diff options
37 files changed, 1209 insertions, 342 deletions
@@ -46,7 +46,7 @@ if test -z "${INSIDE_CONTAINER:-}"; then -e PYTHON=$PYTHON \ ${IMAGE} /go/src/github.com/projectatomic/libpod/.papr.sh systemd-detect-virt - ./test/test_runner.sh + script -qefc ./test/test_runner.sh exit 0 fi @@ -10,7 +10,7 @@ PREFIX ?= ${DESTDIR}/usr/local BINDIR ?= ${PREFIX}/bin LIBEXECDIR ?= ${PREFIX}/libexec MANDIR ?= ${PREFIX}/share/man -ETCDIR ?= /etc +ETCDIR ?= ${DESTDIR}/etc ETCDIR_LIBPOD ?= ${ETCDIR}/crio BUILDTAGS ?= seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) $(shell hack/btrfs_installed_tag.sh) $(shell hack/ostree_tag.sh) $(shell hack/selinux_tag.sh) @@ -1,7 +1,7 @@  # libpod - library for running OCI-based containers in Pods -### Status: Development +### Status: Active Development ## What is the scope of this project? @@ -28,65 +28,29 @@ The plan is to use OCI projects and best of breed libraries for different aspect - Storage: Storage and management of image layers using [containers/storage](https://github.com/containers/storage) - Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni) -libpod is currently in active development. - -## Commands -| Command | Description | Demo| -| :------------------------------------------------------- | :------------------------------------------------------------------------ | :----| -| [podman(1)](/docs/podman.1.md) | Simple management tool for pods and images || -| [podman-attach(1)](/docs/podman-attach.1.md) | Attach to a running container |[](https://asciinema.org/a/XDlocUrHVETFECg4zlO9nBbLf)| -| [podman-build(1)](/docs/podman-build.1.md) | Build an image using instructions from Dockerfiles || -| [podman-commit(1)](/docs/podman-commit.1.md) | Create new image based on the changed container || -| [podman-cp(1)](/docs/podman-cp.1.md) | Instead of providing a `podman cp` command, the man page `podman-cp` describes how to use the `podman mount` command to have even more flexibility and functionality|| -| [podman-create(1)](/docs/podman-create.1.md) | Create a new container || -| [podman-diff(1)](/docs/podman-diff.1.md) | Inspect changes on a container or image's filesystem |[](https://asciinema.org/a/FXfWB9CKYFwYM4EfqW3NSZy1G)| -| [podman-exec(1)](/docs/podman-exec.1.md) | Execute a command in a running container -| [podman-export(1)](/docs/podman-export.1.md) | Export container's filesystem contents as a tar archive |[](https://asciinema.org/a/913lBIRAg5hK8asyIhhkQVLtV)| -| [podman-history(1)](/docs/podman-history.1.md) | Shows the history of an image |[](https://asciinema.org/a/bCvUQJ6DkxInMELZdc5DinNSx)| -| [podman-images(1)](/docs/podman-images.1.md) | List images in local storage |[](https://asciinema.org/a/133649)| -| [podman-import(1)](/docs/podman-import.1.md) | Import a tarball and save it as a filesystem image || -| [podman-info(1)](/docs/podman-info.1.md) | Display system information |[](https://asciinema.org/a/yKbi5fQ89y5TJ8e1RfJd4ivTD)| -| [podman-inspect(1)](/docs/podman-inspect.1.md) | Display the configuration of a container or image |[](https://asciinema.org/a/133418)| -| [podman-kill(1)](/docs/podman-kill.1.md) | Kill the main process in one or more running containers |[](https://asciinema.org/a/3jNos0A5yzO4hChu7ddKkUPw7)| -| [podman-load(1)](/docs/podman-load.1.md) | Load an image from docker archive or oci |[](https://asciinema.org/a/kp8kOaexEhEa20P1KLZ3L5X4g)| -| [podman-login(1)](/docs/podman-login.1.md) | Login to a container registry |[](https://asciinema.org/a/oNiPgmfo1FjV2YdesiLpvihtV)| -| [podman-logout(1)](/docs/podman-logout.1.md) | Logout of a container registry |[](https://asciinema.org/a/oNiPgmfo1FjV2YdesiLpvihtV)| -| [podman-logs(1)](/docs/podman-logs.1.md) | Display the logs of a container |[](https://asciinema.org/a/MZPTWD5CVs3dMREkBxQBY9C5z)| -| [podman-mount(1)](/docs/podman-mount.1.md) | Mount a working container's root filesystem |[](https://asciinema.org/a/YSP6hNvZo0RGeMHDA97PhPAf3)| -| [podman-pause(1)](/docs/podman-pause.1.md) | Pause one or more running containers |[](https://asciinema.org/a/141292)| -| [podman-ps(1)](/docs/podman-ps.1.md) | Prints out information about containers |[](https://asciinema.org/a/bbT41kac6CwZ5giESmZLIaTLR)| -| [podman-pull(1)](/docs/podman-pull.1.md) | Pull an image from a registry |[](https://asciinema.org/a/lr4zfoynHJOUNu1KaXa1dwG2X)| -| [podman-push(1)](/docs/podman-push.1.md) | Push an image to a specified destination |[](https://asciinema.org/a/133276)| -| [podman-rm(1)](/docs/podman-rm.1.md) | Removes one or more containers |[](https://asciinema.org/a/7EMk22WrfGtKWmgHJX9Nze1Qp)| -| [podman-rmi(1)](/docs/podman-rmi.1.md) | Removes one or more images |[](https://asciinema.org/a/133799)| -| [podman-save(1)](/docs/podman-save.1.md) | Saves an image to an archive |[](https://asciinema.org/a/kp8kOaexEhEa20P1KLZ3L5X4g)| -| [podman-start(1)](/docs/podman-start.1.md) | Starts one or more containers -| [podman-stats(1)](/docs/podman-stats.1.md) | Display a live stream of one or more containers' resource usage statistics|[](https://asciinema.org/a/vfUPbAA5tsNWhsfB9p25T6xdr)| -| [podman-stop(1)](/docs/podman-stop.1.md) | Stops one or more running containers |[](https://asciinema.org/a/KNRF9xVXeaeNTNjBQVogvZBcp)| -| [podman-tag(1)](/docs/podman-tag.1.md) | Add an additional name to a local image |[](https://asciinema.org/a/133803)| -| [podman-top(1)](/docs/podman-top.1.md) | Display the running processes of a container |[](https://asciinema.org/a/5WCCi1LXwSuRbvaO9cBUYf3fk)| -| [podman-umount(1)](/docs/podman-umount.1.md) | Unmount a working container's root filesystem |[](https://asciinema.org/a/MZPTWD5CVs3dMREkBxQBY9C5z)| -| [podman-unpause(1)](/docs/podman-unpause.1.md) | Unpause one or more running containers |[](https://asciinema.org/a/141292)| -| [podman-version(1)](/docs/podman-version.1.md) | Display the version information |[](https://asciinema.org/a/mfrn61pjZT9Fc8L4NbfdSqfgu)| -| [podman-wait(1)](/docs/podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes |[](https://asciinema.org/a/QNPGKdjWuPgI96GcfkycQtah0)| - -## OCI Hooks Support - -[PODMAN configures OCI Hooks to run when launching a container](./hooks.md) - -## PODMAN Usage Transfer - -[Useful information for ops and dev transfer as it relates to infrastructure that utilizes PODMAN](/transfer.md) - -## Communication +## Podman Information for Developers + +**[Installation notes](/install.md)** +Information on how to install Podman in your environment. + +**[OCI Hooks Support](/hooks.md)** +Information on how Podman configures OCI Hooks to run when launching a container. + +**[Podman Commands](/commands.md)** +A list of the Podman commands with links to their man pages and in many cases videos showing the commands in use. + +**[Podman Usage Transfer](/transfer.md)** +Useful information for ops and dev transfer as it relates to infrastructure that utilizes Podman. This page includes tables showing Docker commands and their Podman equivalent commands. + +**[Tutorials](docs/tutorials/tutorials.md)** +Tutorials on the Podman utility. + +## Communication with Fellow Developers For async communication and long running discussions please use issues and pull requests on the github repo. This will be the best place to discuss design and implementation. For sync communication we have an IRC channel #PODMAN, on chat.freenode.net, that everyone is welcome to join and chat about development. -## [Podman tutorial](podman_tutorial.md) -For more information on how to build, install, and use podman, check out the [podman tutorial](podman_tutorial.md). - ### Current Roadmap 1. Basic pod/container lifecycle, basic image pull (done) diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 7ee364fab..262be129c 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -218,8 +218,6 @@ func createCmd(c *cli.Context) error { return nil } -const seccompDefaultPath = "/etc/crio/seccomp.json" - func parseSecurityOpt(config *createConfig, securityOpts []string) error { var ( labelOpts []string @@ -269,12 +267,19 @@ func parseSecurityOpt(config *createConfig, securityOpts []string) error { } if config.SeccompProfilePath == "" { - if _, err := os.Stat(seccompDefaultPath); err != nil { + if _, err := os.Stat(libpod.SeccompOverridePath); err == nil { + config.SeccompProfilePath = libpod.SeccompOverridePath + } else { if !os.IsNotExist(err) { - return errors.Wrapf(err, "can't check if %q exists", seccompDefaultPath) + return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompOverridePath) + } + if _, err := os.Stat(libpod.SeccompDefaultPath); err != nil { + if !os.IsNotExist(err) { + return errors.Wrapf(err, "can't check if %q exists", libpod.SeccompDefaultPath) + } + } else { + config.SeccompProfilePath = libpod.SeccompDefaultPath } - } else { - config.SeccompProfilePath = seccompDefaultPath } } config.ProcessLabel, config.MountLabel, err = label.InitLabels(labelOpts) diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index c674c9d1e..944664c68 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -412,7 +412,7 @@ func getTemplateOutput(containers []*libpod.Container, opts psOptions) ([]psTemp status = "Up " + runningFor + " ago" case libpod.ContainerStatePaused: status = "Paused" - case libpod.ContainerStateCreated: + case libpod.ContainerStateCreated, libpod.ContainerStateConfigured: status = "Created" default: status = "Dead" diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go index 8dd3475c0..182089e8e 100644 --- a/cmd/podman/rm.go +++ b/cmd/podman/rm.go @@ -80,13 +80,6 @@ func rmCmd(c *cli.Context) error { } } for _, container := range delContainers { - if err != nil { - if lastError != nil { - fmt.Fprintln(os.Stderr, lastError) - } - lastError = errors.Wrapf(err, "failed to find container %s", container.ID()) - continue - } err = runtime.RemoveContainer(container, c.Bool("force")) if err != nil { if lastError != nil { diff --git a/cmd/podman/run_test.go b/cmd/podman/run_test.go index f083b39af..b82df86db 100644 --- a/cmd/podman/run_test.go +++ b/cmd/podman/run_test.go @@ -66,11 +66,24 @@ func createCLI() cli.App { return a } -func getRuntimeSpec(c *cli.Context) *spec.Spec { - runtime, _ := getRuntime(c) - createConfig, _ := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData()) - runtimeSpec, _ := createConfigToOCISpec(createConfig) - return runtimeSpec +func getRuntimeSpec(c *cli.Context) (*spec.Spec, error) { + /* + TODO: This test has never worked. Need to install content + runtime, err := getRuntime(c) + if err != nil { + return nil, err + } + createConfig, err := parseCreateOpts(c, runtime, "alpine", generateAlpineImageData()) + */ + createConfig, err := parseCreateOpts(c, nil, "alpine", generateAlpineImageData()) + if err != nil { + return nil, err + } + runtimeSpec, err := createConfigToOCISpec(createConfig) + if err != nil { + return nil, err + } + return runtimeSpec, nil } // TestPIDsLimit verifies the inputed pid-limit is correctly defined in the spec @@ -78,7 +91,10 @@ func TestPIDsLimit(t *testing.T) { a := createCLI() args := []string{"--pids-limit", "22"} a.Run(append(cmd, args...)) - runtimeSpec := getRuntimeSpec(CLI) + runtimeSpec, err := getRuntimeSpec(CLI) + if err != nil { + t.Fatalf(err.Error()) + } assert.Equal(t, runtimeSpec.Linux.Resources.Pids.Limit, int64(22)) } @@ -87,7 +103,10 @@ func TestBLKIOWeightDevice(t *testing.T) { a := createCLI() args := []string{"--blkio-weight-device", "/dev/sda:100"} a.Run(append(cmd, args...)) - runtimeSpec := getRuntimeSpec(CLI) + runtimeSpec, err := getRuntimeSpec(CLI) + if err != nil { + t.Fatalf(err.Error()) + } assert.Equal(t, *runtimeSpec.Linux.Resources.BlockIO.WeightDevice[0].Weight, uint16(100)) } @@ -96,7 +115,10 @@ func TestMemorySwap(t *testing.T) { a := createCLI() args := []string{"--memory-swap", "45m", "--memory", "40m"} a.Run(append(cmd, args...)) - runtimeSpec := getRuntimeSpec(CLI) + runtimeSpec, err := getRuntimeSpec(CLI) + if err != nil { + t.Fatalf(err.Error()) + } mem, _ := units.RAMInBytes("45m") assert.Equal(t, *runtimeSpec.Linux.Resources.Memory.Swap, mem) } diff --git a/cmd/podman/spec.go b/cmd/podman/spec.go index df1c54d50..59ea5685a 100644 --- a/cmd/podman/spec.go +++ b/cmd/podman/spec.go @@ -1,13 +1,13 @@ package main import ( - "encoding/json" "io/ioutil" "strings" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/docker/daemon/caps" "github.com/docker/docker/pkg/mount" + "github.com/docker/docker/profiles/seccomp" "github.com/docker/go-units" "github.com/opencontainers/runc/libcontainer/devices" spec "github.com/opencontainers/runtime-spec/specs-go" @@ -290,16 +290,31 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { } configSpec := g.Spec() - if config.SeccompProfilePath != "" && config.SeccompProfilePath != "unconfined" { - seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath) - if err != nil { - return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath) - } - var seccompConfig spec.LinuxSeccomp - if err := json.Unmarshal(seccompProfile, &seccompConfig); err != nil { - return nil, errors.Wrapf(err, "decoding seccomp profile (%s) failed", config.SeccompProfilePath) + // HANDLE CAPABILITIES + // NOTE: Must happen before SECCOMP + if err := setupCapabilities(config, configSpec); err != nil { + return nil, err + } + + // HANDLE SECCOMP + if config.SeccompProfilePath != "unconfined" { + if config.SeccompProfilePath != "" { + seccompProfile, err := ioutil.ReadFile(config.SeccompProfilePath) + if err != nil { + return nil, errors.Wrapf(err, "opening seccomp profile (%s) failed", config.SeccompProfilePath) + } + seccompConfig, err := seccomp.LoadProfile(string(seccompProfile), configSpec) + if err != nil { + return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath) + } + configSpec.Linux.Seccomp = seccompConfig + } else { + seccompConfig, err := seccomp.GetDefaultProfile(configSpec) + if err != nil { + return nil, errors.Wrapf(err, "loading seccomp profile (%s) failed", config.SeccompProfilePath) + } + configSpec.Linux.Seccomp = seccompConfig } - configSpec.Linux.Seccomp = &seccompConfig } // BIND MOUNTS @@ -319,11 +334,6 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) { } } - // HANDLE CAPABILITIES - if err := setupCapabilities(config, configSpec); err != nil { - return nil, err - } - // BLOCK IO blkio, err := config.CreateBlockIO() if err != nil { diff --git a/commands.md b/commands.md new file mode 100644 index 000000000..7ce60d309 --- /dev/null +++ b/commands.md @@ -0,0 +1,42 @@ + +# libpod - library for running OCI-based containers in Pods + +## Podman Commands +| Command | Description | Demo| +| :------------------------------------------------------- | :------------------------------------------------------------------------ | :----| +| [podman(1)](/docs/podman.1.md) | Simple management tool for pods and images || +| [podman-attach(1)](/docs/podman-attach.1.md) | Attach to a running container |[](https://asciinema.org/a/XDlocUrHVETFECg4zlO9nBbLf)| +| [podman-build(1)](/docs/podman-build.1.md) | Build an image using instructions from Dockerfiles || +| [podman-commit(1)](/docs/podman-commit.1.md) | Create new image based on the changed container || +| [podman-cp(1)](/docs/podman-cp.1.md) | Instead of providing a `podman cp` command, the man page `podman-cp` describes how to use the `podman mount` command to have even more flexibility and functionality|| +| [podman-create(1)](/docs/podman-create.1.md) | Create a new container || +| [podman-diff(1)](/docs/podman-diff.1.md) | Inspect changes on a container or image's filesystem |[](https://asciinema.org/a/FXfWB9CKYFwYM4EfqW3NSZy1G)| +| [podman-exec(1)](/docs/podman-exec.1.md) | Execute a command in a running container +| [podman-export(1)](/docs/podman-export.1.md) | Export container's filesystem contents as a tar archive |[](https://asciinema.org/a/913lBIRAg5hK8asyIhhkQVLtV)| +| [podman-history(1)](/docs/podman-history.1.md) | Shows the history of an image |[](https://asciinema.org/a/bCvUQJ6DkxInMELZdc5DinNSx)| +| [podman-images(1)](/docs/podman-images.1.md) | List images in local storage |[](https://asciinema.org/a/133649)| +| [podman-import(1)](/docs/podman-import.1.md) | Import a tarball and save it as a filesystem image || +| [podman-info(1)](/docs/podman-info.1.md) | Display system information |[](https://asciinema.org/a/yKbi5fQ89y5TJ8e1RfJd4ivTD)| +| [podman-inspect(1)](/docs/podman-inspect.1.md) | Display the configuration of a container or image |[](https://asciinema.org/a/133418)| +| [podman-kill(1)](/docs/podman-kill.1.md) | Kill the main process in one or more running containers |[](https://asciinema.org/a/3jNos0A5yzO4hChu7ddKkUPw7)| +| [podman-load(1)](/docs/podman-load.1.md) | Load