diff options
49 files changed, 160 insertions, 105 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 9a5e0472f..37c9108eb 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -39,7 +39,7 @@ env: UBUNTU_NAME: "ubuntu-20" PRIOR_UBUNTU_NAME: "ubuntu-19" - _BUILT_IMAGE_SUFFIX: "libpod-6508632441356288" + _BUILT_IMAGE_SUFFIX: "podman-5869602141896704" FEDORA_CACHE_IMAGE_NAME: "${FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "${PRIOR_FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "${UBUNTU_NAME}-${_BUILT_IMAGE_SUFFIX}" diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go index a7e368115..f5a231172 100644 --- a/cmd/podman/registry/config.go +++ b/cmd/podman/registry/config.go @@ -44,11 +44,12 @@ func newPodmanConfig() { case "linux": // Some linux clients might only be compiled without ABI // support (e.g., podman-remote). - if abiSupport && !remoteOverride { + if abiSupport && !IsRemote() { mode = entities.ABIMode } else { mode = entities.TunnelMode } + default: fmt.Fprintf(os.Stderr, "%s is not a supported OS", runtime.GOOS) os.Exit(1) diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 2375d512e..91eeb7a7f 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -299,13 +299,13 @@ is_release() { } setup_rootless() { - req_env_var ROOTLESS_USER GOSRC SECRET_ENV_RE ROOTLESS_ENV_RE + req_env_var ROOTLESS_USER GOPATH GOSRC SECRET_ENV_RE ROOTLESS_ENV_RE # Only do this once if passwd --status $ROOTLESS_USER then echo "Updating $ROOTLESS_USER user permissions on possibly changed libpod code" - chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOSRC" + chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" return 0 fi @@ -316,7 +316,7 @@ setup_rootless() { echo "creating $ROOTLESS_UID:$ROOTLESS_GID $ROOTLESS_USER user" groupadd -g $ROOTLESS_GID $ROOTLESS_USER useradd -g $ROOTLESS_GID -u $ROOTLESS_UID --no-user-group --create-home $ROOTLESS_USER - chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOSRC" + chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" echo "creating ssh keypair for $USER" [[ -r "$HOME/.ssh/id_rsa" ]] || \ diff --git a/contrib/cirrus/logformatter b/contrib/cirrus/logformatter index 86de98803..b56a829c5 100755 --- a/contrib/cirrus/logformatter +++ b/contrib/cirrus/logformatter @@ -303,14 +303,15 @@ END_HTML # (bindings test sometimes emits 'Running' with leading bullet char) elsif ($line =~ /^•?Running:/) { # Highlight the important (non-boilerplate) podman command. + $line =~ s/\s+--remote\s+/ /g; # --remote takes no args # Strip out the global podman options, but show them on hover - $line =~ s{(\S+\/podman)((\s+--(root|runroot|runtime|tmpdir|storage-opt|conmon|cgroup-manager|cni-config-dir|storage-driver|events-backend) \S+)*)(.*)}{ - my ($full_path, $options, $args) = ($1, $2, $5); + $line =~ s{(\S+\/podman(-remote)?)((\s+--(root|runroot|runtime|tmpdir|storage-opt|conmon|cgroup-manager|cni-config-dir|storage-driver|events-backend|url) \S+)*)(.*)}{ + my ($full_path, $remote, $options, $args) = ($1, $2||'', $3, $6); $options =~ s/^\s+//; # Separate each '--foo bar' with newlines for readability $options =~ s/ --/\n--/g; - qq{<span title="$full_path"><b>podman</b></span> <span class=\"boring\" title=\"$options\">[options]</span><b>$args</b>}; + qq{<span title="$full_path"><b>podman$remote</b></span> <span class=\"boring\" title=\"$options\">[options]</span><b>$args</b>}; }e; $current_output = ''; } diff --git a/contrib/cirrus/logformatter.t b/contrib/cirrus/logformatter.t index d2193cc6c..440299cc2 100755 --- a/contrib/cirrus/logformatter.t +++ b/contrib/cirrus/logformatter.t @@ -132,6 +132,8 @@ $SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP} [+0103s] /var/tmp/go/src/github.com/containers/libpod/test/e2e/pod_restart_test.go:28 [+0103s] Running: /var/tmp/go/src/github.com/containers/libpod/bin/podman --storage-opt vfs.imagestore=/tmp/podman/imagecachedir --root /tmp/podman_test553496330/crio --runroot /tmp/podman_test553496330/crio-run --runtime /usr/bin/runc --conmon /usr/bin/conmon --cni-config-dir /etc/cni/net.d --cgroup-manager systemd --tmpdir /tmp/podman_test553496330 --events-backend file --storage-driver vfs pod rm -fa [+0103s] 4810be0cfbd42241e349dbe7d50fbc54405cd320a6637c65fd5323f34d64af89 +[+0104s] Running: /var/tmp/go/src/github.com/containers/libpod/bin/podman-remote --storage-opt vfs.imagestore=/tmp/podman/imagecachedir --root /tmp/podman_test553496330/crio --runroot /tmp/podman_test553496330/crio-run --runtime /usr/bin/runc --conmon /usr/bin/conmon --cni-config-dir /etc/cni/net.d --cgroup-manager systemd --tmpdir /tmp/podman_test553496330 --events-backend file --storage-driver vfs --remote --url unix:/run/user/12345/podman-xyz.sock pod rm -fa +[+0104s] 4810be0cfbd42241e349dbe7d50fbc54405cd320a6637c65fd5323f34d64af89 again [+0107s] • [+0107s] ------------------------------ [+0107s] podman system reset @@ -186,6 +188,21 @@ $SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP} --events-backend file --storage-driver vfs">[options]</span><b> pod rm -fa</b> <span class="timestamp"> </span>4810be0cfbd42241e349dbe7d50fbc54405cd320a6637c65fd5323f34d64af89 + +<span class="timestamp">[+0104s] </span>Running: <span title="/var/tmp/go/src/github.com/containers/libpod/bin/podman-remote"><b>podman-remote</b></span> <span class="boring" title="--storage-opt vfs.imagestore=/tmp/podman/imagecachedir +--root /tmp/podman_test553496330/crio +--runroot /tmp/podman_test553496330/crio-run +--runtime /usr/bin/runc +--conmon /usr/bin/conmon +--cni-config-dir /etc/cni/net.d +--cgroup-manager systemd +--tmpdir /tmp/podman_test553496330 +--events-backend file +--storage-driver vfs +--url unix:/run/user/12345/podman-xyz.sock">[options]</span><b> pod rm -fa</b> +<span class="timestamp"> </span>4810be0cfbd42241e349dbe7d50fbc54405cd320a6637c65fd5323f34d64af89 again + + <span class="timestamp">[+0107s] </span>• </pre> <hr /> diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile index a911cafdb..c5a8e4cac 100644 --- a/contrib/cirrus/packer/Makefile +++ b/contrib/cirrus/packer/Makefile @@ -5,7 +5,8 @@ PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip # Only needed for libpod_base_images target TIMESTAMP := $(shell date +%s) -GOSRC ?= $(shell realpath "./../../../") +GOPATH ?= /var/tmp/go +GOSRC ?= $(GOPATH)/src/github.com/containers/libpod PACKER_BASE ?= contrib/cirrus/packer SCRIPT_BASE ?= contrib/cirrus POST_MERGE_BUCKET_SUFFIX ?= @@ -54,6 +55,7 @@ libpod_images: guard-PACKER_BUILDS libpod_images.json packer ./packer build \ -force \ $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \ + -var GOPATH=$(GOPATH) \ -var GOSRC=$(GOSRC) \ -var PACKER_BASE=$(PACKER_BASE) \ -var SCRIPT_BASE=$(SCRIPT_BASE) \ diff --git a/contrib/cirrus/packer/fedora_packaging.sh b/contrib/cirrus/packer/fedora_packaging.sh index aecaaef93..b4a3a2062 100644 --- a/contrib/cirrus/packer/fedora_packaging.sh +++ b/contrib/cirrus/packer/fedora_packaging.sh @@ -74,6 +74,7 @@ INSTALL_PACKAGES=(\ gpgme-devel grubby hostname + httpd-tools iproute iptables jq @@ -168,5 +169,9 @@ fi echo "Installing runtime tooling" # Save some runtime by having these already available cd $GOSRC +# Required since initially go was not installed +source $GOSRC/$SCRIPT_BASE/lib.sh +echo "Go environment has been setup:" +go env $SUDO make install.tools $SUDO $GOSRC/hack/install_catatonit.sh diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml index 754626a2e..38f5a8250 100644 --- a/contrib/cirrus/packer/libpod_images.yml +++ b/contrib/cirrus/packer/libpod_images.yml @@ -3,6 +3,7 @@ # All of these are required variables: BUILT_IMAGE_SUFFIX: '{{env `BUILT_IMAGE_SUFFIX`}}' + GOPATH: '{{env `GOPATH`}}' GOSRC: '{{env `GOSRC`}}' PACKER_BASE: '{{env `PACKER_BASE`}}' SCRIPT_BASE: '{{env `SCRIPT_BASE`}}' @@ -62,15 +63,22 @@ builders: # The brains of the operation, making actual modifications to the base-image. provisioners: + - type: 'shell' + inline: + - 'set -ex' + # The 'file' provisioner item (below) will create the final component + - 'mkdir -vp $(dirname {{user `GOSRC`}})' + - type: 'file' source: '{{user `GOSRC`}}' - destination: '/tmp/libpod' + destination: '{{user `GOSRC`}}' - type: 'shell' script: '{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{split build_name "-" 0}}_setup.sh' environment_vars: - 'PACKER_BUILDER_NAME={{build_name}}' - - 'GOSRC=/tmp/libpod' + - 'GOPATH={{user `GOPATH`}}' + - 'GOSRC={{user `GOSRC`}}' - 'PACKER_BASE={{user `PACKER_BASE`}}' - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}' diff --git a/contrib/cirrus/packer/ubuntu_packaging.sh b/contrib/cirrus/packer/ubuntu_packaging.sh index 09f9aab9f..d11c612c5 100644 --- a/contrib/cirrus/packer/ubuntu_packaging.sh +++ b/contrib/cirrus/packer/ubuntu_packaging.sh @@ -36,6 +36,7 @@ ooe.sh curl -L -o /tmp/Release.key "https://download.opensuse.org/repositories/d ooe.sh $SUDO apt-key add - < /tmp/Release.key INSTALL_PACKAGES=(\ + apache2-utils apparmor aufs-tools autoconf @@ -153,7 +154,12 @@ if [[ ${#DOWNLOAD_PACKAGES[@]} -gt 0 ]]; then fi echo "Installing runtime tooling" +# Save some runtime by having these already available cd $GOSRC +# Required since initially go was not installed +source $GOSRC/$SCRIPT_BASE/lib.sh +echo "Go environment has been setup:" +go env $SUDO hack/install_catatonit.sh $SUDO make install.libseccomp.sudo $SUDO make install.tools diff --git a/docs/source/index.rst b/docs/source/index.rst index 18a5554ca..715ca2744 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -2,13 +2,13 @@ What is Podman? ================================== -Podman_ is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI_) Containers_ and `Container Images`_. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker `Container Engine`_. Most users can simply alias Docker to Podman (`alias docker=podman`) without any problems. Similar to other common `Container Engines`_ (Docker, CRI-O, containerd), Podman relies on an OCI compliant `Container Runtime`_ (runc, crun, runv, etc) to interface with the operating system and create the running containers.This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine. +Podman_ is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI_) Containers_ and `Container Images`_. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker `Container Engine`_. Most users can simply alias Docker to Podman (`alias docker=podman`) without any problems. Similar to other common `Container Engines`_ (Docker, CRI-O, containerd), Podman relies on an OCI compliant `Container Runtime`_ (runc, crun, runv, etc) to interface with the operating system and create the running containers. This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine. Containers under the control of Podman can either be run by root or by a non-privileged user. Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod_ library. Podman specializes in all of the commands and functions that help you to maintain and modify OCI container images, such as pulling and tagging. It allows you to create, run, and maintain those containers and container images in a production environment. The Podman service runs only on Linux platforms, however a REST API and clients are currently under development which will allow Mac and Windows platforms to call the service. There is currently a RESTful based remote client which runs on Mac or Windows platforms that allows the remote client to talk to the Podman server on a Linux platform. In addition to those clients, there is also a Mac client. -If you are completely new to containers, we recommend that you check out the :doc:`Introduction`. For power users or those comming from Docker, check out our :doc:`Tutorials`. For advanced users and contributors, you can get very detailed information about the Podman CLI by looking our :doc:`Commands` page. Finally, for Developers looking at how to interact with the Podman API, please see our API documentation :doc:`Reference`. +If you are completely new to containers, we recommend that you check out the :doc:`Introduction`. For power users or those coming from Docker, check out our :doc:`Tutorials`. For advanced users and contributors, you can get very detailed information about the Podman CLI by looking at our :doc:`Commands` page. Finally, for Developers looking at how to interact with the Podman API, please see our API documentation :doc:`Reference`. .. toctree:: :maxdepth: 2 @@ -11,7 +11,7 @@ require ( github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 github.com/containernetworking/plugins v0.8.6 github.com/containers/buildah v1.15.1-0.20200708111410-d2ea9429455d - github.com/containers/common v0.17.0 + github.com/containers/common v0.18.0 github.com/containers/conmon v2.0.19+incompatible github.com/containers/image/v5 v5.5.1 github.com/containers/psgo v1.5.1 @@ -73,8 +73,8 @@ github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHV github.com/containers/buildah v1.15.1-0.20200708111410-d2ea9429455d h1:HgJJn1UBFjM464NpEmgLwVje5vSF/fBYAdLLoww9HgU= github.com/containers/buildah v1.15.1-0.20200708111410-d2ea9429455d/go.mod h1:HUAiD1mCGPFPcIuk5zls1LElLhXo7Q3hWDwheojjyAs= github.com/containers/common v0.15.2/go.mod h1:rhpXuGLTEKsk/xX/x0iKGHjRadMHpBd2ZiNDugwXPEM= -github.com/containers/common v0.17.0 h1:3wkcSLw92UYPEhPSHeG1szyIe1qFgi9Jtj18l/tTii0= -github.com/containers/common v0.17.0/go.mod h1:bG22Wvr0iyWJ8UvIkL5dA5OEZFDqAJx1MejmWZb51HE= +github.com/containers/common v0.18.0 h1:pZB6f17N5QV43TcT06gtx1lb0rxd/4StFdVhP9CtgQg= +github.com/containers/common v0.18.0/go.mod