summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml6
-rw-r--r--cmd/podman/main.go38
-rw-r--r--cmd/podman/pod_kill.go2
-rw-r--r--cmd/podman/pod_restart.go14
-rw-r--r--cmd/podman/ps.go4
-rw-r--r--cmd/podman/restart.go83
-rw-r--r--cmd/podman/rm.go7
-rw-r--r--contrib/cirrus/lib.sh22
-rwxr-xr-xcontrib/cirrus/rootless_test.sh3
-rwxr-xr-xcontrib/cirrus/setup_environment.sh4
-rwxr-xr-xhack/get_ci_vm.sh4
-rw-r--r--libpod/container_internal.go3
-rw-r--r--test/e2e/common_test.go5
-rw-r--r--test/e2e/create_staticip_test.go1
-rw-r--r--test/e2e/e2e.coverprofile18
-rw-r--r--test/e2e/generate_kube_test.go4
-rw-r--r--test/e2e/healthcheck_run_test.go1
-rw-r--r--test/e2e/libpod_suite_remoteclient_test.go9
-rw-r--r--test/e2e/libpod_suite_test.go13
-rw-r--r--test/e2e/pause_test.go1
-rw-r--r--test/e2e/pod_create_test.go4
-rw-r--r--test/e2e/pod_pause_test.go1
-rw-r--r--test/e2e/pod_stats_test.go1
-rw-r--r--test/e2e/ps_test.go5
-rw-r--r--test/e2e/push_test.go1
-rw-r--r--test/e2e/rootless_test.go1
-rw-r--r--test/e2e/run_cgroup_parent_test.go1
-rw-r--r--test/e2e/run_cpu_test.go6
-rw-r--r--test/e2e/run_device_test.go5
-rw-r--r--test/e2e/run_dns_test.go1
-rw-r--r--test/e2e/run_memory_test.go1
-rw-r--r--test/e2e/run_networking_test.go5
-rw-r--r--test/e2e/run_ns_test.go2
-rw-r--r--test/e2e/run_privileged_test.go3
-rw-r--r--test/e2e/run_selinux_test.go2
-rw-r--r--test/e2e/run_staticip_test.go1
-rw-r--r--test/e2e/run_test.go15
-rw-r--r--test/e2e/run_userns_test.go1
-rw-r--r--test/e2e/stats_test.go1
-rw-r--r--test/e2e/systemd_test.go1
40 files changed, 198 insertions, 102 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index 8ac87c1d7..01689971a 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -69,9 +69,9 @@ env:
####
#### Default to NOT running in rootless-testing mode
####
- ROOTLESS_USER:
- ROOTLESS_UID:
- ROOTLESS_GID:
+ ROOTLESS_USER: ""
+ ROOTLESS_UID: ""
+ ROOTLESS_GID: ""
####
#### Credentials and other secret-sauces, decrypted at runtime when authorized.
diff --git a/cmd/podman/main.go b/cmd/podman/main.go
index ef300ef75..dd8b61408 100644
--- a/cmd/podman/main.go
+++ b/cmd/podman/main.go
@@ -67,24 +67,26 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{
_exportCommand: true,
//// `info` must be executed in an user namespace.
