diff options
40 files changed, 219 insertions, 110 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 7e3dc7fb4..bb4726817 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -363,7 +363,7 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet { ) createFlags.StringVar( &cf.Pull, - "pull", "missing", + "pull", containerConfig.Engine.PullPolicy, `Pull image before creating ("always"|"missing"|"never")`, ) createFlags.BoolVarP( diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index 96d94dc00..d75352848 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -261,6 +261,7 @@ func pullImage(imageName string) (string, error) { OverrideOS: cliVals.OverrideOS, OverrideVariant: cliVals.OverrideVariant, SignaturePolicy: cliVals.SignaturePolicy, + PullPolicy: pullPolicy, }) if pullErr != nil { return "", pullErr diff --git a/cmd/podman/containers/pause.go b/cmd/podman/containers/pause.go index c2218bc44..c5171303d 100644 --- a/cmd/podman/containers/pause.go +++ b/cmd/podman/containers/pause.go @@ -6,6 +6,7 @@ import ( "github.com/containers/podman/v2/cmd/podman/registry" "github.com/containers/podman/v2/cmd/podman/utils" + "github.com/containers/podman/v2/pkg/cgroups" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/containers/podman/v2/pkg/rootless" "github.com/pkg/errors" @@ -64,7 +65,10 @@ func pause(cmd *cobra.Command, args []string) error { errs utils.OutputErrors ) if rootless.IsRootless() && !registry.IsRemote() { - return errors.New("pause is not supported for rootless containers") + cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() + if !cgroupv2 { + return errors.New("pause is not supported for cgroupv1 rootless containers") + } } if len(args) < 1 && !pauseOpts.All { diff --git a/cmd/podman/containers/unpause.go b/cmd/podman/containers/unpause.go index 50113669c..43eaad72b 100644 --- a/cmd/podman/containers/unpause.go +++ b/cmd/podman/containers/unpause.go @@ -6,6 +6,7 @@ import ( "github.com/containers/podman/v2/cmd/podman/registry" "github.com/containers/podman/v2/cmd/podman/utils" + "github.com/containers/podman/v2/pkg/cgroups" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/containers/podman/v2/pkg/rootless" "github.com/pkg/errors" @@ -62,7 +63,10 @@ func unpause(cmd *cobra.Command, args []string) error { errs utils.OutputErrors ) if rootless.IsRootless() && !registry.IsRemote() { - return errors.New("unpause is not supported for rootless containers") + cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() + if !cgroupv2 { + return errors.New("unpause is not supported for cgroupv1 rootless containers") + } } if len(args) < 1 && !unPauseOptions.All { return errors.Errorf("you must provide at least one container name or id") diff --git a/libpod/image/utils.go b/libpod/image/utils.go index 918314476..2538f429b 100644 --- a/libpod/image/utils.go +++ b/libpod/image/utils.go @@ -33,7 +33,7 @@ func findImageInRepotags(search imageParts, images []*Image) (*storage.Image, er continue } // account for registry:/somedir/image - if strings.HasSuffix(dName, searchName) && dSuspiciousTagValueForSearch == searchSuspiciousTagValueForSearch { + if strings.HasSuffix(dName, "/"+searchName) && dSuspiciousTagValueForSearch == searchSuspiciousTagValueForSearch { results = append(results, image.image) continue } diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go index c1ba9ca66..0900d1793 100644 --- a/pkg/api/handlers/compat/images.go +++ b/pkg/api/handlers/compat/images.go @@ -10,6 +10,7 @@ import ( "strings" "github.com/containers/buildah" + "github.com/containers/common/pkg/config" "github.com/containers/image/v5/manifest" "github.com/containers/podman/v2/libpod" image2 "github.com/containers/podman/v2/libpod/image" @@ -17,7 +18,6 @@ import ( "github.com/containers/podman/v2/pkg/api/handlers/utils" "github.com/containers/podman/v2/pkg/auth" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/containers/podman/v2/pkg/util" "github.com/docker/docker/api/types" "github.com/gorilla/schema" "github.com/pkg/errors" @@ -268,6 +268,16 @@ func CreateImageFromImage(w http.ResponseWriter, r *http.Request) { if sys := runtime.SystemContext(); sys != nil { registryOpts.DockerCertPath = sys.DockerCertPath } + rtc, err := runtime.GetConfig() + if err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()")) + return + } + pullPolicy, err := config.ValidatePullPolicy(rtc.Engine.PullPolicy) + if err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Decode()")) + return + } img, err := runtime.ImageRuntime().New(r.Context(), fromImage, "", // signature policy @@ -276,7 +286,7 @@ func CreateImageFromImage(w