
+ continue Loop
+ }
+ }
+ if len(call.Excludes.Caps) > 0 {
+ for _, c := range call.Excludes.Caps {
+ if inSlice(rs.Process.Capabilities.Effective, c) {
+ continue Loop
+ }
+ }
+ }
+ if len(call.Includes.Arches) > 0 {
+ if !inSlice(call.Includes.Arches, arch) {
+ continue Loop
+ }
+ }
+ if len(call.Includes.Caps) > 0 {
+ for _, c := range call.Includes.Caps {
+ if !inSlice(rs.Process.Capabilities.Effective, c) {
+ continue Loop
+ }
+ }
+ }
+
+ if call.Name != "" && len(call.Names) != 0 {
+ return nil, errors.New("'name' and 'names' were specified in the seccomp profile, use either 'name' or 'names'")
+ }
+
+ if call.Name != "" {
+ newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Name, call.Action, call.Args))
+ }
+
+ for _, n := range call.Names {
+ newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(n, call.Action, call.Args))
+ }
+ }
+
+ return newConfig, nil
+}
+
+func createSpecsSyscall(name string, action types.Action, args []*types.Arg) specs.LinuxSyscall {
+ newCall := specs.LinuxSyscall{
+ Names: []string{name},
+ Action: specs.LinuxSeccompAction(action),
+ }
+
+ // Loop through all the arguments of the syscall and convert them
+ for _, arg := range args {
+ newArg := specs.LinuxSeccompArg{
+ Index: arg.Index,
+ Value: arg.Value,
+ ValueTwo: arg.ValueTwo,
+ Op: specs.LinuxSeccompOperator(arg.Op),
+ }
+
+ newCall.Args = append(newCall.Args, newArg)
+ }
+ return newCall
+}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
new file mode 100644
index 000000000..1b5179c70
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go
@@ -0,0 +1,639 @@
+// +build linux,seccomp
+
+package seccomp
+
+import (
+ "github.com/docker/docker/api/types"
+ "golang.org/x/sys/unix"
+)
+
+func arches() []types.Architecture {
+ return []types.Architecture{
+ {
+ Arch: types.ArchX86_64,
+ SubArches: []types.Arch{types.ArchX86, types.ArchX32},
+ },
+ {
+ Arch: types.ArchAARCH64,
+ SubArches: []types.Arch{types.ArchARM},
+ },
+ {
+ Arch: types.ArchMIPS64,
+ SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64N32},
+ },
+ {
+ Arch: types.ArchMIPS64N32,
+ SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64},
+ },
+ {
+ Arch: types.ArchMIPSEL64,
+ SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64N32},
+ },
+ {
+ Arch: types.ArchMIPSEL64N32,
+ SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64},
+ },
+ {
+ Arch: types.ArchS390X,
+ SubArches: []types.Arch{types.ArchS390},
+ },
+ }
+}
+
+// DefaultProfile defines the whitelist for the default seccomp profile.