//// If this change, please also update libpod.refreshRootless()
- _loginCommand: true,
- _logoutCommand: true,
- _mountCommand: true,
- _killCommand: true,
- _pauseCommand: true,
- _podRmCommand: true,
- _podKillCommand: true,
- _podStatsCommand: true,
- _podStopCommand: true,
- _podTopCommand: true,
- _restartCommand: true,
- _rmCommand: true,
- _runCommand: true,
- _unpauseCommand: true,
- _searchCommand: true,
- _statsCommand: true,
- _stopCommand: true,
- _topCommand: true,
+ _loginCommand: true,
+ _logoutCommand: true,
+ _mountCommand: true,
+ _killCommand: true,
+ _pauseCommand: true,
+ _podRmCommand: true,
+ _podKillCommand: true,
+ _podRestartCommand: true,
+ _podStatsCommand: true,
+ _podStopCommand: true,
+ _podTopCommand: true,
+ _restartCommand: true,
+ &_psCommand: true,
+ _rmCommand: true,
+ _runCommand: true,
+ _unpauseCommand: true,
+ _searchCommand: true,
+ _statsCommand: true,
+ _stopCommand: true,
+ _topCommand: true,
}
var rootCmd = &cobra.Command{
diff --git a/cmd/podman/pod_kill.go b/cmd/podman/pod_kill.go
index ebd7db762..c538674a4 100644
--- a/cmd/podman/pod_kill.go
+++ b/cmd/podman/pod_kill.go
@@ -6,6 +6,7 @@ import (
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/pkg/adapter"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/docker/docker/pkg/signal"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -48,6 +49,7 @@ func init() {
// podKillCmd kills one or more pods with a signal
func podKillCmd(c *cliconfig.PodKillValues) error {
+ rootless.SetSkipStorageSetup(true)
runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
diff --git a/cmd/podman/pod_restart.go b/cmd/podman/pod_restart.go
index 0765b98db..9c8d28424 100644
--- a/cmd/podman/pod_restart.go
+++ b/cmd/podman/pod_restart.go
@@ -2,9 +2,11 @@ package main
import (
"fmt"
+ "os"
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/pkg/adapter"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/spf13/cobra"
@@ -46,12 +48,24 @@ func init() {
func podRestartCmd(c *cliconfig.PodRestartValues) error {
var lastError error
+ if os.Geteuid() != 0 {
+ rootless.SetSkipStorageSetup(true)
+ }
runtime, err := adapter.GetRuntime(&c.PodmanCommand)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
}
defer runtime.Shutdown(false)
+ if rootless.IsRootless() {
+ var err error
+
+ c.InputArgs, c.All, c.Latest, err = joinPodNS(runtime, c.All, c.Latest, c.InputArgs)
+ if err != nil {
+ return err
+ }
+ }
+
restartIDs, conErrors, restartErrors := runtime.RestartPods(getContext(), c)
for _, p := range restartIDs {
diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go
index de6966c3b..ad942da2e 100644
--- a/cmd/podman/ps.go
+++ b/cmd/podman/ps.go
@@ -17,6 +17,7 @@ import (
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/cmd/podman/shared"
"github.com/containers/libpod/libpod"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/util"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/docker/go-units"
@@ -200,6 +201,9 @@ func init() {
}
func psCmd(c *cliconfig.PsValues) error {
+ if os.Geteuid() != 0 {
+ rootless.SetSkipStorageSetup(true)
+ }
if c.Bool("trace") {
span, _ := opentracing.StartSpanFromContext(Ctx, "psCmd")
defer span.Finish()
diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go
index 341cbf978..e6a6d8434 100644
--- a/cmd/podman/restart.go
+++ b/cmd/podman/restart.go
@@ -1,7 +1,6 @@
package main
import (
- "fmt"
"os"
"github.com/containers/libpod/cmd/podman/cliconfig"
@@ -61,6 +60,15 @@ func restartCmd(c *cliconfig.RestartValues) error {
if os.Geteuid() != 0 {
rootless.SetSkipStorageSetup(true)
}
+ if rootless.IsRootless() {
+ // If we are in the re-execed rootless environment,
+ // override the arg to deal only with one container.
+ if os.Geteuid() == 0 {
+ c.All = false
+ c.Latest = false
+ c.InputArgs = []string{rootless.Argument()}
+ }
+ }
args := c.InputArgs
runOnly := c.Running
@@ -107,6 +115,20 @@ func restartCmd(c *cliconfig.RestartValues) error {
}
}
+ if os.Geteuid() != 0 {
+ // In rootless mode we can deal with one container at at time.
+ for _, c := range restartContainers {
+ _, ret, err := joinContainerOrCreateRootlessUserNS(runtime, c)
+ if err != nil {
+ return err
+ }
+ if ret != 0 {
+ os.Exit(ret)
+ }
+ }
+ os.Exit(0)
+ }
+
maxWorkers := shared.Parallelize("restart")
if c.GlobalIsSet("max-workers") {
maxWorkers = c.GlobalFlags.MaxWorks
@@ -114,22 +136,6 @@ func restartCmd(c *cliconfig.RestartValues) error {
logrus.Debugf("Setting maximum workers to %d", maxWorkers)
- if rootless.IsRootless() {
- // With rootless containers we cannot really restart an existing container
- // as we would need to join the mount namespace as well to be able to reuse
- // the storage.