http.ResponseWriter, r *http.Request) { ®istryOpts, image2.SigningOptions{}, nil, // label - util.PullImageMissing, + pullPolicy, ) if err != nil { utils.Error(w, "Something went wrong.", http.StatusInternalServerError, err) diff --git a/pkg/api/handlers/compat/volumes.go b/pkg/api/handlers/compat/volumes.go index 976c52acb..a45509fdb 100644 --- a/pkg/api/handlers/compat/volumes.go +++ b/pkg/api/handlers/compat/volumes.go @@ -93,6 +93,29 @@ func CreateVolume(w http.ResponseWriter, r *http.Request) { return } + // See if the volume exists already + existingVolume, err := runtime.GetVolume(input.Name) + if err != nil && errors.Cause(err) != define.ErrNoSuchVolume { + utils.InternalServerError(w, err) + return + } + + // if using the compat layer and the volume already exists, we + // must return a 201 with the same information as create + if existingVolume != nil && !utils.IsLibpodRequest(r) { + response := docker_api_types.Volume{ + CreatedAt: existingVolume.CreatedTime().Format(time.RFC3339), + Driver: existingVolume.Driver(), + Labels: existingVolume.Labels(), + Mountpoint: existingVolume.MountPoint(), + Name: existingVolume.Name(), + Options: existingVolume.Options(), + Scope: existingVolume.Scope(), + } + utils.WriteResponse(w, http.StatusCreated, response) + return + } + if len(input.Name) > 0 { volumeOptions = append(volumeOptions, libpod.WithVolumeName(input.Name)) } diff --git a/pkg/api/server/register_volumes.go b/pkg/api/server/register_volumes.go index 22488b158..aa0f67604 100644 --- a/pkg/api/server/register_volumes.go +++ b/pkg/api/server/register_volumes.go @@ -154,7 +154,9 @@ func (s *APIServer) registerVolumeHandlers(r *mux.Router) error { // parameters: // - in: body // name: create - // description: attributes for creating a container + // description: | + // attributes for creating a container. + // Note: If a volume by the same name exists, a 201 response with that volume's information will be generated. // schema: // $ref: "#/definitions/DockerVolumeCreate" // produces: diff --git a/pkg/bindings/network/network.go b/pkg/bindings/network/network.go index d8dc7e352..151d15d3e 100644 --- a/pkg/bindings/network/network.go +++ b/pkg/bindings/network/network.go @@ -60,7 +60,7 @@ func Remove(ctx context.Context, nameOrID string, force *bool) ([]*entities.Netw } params := url.Values{} if force != nil { - params.Set("size", strconv.FormatBool(*force)) + params.Set("force", strconv.FormatBool(*force)) } response, err := conn.DoRequest(nil, http.MethodDelete, "/networks/%s", params, nil, nameOrID) if err != nil { diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index cad6693fa..ac81c282d 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -3,6 +3,7 @@ package entities import ( "time" + "github.com/containers/common/pkg/config" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" "github.com/containers/podman/v2/pkg/inspect" @@ -119,8 +120,8 @@ type ImageHistoryReport struct { // ImagePullOptions are the arguments for pulling images. type ImagePullOptions struct { - // AllTags can be specified to pull all tags of the spiecifed image. Note - // that this only works if the specified image does not include a tag. + // AllTags can be specified to pull all tags of an image. Note + // that this only works if the image does not include a tag. AllTags bool // Authfile is the path to the authentication file. Ignored for remote // calls. @@ -146,6 +147,8 @@ type ImagePullOptions struct { SignaturePolicy string // SkipTLSVerify to skip HTTPS and certificate verification. SkipTLSVerify types.OptionalBool + // PullPolicy whether to pull new image + PullPolicy config.PullPolicy } // ImagePullReport is the response from pulling one or more images. diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index 25c0c184f..d56dc7d94 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -255,7 +255,7 @@ func pull(ctx context.Context, runtime *image.Runtime, rawImage string, options } if !options.AllTags { - newImage, err := runtime.New(ctx, rawImage, options.SignaturePolicy, options.Authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, label, util.PullImageAlways) + newImage, err := runtime.New(ctx, rawImage, options.SignaturePolicy, options.Authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, label, options.PullPolicy) if err != nil { return nil, err } diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index 807e4b272..053be6528 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -82,12 +82,21 @@ func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, o // We need to iterate containers looking