+func DefaultProfile() *types.Seccomp {
+ syscalls := []*types.Syscall{
+ {
+ Names: []string{
+ "accept",
+ "accept4",
+ "access",
+ "adjtimex",
+ "alarm",
+ "bind",
+ "brk",
+ "capget",
+ "capset",
+ "chdir",
+ "chmod",
+ "chown",
+ "chown32",
+ "clock_getres",
+ "clock_gettime",
+ "clock_nanosleep",
+ "close",
+ "connect",
+ "copy_file_range",
+ "creat",
+ "dup",
+ "dup2",
+ "dup3",
+ "epoll_create",
+ "epoll_create1",
+ "epoll_ctl",
+ "epoll_ctl_old",
+ "epoll_pwait",
+ "epoll_wait",
+ "epoll_wait_old",
+ "eventfd",
+ "eventfd2",
+ "execve",
+ "execveat",
+ "exit",
+ "exit_group",
+ "faccessat",
+ "fadvise64",
+ "fadvise64_64",
+ "fallocate",
+ "fanotify_mark",
+ "fchdir",
+ "fchmod",
+ "fchmodat",
+ "fchown",
+ "fchown32",
+ "fchownat",
+ "fcntl",
+ "fcntl64",
+ "fdatasync",
+ "fgetxattr",
+ "flistxattr",
+ "flock",
+ "fork",
+ "fremovexattr",
+ "fsetxattr",
+ "fstat",
+ "fstat64",
+ "fstatat64",
+ "fstatfs",
+ "fstatfs64",
+ "fsync",
+ "ftruncate",
+ "ftruncate64",
+ "futex",
+ "futimesat",
+ "getcpu",
+ "getcwd",
+ "getdents",
+ "getdents64",
+ "getegid",
+ "getegid32",
+ "geteuid",
+ "geteuid32",
+ "getgid",
+ "getgid32",
+ "getgroups",
+ "getgroups32",
+ "getitimer",
+ "getpeername",
+ "getpgid",
+ "getpgrp",
+ "getpid",
+ "getppid",
+ "getpriority",
+ "getrandom",
+ "getresgid",
+ "getresgid32",
+ "getresuid",
+ "getresuid32",
+ "getrlimit",
+ "get_robust_list",
+ "getrusage",
+ "getsid",
+ "getsockname",
+ "getsockopt",
+ "get_thread_area",
+ "gettid",
+ "gettimeofday",
+ "getuid",
+ "getuid32",
+ "getxattr",
+ "inotify_add_watch",
+ "inotify_init",
+ "inotify_init1",
+ "inotify_rm_watch",
+ "io_cancel",
+ "ioctl",
+ "io_destroy",
+ "io_getevents",
+ "ioprio_get",
+ "ioprio_set",
+ "io_setup",
+ "io_submit",
+ "ipc",
+ "kill",
+ "lchown",
+ "lchown32",
+ "lgetxattr",
+ "link",
+ "linkat",
+ "listen",
+ "listxattr",
+ "llistxattr",
+ "_llseek",
+ "lremovexattr",
+ "lseek",
+ "lsetxattr",
+ "lstat",
+ "lstat64",
+ "madvise",
+ "memfd_create",
+ "mincore",
+ "mkdir",
+ "mkdirat",
+ "mknod",
+ "mknodat",
+ "mlock",
+ "mlock2",
+ "mlockall",
+ "mmap",
+ "mmap2",
+ "mprotect",
+ "mq_getsetattr",
+ "mq_notify",
+ "mq_open",
+ "mq_timedreceive",
+ "mq_timedsend",
+ "mq_unlink",
+ "mremap",
+ "msgctl",
+ "msgget",
+ "msgrcv",
+ "msgsnd",
+ "msync",
+ "munlock",
+ "munlockall",
+ "munmap",
+ "nanosleep",
+ "newfstatat",
+ "_newselect",
+ "open",
+ "openat",
+ "pause",
+ "pipe",
+ "pipe2",
+ "poll",
+ "ppoll",
+ "prctl",
+ "pread64",
+ "preadv",
+ "preadv2",
+ "prlimit64",
+ "pselect6",
+ "pwrite64",
+ "pwritev",
+ "pwritev2",
+ "read",
+ "readahead",
+ "readlink",
+ "readlinkat",
+ "readv",
+ "recv",
+ "recvfrom",
+ "recvmmsg",
+ "recvmsg",
+ "remap_file_pages",
+ "removexattr",
+ "rename",
+ "renameat",
+ "renameat2",
+ "restart_syscall",
+ "rmdir",
+ "rt_sigaction",
+ "rt_sigpending",
+ "rt_sigprocmask",
+ "rt_sigqueueinfo",
+ "rt_sigreturn",
+ "rt_sigsuspend",
+ "rt_sigtimedwait",
+ "rt_tgsigqueueinfo",
+ "sched_getaffinity",
+ "sched_getattr",