an image from docker archive or oci |[](https://asciinema.org/a/kp8kOaexEhEa20P1KLZ3L5X4g)| +| [podman-login(1)](/docs/podman-login.1.md) | Login to a container registry |[](https://asciinema.org/a/oNiPgmfo1FjV2YdesiLpvihtV)| +| [podman-logout(1)](/docs/podman-logout.1.md) | Logout of a container registry |[](https://asciinema.org/a/oNiPgmfo1FjV2YdesiLpvihtV)| +| [podman-logs(1)](/docs/podman-logs.1.md) | Display the logs of a container |[](https://asciinema.org/a/MZPTWD5CVs3dMREkBxQBY9C5z)| +| [podman-mount(1)](/docs/podman-mount.1.md) | Mount a working container's root filesystem |[](https://asciinema.org/a/YSP6hNvZo0RGeMHDA97PhPAf3)| +| [podman-pause(1)](/docs/podman-pause.1.md) | Pause one or more running containers |[](https://asciinema.org/a/141292)| +| [podman-ps(1)](/docs/podman-ps.1.md) | Prints out information about containers |[](https://asciinema.org/a/bbT41kac6CwZ5giESmZLIaTLR)| +| [podman-pull(1)](/docs/podman-pull.1.md) | Pull an image from a registry |[](https://asciinema.org/a/lr4zfoynHJOUNu1KaXa1dwG2X)| +| [podman-push(1)](/docs/podman-push.1.md) | Push an image to a specified destination |[](https://asciinema.org/a/133276)| +| [podman-rm(1)](/docs/podman-rm.1.md) | Removes one or more containers |[](https://asciinema.org/a/7EMk22WrfGtKWmgHJX9Nze1Qp)| +| [podman-rmi(1)](/docs/podman-rmi.1.md) | Removes one or more images |[](https://asciinema.org/a/133799)| +| [podman-save(1)](/docs/podman-save.1.md) | Saves an image to an archive |[](https://asciinema.org/a/kp8kOaexEhEa20P1KLZ3L5X4g)| +| [podman-start(1)](/docs/podman-start.1.md) | Starts one or more containers +| [podman-stats(1)](/docs/podman-stats.1.md) | Display a live stream of one or more containers' resource usage statistics|[](https://asciinema.org/a/vfUPbAA5tsNWhsfB9p25T6xdr)| +| [podman-stop(1)](/docs/podman-stop.1.md) | Stops one or more running containers |[](https://asciinema.org/a/KNRF9xVXeaeNTNjBQVogvZBcp)| +| [podman-tag(1)](/docs/podman-tag.1.md) | Add an additional name to a local image |[](https://asciinema.org/a/133803)| +| [podman-top(1)](/docs/podman-top.1.md) | Display the running processes of a container |[](https://asciinema.org/a/5WCCi1LXwSuRbvaO9cBUYf3fk)| +| [podman-umount(1)](/docs/podman-umount.1.md) | Unmount a working container's root filesystem |[](https://asciinema.org/a/MZPTWD5CVs3dMREkBxQBY9C5z)| +| [podman-unpause(1)](/docs/podman-unpause.1.md) | Unpause one or more running containers |[](https://asciinema.org/a/141292)| +| [podman-version(1)](/docs/podman-version.1.md) | Display the version information |[](https://asciinema.org/a/mfrn61pjZT9Fc8L4NbfdSqfgu)| +| [podman-wait(1)](/docs/podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes |[](https://asciinema.org/a/QNPGKdjWuPgI96GcfkycQtah0)| diff --git a/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index 619e83c35..619e83c35 100644 --- a/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md diff --git a/docs/tutorials/tutorials.md b/docs/tutorials/tutorials.md new file mode 100644 index 000000000..6ada366c0 --- /dev/null +++ b/docs/tutorials/tutorials.md @@ -0,0 +1,9 @@ + + +# Podman Tutorials + +## Links to a number of useful tutorials for the Podman utility. + +**[Introduction Tutorial](https://github.com/projectatomic/libpod/tree/master/docs/tutorials/podman_tutorial.md)** + +Learn how to setup Podman and perform some basic commands with the utility. diff --git a/libpod/runtime.go b/libpod/runtime.go index d0362ec79..804f69c9e 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -27,6 +27,10 @@ const ( InMemoryStateStore RuntimeStateStore = iota // SQLiteStateStore is a state backed by a SQLite database SQLiteStateStore RuntimeStateStore = iota + // SeccompDefaultPath defines the default seccomp path + SeccompDefaultPath = "/usr/share/containers/seccomp.json" + // SeccompOverridePath if this exists it overrides the default seccomp path + SeccompOverridePath = "/etc/crio/seccomp.json" ) // A RuntimeOption is a functional option which alters the Runtime created by diff --git a/test/podman_attach.bats b/test/podman_attach.bats index 8676b2e43..605a44789 100644 --- a/test/podman_attach.bats +++ b/test/podman_attach.bats @@ -11,14 +11,14 @@ function setup() { } @test "attach to a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar echo "$output" [ "$status" -eq 125 ] } @test "attach to non-running container" { ${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name foobar -d -i ${ALPINE} ls - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar echo "$output" [ "$status" -eq 125 ] } @@ -26,7 +26,7 @@ function setup() { @test "attach to multiple containers" { ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name foobar1 -d -i ${ALPINE} /bin/sh ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name foobar2 -d -i ${ALPINE} /bin/sh - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar1 foobar2" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} attach foobar1 foobar2 echo "$output" [ "$status" -eq 125 ] } diff --git a/test/podman_commit.bats b/test/podman_commit.bats index 9257743e9..45c2b010e 100644 --- a/test/podman_commit.bats +++ b/test/podman_commit.bats @@ -13,109 +13,85 @@ function setup() { } @test "podman commit default" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit with message flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --message testing-commit my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --message testing-commit my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep testing-commit" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit with author flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --author author-name my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --author author-name my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep author-name" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit with change flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --change LABEL=image=blue my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --change LABEL=image=blue my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect image-committed | grep blue" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit with pause flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --pause=false my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d --name my_ctr ${FEDORA_MINIMAL} sleep 6000 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit --pause=false my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop my_ctr } @test "podman commit non-running container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name my_ctr ${FEDORA_MINIMAL} ls" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed" + ${PODMAN_BINARY} ${PODMAN_OPTIONS} create --name my_ctr ${FEDORA_MINIMAL} ls + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} commit my_ctr image-committed echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} images | grep image-committed" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed" - echo "$output" - [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm my_ctr" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi image-committed echo "$output" [ "$status" -eq 0 ] + ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm my_ctr } diff --git a/test/podman_diff.bats b/test/podman_diff.bats index 9ed088807..ed1a17309 100644 --- a/test/podman_diff.bats +++ b/test/podman_diff.bats @@ -23,7 +23,6 @@ function teardown() { } @test "test diff with json output" { - # run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} diff --format json $IMAGE | python -m json.tool" run ${PODMAN_BINARY} $PODMAN_OPTIONS diff --format json $BB echo "$output" [ "$status" -eq 0 ] diff --git a/test/podman_export.bats b/test/podman_export.bats index 3847ab14c..40fc7bb4f 100644 --- a/test/podman_export.bats +++ b/test/podman_export.bats @@ -11,14 +11,14 @@ function setup() { } @test "podman export output flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} export -o container.tar $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} export -o container.tar $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 0 ] rm -f container.tar diff --git a/test/podman_images.bats b/test/podman_images.bats index 3ea8af793..5812e8f8b 100644 --- a/test/podman_images.bats +++ b/test/podman_images.bats @@ -10,7 +10,7 @@ function setup() { copy_images } @test "podman images" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} images + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} images echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_inspect.bats b/test/podman_inspect.bats index 9f9336f48..19e5a0a9b 100644 --- a/test/podman_inspect.bats +++ b/test/podman_inspect.bats @@ -23,11 +23,11 @@ function setup() { } @test "podman inspect with format" { - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS inspect --format {{.ID}} ${ALPINE} + run ${PODMAN_BINARY} $PODMAN_OPTIONS inspect --format {{.ID}} ${ALPINE} echo "$output" [ "$status" -eq 0 ] inspectOutput="$output" - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS images --no-trunc --quiet ${ALPINE} + bash -c run ${PODMAN_BINARY} $PODMAN_OPTIONS images --no-trunc --quiet ${ALPINE} | sed -e 's/sha256://g' echo "$output" [ "$status" -eq 0 ] [ "$output" = "$inspectOutput" ] @@ -42,7 +42,7 @@ function setup() { } @test "podman inspect container with size" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create ${BB} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create ${BB} ls echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS inspect --size -l | python -m json.tool | grep SizeRootFs" diff --git a/test/podman_kill.bats b/test/podman_kill.bats index bb55ed31d..f24bd0971 100644 --- a/test/podman_kill.bats +++ b/test/podman_kill.bats @@ -11,61 +11,61 @@ function setup() { } @test "kill a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill foobar echo "$output" [ "$status" -ne 0 ] } @test "kill a running container by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill $ctr_id [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] } @test "kill a running container by id with TERM" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM $ctr_id [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc [ "$status" -eq 0 ] } @test "kill a running container by name" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM test1" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s TERM test1 [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc [ "$status" -eq 0 ] } @test "kill a running container by id with a bogus signal" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s foobar $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -s foobar $ctr_id [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --no-trunc [ "$status" -eq 0 ] } @test "kill the latest container run" { ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -l" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} kill -l echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_load.bats b/test/podman_load.bats index 6fe8638b6..ca93a5522 100644 --- a/test/podman_load.bats +++ b/test/podman_load.bats @@ -10,36 +10,36 @@ function teardown() { cleanup_test } @test "podman load input flag" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman load oci-archive image" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alpine.tar echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman load oci-archive image with signature-policy" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE [ "$status" -eq 0 ] cp /etc/containers/policy.json /tmp - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar echo "$output" [ "$status" -eq 0 ] rm -f /tmp/policy.json @@ -47,29 +47,29 @@ function teardown() { } @test "podman load using quiet flag" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -q -i alpine.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -q -i alpine.tar echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman load directory" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi $ALPINE echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alp-dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} load -i alp-dir echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alp-dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alp-dir echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_logs.bats b/test/podman_logs.bats index 342ffac5e..e76bf665a 100644 --- a/test/podman_logs.bats +++ b/test/podman_logs.bats @@ -11,41 +11,41 @@ function setup() { } @test "display logs for container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "tail three lines of logs for container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --tail 3 $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --tail 3 $ctr_id echo "$output" lines=$(echo "$output" | wc -l) [ "$status" -eq 0 ] [[ $(wc -l < "$output" ) -le 3 ]] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "display logs for container since a given time" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --since 2017-08-07T10:10:09.056611202-04:00 -l" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} logs --since 2017-08-07T10:10:09.056611202-04:00 -l echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -l" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -l echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_mount.bats b/test/podman_mount.bats index bc6be1a19..f3d04fb98 100644 --- a/test/podman_mount.bats +++ b/test/podman_mount.bats @@ -13,26 +13,26 @@ function setup() { } @test "mount" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create $BB ls echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount --notruncate | grep $ctr_id" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} mount $ctr_id echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} mount --format=json | python -m json.tool | grep $ctr_id" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unmount $ctr_id echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_pause.bats b/test/podman_pause.bats index b8f0a8746..4e98eb130 100644 --- a/test/podman_pause.bats +++ b/test/podman_pause.bats @@ -11,102 +11,102 @@ function teardown() { } @test "pause a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause foobar echo "$output" [ "$status" -eq 125 ] } @test "unpause a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause foobar echo "$output" [ "$status" -eq 125 ] } @test "pause a created container by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "pause a running container by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "unpause a running container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id echo "$output" [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "remove a paused container by id" { skip "Test needs to wait for --force to work for podman rm" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm --force $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm --force $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "stop a paused container created by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d $BB sleep 60 echo "$output" [ "$status" -eq 0 ] ctr_id=`echo "$output" | tail -n 1` - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id echo "$output" [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} unpause $ctr_id echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id echo "$output" [ "$status" -eq 0 ] # Container should be running after unpause and shouldn't # be removable without the force flag. - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm $ctr_id echo "$output" [ "$status" -eq 125 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rm -f $ctr_id echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_ps.bats b/test/podman_ps.bats index b99c84304..8f2232cbf 100644 --- a/test/podman_ps.bats +++ b/test/podman_ps.bats @@ -12,92 +12,92 @@ function teardown() { } @test "podman ps with no containers" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps echo "$output" [ "$status" -eq 0 ] } @test "podman ps default" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps echo "$output" [ "$status" -eq 0 ] } @test "podman ps all flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a echo "$output" [ "$status" -eq 0 ] } @test "podman ps size flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --size" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --size echo "$output" [ "$status" -eq 0 ] } @test "podman ps quiet flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls ctr_id="$output" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --quiet" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --quiet