h1:H2Wqvx6wkqdzT4RcTCqIG4W0HSOZwUbbNiUTX1+VohU= github.com/containers/conmon v2.0.19+incompatible h1:1bDVRvHy2MUNTUT/SW6LlHsJHQBTSwXvnKNdcB/a1vQ= github.com/containers/conmon v2.0.19+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ= @@ -86,8 +86,6 @@ github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNj github.com/containers/psgo v1.5.1 h1:MQNb7FLbXqBdqz6u4lI2QWizVz4RSTzs1+Nk9XT1iVA= github.com/containers/psgo v1.5.1/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU= github.com/containers/storage v1.20.2/go.mod h1:oOB9Ie8OVPojvoaKWEGSEtHbXUAs+tSyr7RO7ZGteMc= -github.com/containers/storage v1.21.1 h1:FGA2c7+0Bn8ndrlrj+HHmKeVjFD3yVhvYa0gijsrg1M= -github.com/containers/storage v1.21.1/go.mod h1:I1EIAA7B4OwWRSA0b4yq2AW1wjvvfcY0zLWQuwTa4zw= github.com/containers/storage v1.21.2 h1:bf9IqA+g6ClBviqVG5lVCp5tTH9lvWwjYws7mVYSti0= github.com/containers/storage v1.21.2/go.mod h1:I1EIAA7B4OwWRSA0b4yq2AW1wjvvfcY0zLWQuwTa4zw= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 888811958..52a62a25d 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -340,9 +340,7 @@ func getPodPorts(containers []v1.Container) []ocicni.PortMapping { HostPort: p.HostPort, ContainerPort: p.ContainerPort, Protocol: strings.ToLower(string(p.Protocol)), - } - if p.HostIP != "" { - logrus.Debug("HostIP on port bindings is not supported") + HostIP: p.HostIP, } // only hostPort is utilized in podman context, all container ports // are accessible inside the shared network namespace diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index f475a927c..4fc5b3da9 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -152,6 +152,8 @@ var _ = SynchronizedBeforeSuite(func() []byte { return []byte(path) }, func(data []byte) { + cwd, _ := os.Getwd() + INTEGRATION_ROOT = filepath.Join(cwd, "../../") LockTmpDir = string(data) }) @@ -618,3 +620,9 @@ func SkipIfCgroupV2() { Skip("Skip on systems with cgroup V2 systems") } } + +// PodmanAsUser is the exec call to podman on the filesystem with the specified uid/gid and environment +func (p *PodmanTestIntegration) PodmanAsUser(args []string, uid, gid uint32, cwd string, env []string) *PodmanSessionIntegration { + podmanSession := p.PodmanAsUserBase(args, uid, gid, cwd, env, false, false, nil) + return &PodmanSessionIntegration{podmanSession} +} diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index a1a08045a..a6f4f830b 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 49e4e53cd..bfd898108 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -46,12 +46,6 @@ func (p *PodmanTestIntegration) PodmanNoEvents(args []string) *PodmanSessionInte return &PodmanSessionIntegration{podmanSession} } -// PodmanAsUser is the exec call to podman on the filesystem with the specified uid/gid and environment -func (p *PodmanTestIntegration) PodmanAsUser(args []string, uid, gid uint32, cwd string, env []string) *PodmanSessionIntegration { - podmanSession := p.PodmanAsUserBase(args, uid, gid, cwd, env, false, false, nil) - return &PodmanSessionIntegration{podmanSession} -} - func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() { defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf") os.Setenv("REGISTRIES_CONFIG_PATH", defaultFile) diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go index 3bdce970b..66f764925 100644 --- a/test/e2e/login_logout_test.go +++ b/test/e2e/login_logout_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/namespace_test.go b/test/e2e/namespace_test.go index 70472f384..5756a8fa2 100644 --- a/test/e2e/namespace_test.go +++ b/test/e2e/namespace_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -35,6 +33,7 @@ var _ = Describe("Podman namespaces", func() { }) It("podman namespace test", func() { + SkipIfRemote() podman1 := podmanTest.Podman([]string{"--namespace", "test1", "run", "-d", ALPINE, "echo", "hello"}) podman1.WaitWithDefaultTimeout() Expect(podman1.ExitCode()).To(Equal(0)) diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 83b0ce32c..24f711ae7 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -140,6 +138,7 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with name and subnet", func() { + SkipIfRemote() var ( results []network.NcList ) diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 4b68f6232..052db3842 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -87,6 +85,11 @@ spec: {{ end }} privileged: false readOnlyRootFilesystem: false + ports: + - containerPort: {{ .Port }} + hostIP: {{ .HostIP }} + hostPort: {{ .Port }} + protocol: TCP workingDir: / {{ end }} {{ end }} @@ -338,12 +341,14 @@ type Ctr struct { CapAdd []string CapDrop []string PullPolicy string + HostIP string + Port string } // getCtr takes a list of ctrOptions and returns a Ctr with sane defaults // and the configured options func getCtr(options ...ctrOption) *Ctr { - c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, defaultCtrArg, true, false, nil, nil, ""} + c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, defaultCtrArg, true, false, nil, nil, "", "", ""} for _, option := range options { option(&c) } @@ -396,6 +401,13 @@ func withPullPolicy(policy string) ctrOption { } } +func withHostIP(ip string, port string) ctrOption { + return func(c *Ctr) { + c.HostIP = ip + c.Port = port + } +} + func getCtrNameInPod(pod *Pod) string { return fmt.Sprintf("%s-%s", pod.Name, defaultCtrName) } @@ -447,6 +459,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman play kube test correct command", func() { + SkipIfRemote() pod := getPod() err := generatePodKubeYaml(pod, kubeYaml) Expect(err).To(BeNil()) @@ -464,6 +477,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman play kube test correct command with only set command in yaml file", func() { + SkipIfRemote() pod := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg(nil)))) err := generatePodKubeYaml(pod, kubeYaml) Expect(err).To(BeNil()) @@ -498,6 +512,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman play kube test correct output", func() { + SkipIfRemote() p := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg([]string{"world"})))) err := generatePodKubeYaml(p, kubeYaml) @@ -601,6 +616,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman play kube seccomp container level", func() { + SkipIfRemote() // expect play kube is expected to set a seccomp label if it's applied as an annotation jsonFile, err := podmanTest.CreateSeccompJson(seccompPwdEPERM) if err != nil { @@ -627,6 +643,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman play kube seccomp pod level", func() { + SkipIfRemote() // expect play kube is expected to set a seccomp label if it's applied as an annotation jsonFile, err := podmanTest.CreateSeccompJson(seccompPwdEPERM) if err != nil { @@ -778,6 +795,7 @@ spec: // Deployment related tests It("podman play kube deployment 1 replica test correct command", func() { + SkipIfRemote() deployment := getDeployment() err := generateDeploymentKubeYaml(deployment, kubeYaml) Expect(err).To(BeNil()) @@ -796,6 +814,7 @@ spec: }) It("podman play kube deployment more than 1 replica test correct command", func() { + SkipIfRemote() var i, numReplicas int32 numReplicas = 5 deployment := getDeployment(withReplicas(numReplicas)) @@ -815,4 +834,23 @@ spec: Expect(inspect.OutputToString()).To(ContainSubstring(correctCmd)) } }) + + It("podman play kube test with network portbindings", func() { + ip := "127.0.0.100" + port := "5000" + ctr := getCtr(withHostIP(ip, port), withImage(BB)) + + pod := getPod(withCtr(ctr)) + err := generatePodKubeYaml(pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"port", getCtrNameInPod(pod)}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(Equal("5000/tcp -> 127.0.0.100:5000")) + }) }) diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index 49105310b..a5fa21187 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -227,6 +225,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod pid NS", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"pod", "create", "--share", "pid"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -258,6 +257,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod not sharing pid", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"pod", "create", "--share", "net"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -283,6 +283,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod ipc NS", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"pod", "create", "--share", "ipc"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go index fce131e20..7a6223158 100644 --- a/test/e2e/pod_pod_namespaces.go +++ b/test/e2e/pod_pod_namespaces.