to see if they belong to the given network for _, c := range containers { if util.StringInSlice(name, c.Config().Networks) { - // if user passes force, we nuke containers + // if user passes force, we nuke containers and pods if !options.Force { // Without the force option, we return an error - return reports, errors.Errorf("%q has associated containers with it. Use -f to forcibly delete containers", name) + return reports, errors.Errorf("%q has associated containers with it. Use -f to forcibly delete containers and pods", name) } - if err := ic.Libpod.RemoveContainer(ctx, c, true, true); err != nil { + if c.IsInfra() { + // if we have a infra container we need to remove the pod + pod, err := ic.Libpod.GetPod(c.PodID()) + if err != nil { + return reports, err + } + if err := ic.Libpod.RemovePod(ctx, pod, true, true); err != nil { + return reports, err + } + } else if err := ic.Libpod.RemoveContainer(ctx, c, true, true); err != nil { return reports, err } } diff --git a/pkg/domain/infra/tunnel/network.go b/pkg/domain/infra/tunnel/network.go index 074425087..d155fdd9e 100644 --- a/pkg/domain/infra/tunnel/network.go +++ b/pkg/domain/infra/tunnel/network.go @@ -26,11 +26,16 @@ func (ic *ContainerEngine) NetworkInspect(ctx context.Context, namesOrIds []stri func (ic *ContainerEngine) NetworkRm(ctx context.Context, namesOrIds []string, options entities.NetworkRmOptions) ([]*entities.NetworkRmReport, error) { reports := make([]*entities.NetworkRmReport, 0, len(namesOrIds)) for _, name := range namesOrIds { - report, err := network.Remove(ic.ClientCxt, name, &options.Force) + response, err := network.Remove(ic.ClientCxt, name, &options.Force) if err != nil { - report[0].Err = err + report := &entities.NetworkRmReport{ + Name: name, + Err: err, + } + reports = append(reports, report) + } else { + reports = append(reports, response...) } - reports = append(reports, report...) } return reports, nil } diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 73ef8520b..93186bc8b 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -27,7 +27,7 @@ var _ = Describe("Podman checkpoint", func() { ) BeforeEach(func() { - SkipIfRootless() + SkipIfRootless() //checkpoint not supported in rootless mode tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 8339b7732..02c5d1428 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -41,7 +41,7 @@ var _ = Describe("Podman run", func() { }) It("podman run limits test", func() { - SkipIfRootless() + SkipIfRootlessCgroupsV1() //containers.conf is set to "nofile=500:500" session := podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "ulimit", "-n"}) session.WaitWithDefaultTimeout() @@ -80,7 +80,6 @@ var _ = Describe("Podman run", func() { }) It("podman Capabilities in containers.conf", func() { - SkipIfRootless() os.Setenv("CONTAINERS_CONF", "config/containers.conf") cap := podmanTest.Podman([]string{"run", ALPINE, "grep", "CapEff", "/proc/self/status"}) cap.WaitWithDefaultTimeout() @@ -94,7 +93,6 @@ var _ = Describe("Podman run", func() { }) It("podman Regular capabilities", func() { - SkipIfRootless() os.Setenv("CONTAINERS_CONF", "config/containers.conf") setup := podmanTest.RunTopContainer("test1") setup.WaitWithDefaultTimeout() @@ -176,7 +174,6 @@ var _ = Describe("Podman run", func() { }) It("podman run containers.conf sysctl test", func() { - SkipIfRootless() //containers.conf is set to "net.ipv4.ping_group_range=0 1000" session := podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "cat", "/proc/sys/net/ipv4/ping_group_range"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index 606c1b10d..57d1c3f2c 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -37,21 +37,19 @@ var _ = Describe("Podman create with --ip flag", func() { }) It("Podman create --ip with garbage address", func() { - SkipIfRootless() result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "114232346", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result).To(ExitWithError()) }) It("Podman create --ip with v6 address", func() { - SkipIfRootless() result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "2001:db8:bad:beef::1", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result).To(ExitWithError()) }) It("Podman create --ip with non-allocatable IP", func() { - SkipIfRootless() + SkipIfRootless() // --ip is not supported in rootless mode result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -83,7 +81,7 @@ var _ = Describe("Podman create with --ip flag", func() { }) It("Podman create two containers with the same IP", func() { - SkipIfRootless() + SkipIfRootless() // --ip not supported