- if err := stopRootlessContainers(restartContainers, timeout, useTimeout, maxWorkers); err != nil {
- return err
- }
- became, ret, err := rootless.BecomeRootInUserNS()
- if err != nil {
- return err
- }
- if became {
- os.Exit(ret)
- }
- }
-
// We now have a slice of all the containers to be restarted. Iterate them to
// create restart Funcs with a timeout as needed
for _, ctr := range restartContainers {
@@ -152,46 +158,3 @@ func restartCmd(c *cliconfig.RestartValues) error {
restartErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, restartFuncs)
return printParallelOutput(restartErrors, errCount)
}
-
-func stopRootlessContainers(stopContainers []*libpod.Container, timeout uint, useTimeout bool, maxWorkers int) error {
- var stopFuncs []shared.ParallelWorkerInput
- for _, ctr := range stopContainers {
- state, err := ctr.State()
- if err != nil {
- return err
- }
- if state != libpod.ContainerStateRunning {
- continue
- }
-
- ctrTimeout := ctr.StopTimeout()
- if useTimeout {
- ctrTimeout = timeout
- }
-
- c := ctr
- f := func() error {
- return c.StopWithTimeout(ctrTimeout)
- }
-
- stopFuncs = append(stopFuncs, shared.ParallelWorkerInput{
- ContainerID: c.ID(),
- ParallelFunc: f,
- })
-
- restartErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, stopFuncs)
- var lastError error
- for _, result := range restartErrors {
- if result != nil {
- if errCount > 1 {
- fmt.Println(result.Error())
- }
- lastError = result
- }
- }
- if lastError != nil {
- return lastError
- }
- }
- return nil
-}
diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go
index 299420bb6..253771e14 100644
--- a/cmd/podman/rm.go
+++ b/cmd/podman/rm.go
@@ -108,6 +108,7 @@ func rmCmd(c *cliconfig.RmValues) error {
c.Latest = false
c.InputArgs = []string{rootless.Argument()}
} else {
+ exitCode = 0
var containers []*libpod.Container
if c.All {
containers, err = runtime.GetContainers()
@@ -121,6 +122,10 @@ func rmCmd(c *cliconfig.RmValues) error {
for _, c := range c.InputArgs {
container, err = runtime.LookupContainer(c)
if err != nil {
+ if errors.Cause(err) == libpod.ErrNoSuchCtr {
+ exitCode = 1
+ continue
+ }
return err
}
containers = append(containers, container)
@@ -136,7 +141,7 @@ func rmCmd(c *cliconfig.RmValues) error {
os.Exit(ret)
}
}
- os.Exit(0)
+ os.Exit(exitCode)
}
}
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 773f4f484..fe5fe7238 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -170,30 +170,36 @@ record_timestamp() {
setup_rootless() {
req_env_var "
ROOTLESS_USER $ROOTLESS_USER
- ROOTLESS_UID $ROOTLESS_UID
- ROOTLESS_GID $ROOTLESS_GID
+ #ROOTLESS_UID $ROOTLESS_UID
+ #ROOTLESS_GID $ROOTLESS_GID
GOSRC $GOSRC
ENVLIB $ENVLIB
"
echo "creating $ROOTLESS_UID:$ROOTLESS_GID $ROOTLESS_USER user"
- groupadd -g $ROOTLESS_GID $ROOTLESS_USER
- useradd -g $ROOTLESS_GID -u $ROOTLESS_UID --no-user-group --create-home $ROOTLESS_USER
- chown -R $ROOTLESS_UID:$ROOTLESS_GID "$GOSRC"
+ #groupadd -g $ROOTLESS_GID $ROOTLESS_USER
+ #useradd -g $ROOTLESS_GID -u $ROOTLESS_UID --no-user-group --create-home $ROOTLESS_USER
+ useradd --create-home $ROOTLESS_USER
+ chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOSRC"
echo "creating ssh keypair for $USER"
ssh-keygen -P "" -f $HOME/.ssh/id_rsa
echo "Allowing ssh key for $ROOTLESS_USER"
(umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh")
- chown -R $ROOTLESS_UID:$ROOTLESS_GID "/home/$ROOTLESS_USER/.ssh"
- install -o $ROOTLESS_UID -g $ROOTLESS_GID -m 0600 \
+ chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
+ install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \
"$HOME/.ssh/id_rsa.pub" "/home/$ROOTLESS_USER/.ssh/authorized_keys"
+ # Makes debugging easier
+ cat /root/.ssh/authorized_keys >> "/home/$ROOTLESS_USER/.ssh/authorized_keys"
+
+ echo "Configuring subuid and subgid"
+ echo "${ROOTLESS_USER}:$[ROOTLESS_UID * 100]:65536" | tee -a /etc/subuid >> /etc/subgid
echo "Setting permissions on automation files"
chmod 666 "$TIMESTAMPS_FILEPATH"
echo "Copying $HOME/$ENVLIB"
- install -o $ROOTLESS_UID -g $ROOTLESS_GID -m 0700 \
+ install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0700 \
"$HOME/$ENVLIB" "/home/$ROOTLESS_USER/$ENVLIB"
echo "Configuring user's go environment variables"
diff --git a/contrib/cirrus/rootless_test.sh b/contrib/cirrus/rootless_test.sh
