summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcontrib/build_rpm.sh7
-rw-r--r--pkg/rootless/rootless_linux.c51
-rw-r--r--pkg/rootless/rootless_linux.go2
-rw-r--r--test/apiv2/01-basic.at15
-rw-r--r--test/apiv2/40-pods.at26
-rwxr-xr-xtest/apiv2/test-apiv22
6 files changed, 74 insertions, 29 deletions
diff --git a/contrib/build_rpm.sh b/contrib/build_rpm.sh
index e6acbdb15..de6941199 100755
--- a/contrib/build_rpm.sh
+++ b/contrib/build_rpm.sh
@@ -46,8 +46,13 @@ if [[ $pkg_manager == *dnf ]]; then
)
fi
+# Package name on fedora 30 is golang-github-cpuguy83-go-md2man
+if (grep -i 'Fedora' /etc/redhat-release | grep " 30" ) ; then
+ PKGS+=(golang-github-cpuguy83-go-md2man \
+ btrfs-progs-devel \
+ )
# btrfs-progs-devel is not available in CentOS/RHEL-8
-if ! (grep -i 'Red Hat\|CentOS' /etc/redhat-release | grep " 8" ); then
+elif ! (grep -i 'Red Hat\|CentOS' /etc/redhat-release | grep " 8" ) ; then
PKGS+=(golang-github-cpuguy83-md2man \
btrfs-progs-devel \
)
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 83f4f3254..db898e706 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -58,7 +58,7 @@ static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces";
static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone";
static int open_files_max_fd;
-fd_set open_files_set;
+static fd_set *open_files_set;
static uid_t rootless_uid_init;
static gid_t rootless_gid_init;
@@ -240,17 +240,39 @@ static void __attribute__((constructor)) init()
if (d)
{
struct dirent *ent;
+ size_t size = 0;
- FD_ZERO (&open_files_set);
for (ent = readdir (d); ent; ent = readdir (d))
{
- int fd = atoi (ent->d_name);
- if (fd != dirfd (d))
+ int fd;
+
+ if (ent->d_name[0] == '.')
+ continue;
+
+ fd = atoi (ent->d_name);
+ if (fd == dirfd (d))
+ continue;
+
+ if (fd >= size * FD_SETSIZE)
{
- if (fd > open_files_max_fd)
- open_files_max_fd = fd;
- FD_SET (fd, &open_files_set);
+ int i;
+ size_t new_size;
+
+ new_size = (fd / FD_SETSIZE) + 1;
+ open_files_set = realloc (open_files_set, new_size * sizeof (fd_set));
+ if (open_files_set == NULL)
+ _exit (EXIT_FAILURE);
+
+ for (i = size; i < new_size; i++)
+ FD_ZERO (&(open_files_set[i]));
+
+ size = new_size;
}
+
+ if (fd > open_files_max_fd)
+ open_files_max_fd = fd;
+
+ FD_SET (fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE]));
}
closedir (d);
}
@@ -553,10 +575,8 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path)
/* We passed down these fds, close them. */
int f;
for (f = 3; f < open_files_max_fd; f++)
- {
- if (FD_ISSET (f, &open_files_set))
- close (f);
- }
+ if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE])))
+ close (f);
return pid;
}
@@ -747,10 +767,11 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re
num_fds = strtol (listen_fds, NULL, 10);
if (num_fds != LONG_MIN && num_fds != LONG_MAX)
{
- long i;
- for (i = 3; i < num_fds + 3; i++)
- if (FD_ISSET (i, &open_files_set))
- close (i);
+ int f;
+
+ for (f = 3; f < num_fds + 3; f++)
+ if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE])))
+ close (f);
}
unsetenv ("LISTEN_PID");
unsetenv ("LISTEN_FDS");
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index f71d55776..5ddfab7ad 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -510,7 +510,7 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
}
}
}
- if !foundProcess {
+ if !foundProcess && pausePidPath != "" {
return BecomeRootInUserNS(pausePidPath)
}
if lastErr != nil {
diff --git a/test/apiv2/01-basic.at b/test/apiv2/01-basic.at
index a54063260..b8a049cdf 100644
--- a/test/apiv2/01-basic.at
+++ b/test/apiv2/01-basic.at
@@ -47,4 +47,19 @@ t GET info 200 \
.DefaultRuntime=runc \
.MemTotal~[0-9]\\+
+# Timing: make sure server stays responsive
+t0=$SECONDS
+for i in $(seq 1 10); do
+ # FIXME: someday: refactor t(), separate out the 'curl' logic so we
+ # can call it directly. Then we won't get ten annoying 'ok' lines.