in rootless mode ip := GetRandomIPAddress() result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index 3fce536e2..45dbe9b56 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -552,7 +552,7 @@ var _ = Describe("Podman create", func() { }) It("create container in pod with IP should fail", func() { - SkipIfRootless() + SkipIfRootless() //Setting IP not supported in rootless mode name := "createwithstaticip" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() @@ -564,7 +564,7 @@ var _ = Describe("Podman create", func() { }) It("create container in pod with mac should fail", func() { - SkipIfRootless() + SkipIfRootless() //Setting MAC Address not supported in rootless mode name := "createwithstaticmac" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() @@ -576,7 +576,6 @@ var _ = Describe("Podman create", func() { }) It("create container in pod with network should fail", func() { - SkipIfRootless() name := "createwithnetwork" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() @@ -589,19 +588,17 @@ var _ = Describe("Podman create", func() { }) It("create container in pod with ports should fail", func() { - SkipIfRootless() name := "createwithports" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() Expect(pod.ExitCode()).To(BeZero()) - session := podmanTest.Podman([]string{"create", "--pod", name, "-p", "80:80", ALPINE, "top"}) + session := podmanTest.Podman([]string{"create", "--pod", name, "-p", "8080:80", ALPINE, "top"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).ToNot(BeZero()) }) It("create container in pod ppublish ports should fail", func() { - SkipIfRootless() name := "createwithpublishports" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go index 7bbbe2e03..bea8caa93 100644 --- a/test/e2e/events_test.go +++ b/test/e2e/events_test.go @@ -43,7 +43,6 @@ var _ = Describe("Podman events", func() { // These tests are only known to work on Fedora ATM. Other distributions // will be skipped. It("podman events", func() { - SkipIfRootless() SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) @@ -53,7 +52,6 @@ var _ = Describe("Podman events", func() { }) It("podman events with an event filter", func() { - SkipIfRootless() SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) @@ -65,7 +63,6 @@ var _ = Describe("Podman events", func() { It("podman events with an event filter and container=cid", func() { Skip("Does not work on v2") - SkipIfRootless() SkipIfNotFedora() _, ec, cid := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) @@ -80,7 +77,6 @@ var _ = Describe("Podman events", func() { }) It("podman events with a type and filter container=id", func() { - SkipIfRootless() SkipIfNotFedora() _, ec, cid := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) @@ -91,7 +87,6 @@ var _ = Describe("Podman events", func() { }) It("podman events with a type", func() { - SkipIfRootless() SkipIfNotFedora() setup := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:foobarpod", ALPINE, "top"}) setup.WaitWithDefaultTimeout() @@ -107,7 +102,6 @@ var _ = Describe("Podman events", func() { }) It("podman events --since", func() { - SkipIfRootless() SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) @@ -117,7 +111,6 @@ var _ = Describe("Podman events", func() { }) It("podman events --until", func() { - SkipIfRootless() SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) @@ -130,7 +123,6 @@ var _ = Describe("Podman events", func() { }) It("podman events format", func() { - SkipIfRootless() SkipIfNotFedora() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index 1fbb92b09..4f60cc6df 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -189,7 +189,7 @@ var _ = Describe("Podman mount", func() { }) It("podman list running container", func() { - SkipIfRootless() + SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code. setup := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"}) setup.WaitWithDefaultTimeout() @@ -212,7 +212,7 @@ var _ = Describe("Podman mount", func() { }) It("podman list multiple mounted containers", func() { - SkipIfRootless() + SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code. setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup.WaitWithDefaultTimeout() @@ -257,7 +257,7 @@ var _ = Describe("Podman mount", func() { }) It("podman list mounted container", func() { - SkipIfRootless() + SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code. setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup.WaitWithDefaultTimeout() diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 8d289d6e6..f6d9f2cc3 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -178,7 +178,8 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with name and IPv6 subnet", func() { - SkipIfRootless() + SkipIfRootless() // FIXME I believe this should work in rootlessmode + var ( results []network.NcList ) diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go index c35b82fc1..2ea8291fc 100644 --- a/test/e2e/network_test.go +++ b/test/e2e/network_test.go @@ -135,6 +135,7 @@ var _ = Describe("Podman network", func() { }) It("podman network rm", func() { + SkipIfRootless() // FIXME: This one is definitely broken in rootless mode // Setup, use uuid to prevent conflict with other tests uuid := stringid.GenerateNonCryptoID() secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) @@ -263,4 +264,54 @@ var _ = Describe("Podman network", func() { rmAll.WaitWithDefaultTimeout() Expect(rmAll.ExitCode()).To(BeZero()) }) + + It("podman network remove --force with pod", func() { + netName := "testnet" + session := podmanTest.Podman([]string{"network", "create", netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + session = podmanTest.Podman([]string{"pod", "create", "--network", netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + podID := session.OutputToString() + + session = podmanTest.Podman([]string{"create", "--pod", podID, ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + session = podmanTest.Podman([]string{"network", "rm", "--force", netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + // check if pod is deleted + session = podmanTest.Podman([]string{"pod", "exists", podID}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(1)) + + // check if net is deleted + session = podmanTest.Podman([]string{"network", "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + Expect(session.OutputToString()).To(Not(ContainSubstring(netName))) + }) + + It("podman network remove with two networks", func() { + netName1 := "net1" + session := podmanTest.Podman([]string{"network", "create", netName1}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + netName2 := "net2" + session = podmanTest.Podman([]string{"network", "create", netName2}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + session = podmanTest.Podman([]string{"network", "rm", netName1, netName2}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + lines := session.OutputToStringArray() + Expect(lines[0]).To(Equal(netName1)) + Expect(lines[1]).To(Equal(netName2)) + }) }) diff --git a/test/e2e/pause_test.go b/test/e2e/pause_test.go index db9f92e0c..a49304bbe 100644 --- a/test/e2e/pause_test.go +++ b/test/e2e/pause_test.go @@ -24,7 +24,7 @@ var _ = Describe("Podman pause", func() { createdState := "created" BeforeEach(func() { - SkipIfRootless() + SkipIfRootlessCgroupsV1() // Pause is not supported in cgroups v1 tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/pod_pause_test.go b/test/e2e/pod_pause_test.go index ec06b7df7..182d99d51 100644 --- a/test/e2e/pod_pause_test.go +++ b/test/e2e/pod_pause_test.go @@ -18,7 +18,7 @@ var _ = Describe("Podman pod pause", func() { pausedState := "paused" BeforeEach(func() { - SkipIfRootless() + SkipIfRootlessCgroupsV1() // Pause is not supported in cgroups v1 tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index 04475a799..02fb3bc57 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -175,7 +175,7 @@ var _ = Describe("Podman pod stats", func() { It("podman stats on net=host post", func() { // --net=host not supported for rootless pods at present - SkipIfRootless() + SkipIfRootlessCgroupsV1() // Pause stats not supported in cgroups v1 podName := "testPod" podCreate := podmanTest.Podman([]string{"pod", "create", "--net=host", "--name", podName}) podCreate.WaitWithDefaultTimeout() diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index f6640906a..aabec4f55 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -400,18 +400,17 @@ var _ = Describe("Podman ps", func() { }) It("podman ps test with port range", func() { - SkipIfRootless() session := podmanTest.RunTopContainer("") session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session = podmanTest.Podman([]string{"run", "-dt", "-p", "1000-1006:1000-1006", ALPINE, "top"}) + session = podmanTest.Podman([]string{"run", "-dt", "-p", "2000-2006:2000-2006", ALPINE, "top"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) session = podmanTest.Podman([]string{"ps", "--format", "{{.Ports}}"}) session.WaitWithDefaultTimeout() - Expect(session.OutputToString()).To(ContainSubstring("0.0.0.0:1000-1006")) + Expect(session.OutputToString()).To(ContainSubstring("0.0.0.0:2000-2006")) }) It("podman ps