echo "$output" [ "$status" -eq 0 ] } @test "podman ps latest flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --latest echo "$output" [ "$status" -eq 0 ] } @test "podman ps last flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${BB} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${BB} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls -s" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls -s echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --last 2" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --last 2 echo "$output" [ "$status" -eq 0 ] } @test "podman ps no-trunc flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --no-trunc" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --no-trunc echo "$output" [ "$status" -eq 0 ] } @test "podman ps namespace flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --all --namespace" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps --all --namespace echo "$output" [ "$status" -eq 0 ] } @test "podman ps namespace flag and format flag = json" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json | python -m json.tool | grep namespace" @@ -106,7 +106,7 @@ function teardown() { } @test "podman ps without namespace flag and format flag = json" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format json | python -m json.tool | grep namespace" @@ -115,76 +115,76 @@ function teardown() { } @test "podman ps format flag = go template" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format 'table {{.ID}} {{.Image}} {{.Labels}}'" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --format 'table {{.ID}} {{.Image}} {{.Labels}}' echo "$output" [ "$status" -eq 0 ] } @test "podman ps filter flag - ancestor" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter ancestor=${ALPINE}" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter ancestor=${ALPINE} echo "$output" [ "$status" -eq 0 ] } @test "podman ps filter flag - id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} ls echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter id=$ctr_id echo "$output" [ "$status" -eq 0 ] } @test "podman ps filter flag - status" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99 ctr_id="$output" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter status=running" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --filter status=running echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "podman ps short options" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99 ctr_id="$output" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aq" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aq echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id echo "$output" [ "$status" -eq 0 ] } @test "podman ps with mutually exclusive flags" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 99 ctr_id="$output" echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aqs" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -aqs echo "$output" [ "$status" -ne 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns -s" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns -s echo "$output" [ "$status" -ne 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns format {{.ID}}" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns format {{.ID}} echo "$output" [ "$status" -ne 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps -a --ns --format json echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_pull.bats b/test/podman_pull.bats index b0de1a8ab..4052d56d5 100644 --- a/test/podman_pull.bats +++ b/test/podman_pull.bats @@ -10,7 +10,7 @@ function teardown() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian:6.0.10 echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian:6.0.10 + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian:6.0.10 echo "$output" [ "$status" -eq 0 ] } @@ -19,7 +19,7 @@ function teardown() { run ${PODMAN_BINARY} $PODMAN_OPTIONS pull debian echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi debian echo "$output" [ "$status" -eq 0 ] } @@ -28,7 +28,7 @@ function teardown() { run ${PODMAN_BINARY} $PODMAN_OPTIONS pull registry.fedoraproject.org/fedora:rawhide echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora:rawhide + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora:rawhide echo "$output" [ "$status" -eq 0 ] } @@ -37,7 +37,7 @@ function teardown() { run ${PODMAN_BINARY} $PODMAN_OPTIONS pull registry.fedoraproject.org/fedora echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi registry.fedoraproject.org/fedora echo "$output" [ "$status" -eq 0 ] } @@ -46,7 +46,7 @@ function teardown() { run ${PODMAN_BINARY} $PODMAN_OPTIONS pull alpine@sha256:1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi alpine:latest + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi alpine:latest echo "$output" [ "$status" -eq 0 ] } @@ -61,7 +61,7 @@ function teardown() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:latest + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:latest echo "$output" [ "$status" -eq 0 ] } @@ -70,7 +70,7 @@ function teardown() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull debian:6.0.10 echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:6.0.10 + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi docker.io/debian:6.0.10 echo "$output" [ "$status" -eq 0 ] } @@ -79,57 +79,57 @@ function teardown() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alp.tar alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alp.tar alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull docker-archive:alp.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull docker-archive:alp.tar echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] rm -f alp.tar } @test "podman pull from oci-archive" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-archive -o oci-alp.tar alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-archive -o oci-alp.tar alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull oci-archive:oci-alp.tar + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull oci-archive:oci-alp.tar echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] rm -f oci-alp.tar } @test "podman pull from local directory" { - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull alpine echo "$output" [ "$status" -eq 0 ] run mkdir test_pull_dir echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} push alpine dir:test_pull_dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} push alpine dir:test_pull_dir echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi alpine echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull dir:test_pull_dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} pull dir:test_pull_dir echo "$output" [ "$status" -eq 0 ] - run bash -c ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi test_pull_dir + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi test_pull_dir echo "$output" [ "$status" -eq 0 ] rm -rf test_pull_dir diff --git a/test/podman_push.bats b/test/podman_push.bats index 82798b3fc..8308f4e83 100644 --- a/test/podman_push.bats +++ b/test/podman_push.bats @@ -36,7 +36,7 @@ function setup() { echo "$output" [ "$status" -eq 0 ] rm -rf /tmp/busybox - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE echo "$output" [ "$status" -eq 0 ] } @@ -47,7 +47,7 @@ function setup() { echo "--->" [ "$status" -eq 0 ] rm /tmp/busybox-archive - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE echo "$output" [ "$status" -eq 0 ] } @@ -57,18 +57,18 @@ function setup() { echo "$output" [ "$status" -eq 0 ] rm -f /tmp/oci-busybox.tar - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE echo "$output" [ "$status" -eq 0 ] } @test "podman push without signatures" { mkdir /tmp/busybox - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS push --remove-signatures $ALPINE dir:/tmp/busybox + run ${PODMAN_BINARY} $PODMAN_OPTIONS push --remove-signatures $ALPINE dir:/tmp/busybox echo "$output" [ "$status" -eq 0 ] rm -rf /tmp/busybox - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE + run ${PODMAN_BINARY} $PODMAN_OPTIONS rmi $ALPINE echo "$output" [ "$status" -eq 0 ] } @@ -86,13 +86,13 @@ function setup() { } @test "push with manifest type conversion" { - run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS push --format oci "${BB}" dir:my-dir" + run ${PODMAN_BINARY} $PODMAN_OPTIONS push --format oci "${BB}" dir:my-dir echo "$output" [ "$status" -eq 0 ] - run bash -c "grep "application/vnd.oci.image.config.v1+json" my-dir/manifest.json" + run grep "application/vnd.oci.image.config.v1+json" my-dir/manifest.json echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} $PODMAN_OPTIONS push --compress --format v2s2 "${BB}" dir:my-dir" + run ${PODMAN_BINARY} $PODMAN_OPTIONS push --compress --format v2s2 "${BB}" dir:my-dir echo "$output" [ "$status" -eq 0 ] run bash -c "grep "application/vnd.docker.distribution.manifest.v2+json" my-dir/manifest.json" diff --git a/test/podman_rm.bats b/test/podman_rm.bats index f6430711f..8382bb3fe 100644 --- a/test/podman_rm.bats +++ b/test/podman_rm.bats @@ -15,7 +15,7 @@ function teardown() { echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm "$ctr_id" + run ${PODMAN_BINARY} $PODMAN_OPTIONS rm "$ctr_id" echo "$output" [ "$status" -eq 0 ] } @@ -35,7 +35,7 @@ function teardown() { echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id" + run ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id" echo "$output" [ "$status" -eq 0 ] } @@ -45,7 +45,7 @@ function teardown() { echo "$output" [ "$status" -eq 0 ] ctr_id="$output" - run bash -c ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id" + run ${PODMAN_BINARY} $PODMAN_OPTIONS rm -f "$ctr_id" echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_run.bats b/test/podman_run.bats index 465468a5c..9fa048439 100644 --- a/test/podman_run.bats +++ b/test/podman_run.bats @@ -11,19 +11,19 @@ function setup() { } @test "run a container based on local image" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run $BB ls echo "$output" [ "$status" -eq 0 ] } @test "run a container based on local image with short options" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt $BB ls echo "$output" [ "$status" -eq 0 ] } @test "run a container based on a remote image" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${BB_GLIBC} ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${BB_GLIBC} ls echo "$output" [ "$status" -eq 0 ] } @@ -33,11 +33,11 @@ function setup() { skip "SELinux not enabled" fi - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current echo "$output" firstLabel=$output - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run ${ALPINE} cat /proc/self/attr/current echo "$output" [ "$output" != "${firstLabel}" ] } @@ -52,19 +52,19 @@ function setup() { } @test "run capabilities test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} cat /proc/self/status" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} cat /proc/self/status echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add sys_admin ${ALPINE} cat /proc/self/status" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add sys_admin ${ALPINE} cat /proc/self/status echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} cat /proc/self/status" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} cat /proc/self/status echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop setuid ${ALPINE} cat /proc/self/status" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop setuid ${ALPINE} cat /proc/self/status echo "$output" [ "$status" -eq 0 ] @@ -86,7 +86,7 @@ function setup() { [ "$status" -eq 0 ] [ "$output" = "BAR" ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --env FOO ${ALPINE} printenv" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --env FOO ${ALPINE} printenv echo "$output" [ "$status" -ne 0 ] @@ -101,7 +101,7 @@ function setup() { IMAGE="docker.io/library/fedora:latest" @test "run limits test" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --ulimit rtprio=99 --cap-add=sys_nice ${IMAGE} cat /proc/self/sched" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --ulimit rtprio=99 --cap-add=sys_nice ${IMAGE} cat /proc/self/sched echo $output [ "$status" -eq 0 ] @@ -115,7 +115,7 @@ IMAGE="docker.io/library/fedora:latest" [ "$status" -eq 0 ] [ "$output" = 1024 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --oom-kill-disable=true ${IMAGE} echo memory-hog" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --oom-kill-disable=true ${IMAGE} echo memory-hog echo $output [ "$status" -eq 0 ] @@ -139,7 +139,7 @@ IMAGE="docker.io/library/fedora:latest" } @test "podman run with cidfile" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cidfile /tmp/cidfile $BB ls" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cidfile /tmp/cidfile $BB ls echo "$output" [ "$status" -eq 0 ] run rm /tmp/cidfile diff --git a/test/podman_save.bats b/test/podman_save.bats index 27e627b8f..9c6fa8b86 100644 --- a/test/podman_save.bats +++ b/test/podman_save.bats @@ -11,14 +11,14 @@ function setup() { } @test "podman save output flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar $ALPINE echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman save oci flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar --format oci-archive $ALPINE echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar @@ -31,27 +31,27 @@ function setup() { } @test "podman save quiet flag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -q -o alpine.tar $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -q -o alpine.tar $ALPINE echo "$output" [ "$status" -eq 0 ] rm -f alpine.tar } @test "podman save non-existent image" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar FOOBAR" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save -o alpine.tar FOOBAR echo "$output" [ "$status" -ne 0 ] } @test "podman save to directory wit oci format" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format oci-dir -o alp-dir $ALPINE echo "$output" [ "$status" -eq 0 ] rm -rf alp-dir } @test "podman save to directory wit v2s2 (docker) format" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format docker-dir -o alp-dir $ALPINE" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} save --format docker-dir -o alp-dir $ALPINE echo "$output" [ "$status" -eq 0 ] rm -rf alp-dir diff --git a/test/podman_stop.bats b/test/podman_stop.bats index 839301435..7675ee9a9 100644 --- a/test/podman_stop.bats +++ b/test/podman_stop.bats @@ -11,46 +11,46 @@ function setup() { } @test "stop a bogus container" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop foobar echo "$output" [ "$status" -eq 125 ] } @test "stop a running container by id" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop $ctr_id [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] } @test "stop a running container by name" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999 [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop test1" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop test1 [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} ps" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} ps [ "$status" -eq 0 ] } @test "stop all containers" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test2 -d ${ALPINE} sleep 9999" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test3 -d ${ALPINE} sleep 9999" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -a -t 1" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test1 -d ${ALPINE} sleep 9999 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test2 -d ${ALPINE} sleep 9999 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --name test3 -d ${ALPINE} sleep 9999 + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -a -t 1 echo "$output" [ "$status" -eq 0 ] } @test "stop a container with latest" { ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 9999 - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -t 1 -l" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} stop -t 1 -l echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_tag.bats b/test/podman_tag.bats index 024cf6295..749c3ae2c 100644 --- a/test/podman_tag.bats +++ b/test/podman_tag.bats @@ -11,33 +11,33 @@ function setup() { } @test "podman tag with shortname:latest" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:latest [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest [ "$status" -eq 0 ] } @test "podman tag with shortname" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:latest echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:latest [ "$status" -eq 0 ] } @test "podman tag with