index 811b7cf2e..d0e2ceb95 100755
--- a/contrib/cirrus/rootless_test.sh
+++ b/contrib/cirrus/rootless_test.sh
@@ -29,6 +29,9 @@ case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
fedora-29) ;&
fedora-28)
make
+ make varlink_generate
+ make test-binaries
+ make ginkgo
;;
*) bad_os_id_ver ;;
esac
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 04c19b3af..7ba6965ba 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -79,6 +79,10 @@ then
if run_rootless
then
setup_rootless
+ make install.catatonit
+ go get github.com/onsi/ginkgo/ginkgo
+ go get github.com/onsi/gomega/...
+ dnf -y update runc
else
# Includes some $HOME relative details
go env | while read envline
diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh
index 3c2d193af..70fe93eb5 100755
--- a/hack/get_ci_vm.sh
+++ b/hack/get_ci_vm.sh
@@ -104,6 +104,10 @@ parse_args(){
then
DEPS="PACKAGE_DEPS=false SOURCE_DEPS=true"
IMAGE_NAME="$2"
+ elif [[ "$1" == "-r" ]]
+ then
+ DEPS="ROOTLESS_USER=madcowdog ROOTLESS_UID=3210 ROOTLESS_GID=3210"
+ IMAGE_NAME="$2"
else # no -s or -p
DEPS="$(get_env_vars)"
IMAGE_NAME="$1"
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index ac2d65342..13e660dc3 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -51,6 +51,9 @@ func (c *Container) rootFsSize() (int64, error) {
if c.config.Rootfs != "" {
return 0, nil
}
+ if c.runtime.store == nil {
+ return 0, nil
+ }
container, err := c.runtime.store.Container(c.ID())
if err != nil {
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index afd6d3cf3..54b2cbec2 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -3,6 +3,7 @@ package integration
import (
"encoding/json"
"fmt"
+ "github.com/containers/libpod/pkg/rootless"
"io/ioutil"
"os"
"os/exec"
@@ -213,7 +214,11 @@ func PodmanTestCreateUtil(tempDir string, remote bool) *PodmanTestIntegration {
if os.Getenv("STORAGE_OPTIONS") != "" {
storageOptions = os.Getenv("STORAGE_OPTIONS")
}
+
cgroupManager := CGROUP_MANAGER
+ if rootless.IsRootless() {
+ cgroupManager = "cgroupfs"
+ }
if os.Getenv("CGROUP_MANAGER") != "" {
cgroupManager = os.Getenv("CGROUP_MANAGER")
}
diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go
index a67c1a5a8..6c4ca1cb8 100644
--- a/test/e2e/create_staticip_test.go
+++ b/test/e2e/create_staticip_test.go
@@ -18,6 +18,7 @@ var _ = Describe("Podman create with --ip flag", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/e2e.coverprofile b/test/e2e/e2e.coverprofile
index b5382604f..d413679ea 100644
--- a/test/e2e/e2e.coverprofile
+++ b/test/e2e/e2e.coverprofile
@@ -1,11 +1,11 @@
mode: atomic
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:14.46,21.20 2 1
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:31.2,31.19 1 1
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:38.2,38.53 1 1
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:65.2,65.52 1 1
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:21.20,23.17 2 2
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:26.3,28.36 3 2
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:14.46,21.20 2 3
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:32.2,32.19 1 3
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:39.2,39.53 1 3
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:66.2,66.52 1 3
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:21.20,23.17 2 6
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:26.3,29.36 4 6
github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:23.17,25.4 1 0
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:31.19,36.3 4 2
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:38.53,63.3 20 1
-github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:65.52,90.3 20 1
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:32.19,37.3 3 6
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:39.53,64.3 20 3
+github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:66.52,91.3 20 3 \ No newline at end of file
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index 2f0af7e5f..5bcf3b347 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -48,6 +48,7 @@ var _ = Describe("Podman generate kube", func() {
})
It("podman generate kube on container", func() {
+ SkipIfRootless()
session := podmanTest.RunTopContainer("top")
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -61,6 +62,7 @@ var _ = Describe("Podman generate kube", func() {