sync flag", func() { diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go index 1ff2095c0..9d2daaf9d 100644 --- a/test/e2e/push_test.go +++ b/test/e2e/push_test.go @@ -87,7 +87,7 @@ var _ = Describe("Podman push", func() { }) It("podman push to local registry with authorization", func() { - SkipIfRootless() + SkipIfRootless() // FIXME: Creating content in certs.d we use directories in homedir if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go index 7d522a752..0faf0b496 100644 --- a/test/e2e/run_apparmor_test.go +++ b/test/e2e/run_apparmor_test.go @@ -106,7 +106,7 @@ profile aa-test-profile flags=(attach_disconnected,mediate_deleted) { parse := SystemExec("apparmor_parser", []string{"-Kr", aaFile}) Expect(parse.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=aa-test-profile", "ls"}) + session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=aa-test-profile", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index 992f3eda2..b10937953 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -18,7 +18,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() { ) BeforeEach(func() { - SkipIfRootless() + SkipIfRootlessCgroupsV1() // cgroup parent is not supported in cgroups v1 tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -48,6 +48,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() { }) Specify("no --cgroup-parent", func() { + SkipIfRootless() // FIXME This seems to be broken in rootless mode cgroup := "/libpod_parent" if !Containerized() && podmanTest.CgroupManager != "cgroupfs" { cgroup = "/machine.slice" diff --git a/test/e2e/run_cleanup_test.go b/test/e2e/run_cleanup_test.go index 153bc53ad..34b6ba4ff 100644 --- a/test/e2e/run_cleanup_test.go +++ b/test/e2e/run_cleanup_test.go @@ -34,7 +34,7 @@ var _ = Describe("Podman run exit", func() { It("podman run -d mount cleanup test", func() { SkipIfRemote("podman-remote does not support mount") - SkipIfRootless() + SkipIfRootless() // FIXME podman mount requires podman unshare first result := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go index 401447579..86cc9d1c5 100644 --- a/test/e2e/run_cpu_test.go +++ b/test/e2e/run_cpu_test.go @@ -18,6 +18,8 @@ var _ = Describe("Podman run cpu", func() { ) BeforeEach(func() { + SkipIfRootlessCgroupsV1() + tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -45,13 +47,8 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpu-period", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - var result *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { result = podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) } else { result = podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_period_us"}) @@ -62,14 +59,9 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpu-quota", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - var result *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { result = podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) } else { result = podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"}) @@ -80,12 +72,7 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpus", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if cgroupsv2 { + if CGROUPSV2 { result := podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.max"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -104,12 +91,7 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpu-shares", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if cgroupsv2 { + if CGROUPSV2 { // [2-262144] is mapped to [1-10000] result := podmanTest.Podman([]string{"run", "--rm", "--cpu-shares=262144", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpu.weight"}) result.WaitWithDefaultTimeout() @@ -124,14 +106,9 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpuset-cpus", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - var result *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpuset.cpus.effective"}) } else { result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.cpus"}) @@ -142,14 +119,9 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpuset-mems", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - var result *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/cpuset.mems.effective"}) } else { result = podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.mems"}) diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index 43c258eac..828da3494 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -72,7 +72,7 @@ var _ = Describe("Podman run device", func() { }) It("podman run device host device and container device parameter are