+ "sched_getparam",
+ "sched_get_priority_max",
+ "sched_get_priority_min",
+ "sched_getscheduler",
+ "sched_rr_get_interval",
+ "sched_setaffinity",
+ "sched_setattr",
+ "sched_setparam",
+ "sched_setscheduler",
+ "sched_yield",
+ "seccomp",
+ "select",
+ "semctl",
+ "semget",
+ "semop",
+ "semtimedop",
+ "send",
+ "sendfile",
+ "sendfile64",
+ "sendmmsg",
+ "sendmsg",
+ "sendto",
+ "setfsgid",
+ "setfsgid32",
+ "setfsuid",
+ "setfsuid32",
+ "setgid",
+ "setgid32",
+ "setgroups",
+ "setgroups32",
+ "setitimer",
+ "setpgid",
+ "setpriority",
+ "setregid",
+ "setregid32",
+ "setresgid",
+ "setresgid32",
+ "setresuid",
+ "setresuid32",
+ "setreuid",
+ "setreuid32",
+ "setrlimit",
+ "set_robust_list",
+ "setsid",
+ "setsockopt",
+ "set_thread_area",
+ "set_tid_address",
+ "setuid",
+ "setuid32",
+ "setxattr",
+ "shmat",
+ "shmctl",
+ "shmdt",
+ "shmget",
+ "shutdown",
+ "sigaltstack",
+ "signalfd",
+ "signalfd4",
+ "sigreturn",
+ "socket",
+ "socketcall",
+ "socketpair",
+ "splice",
+ "stat",
+ "stat64",
+ "statfs",
+ "statfs64",
+ "symlink",
+ "symlinkat",
+ "sync",
+ "sync_file_range",
+ "syncfs",
+ "sysinfo",
+ "syslog",
+ "tee",
+ "tgkill",
+ "time",
+ "timer_create",
+ "timer_delete",
+ "timerfd_create",
+ "timerfd_gettime",
+ "timerfd_settime",
+ "timer_getoverrun",
+ "timer_gettime",
+ "timer_settime",
+ "times",
+ "tkill",
+ "truncate",
+ "truncate64",
+ "ugetrlimit",
+ "umask",
+ "uname",
+ "unlink",
+ "unlinkat",
+ "utime",
+ "utimensat",
+ "utimes",
+ "vfork",
+ "vmsplice",
+ "wait4",
+ "waitid",
+ "waitpid",
+ "write",
+ "writev",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ },
+ {
+ Names: []string{"personality"},
+ Action: types.ActAllow,
+ Args: []*types.Arg{
+ {
+ Index: 0,
+ Value: 0x0,
+ Op: types.OpEqualTo,
+ },
+ },
+ },
+ {
+ Names: []string{"personality"},
+ Action: types.ActAllow,
+ Args: []*types.Arg{
+ {
+ Index: 0,
+ Value: 0x0008,
+ Op: types.OpEqualTo,
+ },
+ },
+ },
+ {
+ Names: []string{"personality"},
+ Action: types.ActAllow,
+ Args: []*types.Arg{
+ {
+ Index: 0,
+ Value: 0x20000,
+ Op: types.OpEqualTo,
+ },
+ },
+ },
+ {
+ Names: []string{"personality"},
+ Action: types.ActAllow,
+ Args: []*types.Arg{
+ {
+ Index: 0,
+ Value: 0x20008,
+ Op: types.OpEqualTo,
+ },
+ },
+ },
+ {
+ Names: []string{"personality"},
+ Action: types.ActAllow,
+ Args: []*types.Arg{
+ {
+ Index: 0,
+ Value: 0xffffffff,
+ Op: types.OpEqualTo,
+ },
+ },
+ },
+ {
+ Names: []string{
+ "sync_file_range2",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Arches: []string{"ppc64le"},
+ },
+ },
+ {
+ Names: []string{
+ "arm_fadvise64_64",
+ "arm_sync_file_range",
+ "sync_file_range2",
+ "breakpoint",
+ "cacheflush",
+ "set_tls",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Arches: []string{"arm", "arm64"},
+ },
+ },
+ {
+ Names: []string{
+ "arch_prctl",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Arches: []string{"amd64", "x32"},
+ },
+ },
+ {
+ Names: []string{
+ "modify_ldt",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Arches: []string{"amd64", "x32", "x86"},