})
It("podman generate service kube on container", func() {
+ SkipIfRootless()
session := podmanTest.RunTopContainer("top")
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -74,6 +76,7 @@ var _ = Describe("Podman generate kube", func() {
})
It("podman generate kube on pod", func() {
+ SkipIfRootless()
_, rc, _ := podmanTest.CreatePod("toppod")
Expect(rc).To(Equal(0))
@@ -90,6 +93,7 @@ var _ = Describe("Podman generate kube", func() {
})
It("podman generate service kube on pod", func() {
+ SkipIfRootless()
_, rc, _ := podmanTest.CreatePod("toppod")
Expect(rc).To(Equal(0))
diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go
index 921d325c3..f178e8ad5 100644
--- a/test/e2e/healthcheck_run_test.go
+++ b/test/e2e/healthcheck_run_test.go
@@ -42,6 +42,7 @@ var _ = Describe("Podman healthcheck run", func() {
})
It("podman healthcheck on valid container", func() {
+ SkipIfRootless()
podmanTest.RestoreArtifact(healthcheck)
session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", healthcheck})
session.WaitWithDefaultTimeout()
diff --git a/test/e2e/libpod_suite_remoteclient_test.go b/test/e2e/libpod_suite_remoteclient_test.go
index e6bc00397..44c5edf07 100644
--- a/test/e2e/libpod_suite_remoteclient_test.go
+++ b/test/e2e/libpod_suite_remoteclient_test.go
@@ -18,6 +18,12 @@ func SkipIfRemote() {
ginkgo.Skip("This function is not enabled for remote podman")
}
+func SkipIfRootless() {
+ if os.Geteuid() != 0 {
+ ginkgo.Skip("This function is not enabled for remote podman")
+ }
+}
+
// Cleanup cleans up the temporary store
func (p *PodmanTestIntegration) Cleanup() {
p.StopVarlink()
@@ -133,6 +139,9 @@ func (p *PodmanTestIntegration) CleanupVolume() {
}
func PodmanTestCreate(tempDir string) *PodmanTestIntegration {
+ if os.Geteuid() != 0 {
+ ginkgo.Skip("This function is not enabled for rootless podman")
+ }
pti := PodmanTestCreateUtil(tempDir, true)
pti.StartVarlink()
return pti
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go
index 1a3f37e23..685a08340 100644
--- a/test/e2e/libpod_suite_test.go
+++ b/test/e2e/libpod_suite_test.go
@@ -14,12 +14,23 @@ import (
"github.com/containers/libpod/libpod"
"github.com/containers/libpod/pkg/inspect"
. "github.com/containers/libpod/test/utils"
+ "github.com/onsi/ginkgo"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/onsi/gomega/gexec"
)
-func SkipIfRemote() {}
+func SkipIfRemote() {
+ if os.Geteuid() != 0 {
+ ginkgo.Skip("This function is not enabled for rootless podman")
+ }
+}
+
+func SkipIfRootless() {
+ if os.Geteuid() != 0 {
+ ginkgo.Skip("This function is not enabled for rootless podman")
+ }
+}
// Podman is the exec call to podman on the filesystem
func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration {
diff --git a/test/e2e/pause_test.go b/test/e2e/pause_test.go
index 2d4c1d303..e28c31c3a 100644
--- a/test/e2e/pause_test.go
+++ b/test/e2e/pause_test.go
@@ -22,6 +22,7 @@ var _ = Describe("Podman pause", func() {
createdState := "Created"
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index 5ffc0f779..de0734e9f 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -100,7 +100,7 @@ var _ = Describe("Podman pod create", func() {
It("podman create pod with network portbindings", func() {
name := "test"
- session := podmanTest.Podman([]string{"pod", "create", "--name", name, "-p", "80:80"})
+ session := podmanTest.Podman([]string{"pod", "create", "--name", name, "-p", "8080:80"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
pod := session.OutputToString()
@@ -109,7 +109,7 @@ var _ = Describe("Podman pod create", func() {
webserver.WaitWithDefaultTimeout()
Expect(webserver.ExitCode()).To(Equal(0))
- check := SystemExec("nc", []string{"-z", "localhost", "80"})
+ check := SystemExec("nc", []string{"-z", "localhost", "8080"})
Expect(check.ExitCode()).To(Equal(0))
})
diff --git a/test/e2e/pod_pause_test.go b/test/e2e/pod_pause_test.go
index 62dc919b6..59a4da176 100644
--- a/test/e2e/pod_pause_test.go
+++ b/test/e2e/pod_pause_test.go
@@ -20,6 +20,7 @@ var _ = Describe("Podman pod pause", func() {
pausedState := "Paused"
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go
index ceabb9dc1..6018b4494 100644
--- a/test/e2e/pod_stats_test.go
+++ b/test/e2e/pod_stats_test.go
