diff options
| -rw-r--r-- | cmd/podman/containers/prune.go | 5 | ||||
| -rw-r--r-- | cmd/podman/pods/prune.go | 5 | ||||
| -rw-r--r-- | cmd/podman/volumes/prune.go | 14 | ||||
| -rw-r--r-- | docs/tutorials/rootless_tutorial.md | 2 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 3 | ||||
| -rw-r--r-- | pkg/api/handlers/compat/containers_create.go | 13 | ||||
| -rw-r--r-- | pkg/api/handlers/libpod/manifests.go | 17 | ||||
| -rw-r--r-- | pkg/domain/entities/engine_container.go | 2 | ||||
| -rw-r--r-- | pkg/domain/entities/volumes.go | 4 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/manifest.go | 85 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/volumes.go | 2 | ||||
| -rw-r--r-- | pkg/domain/infra/tunnel/volumes.go | 2 | ||||
| -rw-r--r-- | test/apiv2/20-containers.at | 23 | ||||
| -rw-r--r-- | test/e2e/manifest_test.go | 11 | ||||
| -rw-r--r-- | test/e2e/mount_test.go | 3 | ||||
| -rw-r--r-- | test/e2e/network_test.go | 132 | ||||
| -rw-r--r-- | test/e2e/run_memory_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/run_security_labels.go | 4 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 6 |
19 files changed, 210 insertions, 124 deletions
diff --git a/cmd/podman/containers/prune.go b/cmd/podman/containers/prune.go index 90dea2b45..cfe6765ac 100644 --- a/cmd/podman/containers/prune.go +++ b/cmd/podman/containers/prune.go @@ -10,6 +10,7 @@ import ( "github.com/containers/podman/v2/cmd/podman/registry" "github.com/containers/podman/v2/cmd/podman/utils" + "github.com/containers/podman/v2/cmd/podman/validate" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -25,6 +26,7 @@ var ( Long: pruneDescription, RunE: prune, Example: `podman container prune`, + Args: validate.NoArgs, } force bool filter = []string{} @@ -45,9 +47,6 @@ func prune(cmd *cobra.Command, args []string) error { var ( pruneOptions = entities.ContainerPruneOptions{} ) - if len(args) > 0 { - return errors.Errorf("`%s` takes no arguments", cmd.CommandPath()) - } if !force { reader := bufio.NewReader(os.Stdin) fmt.Println("WARNING! This will remove all non running containers.") diff --git a/cmd/podman/pods/prune.go b/cmd/podman/pods/prune.go index a7347ede5..f13d95ae9 100644 --- a/cmd/podman/pods/prune.go +++ b/cmd/podman/pods/prune.go @@ -9,6 +9,7 @@ import ( "github.com/containers/podman/v2/cmd/podman/registry" "github.com/containers/podman/v2/cmd/podman/utils" + "github.com/containers/podman/v2/cmd/podman/validate" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -23,6 +24,7 @@ var ( pruneCommand = &cobra.Command{ Use: "prune [flags]", + Args: validate.NoArgs, Short: "Remove all stopped pods and their containers", Long: pruneDescription, RunE: prune, @@ -41,9 +43,6 @@ func init() { } func prune(cmd *cobra.Command, args []string) error { - if len(args) > 0 { - return errors.Errorf("`%s` takes no arguments", cmd.CommandPath()) - } if !pruneOptions.Force { reader := bufio.NewReader(os.Stdin) fmt.Println("WARNING! This will remove all stopped/exited pods..") diff --git a/cmd/podman/volumes/prune.go b/cmd/podman/volumes/prune.go index 95b47b726..78c258bec 100644 --- a/cmd/podman/volumes/prune.go +++ b/cmd/podman/volumes/prune.go @@ -29,10 +29,6 @@ var ( } ) -var ( - pruneOptions entities.VolumePruneOptions -) - func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, @@ -40,12 +36,16 @@ func init() { Parent: volumeCmd, }) flags := pruneCommand.Flags() - flags.BoolVarP(&pruneOptions.Force, "force", "f", false, "Do not prompt for confirmation") + flags.BoolP("force", "f", false, "Do not prompt for confirmation") } func prune(cmd *cobra.Command, args []string) error { // Prompt for confirmation if --force is not set - if !pruneOptions.Force { + force, err := cmd.Flags().GetBool("force") + if err != nil { + return err + } + if !force { reader := bufio.NewReader(os.Stdin) fmt.Println("WARNING! This will remove all volumes not used by at least one container.") fmt.Print("Are you sure you want to continue? [y/N] ") @@ -57,7 +57,7 @@ func prune(cmd *cobra.Command, args []string) error { return nil } } - responses, err := registry.ContainerEngine().VolumePrune(context.Background(), pruneOptions) + responses, err := registry.ContainerEngine().VolumePrune(context.Background()) if err != nil { return err } diff --git a/docs/tutorials/rootless_tutorial.md b/docs/tutorials/rootless_tutorial.md index 6b83f18d9..3b9cbd2d0 100644 --- a/docs/tutorials/rootless_tutorial.md +++ b/docs/tutorials/rootless_tutorial.md @@ -95,7 +95,7 @@ If this is required, the administrator must verify that the UID of the user is p To change its value the administrator can use a call similar to: `sysctl -w "net.ipv4.ping_group_range=0 2000000"`. -To make the change persistent, the administrator will need to add a file in `/etc/sysctl.d` that contains `net.ipv4.ping_group_range=0 $MAX_UID`. +To make the change persist, the administrator will need to add a file with the `.conf` file extension in `/etc/sysctl.d` that contains `net.ipv4.ping_group_range=0 $MAX_GID`, where `$MAX_GID` is the highest assignable GID of the user running the container. ## User Actions diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index dde7cafb1..eba732d2a 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -415,8 +415,9 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { } // Look up and add groups the user belongs to, if a group wasn't directly specified - if !rootless.IsRootless() && !strings.Contains(c.config.User, ":") { + if !strings.Contains(c.config.User, ":") { for _, gid := range execUser.Sgids { + // FIXME: We need to add a flag to containers.conf to not add these for HPC Users. g.AddProcessAdditionalGid(uint32(gid)) } } diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go index 1d0b4c45d..0579da8de 100644 --- a/pkg/api/handlers/compat/containers_create.go +++ b/pkg/api/handlers/compat/containers_create.go @@ -82,7 +82,13 @@ func makeCreateConfig(ctx context.Context, containerConfig *config.Config, input } } - workDir := "/" + workDir, err := newImage.WorkingDir(ctx) + if err != nil { + return createconfig.CreateConfig{}, err + } + if workDir == "" { + workDir = "/" + } if len(input.WorkingDir) > 0 { workDir = input.WorkingDir } @@ -169,6 +175,11 @@ func makeCreateConfig(ctx context.Context, containerConfig *config.Config, input // away incorrectly formatted variables so we cannot reuse the // parsing of the env input // [Foo Other=one Blank=] + imgEnv, err := newImage.Env(ctx) + if err != nil { + return createconfig.CreateConfig{}, err + } + input.Env = append(imgEnv, input.Env...) for _, e := range input.Env { splitEnv := strings.Split(e, "=") switch len(splitEnv) { diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go index 8e65248e2..2031dd42f 100644 --- a/pkg/api/handlers/libpod/manifests.go +++ b/pkg/api/handlers/libpod/manifests.go @@ -6,11 +6,13 @@ import ( "github.com/containers/buildah/manifests" copy2 "github.com/containers/image/v5/copy" + "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/podman/v2/libpod" "github.com/containers/podman/v2/libpod/image" "github.com/containers/podman/v2/pkg/api/handlers" "github.com/containers/podman/v2/pkg/api/handlers/utils" + "github.com/containers/podman/v2/pkg/domain/infra/abi" "github.com/gorilla/schema" "github.com/opencontainers/go-digest" "github.com/pkg/errors" @@ -48,17 +50,18 @@ func ManifestCreate(w http.ResponseWriter, r *http.Request) { func ManifestInspect(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value("runtime").(*libpod.Runtime) name := utils.GetName(r) - newImage, err := runtime.ImageRuntime().NewFromLocal(name) - if err != nil { - utils.ImageNotFound(w, name, err) + imageEngine := abi.ImageEngine{Libpod: runtime} + inspectReport, inspectError := imageEngine.ManifestInspect(r.Context(), name) + if inspectError != nil { + utils.Error(w, "Something went wrong.", http.StatusNotFound, inspectError) return } - data, err := newImage.InspectManifest() - if err != nil { - utils.InternalServerError(w, err) + var list manifest.Schema2List + if err := json.Unmarshal(inspectReport, &list); err != nil { + utils.Error(w, "Something went