+ },
+ },
+ {
+ Names: []string{
+ "s390_pci_mmio_read",
+ "s390_pci_mmio_write",
+ "s390_runtime_instr",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Arches: []string{"s390", "s390x"},
+ },
+ },
+ {
+ Names: []string{
+ "open_by_handle_at",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_DAC_READ_SEARCH"},
+ },
+ },
+ {
+ Names: []string{
+ "bpf",
+ "clone",
+ "fanotify_init",
+ "lookup_dcookie",
+ "mount",
+ "name_to_handle_at",
+ "perf_event_open",
+ "quotactl",
+ "setdomainname",
+ "sethostname",
+ "setns",
+ "umount",
+ "umount2",
+ "unshare",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_ADMIN"},
+ },
+ },
+ {
+ Names: []string{
+ "clone",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{
+ {
+ Index: 0,
+ Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET,
+ ValueTwo: 0,
+ Op: types.OpMaskedEqual,
+ },
+ },
+ Excludes: types.Filter{
+ Caps: []string{"CAP_SYS_ADMIN"},
+ Arches: []string{"s390", "s390x"},
+ },
+ },
+ {
+ Names: []string{
+ "clone",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{
+ {
+ Index: 1,
+ Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET,
+ ValueTwo: 0,
+ Op: types.OpMaskedEqual,
+ },
+ },
+ Comment: "s390 parameter ordering for clone is different",
+ Includes: types.Filter{
+ Arches: []string{"s390", "s390x"},
+ },
+ Excludes: types.Filter{
+ Caps: []string{"CAP_SYS_ADMIN"},
+ },
+ },
+ {
+ Names: []string{
+ "reboot",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_BOOT"},
+ },
+ },
+ {
+ Names: []string{
+ "chroot",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_CHROOT"},
+ },
+ },
+ {
+ Names: []string{
+ "delete_module",
+ "init_module",
+ "finit_module",
+ "query_module",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_MODULE"},
+ },
+ },
+ {
+ Names: []string{
+ "acct",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_PACCT"},
+ },
+ },
+ {
+ Names: []string{
+ "kcmp",
+ "process_vm_readv",
+ "process_vm_writev",
+ "ptrace",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_PTRACE"},
+ },
+ },
+ {
+ Names: []string{
+ "iopl",
+ "ioperm",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_RAWIO"},
+ },
+ },
+ {
+ Names: []string{
+ "settimeofday",
+ "stime",
+ "clock_settime",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_TIME"},
+ },
+ },
+ {
+ Names: []string{
+ "vhangup",
+ },
+ Action: types.ActAllow,
+ Args: []*types.Arg{},
+ Includes: types.Filter{
+ Caps: []string{"CAP_SYS_TTY_CONFIG"},
+ },
+ },
+ }
+
+ return &types.Seccomp{
+ DefaultAction: types.ActErrno,
+ ArchMap: arches(),
+ Syscalls: syscalls,
+ }
+}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
new file mode 100644
index 000000000..0130effa6
--- /dev/null
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go
@@ -0,0 +1,12 @@
+// +build linux,!seccomp
+
+package seccomp
+
+import (
+ "github.com/docker/docker/api/types"
+)
+
+// DefaultProfile returns a nil pointer on unsupported systems.
+func DefaultProfile() *types.Seccomp {
+ return nil
+}