@@ -18,6 +18,7 @@ var _ = Describe("Podman pod stats", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go
index 92ca538f0..957c69aa8 100644
--- a/test/e2e/ps_test.go
+++ b/test/e2e/ps_test.go
@@ -82,6 +82,8 @@ var _ = Describe("Podman ps", func() {
})
It("podman ps size flag", func() {
+ SkipIfRootless()
+
_, ec, _ := podmanTest.RunLsContainer("")
Expect(ec).To(Equal(0))
@@ -233,6 +235,8 @@ var _ = Describe("Podman ps", func() {
})
It("podman --sort by size", func() {
+ SkipIfRootless()
+
session := podmanTest.Podman([]string{"create", "busybox", "ls"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -305,6 +309,7 @@ var _ = Describe("Podman ps", func() {
})
It("podman ps test with port range", func() {
+ SkipIfRootless()
session := podmanTest.RunTopContainer("")
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go
index 89df62d42..009067482 100644
--- a/test/e2e/push_test.go
+++ b/test/e2e/push_test.go
@@ -80,6 +80,7 @@ var _ = Describe("Podman push", func() {
})
It("podman push to local registry with authorization", func() {
+ SkipIfRootless()
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
}
diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go
index 57146bca0..51544ff8b 100644
--- a/test/e2e/rootless_test.go
+++ b/test/e2e/rootless_test.go
@@ -38,6 +38,7 @@ var _ = Describe("Podman rootless", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go
index a6955591f..0d04c5f03 100644
--- a/test/e2e/run_cgroup_parent_test.go
+++ b/test/e2e/run_cgroup_parent_test.go
@@ -18,6 +18,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go
index a2dd5b9b8..42a66865c 100644
--- a/test/e2e/run_cpu_test.go
+++ b/test/e2e/run_cpu_test.go
@@ -35,6 +35,7 @@ var _ = Describe("Podman run cpu", func() {
})
It("podman run cpu-period", func() {
+ SkipIfRootless()
result := podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_period_us"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
@@ -42,6 +43,7 @@ var _ = Describe("Podman run cpu", func() {
})
It("podman run cpu-quota", func() {
+ SkipIfRootless()
result := podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
@@ -49,6 +51,7 @@ var _ = Describe("Podman run cpu", func() {
})
It("podman run cpus", func() {
+ SkipIfRootless()
result := podmanTest.Podman([]string{"run", "--rm", "--cpus=0.5", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_period_us"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
@@ -61,6 +64,7 @@ var _ = Describe("Podman run cpu", func() {
})
It("podman run cpu-shares", func() {
+ SkipIfRootless()
result := podmanTest.Podman([]string{"run", "--rm", "--cpu-shares=2", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.shares"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
@@ -68,6 +72,7 @@ var _ = Describe("Podman run cpu", func() {
})
It("podman run cpuset-cpus", func() {
+ SkipIfRootless()
result := podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.cpus"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
@@ -75,6 +80,7 @@ var _ = Describe("Podman run cpu", func() {
})
It("podman run cpuset-mems", func() {
+ SkipIfRootless()
result := podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.mems"})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go
index 5f59fbe37..fac09b78d 100644
--- a/test/e2e/run_device_test.go
+++ b/test/e2e/run_device_test.go
@@ -41,6 +41,7 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -48,6 +49,7 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device rename test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -55,6 +57,7 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device permission test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -62,6 +65,7 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device rename and permission test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -74,6 +78,7 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device host device and container device parameter are directories", func() {
+ SkipIfRootless()
SystemExec("mkdir", []string{"/dev/foodevdir"})
SystemExec("mknod", []string{"/dev/foodevdir/null", "c", "1", "3"})
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/foodevdir:/dev/bar", ALPINE, "ls", "/dev/bar/null"})
diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go
index 875c90d73..0f4dd6742 100644
--- a/test/e2e/run_dns_test.go
+++ b/test/e2e/run_dns_test.go