wrong.", http.StatusInternalServerError, errors.Wrap(err, "Unmarshal()")) return } - utils.WriteResponse(w, http.StatusOK, data) + utils.WriteResponse(w, http.StatusOK, &list) } func ManifestAdd(w http.ResponseWriter, r *http.Request) { diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go index f105dc333..803a59932 100644 --- a/pkg/domain/entities/engine_container.go +++ b/pkg/domain/entities/engine_container.go @@ -78,6 +78,6 @@ type ContainerEngine interface { VolumeCreate(ctx context.Context, opts VolumeCreateOptions) (*IDOrNameResponse, error) VolumeInspect(ctx context.Context, namesOrIds []string, opts VolumeInspectOptions) ([]*VolumeInspectReport, error) VolumeList(ctx context.Context, opts VolumeListOptions) ([]*VolumeListReport, error) - VolumePrune(ctx context.Context, opts VolumePruneOptions) ([]*VolumePruneReport, error) + VolumePrune(ctx context.Context) ([]*VolumePruneReport, error) VolumeRm(ctx context.Context, namesOrIds []string, opts VolumeRmOptions) ([]*VolumeRmReport, error) } diff --git a/pkg/domain/entities/volumes.go b/pkg/domain/entities/volumes.go index 53d30ffdf..fb8466d04 100644 --- a/pkg/domain/entities/volumes.go +++ b/pkg/domain/entities/volumes.go @@ -113,10 +113,6 @@ type VolumeInspectReport struct { *VolumeConfigResponse } -type VolumePruneOptions struct { - Force bool -} - type VolumePruneReport struct { Err error Id string //nolint diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go index 672d0a69f..6c518e678 100644 --- a/pkg/domain/infra/abi/manifest.go +++ b/pkg/domain/infra/abi/manifest.go @@ -3,6 +3,7 @@ package abi import ( + "bytes" "context" "encoding/json" "fmt" @@ -11,15 +12,17 @@ import ( "strings" "github.com/containers/buildah/manifests" + buildahManifests "github.com/containers/buildah/pkg/manifests" + "github.com/containers/buildah/util" buildahUtil "github.com/containers/buildah/util" cp "github.com/containers/image/v5/copy" "github.com/containers/image/v5/docker" "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/transports" "github.com/containers/image/v5/transports/alltransports" "github.com/containers/image/v5/types" libpodImage "github.com/containers/podman/v2/libpod/image" "github.com/containers/podman/v2/pkg/domain/entities" - "github.com/containers/podman/v2/pkg/util" "github.com/opencontainers/go-digest" imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1" @@ -41,28 +44,82 @@ func (ir *ImageEngine) ManifestCreate(ctx context.Context, names, images []strin // ManifestInspect returns the content of a manifest list or image func (ir *ImageEngine) ManifestInspect(ctx context.Context, name string) ([]byte, error) { - dockerPrefix := fmt.Sprintf("%s://", docker.Transport.Name()) - _, err := alltransports.ParseImageName(name) + if newImage, err := ir.Libpod.ImageRuntime().NewFromLocal(name); err == nil { + // return the manifest in local storage + if list, err := newImage.InspectManifest(); err == nil { + buf, err := json.MarshalIndent(list, "", " ") + if err != nil { + return buf, errors.Wrapf(err, "error rendering manifest %s for display", name) + } + return buf, nil + // no return if local image is not a list of images type + // continue on getting valid manifest through remote serice + } else if errors.Cause(err) != buildahManifests.ErrManifestTypeNotSupported { + return nil, errors.Wrapf(err, "loading manifest %q", name) + } + } + sc := ir.Libpod.SystemContext() + refs, err := util.ResolveNameToReferences(ir.Libpod.GetStore(), sc, name) if err != nil { - _, err = alltransports.ParseImageName(dockerPrefix + name) + return nil, err + } + var ( + latestErr error + result []byte + manType string + b bytes.Buffer + ) + appendErr := func(e error) { + if latestErr == nil { + latestErr = e + } else { + latestErr = errors.Wrapf(latestErr, "tried %v\n", e) + } + } + for _, ref := range refs { + src, err := ref.NewImageSource(ctx, sc) + if err != nil { + appendErr(errors.Wrapf(err, "reading image %q", transports.ImageName(ref))) + continue + } + defer src.Close() + + manifestBytes, manifestType, err := src.GetManifest(ctx, nil) if err != nil { - return nil, errors.Errorf("invalid image reference %q", name) + appendErr(errors.Wrapf(err, "loading manifest %q", transports.ImageName(ref))) + continue } + + if !manifest.MIMETypeIsMultiImage(manifestType) { + appendErr(errors.Errorf("manifest is of type %s (not a list type)", manifestType)) + continue + } + result = manifestBytes + manType = manifestType + break } - image, err := ir.Libpod.ImageRuntime().New(ctx, name, "", "", nil, nil, libpodImage.SigningOptions{}, nil, util.PullImageMissing) - if err != nil { - return nil, errors.Wrapf(err, "reading image %q", name) + if len(result) == 0 && latestErr != nil { + return nil, latestErr } + if manType != manifest.DockerV2ListMediaType { + listBlob, err := manifest.ListFromBlob(result, manType) + if err != nil { + return nil, errors.Wrapf(err, "error parsing manifest blob %q as a %q", string(result), manType) + } + list, err := listBlob.ConvertToMIMEType(manifest.DockerV2ListMediaType) + if err != nil { + return nil, err + } + if result, err = list.Serialize(); err != nil { + return nil, err + } - list, err := image.InspectManifest() - if err != nil { - return nil, errors.Wrapf(err, "loading manifest %q", name) } - buf, err := json.MarshalIndent(list, "", " ") + err = json.Indent(&b, result, "", " ") if err != nil { - return buf, errors.Wrapf(err, "error rendering manifest for display") + return nil, errors.Wrapf(err, "error rendering manifest %s for display", name) } - return buf, nil + return b.Bytes(), nil } // ManifestAdd adds images to the manifest list diff --git a/pkg/domain/infra/abi/volumes.go b/pkg/domain/infra/abi/volumes.go index 340f00953..946f258af 100644 --- a/pkg/domain/infra/abi/volumes.go +++ b/pkg/domain/infra/abi/volumes.go @@ -120,7 +120,7 @@ func (ic *ContainerEngine) VolumeInspect(ctx context.Context, namesOrIds []strin return reports, nil } -func (ic *ContainerEngine) VolumePrune(ctx context.Context, opts entities.VolumePruneOptions) ([]*entities.VolumePruneReport, error) { +func (ic *ContainerEngine) VolumePrune(ctx context.Context) ([]*entities.VolumePruneReport, error) { return ic.pruneVolumesHelper(ctx) } diff --git a/pkg/domain/infra/tunnel/volumes.go b/pkg/domain/infra/tunnel/volumes.go index ee2786330..e432d3292 100644 --- a/pkg/domain/infra/tunnel/volumes.go +++ b/pkg/domain/infra/tunnel/volumes.go @@ -56,7 +56,7 @@ func (ic *ContainerEngine) VolumeInspect(ctx context.Context, namesOrIds []strin return reports, nil } -func (ic *ContainerEngine) VolumePrune(ctx context.Context, opts entities.VolumePruneOptions) ([]*entities.VolumePruneReport, error) { +func (ic *ContainerEngine) VolumePrune(ctx context.Context) ([]*entities.VolumePruneReport, error) { return volumes.Prune(ic.ClientCxt) } diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 187073fb9..15b5dc4be 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -3,8 +3,11 @@ # test container-related endpoints # -podman pull $IMAGE &>/dev/null +# WORKDIR=/data +ENV_WORKDIR_IMG=docker.io/library/redis:alpine +podman pull $IMAGE &>/dev/null +podman pull $ENV_WORKDIR_IMG &>/dev/null # Unimplemented #t POST libpod/containers/create '' 201 'sdf' @@ -203,4 +206,22 @@ t POST containers/${cid_top}/stop "" 204 t DELETE containers/$cid 204 t DELETE containers/$cid_top 204 +# test the apiv2 create, should't ignore the ENV and WORKDIR from the image +t POST containers/create '"Image":"'$ENV_WORKDIR_IMG'","Env":["testKey1"]' 201 \ + .Id~[0-9a-f]\\{64\\} +cid=$(jq -r '.Id' <<<"$output") +t GET containers/$cid/json 200 \ + .Config.Env~"REDIS_VERSION=" \ + .Config.Env~"testEnv1=" \ + .Config.WorkingDir="/data" # default is /data +t DELETE containers/$cid 204 + +# test the WORKDIR +t POST containers/create '"Image":"'$ENV_WORKDIR_IMG'","WorkingDir":"/dataDir"' 201 \ + .Id~[0-9a-f]\\{64\\} +cid=$(jq -r '.Id' <<<"$output") +t GET containers/$cid/json 200 \ + .Config.WorkingDir="/dataDir" +t DELETE containers/$cid 204 + # vim: filetype=sh diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index 33aac48d5..b85132814 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -8,6 +8,7 @@ import ( . "github.com/containers/podman/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gexec" ) var _ = Describe("Podman manifest", func() { @@ -49,6 +50,16 @@ var _ = Describe("Podman manifest", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman manifest inspect", func() { + session := podmanTest.Podman([]string{"manifest", "inspect", BB}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"manifest", "inspect", "docker.io/library/busybox"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + }) + It("podman manifest add", func() { session := podmanTest.Podman([]string{"manifest", "create", "foo"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index ee2753d72..4223961a6 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -189,7 +189,6 @@ var _ = Describe("Podman mount", func() { }) It("podman list running container", func() { - SkipIfRootless("FIXME: We need to do a podman unshare before executing this code.") setup := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"}) setup.WaitWithDefaultTimeout() @@ -212,7 +211,6 @@ var _ = Describe("Podman mount", func() { }) It("podman list multiple mounted containers", func() { - SkipIfRootless("FIXME: We need to do a podman unshare before executing this code.") setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup.WaitWithDefaultTimeout() @@ -257,7 +255,6 @@ var _ = Describe("Podman mount", func() { }) It("podman list mounted container", func() { - SkipIfRootless("FIXME: We need to do a podman unshare before executing this code.") setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup.WaitWithDefaultTimeout() diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go index aae82e292..a15359ea3 100644 --- a/test/e2e/network_test.go +++ b/test/e2e/network_test.go @@ -25,6 +25,42 @@ func removeConf(confPath string) { } } +// generateNetworkConfig generates a cni config with a random name +// it returns the network name and the filepath +func generateNetworkConfig(p *PodmanTestIntegration) (string, string) { + // generate a random name to preven conflicts with other tests + name := "net" + stringid.GenerateNonCryptoID() + path := filepath.Join(p.CNIConfigDir, fmt.Sprintf("%s.conflist", name)) + conf := fmt.Sprintf(`{ + "cniVersion": "0.3.0", + "name": "%s", + "plugins": [ + { + "type": "bridge", + "bridge": "cni1", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "10.99.0.0/16", + "routes": [ + { "dst": "0.0.0.0/0" } + ] + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + }`, name) + writeConf([]byte(conf), path) + + return name, path +} + var _ = Describe("Podman network", func() { var ( tempdir string @@ -48,84 +84,44 @@ var _ = Describe("Podman network", func() { }) - var ( - secondConf = `{ - "cniVersion": "0.3.0", - "name": "podman-integrationtest", - "plugins": [ - { - "type": "bridge", - "bridge": "cni1", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.99.0.0/16", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": true - } - } - ] -}` - ) - It("podman network list", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeTrue()) + Expect(session.LineInOutputContains(name)).To(BeTrue()) }) It("podman network list -q", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls", "--quiet"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeTrue()) + Expect(session.LineInOutputContains(name)).To(BeTrue()) }) It("podman network list --filter success", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls", "--filter", "plugin=bridge"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeTrue()) + Expect(session.LineInOutputContains(name)).To(BeTrue()) }) It("podman network list --filter failure", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls", "--filter", "plugin=test"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeFalse()) + Expect(session.LineInOutputContains(name)).To(BeFalse()) }) It("podman network rm no args", func() { @@ -135,25 +131,23 @@ var _ = Describe("Podman network", func() { }) It("podman network rm", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + SkipIfRootless("FIXME: This one is definitely broken in rootless mode") + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls", "--quiet"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeTrue()) + Expect(session.LineInOutputContains(name)).To(BeTrue()) - rm := podmanTest.Podman([]string{"network", "rm", "podman-integrationtest"}) + rm := podmanTest.Podman([]string{"network", "rm", name}) rm.WaitWithDefaultTimeout() Expect(rm.ExitCode()).To(BeZero()) results := podmanTest.Podman([]string{"network", "ls", "--quiet"}) results.WaitWithDefaultTimeout() Expect(results.ExitCode()).To(Equal(0)) - Expect(results.LineInOutputContains("podman-integrationtest")).To(BeFalse()) + Expect(results.LineInOutputContains(name)).To(BeFalse()) }) It("podman network inspect no args", func() { @@ -163,13 +157,10 @@ var _ = Describe("Podman network", func() { }) It("podman network inspect", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) - expectedNetworks := []string{"podman-integrationtest"} + expectedNetworks := []string{name} if !rootless.IsRootless() { // rootful image contains "podman/cni/87-podman-bridge.conflist" for "podman" network expectedNetworks = append(expectedNetworks, "podman") @@ -181,13 +172,10 @@ var _ = Describe("Podman network", func() { }) It("podman network inspect", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) - session := podmanTest.Podman([]string{"network", "inspect", "podman-integrationtest", "--format", "{{.cniVersion}}"}) + session := podmanTest.Podman([]string{"network", "inspect", name, "--format", "{{.cniVersion}}"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOutputContains("0.3.0")).To(BeTrue()) diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index fa19b1824..b3913c1e6 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -18,7 +18,6 @@ var _ = Describe("Podman run memory", func() { BeforeEach(func() { SkipIfRootlessCgroupsV1("Setting Memory not supported on cgroupv1 for rootless users") - SkipIfRootless("FIXME: This should work on cgroups V2 systems") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go index 7c8597866..2a0b0467d 100644 --- a/test/e2e/run_security_labels.go +++ b/test/e2e/run_security_labels.go @@ -130,7 +130,7 @@ var _ = Describe("Podman generate kube", func() { SkipIfRemote("runlabel not supported on podman-remote") PodmanDockerfile := ` FROM alpine:latest -LABEL io.containers.capabilities=chown,mknod` +LABEL io.containers.capabilities=chown,kill` image := "podman-caps:podman" podmanTest.BuildImage(PodmanDockerfile, image, "false") @@ -145,7 +145,7 @@ LABEL io.containers.capabilities=chown,mknod` ctr := inspect.InspectContainerToJSON() caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("CAP_CHOWN,CAP_MKNOD")) + Expect(caps).To(Equal("CAP_CHOWN,CAP_KILL")) }) }) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 2d4f3a42d..292df529c 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -261,6 +261,8 @@ var _ = Describe("Podman run", func() { }) It("podman run user capabilities test", func() { + // We need to ignore the containers.conf on the test distribution for this test + os.Setenv("CONTAINERS_CONF", "/dev/null") session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", ALPINE, "grep", "CapBnd", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -293,6 +295,8 @@ var _ = Describe("Podman run", func() { }) It("podman run user capabilities test with image", func() { + // We need to ignore the containers.conf on the test distribution for this test + os.Setenv("CONTAINERS_CONF", "/dev/null") SkipIfRemote("FIXME This should work on podman-remote") dockerfile := `FROM busybox USER bin` @@ -1134,7 +1138,7 @@ USER mail` It("podman run --device-cgroup-rule", func() { SkipIfRootless("rootless users are not allowed to mknod") deviceCgroupRule := "c 42:* rwm" - session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) + session := podmanTest.Podman([]string{"run", "--cap-add", "mknod", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) session = podmanTest.Podman([]string{"exec", "test", "mknod", "newDev", "c", "42", "1"}) |