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -63,6 +61,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container dontshare PIDNS", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"pod", "create"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index 74d1c1838..04068de06 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/pod_top_test.go b/test/e2e/pod_top_test.go index f86d23d84..40e8d77d8 100644 --- a/test/e2e/pod_top_test.go +++ b/test/e2e/pod_top_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -58,6 +56,7 @@ var _ = Describe("Podman top", func() { }) It("podman pod top on pod", func() { + SkipIfRemote() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) diff --git a/test/e2e/port_test.go b/test/e2e/port_test.go index 897505588..b247fcaa3 100644 --- a/test/e2e/port_test.go +++ b/test/e2e/port_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -49,6 +47,7 @@ var _ = Describe("Podman port", func() { }) It("podman port -l nginx", func() { + SkipIfRemote() session, cid := podmanTest.RunNginxWithHealthCheck("") Expect(session.ExitCode()).To(Equal(0)) @@ -64,6 +63,7 @@ var _ = Describe("Podman port", func() { }) It("podman container port -l nginx", func() { + SkipIfRemote() session, cid := podmanTest.RunNginxWithHealthCheck("") Expect(session.ExitCode()).To(Equal(0)) @@ -79,6 +79,7 @@ var _ = Describe("Podman port", func() { }) It("podman port -l port nginx", func() { + SkipIfRemote() session, cid := podmanTest.RunNginxWithHealthCheck("") Expect(session.ExitCode()).To(Equal(0)) @@ -127,18 +128,18 @@ var _ = Describe("Podman port", func() { lock2 := GetPortLock("5001") defer lock2.Unlock() - setup := podmanTest.Podman([]string{"run", "-dt", "-p", "5000:5000", "-p", "5001:5001", ALPINE, "top"}) + setup := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", "5000:5000", "-p", "5001:5001", ALPINE, "top"}) setup.WaitWithDefaultTimeout() Expect(setup.ExitCode()).To(BeZero()) // Check that the first port was honored - result1 := podmanTest.Podman([]string{"port", "-l", "5000"}) + result1 := podmanTest.Podman([]string{"port", "test", "5000"}) result1.WaitWithDefaultTimeout() Expect(result1.ExitCode()).To(BeZero()) Expect(result1.LineInOuputStartsWith("0.0.0.0:5000")).To(BeTrue()) // Check that the second port was honored - result2 := podmanTest.Podman([]string{"port", "-l", "5001"}) + result2 := podmanTest.Podman([]string{"port", "test", "5001"}) result2.WaitWithDefaultTimeout() Expect(result2.ExitCode()).To(BeZero()) Expect(result2.LineInOuputStartsWith("0.0.0.0:5001")).To(BeTrue()) diff --git a/test/e2e/run_cleanup_test.go b/test/e2e/run_cleanup_test.go index 7c83acc40..596c224aa 100644 --- a/test/e2e/run_cleanup_test.go +++ b/test/e2e/run_cleanup_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -35,6 +33,7 @@ var _ = Describe("Podman run exit", func() { }) It("podman run -d mount cleanup test", func() { + SkipIfRemote() SkipIfRootless() result := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"}) diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go index b4785c513..b1fb0e628 100644 --- a/test/e2e/run_cpu_test.go +++ b/test/e2e/run_cpu_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index b1a4c9cb2..8798b2dc1 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go index beed80fd2..a44fb7187 100644 --- a/test/e2e/run_dns_test.go +++ b/test/e2e/run_dns_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_entrypoint_test.go b/test/e2e/run_entrypoint_test.go index 741019770..f6019b37a 100644 --- a/test/e2e/run_entrypoint_test.go +++ b/test/e2e/run_entrypoint_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -46,6 +44,7 @@ CMD [] }) It("podman run entrypoint", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] ` @@ -57,6 +56,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run entrypoint with cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest CMD [ "-v"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] @@ -69,6 +69,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run entrypoint with user cmd overrides image cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest CMD [ "-v"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] @@ -81,6 +82,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run entrypoint with user cmd no image cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] ` @@ -92,6 +94,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run user entrypoint overrides image entrypoint and image cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest CMD ["-i"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] @@ -109,6 +112,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run user entrypoint with command overrides image entrypoint and image cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest CMD ["-i"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] diff --git a/test/e2e/run_env_test.go b/test/e2e/run_env_test.go