directories", func() { - SkipIfRootless() + SkipIfRootless() // Can not create devices in /dev in rootless mode Expect(os.MkdirAll("/dev/foodevdir", os.ModePerm)).To(BeNil()) defer os.RemoveAll("/dev/foodevdir") diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go index 0ec2535aa..ff018f5d8 100644 --- a/test/e2e/run_dns_test.go +++ b/test/e2e/run_dns_test.go @@ -93,7 +93,6 @@ var _ = Describe("Podman run dns", func() { }) It("podman run add hostname sets /etc/hosts", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", "-t", "-i", "--hostname=foobar", ALPINE, "cat", "/etc/hosts"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index 21ad00b43..a3dc9bae5 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -17,6 +17,8 @@ var _ = Describe("Podman run memory", func() { ) BeforeEach(func() { + SkipIfRootlessCgroupsV1() + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 12f5018b8..a67324b2b 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -55,7 +55,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose port 222", func() { - SkipIfRootless() + SkipIfRootless() // iptables is not supported for rootless users session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", "-P", ALPINE, "/bin/sh"}) session.Wait(30) Expect(session.ExitCode()).To(Equal(0)) @@ -252,7 +252,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose host port 80 to container port 8000", func() { - SkipIfRootless() + SkipIfRootless() // iptables is not supported for rootless users session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"}) session.Wait(30) Expect(session.ExitCode()).To(Equal(0)) @@ -367,7 +367,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose duplicate host port results in error", func() { - SkipIfRootless() + SkipIfRootless() // FIXME we should be able to run this test in rootless mode with different ports session := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", "80", ALPINE, "/bin/sh"}) session.WaitWithDefaultTimeout() @@ -441,7 +441,6 @@ var _ = Describe("Podman run networking", func() { }) It("podman run --net container: copies hosts and resolv", func() { - SkipIfRootless() ctrName := "ctr1" ctr1 := podmanTest.RunTopContainer(ctrName) ctr1.WaitWithDefaultTimeout() @@ -479,7 +478,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network in user created network namespace", func() { - SkipIfRootless() + SkipIfRootless() // ip netns is not supported for rootless users if Containerized() { Skip("Can not be run within a container.") } @@ -496,7 +495,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run n user created network namespace with resolv.conf", func() { - SkipIfRootless() + SkipIfRootless() // ip netns is not supported for rootless users if Containerized() { Skip("Can not be run within a container.") } @@ -528,7 +527,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run in custom CNI network with --static-ip", func() { - SkipIfRootless() + SkipIfRootless() //Rootless mode does not support --ip netName := "podmantestnetwork" ipAddr := "10.25.30.128" create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName}) @@ -543,7 +542,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run with new:pod and static-ip", func() { - SkipIfRootless() + SkipIfRootless() // Rootless does not support --ip netName := "podmantestnetwork2" ipAddr := "10.25.40.128" podname := "testpod" diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index 064ba7d2c..a20088776 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -17,17 +17,19 @@ import ( // available than we are aware of, leading to host=FFF... and ctr=3FF... // because the latter is all we request. Accept that. func containerCapMatchesHost(ctr_cap string, host_cap string) { + if isRootless() { + return + } ctr_cap_n, err := strconv.ParseUint(ctr_cap, 16, 64) Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", ctr_cap) host_cap_n, err := strconv.ParseUint(host_cap, 16, 64) Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", host_cap) - // host caps can never be zero (except rootless, which we don't test). + // host caps can never be zero (except rootless). // and host caps must always be a superset (inclusive) of container Expect(host_cap_n).To(BeNumerically(">", 0), "host cap %q should be nonzero", host_cap) Expect(host_cap_n).To(BeNumerically(">=", ctr_cap_n), "host cap %q should never be less than container cap %q", host_cap, ctr_cap) - host_cap_masked := host_cap_n & (1<<len(capability.List()) - 1) Expect(ctr_cap_n).To(Equal(host_cap_masked), "container cap %q is not a subset of host cap %q", ctr_cap, host_cap) } @@ -66,7 +68,6 