shortname:tag" { - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:v" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} tag ${ALPINE} foobar:v echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:v" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect foobar:v echo "$output" [ "$status" -eq 0 ] - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:v" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} rmi --force foobar:v [ "$status" -eq 0 ] } diff --git a/test/podman_top.bats b/test/podman_top.bats index a8b92cd44..cfa037aa6 100644 --- a/test/podman_top.bats +++ b/test/podman_top.bats @@ -26,7 +26,7 @@ function setup() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} create -d ${ALPINE} sleep 60 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id echo "$output" [ "$status" -eq 125 ] } @@ -36,7 +36,7 @@ function setup() { [ "$status" -eq 0 ] ctr_id="$output" echo $ctr_id - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id echo "$output" [ "$status" -eq 0 ] } @@ -45,7 +45,7 @@ function setup() { run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -d ${ALPINE} sleep 60 [ "$status" -eq 0 ] ctr_id="$output" - run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id -o fuser,f,comm,label" + run ${PODMAN_BINARY} ${PODMAN_OPTIONS} top $ctr_id -o fuser,f,comm,label echo "$output" [ "$status" -eq 0 ] } diff --git a/test/podman_version.bats b/test/podman_version.bats index 0f959277b..a44da5943 100644 --- a/test/podman_version.bats +++ b/test/podman_version.bats @@ -7,7 +7,7 @@ function teardown() { } @test "podman version test" { - run bash -c "${PODMAN_BINARY} version" + run ${PODMAN_BINARY} version echo "$output" [ "$status" -eq 0 ] } diff --git a/vendor/github.com/docker/docker/profiles/seccomp/generate.go b/vendor/github.com/docker/docker/profiles/seccomp/generate.go new file mode 100644 index 000000000..32f22bb37 --- /dev/null +++ b/vendor/github.com/docker/docker/profiles/seccomp/generate.go @@ -0,0 +1,32 @@ +// +build ignore + +package main + +import ( + "encoding/json" + "io/ioutil" + "os" + "path/filepath" + + "github.com/docker/docker/profiles/seccomp" +) + +// saves the default seccomp profile as a json file so people can use it as a +// base for their own custom profiles +func main() { + wd, err := os.Getwd() + if err != nil { + panic(err) + } + f := filepath.Join(wd, "default.json") + + // write the default profile to the file + b, err := json.MarshalIndent(seccomp.DefaultProfile(), "", "\t") + if err != nil { + panic(err) + } + + if err := ioutil.WriteFile(f, b, 0644); err != nil { + panic(err) + } +} diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go new file mode 100644 index 000000000..07d522aad --- /dev/null +++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp.go @@ -0,0 +1,160 @@ +// +build linux + +package seccomp + +import ( + "encoding/json" + "errors" + "fmt" + + "github.com/docker/docker/api/types" + "github.com/opencontainers/runtime-spec/specs-go" + libseccomp "github.com/seccomp/libseccomp-golang" +) + +//go:generate go run -tags 'seccomp' generate.go + +// GetDefaultProfile returns the default seccomp profile. +func GetDefaultProfile(rs *specs.Spec) (*specs.LinuxSeccomp, error) { + return setupSeccomp(DefaultProfile(), rs) +} + +// LoadProfile takes a json string and decodes the seccomp profile. +func LoadProfile(body string, rs *specs.Spec) (*specs.LinuxSeccomp, error) { + var config types.Seccomp + if err := json.Unmarshal([]byte(body), &config); err != nil { + return nil, fmt.Errorf("Decoding seccomp profile failed: %v", err) + } + return setupSeccomp(&config, rs) +} + +var nativeToSeccomp = map[string]types.Arch{ + "amd64": types.ArchX86_64, + "arm64": types.ArchAARCH64, + "mips64": types.ArchMIPS64, + "mips64n32": types.ArchMIPS64N32, + "mipsel64": types.ArchMIPSEL64, + "mipsel64n32": types.ArchMIPSEL64N32, + "s390x": types.ArchS390X, +} + +// inSlice tests whether a string is contained in a slice of strings or not. +// Comparison is case sensitive +func inSlice(slice []string, s string) bool { + for _, ss := range slice { + if s == ss { + return true + } + } + return false +} + +func setupSeccomp(config *types.Seccomp, rs *specs.Spec) (*specs.LinuxSeccomp, error) { + if config == nil { + return nil, nil + } + + // No default action specified, no syscalls listed, assume seccomp disabled + if config.DefaultAction == "" && len(config.Syscalls) == 0 { + return nil, nil + } + + newConfig := &specs.LinuxSeccomp{} + + var arch string + var native, err = libseccomp.GetNativeArch() + if err == nil { + arch = native.String() + } + + if len(config.Architectures) != 0 && len(config.ArchMap) != 0 { + return nil, errors.New("'architectures' and 'archMap' were specified in the seccomp profile, use either 'architectures' or 'archMap'") + } + + // if config.Architectures == 0 then libseccomp will figure out the architecture to use + if len(config.Architectures) != 0 { + for _, a := range config.Architectures { + newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a)) + } + } + + if len(config.ArchMap) != 0 { + for _, a := range config.ArchMap { + seccompArch, ok := nativeToSeccomp[arch] + if ok { + if a.Arch == seccompArch { + newConfig.Architectures = append(newConfig.Architectures, specs.Arch(a.Arch)) + for _, sa := range a.SubArches { + newConfig.Architectures = append(newConfig.Architectures, specs.Arch(sa)) + } + break + } + } + } + } + + newConfig.DefaultAction = specs.LinuxSeccompAction(config.DefaultAction) + +Loop: + // Loop through all syscall blocks and convert them to libcontainer format after filtering them + for _, call := range config.Syscalls { + if len(call.Excludes.Arches) > 0 { + if inSlice(call.Excludes.Arches, arch) { + continue Loop + } + } + if len(call.Excludes.Caps) > 0 { + for _, c := range call.Excludes.Caps { + if inSlice(rs.Process.Capabilities.Effective, c) { + continue Loop + } + } + } + if len(call.Includes.Arches) > 0 { + if !inSlice(call.Includes.Arches, arch) { + continue Loop + } + } + if len(call.Includes.Caps) > 0 { + for _, c := range call.Includes.Caps { + if !inSlice(rs.Process.Capabilities.Effective, c) { + continue Loop + } + } + } + + if call.Name != "" && len(call.Names) != 0 { + return nil, errors.New("'name' and 'names' were specified in the seccomp profile, use either 'name' or 'names'") + } + + if call.Name != "" { + newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(call.Name, call.Action, call.Args)) + } + + for _, n := range call.Names { + newConfig.Syscalls = append(newConfig.Syscalls, createSpecsSyscall(n, call.Action, call.Args)) + } + } + + return newConfig, nil +} + +func createSpecsSyscall(name string, action types.Action, args []*types.Arg) specs.LinuxSyscall { + newCall := specs.LinuxSyscall{ + Names: []string{name}, + Action: specs.LinuxSeccompAction(action), + } + + // Loop through all the arguments of the syscall and convert them + for _, arg := range args { + newArg := specs.LinuxSeccompArg{ + Index: arg.Index, + Value: arg.Value, + ValueTwo: arg.ValueTwo, + Op: specs.LinuxSeccompOperator(arg.Op), + } + + newCall.Args = append(newCall.Args, newArg) + } + return newCall +} diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go new file mode 100644 index 000000000..1b5179c70 --- /dev/null +++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_default.go @@ -0,0 +1,639 @@ +// +build linux,seccomp + +package seccomp + +import ( + "github.com/docker/docker/api/types" + "golang.org/x/sys/unix" +) + +func arches() []types.Architecture { + return []types.Architecture{ + { + Arch: types.ArchX86_64, + SubArches: []types.Arch{types.ArchX86, types.ArchX32}, + }, + { + Arch: types.ArchAARCH64, + SubArches: []types.Arch{types.ArchARM}, + }, + { + Arch: types.ArchMIPS64, + SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64N32}, + }, + { + Arch: types.ArchMIPS64N32, + SubArches: []types.Arch{types.ArchMIPS, types.ArchMIPS64}, + }, + { + Arch: types.ArchMIPSEL64, + SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64N32}, + }, + { + Arch: types.ArchMIPSEL64N32, + SubArches: []types.Arch{types.ArchMIPSEL, types.ArchMIPSEL64}, + }, + { + Arch: types.ArchS390X, + SubArches: []types.Arch{types.ArchS390}, + }, + } +} + +// DefaultProfile defines the whitelist for the default seccomp profile. +func DefaultProfile() *types.Seccomp { + syscalls := []*types.Syscall{ + { + Names: []string{ + "accept", + "accept4", + "access", + "adjtimex", + "alarm", + "bind", + "brk", + "capget", + "capset", + "chdir", + "chmod", + "chown", + "chown32", + "clock_getres", + "clock_gettime", + "clock_nanosleep", + "close", + "connect", + "copy_file_range", + "creat", + "dup", + "dup2", + "dup3", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", + "epoll_wait", + "epoll_wait_old", + "eventfd", + "eventfd2", + "execve", + "execveat", + "exit", + "exit_group", + "faccessat", + "fadvise64", + "fadvise64_64", + "fallocate", + "fanotify_mark", + "fchdir", + "fchmod", + "fchmodat", + "fchown", + "fchown32", + "fchownat", + "fcntl", + "fcntl64", + "fdatasync", + "fgetxattr", + "flistxattr", + "flock", + "fork", + "fremovexattr", + "fsetxattr", + "fstat", + "fstat64", + "fstatat64", + "fstatfs", + "fstatfs64", + "fsync", + "ftruncate", + "ftruncate64", + "futex", + "futimesat", + "getcpu", + "getcwd", + "getdents", + "getdents64", + "getegid", + "getegid32", + "geteuid", + "geteuid32", + "getgid", + "getgid32", + "getgroups", + "getgroups32", + "getitimer", + "getpeername", + "getpgid", + "getpgrp", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresgid32", + "getresuid", + "getresuid32", + "getrlimit", + "get_robust_list", + "getrusage", + "getsid", + "getsockname", + "getsockopt", + "get_thread_area", + "gettid", + "gettimeofday", + "getuid", + "getuid32", + "getxattr", + "inotify_add_watch", + "inotify_init", + "inotify_init1", + "inotify_rm_watch", + "io_cancel", + "ioctl", + "io_destroy", + "io_getevents", + "ioprio_get", + "ioprio_set", + "io_setup", + "io_submit", + "ipc", + "kill", + "lchown", + "lchown32", + "lgetxattr", + "link", + "linkat", + "listen", + "listxattr", + "llistxattr", + "_llseek", + "lremovexattr", + "lseek", + "lsetxattr", + "lstat", + "lstat64", + "madvise", + "memfd_create", + "mincore", + "mkdir", + "mkdirat", + "mknod", + "mknodat", + "mlock", + "mlock2", + "mlockall", + "mmap", + "mmap2", + "mprotect", + "mq_getsetattr", + "mq_notify", + "mq_open", + "mq_timedreceive", + "mq_timedsend", + "mq_unlink", + "mremap", + "msgctl", + "msgget", + "msgrcv", + "msgsnd", + "msync", + "munlock", + "munlockall", + "munmap", + "nanosleep", + "newfstatat", + "_newselect", + "open", + "openat", + "pause", + "pipe", + "pipe2", + "poll", + "ppoll", + "prctl", + "pread64", + "preadv", + "preadv2", + "prlimit64", + "pselect6", + "pwrite64", + "pwritev", + "pwritev2", + "read", + "readahead", + "readlink", + "readlinkat", + "readv", + "recv", + "recvfrom", + "recvmmsg", + "recvmsg", + "remap_file_pages", + "removexattr", + "rename", + "renameat", + "renameat2", + "restart_syscall", + "rmdir", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", + "rt_sigqueueinfo", + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_getattr", + "sched_getparam", + "sched_get_priority_max", + "sched_get_priority_min", + "sched_getscheduler", + "sched_rr_get_interval", + "sched_setaffinity", + "sched_setattr", + "sched_setparam", + "sched_setscheduler", + "sched_yield", + "seccomp", + "select", + "semctl", + "semget", + "semop", + "semtimedop", + "send", + "sendfile", + "sendfile64", + "sendmmsg", + "sendmsg", + "sendto", + "setfsgid", + "setfsgid32", + "setfsuid", + "setfsuid32", + "setgid", + "setgid32", + "setgroups", + "setgroups32", + "setitimer", + "setpgid", + "setpriority", + "setregid", + "setregid32", + "setresgid", + "setresgid32", + "setresuid", + "setresuid32", + "setreuid", + "setreuid32", + "setrlimit", + "set_robust_list", + "setsid", + "setsockopt", + "set_thread_area", + "set_tid_address", + "setuid", + "setuid32", + "setxattr", + "shmat", + "shmctl", + "shmdt", + "shmget", + "shutdown", + "sigaltstack", + "signalfd", + "signalfd4", + "sigreturn", + "socket", + "socketcall", + "socketpair", + "splice", + "stat", + "stat64", + "statfs", + "statfs64", + "symlink", + "symlinkat", + "sync", + "sync_file_range", + "syncfs", + "sysinfo", + "syslog", + "tee", + "tgkill", + "time", + "timer_create", + "timer_delete", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", + "timer_getoverrun", + "timer_gettime", + "timer_settime", + "times", + "tkill", + "truncate", + "truncate64", + "ugetrlimit", + "umask", + "uname", + "unlink", + "unlinkat", + "utime", + "utimensat", + "utimes", + "vfork", + "vmsplice", + "wait4", + "waitid", + "waitpid", + "write", + "writev", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0x0, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0x0008, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0x20000, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0x20008, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{"personality"}, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: 0xffffffff, + Op: types.OpEqualTo, + }, + }, + }, + { + Names: []string{ + "sync_file_range2", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"ppc64le"}, + }, + }, + { + Names: []string{ + "arm_fadvise64_64", + "arm_sync_file_range", + "sync_file_range2", + "breakpoint", + "cacheflush", + "set_tls", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"arm", "arm64"}, + }, + }, + { + Names: []string{ + "arch_prctl", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"amd64", "x32"}, + }, + }, + { + Names: []string{ + "modify_ldt", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"amd64", "x32", "x86"}, + }, + }, + { + Names: []string{ + "s390_pci_mmio_read", + "s390_pci_mmio_write", + "s390_runtime_instr", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Arches: []string{"s390", "s390x"}, + }, + }, + { + Names: []string{ + "open_by_handle_at", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_DAC_READ_SEARCH"}, + }, + }, + { + Names: []string{ + "bpf", + "clone", + "fanotify_init", + "lookup_dcookie", + "mount", + "name_to_handle_at", + "perf_event_open", + "quotactl", + "setdomainname", + "sethostname", + "setns", + "umount", + "umount2", + "unshare", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_ADMIN"}, + }, + }, + { + Names: []string{ + "clone", + }, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 0, + Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET, + ValueTwo: 0, + Op: types.OpMaskedEqual, + }, + }, + Excludes: types.Filter{ + Caps: []string{"CAP_SYS_ADMIN"}, + Arches: []string{"s390", "s390x"}, + }, + }, + { + Names: []string{ + "clone", + }, + Action: types.ActAllow, + Args: []*types.Arg{ + { + Index: 1, + Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET, + ValueTwo: 0, + Op: types.OpMaskedEqual, + }, + }, + Comment: "s390 parameter ordering for clone is different", + Includes: types.Filter{ + Arches: []string{"s390", "s390x"}, + }, + Excludes: types.Filter{ + Caps: []string{"CAP_SYS_ADMIN"}, + }, + }, + { + Names: []string{ + "reboot", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_BOOT"}, + }, + }, + { + Names: []string{ + "chroot", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_CHROOT"}, + }, + }, + { + Names: []string{ + "delete_module", + "init_module", + "finit_module", + "query_module", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_MODULE"}, + }, + }, + { + Names: []string{ + "acct", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_PACCT"}, + }, + }, + { + Names: []string{ + "kcmp", + "process_vm_readv", + "process_vm_writev", + "ptrace", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_PTRACE"}, + }, + }, + { + Names: []string{ + "iopl", + "ioperm", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_RAWIO"}, + }, + }, + { + Names: []string{ + "settimeofday", + "stime", + "clock_settime", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_TIME"}, + }, + }, + { + Names: []string{ + "vhangup", + }, + Action: types.ActAllow, + Args: []*types.Arg{}, + Includes: types.Filter{ + Caps: []string{"CAP_SYS_TTY_CONFIG"}, + }, + }, + } + + return &types.Seccomp{ + DefaultAction: types.ActErrno, + ArchMap: arches(), + Syscalls: syscalls, + } +} diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go new file mode 100644 index 000000000..0130effa6 --- /dev/null +++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_unsupported.go @@ -0,0 +1,12 @@ +// +build linux,!seccomp + +package seccomp + +import ( + "github.com/docker/docker/api/types" +) + +// DefaultProfile returns a nil pointer on unsupported systems. +func DefaultProfile() *types.Seccomp { + return nil +} |