index c6fb1ad1b..305e37c12 100644 --- a/test/e2e/run_env_test.go +++ b/test/e2e/run_env_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index 5ae45b62f..379e74629 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 317f760db..a22f79180 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -265,10 +263,10 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose ports in image metadata", func() { - session := podmanTest.Podman([]string{"create", "-dt", "-P", nginx}) + session := podmanTest.Podman([]string{"create", "--name", "test", "-dt", "-P", nginx}) session.Wait(90) Expect(session.ExitCode()).To(Equal(0)) - results := podmanTest.Podman([]string{"inspect", "-l"}) + results := podmanTest.Podman([]string{"inspect", "test"}) results.Wait(30) Expect(results.ExitCode()).To(Equal(0)) Expect(results.OutputToString()).To(ContainSubstring(`"80/tcp":`)) @@ -277,11 +275,11 @@ var _ = Describe("Podman run networking", func() { It("podman run network expose duplicate host port results in error", func() { SkipIfRootless() - session := podmanTest.Podman([]string{"run", "-dt", "-p", "80", ALPINE, "/bin/sh"}) + session := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", "80", ALPINE, "/bin/sh"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - inspect := podmanTest.Podman([]string{"inspect", "-l"}) + inspect := podmanTest.Podman([]string{"inspect", "test"}) inspect.WaitWithDefaultTimeout() Expect(inspect.ExitCode()).To(Equal(0)) @@ -436,6 +434,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run in custom CNI network with --static-ip", func() { + SkipIfRemote() SkipIfRootless() netName := "podmantestnetwork" ipAddr := "10.20.30.128" diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go index 96ca2fc56..181b453c1 100644 --- a/test/e2e/run_ns_test.go +++ b/test/e2e/run_ns_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_restart_test.go b/test/e2e/run_restart_test.go index 0a1c7e134..fa9cb2495 100644 --- a/test/e2e/run_restart_test.go +++ b/test/e2e/run_restart_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -35,11 +33,12 @@ var _ = Describe("Podman run restart containers", func() { }) It("Podman start after successful run", func() { - session := podmanTest.Podman([]string{"run", ALPINE, "ls"}) + SkipIfRemote() + session := podmanTest.Podman([]string{"run", "--name", "test", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session2 := podmanTest.Podman([]string{"start", "--attach", "--latest"}) + session2 := podmanTest.Podman([]string{"start", "--attach", "test"}) session2.WaitWithDefaultTimeout() Expect(session2.ExitCode()).To(Equal(0)) }) diff --git a/test/e2e/run_seccomp.go b/test/e2e/run_seccomp.go index a6a14618c..ec688135b 100644 --- a/test/e2e/run_seccomp.go +++ b/test/e2e/run_seccomp.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go index 148b18daa..50209a989 100644 --- a/test/e2e/run_security_labels.go +++ b/test/e2e/run_security_labels.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -129,6 +127,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman container runlabel (podman --version)", func() { + SkipIfRemote() PodmanDockerfile := ` FROM alpine:latest LABEL io.containers.capabilities=chown,mknod` diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 7c1946534..c88441fbc 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index 8377636cf..de7663cc2 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index 42f13537d..b82fa7acb 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 2b806ac2b..63aa116f8 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -199,6 +197,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman run with volumes and suid/dev/exec options", func() { + SkipIfRemote() mountPath := filepath.Join(podmanTest.TempDir, "secrets") os.Mkdir(mountPath, 0755) @@ -228,6 +227,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman run with tmpfs named volume mounts and unmounts", func() { + SkipIfRemote() SkipIfRootless() volName := "testvol" mkVolume := podmanTest.Podman([]string{"volume", "create", "--opt", "type=tmpfs", "--opt", "device=tmpfs", "--opt", "o=nodev", "testvol"}) @@ -315,6 +315,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman run with anonymous volume", func() { + SkipIfRemote() list1 := podmanTest.Podman([]string{"volume", "list", "--quiet"}) list1.WaitWithDefaultTimeout() Expect(list1.ExitCode()).To(Equal(0)) @@ -333,6 +334,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman rm -v removes anonymous