@@ -88,6 +88,7 @@ var _ = Describe("Podman run dns", func() {
})
It("podman run add hostname sets /etc/hosts", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-t", "-i", "--hostname=foobar", ALPINE, "cat", "/etc/hosts"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go
index 790cdf743..05d0b7a18 100644
--- a/test/e2e/run_memory_test.go
+++ b/test/e2e/run_memory_test.go
@@ -18,6 +18,7 @@ var _ = Describe("Podman run memory", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 80378dc7b..93919925c 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -54,6 +54,7 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run network expose port 222", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", "-P", ALPINE, "/bin/sh"})
session.Wait(30)
Expect(session.ExitCode()).To(Equal(0))
@@ -64,6 +65,7 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run network expose host port 80 to container port 8000", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"})
session.Wait(30)
Expect(session.ExitCode()).To(Equal(0))
@@ -146,6 +148,7 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run --net container: copies hosts and resolv", func() {
+ SkipIfRootless()
ctrName := "ctr1"
ctr1 := podmanTest.RunTopContainer(ctrName)
ctr1.WaitWithDefaultTimeout()
@@ -177,6 +180,7 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run network in user created network namespace", func() {
+ SkipIfRootless()
if Containerized() {
Skip("Can not be run within a container.")
}
@@ -193,6 +197,7 @@ var _ = Describe("Podman run networking", func() {
})
It("podman run n user created network namespace with resolv.conf", func() {
+ SkipIfRootless()
if Containerized() {
Skip("Can not be run within a container.")
}
diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go
index 51f921bce..5236e6584 100644
--- a/test/e2e/run_ns_test.go
+++ b/test/e2e/run_ns_test.go
@@ -63,6 +63,7 @@ var _ = Describe("Podman run ns", func() {
})
It("podman run ipcns ipcmk host test", func() {
+ SkipIfRootless()
setup := SystemExec("ipcmk", []string{"-M", "1024"})
Expect(setup.ExitCode()).To(Equal(0))
output := strings.Split(setup.OutputToString(), " ")
@@ -76,6 +77,7 @@ var _ = Describe("Podman run ns", func() {
})
It("podman run ipcns ipcmk container test", func() {
+ SkipIfRootless()
setup := podmanTest.Podman([]string{"run", "-d", "--name", "test1", fedoraMinimal, "sleep", "999"})
setup.WaitWithDefaultTimeout()
Expect(setup.ExitCode()).To(Equal(0))
diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go
index a4500e421..16011b2fd 100644
--- a/test/e2e/run_privileged_test.go
+++ b/test/e2e/run_privileged_test.go
@@ -45,6 +45,7 @@ var _ = Describe("Podman privileged container tests", func() {
})
It("podman privileged CapEff", func() {
+ SkipIfRootless()
cap := SystemExec("grep", []string{"CapEff", "/proc/self/status"})
Expect(cap.ExitCode()).To(Equal(0))
@@ -55,6 +56,7 @@ var _ = Describe("Podman privileged container tests", func() {
})
It("podman cap-add CapEff", func() {
+ SkipIfRootless()
cap := SystemExec("grep", []string{"CapEff", "/proc/self/status"})
Expect(cap.ExitCode()).To(Equal(0))
@@ -80,6 +82,7 @@ var _ = Describe("Podman privileged container tests", func() {
})
It("podman privileged should inherit host devices", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "-l", "/dev"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go
index 282806562..4d2bad49c 100644
--- a/test/e2e/run_selinux_test.go
+++ b/test/e2e/run_selinux_test.go
@@ -112,6 +112,7 @@ var _ = Describe("Podman run", func() {
})
It("podman test selinux label /run/secrets", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", fedoraMinimal, "ls", "-dZ", "/run/secrets"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -144,6 +145,7 @@ var _ = Describe("Podman run", func() {
})
It("podman test selinux --privileged label /run/secrets", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--privileged", fedoraMinimal, "ls", "-dZ", "/run/secrets"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go
index 464f9513a..318a7a62d 100644
--- a/test/e2e/run_staticip_test.go
+++ b/test/e2e/run_staticip_test.go
@@ -18,6 +18,7 @@ var _ = Describe("Podman run with --ip flag", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index e0d2e21b7..9ab4ae563 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -47,6 +47,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run a container based on a complex local image name", func() {