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman privileged CapEff", func() { - SkipIfRootless() host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) Expect(host_cap.ExitCode()).To(Equal(0)) @@ -78,7 +79,6 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman cap-add CapEff", func() { - SkipIfRootless() // Get caps of current process host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) Expect(host_cap.ExitCode()).To(Equal(0)) @@ -106,7 +106,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman privileged should inherit host devices", func() { - SkipIfRootless() + SkipIfRootless() // FIXME: This seems to be broken for rootless mode, /dev/ is close to the same session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "-l", "/dev"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index cef8a8d50..219750bcb 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -110,7 +110,6 @@ var _ = Describe("Podman run", func() { }) It("podman test selinux label /run/secrets", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", fedoraMinimal, "ls", "-dZ", "/run/secrets"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -143,7 +142,6 @@ var _ = Describe("Podman run", func() { }) It("podman test selinux --privileged label /run/secrets", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", "--privileged", fedoraMinimal, "ls", "-dZ", "/run/secrets"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index f62c52099..959c823b5 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -19,7 +19,7 @@ var _ = Describe("Podman run with --ip flag", func() { ) BeforeEach(func() { - SkipIfRootless() + SkipIfRootless() //rootless does not support --ip tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 0bb3fe772..5c28f18f2 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1273,4 +1273,46 @@ WORKDIR /madethis` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) }) + + It("podman run a container with --pull never should fail if no local store", func() { + // Make sure ALPINE image does not exist. Ignore errors + session := podmanTest.PodmanNoCache([]string{"rmi", "--force", "never", ALPINE}) + session.WaitWithDefaultTimeout() + + session = podmanTest.PodmanNoCache([]string{"run", "--pull", "never", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + }) + + It("podman run container with --pull missing and only pull once", func() { + // Make sure ALPINE image does not exist. Ignore errors + session := podmanTest.PodmanNoCache([]string{"rmi", "--force", "never", ALPINE}) + session.WaitWithDefaultTimeout() + + session = podmanTest.PodmanNoCache([]string{"run", "--pull", "missing", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.ErrorToString()).To(ContainSubstring("Trying to pull")) + + session = podmanTest.PodmanNoCache([]string{"run", "--pull", "missing", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.ErrorToString()).ToNot(ContainSubstring("Trying to pull")) + }) + + It("podman run container with --pull missing should pull image multiple times", func() { + // Make sure ALPINE image does not exist. Ignore errors + session := podmanTest.PodmanNoCache([]string{"rmi", "--force", "never", ALPINE}) + session.WaitWithDefaultTimeout() + + session = podmanTest.PodmanNoCache([]string{"run", "--pull", "always", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.ErrorToString()).To(ContainSubstring("Trying to pull")) + + session = podmanTest.PodmanNoCache([]string{"run", "--pull", "always", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.ErrorToString()).To(ContainSubstring("Trying to pull")) + }) }) diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 0e0195c9f..fc9245e62 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -227,8 +227,8 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman run with tmpfs named volume mounts and unmounts", func() { + SkipIfRootless() // FIXME: rootless podman mount requires you to be in a user namespace SkipIfRemote("podman-remote does not support --volumes this test could be simplified to be tested on Remote.") - SkipIfRootless() volName := "testvol" mkVolume := podmanTest.Podman([]string{"volume", "create", "--opt", "type=tmpfs", "--opt", "device=tmpfs", "--opt", "o=nodev", "testvol"}) mkVolume.WaitWithDefaultTimeout() diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index 5580f61f4..8ef1e3ac7 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -47,7 +47,7 @@ WantedBy=multi-user.target }) It("podman start container by systemd", func() { - SkipIfRootless() + SkipIfRootless() // rootless can not write to /etc if os.Getenv("SKIP_USERNS") != "" { Skip("Skip userns tests.") } |