volume", func() { + SkipIfRemote() list1 := podmanTest.Podman([]string{"volume", "list", "--quiet"}) list1.WaitWithDefaultTimeout() Expect(list1.ExitCode()).To(Equal(0)) @@ -434,6 +436,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("Podman mount over image volume with trailing /", func() { + SkipIfRemote() image := "podman-volume-test:trailing" dockerfile := ` FROM alpine:latest @@ -453,6 +456,7 @@ VOLUME /test/` }) It("podman run with overlay volume flag", func() { + SkipIfRemote() if os.Getenv("container") != "" { Skip("Overlay mounts not supported when running in a container") } diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go index 3383fbd1e..aae193aa0 100644 --- a/test/e2e/runlabel_test.go +++ b/test/e2e/runlabel_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -48,6 +46,7 @@ var _ = Describe("podman container runlabel", func() { }) It("podman container runlabel (podman --version)", func() { + SkipIfRemote() image := "podman-runlabel-test:podman" podmanTest.BuildImage(PodmanDockerfile, image, "false") @@ -61,6 +60,7 @@ var _ = Describe("podman container runlabel", func() { }) It("podman container runlabel (ls -la)", func() { + SkipIfRemote() image := "podman-runlabel-test:ls" podmanTest.BuildImage(LsDockerfile, image, "false") diff --git a/test/e2e/system_df_test.go b/test/e2e/system_df_test.go index f17afaec1..b179a29d4 100644 --- a/test/e2e/system_df_test.go +++ b/test/e2e/system_df_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -37,6 +35,7 @@ var _ = Describe("podman system df", func() { }) It("podman system df", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"create", ALPINE}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index 7b9be2275..268f62f5b 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/top_test.go b/test/e2e/top_test.go index 157a7fe46..f4d1ec857 100644 --- a/test/e2e/top_test.go +++ b/test/e2e/top_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -55,22 +53,22 @@ var _ = Describe("Podman top", func() { }) It("podman top on container", func() { - session := podmanTest.Podman([]string{"run", "-d", ALPINE, "top", "-d", "2"}) + session := podmanTest.Podman([]string{"run", "--name", "test", "-d", ALPINE, "top", "-d", "2"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - result := podmanTest.Podman([]string{"top", "-l"}) + result := podmanTest.Podman([]string{"top", "test"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) Expect(len(result.OutputToStringArray())).To(BeNumerically(">", 1)) }) It("podman container top on container", func() { - session := podmanTest.Podman([]string{"container", "run", "-d", ALPINE, "top", "-d", "2"}) + session := podmanTest.Podman([]string{"container", "run", "--name", "test", "-d", ALPINE, "top", "-d", "2"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - result := podmanTest.Podman([]string{"container", "top", "-l"}) + result := podmanTest.Podman([]string{"container", "top", "test"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) Expect(len(result.OutputToStringArray())).To(BeNumerically(">", 1)) diff --git a/test/e2e/volume_prune_test.go b/test/e2e/volume_prune_test.go index c4fafa406..d98b02824 100644 --- a/test/e2e/volume_prune_test.go +++ b/test/e2e/volume_prune_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/vendor/github.com/containers/common/pkg/config/systemd.go b/vendor/github.com/containers/common/pkg/config/systemd.go index e02f52192..02e5c4ac2 100644 --- a/vendor/github.com/containers/common/pkg/config/systemd.go +++ b/vendor/github.com/containers/common/pkg/config/systemd.go @@ -2,7 +2,17 @@ package config +import ( + "github.com/containers/common/pkg/cgroupv2" + "github.com/containers/storage/pkg/unshare" +) + func defaultCgroupManager() string { + enabled, err := cgroupv2.Enabled() + if err == nil && !enabled && unshare.IsRootless() { + return CgroupfsCgroupsManager + } + return SystemdCgroupsManager } func defaultEventsLogger() string { diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 2913fe974..6b226eabe 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.17.0" +const Version = "0.18.0" diff --git a/vendor/modules.txt b/vendor/modules.txt index 1d97f810a..7cd0f86df 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,7 +84,7 @@ github.com/containers/buildah/pkg/secrets github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.17.0 +# github.com/containers/common v0.18.0 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/auth github.com/containers/common/pkg/capabilities |