+ t GET info 200
+done
+t1=$SECONDS
+delta_t=$((t1 - t2))
+if [ $delta_t -le 5 ]; then
+ _show_ok 1 "Time for ten /info requests ($delta_t seconds) <= 5s"
+else
+ _show_ok 0 "Time for ten /info requests" "<= 5 seconds" "$delta_t seconds"
+fi
+
# vim: filetype=sh
diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at
index 705de94d2..8b5651cff 100644
--- a/test/apiv2/40-pods.at
+++ b/test/apiv2/40-pods.at
@@ -3,18 +3,20 @@
# test pod-related endpoints
#
-# FIXME! Shouldn't /create give an actual pod ID?
-expected_id='machine.slice'
-if rootless; then
- expected_id=/libpod_parent
-fi
-
t GET libpod/pods/json 200 null
-t POST libpod/pods/create name=foo 201 .id=$expected_id
+t POST libpod/pods/create name=foo 201 .id~[0-9a-f]\\{64\\}
+pod_id=$(jq -r .id <<<"$output")
t GET libpod/pods/foo/exists 204
+t GET libpod/pods/$pod_id/exists 204
t GET libpod/pods/notfoo/exists 404
-t GET libpod/pods/foo/json 200 .Config.name=foo .Containers=null
-t GET libpod/pods/json 200 .[0].Config.name=foo .[0].Containers=null
+t GET libpod/pods/foo/json 200 \
+ .Config.name=foo \
+ .Config.id=$pod_id \
+ .Containers=null
+t GET libpod/pods/json 200 \
+ .[0].Config.name=foo \
+ .[0].Config.id=$pod_id \
+ .[0].Containers=null
# Cannot create a dup pod with the same name
t POST libpod/pods/create name=foo 409 .cause="pod already exists"
@@ -35,8 +37,10 @@ t POST libpod/pods/foo/restart '' 500 .cause="no such container"
t POST libpod/pods/bar/restart '' 404
-#t POST libpod/pods/prune '' 200 # FIXME: unimplemented, returns 500
-#t POST libpod/pods/prune 'a=b' 400 # FIXME: unimplemented, returns 500
+# FIXME: I'm not sure what 'prune' is supposed to do; as of 20200224 it
+# just returns 200 (ok) with empty result list.
+#t POST libpod/pods/prune '' 200 # FIXME: 2020-02-24 returns 200 {}
+#t POST libpod/pods/prune 'a=b' 400 # FIXME: 2020-02-24 returns 200
# Clean up; and try twice, making sure that the second time fails
t DELETE libpod/pods/foo 204
diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2
index fffd7b085..bc2ed142c 100755
--- a/test/apiv2/test-apiv2
+++ b/test/apiv2/test-apiv2
@@ -253,7 +253,7 @@ function start_service() {
die "Cannot start service on non-localhost ($HOST)"
fi
- $PODMAN_BIN --root $WORKDIR system service --timeout 15000 tcp:127.0.0.1:$PORT \
+ $PODMAN_BIN --root $WORKDIR system service --timeout 15 tcp:127.0.0.1:$PORT \
&> $WORKDIR/server.log &
service_pid=$!