diff options
-rw-r--r-- | cmd/podman/registry/remote.go | 8 | ||||
-rw-r--r-- | cmd/podman/root.go | 10 | ||||
-rw-r--r-- | libpod/container_internal.go | 29 | ||||
-rw-r--r-- | test/e2e/run_test.go | 33 | ||||
-rw-r--r-- | test/system/001-basic.bats | 15 | ||||
-rw-r--r-- | test/system/270-socket-activation.bats | 51 |
6 files changed, 102 insertions, 44 deletions
diff --git a/cmd/podman/registry/remote.go b/cmd/podman/registry/remote.go index b5da98bd4..c78930574 100644 --- a/cmd/podman/registry/remote.go +++ b/cmd/podman/registry/remote.go @@ -19,11 +19,17 @@ var remoteFromCLI = struct { // Use in init() functions as an initialization check func IsRemote() bool { remoteFromCLI.sync.Do(func() { + remote := false + if _, ok := os.LookupEnv("CONTAINER_HOST"); ok { + remote = true + } else if _, ok := os.LookupEnv("CONTAINER_CONNECTION"); ok { + remote = true + } fs := pflag.NewFlagSet("remote", pflag.ContinueOnError) fs.ParseErrorsWhitelist.UnknownFlags = true fs.Usage = func() {} fs.SetInterspersed(false) - fs.BoolVarP(&remoteFromCLI.Value, "remote", "r", false, "") + fs.BoolVarP(&remoteFromCLI.Value, "remote", "r", remote, "") // The shell completion logic will call a command called "__complete" or "__completeNoDesc" // This command will always be the second argument diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 734636646..6da34050e 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -314,15 +314,7 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) { lFlags.StringVar(&opts.Identity, identityFlagName, ident, "path to SSH identity file, (CONTAINER_SSHKEY)") _ = cmd.RegisterFlagCompletionFunc(identityFlagName, completion.AutocompleteDefault) - remote := false - if env, ok := os.LookupEnv("CONTAINER_HOST"); ok { - logrus.Infof("CONTAINER_HOST==%q, defaulting to '--remote=true'", env) - remote = true - } else if env, ok := os.LookupEnv("CONTAINER_CONNECTION"); ok { - logrus.Infof("CONTAINER_CONNECTION==%q, defaulting to '--remote=true'", env) - remote = true - } - lFlags.BoolVarP(&opts.Remote, "remote", "r", remote, "Access remote Podman service") + lFlags.BoolVarP(&opts.Remote, "remote", "r", registry.IsRemote(), "Access remote Podman service") pFlags := cmd.PersistentFlags() if registry.IsRemote() { if err := lFlags.MarkHidden("remote"); err != nil { diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 3f9738411..4e8074840 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1690,9 +1690,23 @@ func (c *Container) cleanupStorage() error { var cleanupErr error + markUnmounted := func() { + c.state.Mountpoint = "" + c.state.Mounted = false + + if c.valid { + if err := c.save(); err != nil { + if cleanupErr != nil { + logrus.Errorf("Unmounting container %s: %v", c.ID(), cleanupErr) + } + cleanupErr = err + } + } + } + // umount rootfs overlay if it was created if c.config.RootfsOverlay { - overlayBasePath := c.runtime.store.GraphRoot() + overlayBasePath := filepath.Dir(c.config.StaticDir) overlayBasePath = filepath.Join(overlayBasePath, "rootfs") if err := overlay.Unmount(overlayBasePath); err != nil { // If the container can't remove content report the error @@ -1717,6 +1731,7 @@ func (c *Container) cleanupStorage() error { } if c.config.Rootfs != "" { + markUnmounted() return cleanupErr } @@ -1761,17 +1776,7 @@ func (c *Container) cleanupStorage() error { } } - c.state.Mountpoint = "" - c.state.Mounted = false - - if c.valid { - if err := c.save(); err != nil { - if cleanupErr != nil { - logrus.Errorf("Unmounting container %s: %v", c.ID(), cleanupErr) - } - cleanupErr = err - } - } + markUnmounted() return cleanupErr } diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index b6743f4b7..f40d4a749 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -5,6 +5,7 @@ import ( "io/ioutil" "net" "os" + "os/exec" "path/filepath" "strconv" "strings" @@ -12,6 +13,7 @@ import ( "time" "github.com/containers/podman/v3/pkg/cgroups" + "github.com/containers/podman/v3/pkg/rootless" . "github.com/containers/podman/v3/test/utils" "github.com/containers/storage/pkg/stringid" "github.com/mrunalp/fileutils" @@ -226,6 +228,37 @@ var _ = Describe("Podman run", func() { stdoutLines := session.OutputToStringArray() Expect(stdoutLines).Should(HaveLen(1)) Expect(stdoutLines[0]).Should(Equal(uniqueString)) + + SkipIfRemote("External overlay only work locally") + if os.Getenv("container") != "" { + Skip("Overlay mounts not supported when running in a container") + } + if rootless.IsRootless() { + if _, err := exec.LookPath("fuse-overlayfs"); err != nil { + Skip("Fuse-Overlayfs required for rootless overlay mount test") + } + } + // Test --rootfs with an external overlay + // use --rm to remove container and confirm if we did not leak anything + osession := podmanTest.Podman([]string{"run", "-i", "--rm", "--security-opt", "label=disable", + "--rootfs", rootfs + ":O", "cat", testFilePath}) + osession.WaitWithDefaultTimeout() + Expect(osession).Should(Exit(0)) + + // Test podman start stop with overlay + osession = podmanTest.Podman([]string{"run", "--name", "overlay-foo", "--security-opt", "label=disable", + "--rootfs", rootfs + ":O", "echo", "hello"}) + osession.WaitWithDefaultTimeout() + Expect(osession).Should(Exit(0)) + + osession = podmanTest.Podman([]string{"stop", "overlay-foo"}) + osession.WaitWithDefaultTimeout() + Expect(osession).Should(Exit(0)) + + startsession := podmanTest.Podman([]string{"start", "--attach", "overlay-foo"}) + startsession.WaitWithDefaultTimeout() + Expect(startsession).Should(Exit(0)) + Expect(startsession.OutputToString()).To(Equal("hello")) }) It("podman run a container with --init", func() { diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index 2de96a01a..50735f576 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -98,8 +98,19 @@ function setup() { skip "only applicable on a local run" fi - CONTAINER_HOST=foobar run_podman --log-level=info --help - is "$output" ".*defaulting to '--remote=true'" "CONTAINER_HOST sets --remote true" + CONTAINER_HOST=foobar run_podman --help + # Should not have --remote flag + echo $output | grep -v -qw -- "--remote" + if [ $? -ne 0 ]; then + die "Should not have --remote flag" + fi + + CONTAINER_CONNECTION=foobar run_podman --help + # Should not have --remote flag + echo $output | grep -v -qw -- "--remote" + if [ $? -ne 0 ]; then + die "Should not have --remote flag" + fi } # Check that just calling "podman-remote" prints the usage message even diff --git a/test/system/270-socket-activation.bats b/test/system/270-socket-activation.bats index dd439d3ae..6d582be18 100644 --- a/test/system/270-socket-activation.bats +++ b/test/system/270-socket-activation.bats @@ -8,14 +8,16 @@ load helpers.systemd SERVICE_NAME="podman_test_$(random_string)" -SERVICE_SOCK_ADDR="/run/podman/podman.sock" +SERVICE_SOCK_ADDR="/run/podman/$SERVICE_NAME.sock" if is_rootless; then - SERVICE_SOCK_ADDR="$XDG_RUNTIME_DIR/podman/podman.sock" + SERVICE_SOCK_ADDR="$XDG_RUNTIME_DIR/podman/$SERVICE_NAME.sock" fi SERVICE_FILE="$UNIT_DIR/$SERVICE_NAME.service" SOCKET_FILE="$UNIT_DIR/$SERVICE_NAME.socket" +# URL to use for ping +_PING=http://placeholder-hostname/libpod/_ping function setup() { skip_if_remote "systemd tests are meaningless over remote" @@ -25,8 +27,8 @@ function setup() { cat > $SERVICE_FILE <<EOF [Unit] Description=Podman API Service -Requires=podman.socket -After=podman.socket +Requires=$SERVICE_NAME.socket +After=$SERVICE_NAME.socket Documentation=man:podman-system-service(1) StartLimitIntervalSec=0 @@ -42,7 +44,7 @@ Description=Podman API Socket Documentation=man:podman-system-service(1) [Socket] -ListenStream=%t/podman/podman.sock +ListenStream=%t/podman/$SERVICE_NAME.sock SocketMode=0660 [Install] @@ -51,10 +53,10 @@ EOF # ensure pause die before each test runs if is_rootless; then - local pause_pid="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid" - if [ -f $pause_pid ]; then - kill -9 $(cat $pause_pid) 2> /dev/null - rm -f $pause_pid + local pause_pid_file="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid" + if [ -f $pause_pid_file ]; then + kill -9 $(< $pause_pid_file) 2> /dev/null + rm -f $pause_pid_file fi fi systemctl start "$SERVICE_NAME.socket" @@ -68,7 +70,9 @@ function teardown() { } @test "podman system service - socket activation - no container" { - run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR http://podman/libpod/_ping + run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR $_PING + echo "curl output: $output" + is "$status" "0" "curl exit status" is "$output" "OK" "podman service responds normally" } @@ -76,29 +80,36 @@ function teardown() { run_podman run -d $IMAGE sleep 90 cid="$output" - run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR http://podman/libpod/_ping + run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR $_PING + echo "curl output: $output" + is "$status" "0" "curl exit status" is "$output" "OK" "podman service responds normally" - run_podman stop -t 0 $cid - run_podman rm -f $cid + run_podman rm -f -t 0 $cid } @test "podman system service - socket activation - kill rootless pause" { if ! is_rootless; then - skip "root podman no need pause process" + skip "there is no pause process when running rootful" fi run_podman run -d $IMAGE sleep 90 cid="$output" - local pause_pid="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid" - if [ -f $pause_pid ]; then - kill -9 $(cat $pause_pid) 2> /dev/null + local pause_pid_file="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid" + if [ ! -f $pause_pid_file ]; then + # This seems unlikely, but not impossible + die "Pause pid file does not exist: $pause_pid_file" fi - run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR http://podman/libpod/_ping + + echo "kill -9 $(< pause_pid_file)" + kill -9 $(< $pause_pid_file) + + run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR $_PING + echo "curl output: $output" + is "$status" "0" "curl exit status" is "$output" "OK" "podman service responds normally" - run_podman stop -t 0 $cid - run_podman rm -f $cid + run_podman rm -f -t 0 $cid } # vim: filetype=sh |