+ SkipIfRootless()
imageName := strings.TrimPrefix(nginx, "quay.io/")
podmanTest.RestoreArtifact(nginx)
session := podmanTest.Podman([]string{"run", imageName, "ls"})
@@ -185,6 +186,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run limits test", func() {
+ SkipIfRootless()
podmanTest.RestoreArtifact(fedoraMinimal)
session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"})
session.WaitWithDefaultTimeout()
@@ -211,6 +213,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run with volume flag", func() {
+ SkipIfRootless()
Skip("Skip until we diagnose the regression of volume mounts")
mountPath := filepath.Join(podmanTest.TempDir, "secrets")
os.Mkdir(mountPath, 0755)
@@ -275,6 +278,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run sysctl test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--sysctl", "net.core.somaxconn=65535", ALPINE, "sysctl", "net.core.somaxconn"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -282,6 +286,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run blkio-weight test", func() {
+ SkipIfRootless()
if _, err := os.Stat("/sys/fs/cgroup/blkio/blkio.weight"); os.IsNotExist(err) {
Skip("Kernel does not support blkio.weight")
}
@@ -292,6 +297,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run device-read-bps test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/zero:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_bps_device"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -299,6 +305,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run device-write-bps test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/zero:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_bps_device"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -306,6 +313,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run device-read-iops test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/zero:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_iops_device"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -313,6 +321,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run device-write-iops test", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/zero:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_iops_device"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -416,6 +425,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run with FIPS mode secrets", func() {
+ SkipIfRootless()
fipsFile := "/etc/system-fips"
err = ioutil.WriteFile(fipsFile, []byte{}, 0755)
Expect(err).To(BeNil())
@@ -430,6 +440,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run without group-add", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -437,6 +448,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run with group-add", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--group-add=audio", "--group-add=nogroup", "--group-add=777", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -444,6 +456,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run with user (default)", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -458,6 +471,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run with user (integer, in /etc/passwd)", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--user=8", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -465,6 +479,7 @@ var _ = Describe("Podman run", func() {
})
It("podman run with user (username)", func() {
+ SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--user=mail", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go
index b67b694b0..c6c94d2f6 100644
--- a/test/e2e/run_userns_test.go
+++ b/test/e2e/run_userns_test.go
@@ -18,6 +18,7 @@ var _ = Describe("Podman UserNS support", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go
index e95265617..05f24539f 100644
--- a/test/e2e/stats_test.go
+++ b/test/e2e/stats_test.go
@@ -19,6 +19,7 @@ var _ = Describe("Podman stats", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go
index 558635d70..52efc9fca 100644
--- a/test/e2e/systemd_test.go
+++ b/test/e2e/systemd_test.go
@@ -20,6 +20,7 @@ var _ = Describe("Podman systemd", func() {
)
BeforeEach(func() {
+ SkipIfRootless()
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)