diff options
| -rw-r--r-- | .cirrus.yml | 21 | ||||
| -rw-r--r-- | .github/workflows/check_cirrus_cron.yml | 24 | ||||
| -rw-r--r-- | contrib/cirrus/cron-fail_addrs.csv | 1 | ||||
| -rw-r--r-- | pkg/api/handlers/utils/errors.go | 6 | ||||
| -rw-r--r-- | pkg/specgen/generate/security.go | 2 | ||||
| -rw-r--r-- | test/system/160-volumes.bats | 2 | ||||
| -rw-r--r-- | test/system/410-selinux.bats | 3 |
7 files changed, 46 insertions, 13 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index c33ed9c0c..1bbd41b22 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -561,6 +561,26 @@ remote_system_test_task: TEST_FLAVOR: sys PODBIN_NAME: remote +rootless_remote_system_test_task: + <<: *local_system_test_task + alias: rootless_remote_system_test + depends_on: + - remote_integration_test + matrix: + # Minimal sanity testing: only the latest Fedora + - env: + DISTRO_NV: ${FEDORA_NAME} + # Not used here, is used in other tasks + VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + # ID for re-use of build output + _BUILD_CACHE_HANDLE: ${FEDORA_NAME}-build-${CIRRUS_BUILD_ID} + gce_instance: *standardvm + env: + TEST_FLAVOR: sys + PODBIN_NAME: remote + PRIV_NAME: rootless + buildah_bud_test_task: name: *std_name_fmt alias: buildah_bud_test @@ -716,6 +736,7 @@ success_task: - local_system_test - remote_system_test - rootless_system_test + - rootless_remote_system_test - rootless_gitlab_test - upgrade_test - buildah_bud_test diff --git a/.github/workflows/check_cirrus_cron.yml b/.github/workflows/check_cirrus_cron.yml index 65c483c96..be7750852 100644 --- a/.github/workflows/check_cirrus_cron.yml +++ b/.github/workflows/check_cirrus_cron.yml @@ -19,9 +19,8 @@ env: # Debug-mode can reveal secrets, only enable by a secret value. # Ref: https://help.github.com/en/actions/configuring-and-managing-workflows/managing-a-workflow-run#enabling-step-debug-logging ACTIONS_STEP_DEBUG: '${{ secrets.ACTIONS_STEP_DEBUG }}' - # File with CSV listing of zero or more e-mail addresses for delivery - # of daily failure notice e-mails. - FAILMAILCSV: './contrib/cirrus/cron-fail_addrs.csv' + # CSV listing of e-mail addresses for delivery failure or error notices + RCPTCSV: rh.container.bot@gmail.com,podman-monitor@lists.podman.io # Filename for table of cron-name to build-id data # (must be in $GITHUB_WORKSPACE/artifacts/) NAME_ID_FILEPATH: './artifacts/name_id.txt' @@ -60,10 +59,6 @@ jobs: ) > ./artifacts/email_body.txt - if: steps.cron.outputs.failures > 0 - id: mailto - run: printf "::set-output name=csv::%s\n" $(cat "$FAILMAILCSV") - - - if: steps.mailto.outputs.csv != '' name: Send failure notification e-mail # Ref: https://github.com/dawidd6/action-send-mail uses: dawidd6/action-send-mail@v2.2.2 @@ -73,7 +68,7 @@ jobs: username: ${{secrets.ACTION_MAIL_USERNAME}} password: ${{secrets.ACTION_MAIL_PASSWORD}} subject: Cirrus-CI cron build failures on ${{github.repository}} - to: ${{steps.mailto.outputs.csv}} + to: ${{env.RCPTCSV}} from: ${{secrets.ACTION_MAIL_SENDER}} body: file://./artifacts/email_body.txt @@ -82,3 +77,16 @@ jobs: with: name: ${{ github.job }}_artifacts path: artifacts/* + + - if: failure() + name: Send error notification e-mail + uses: dawidd6/action-send-mail@v2.2.2 + with: + server_address: ${{secrets.ACTION_MAIL_SERVER}} + server_port: 465 + username: ${{secrets.ACTION_MAIL_USERNAME}} + password: ${{secrets.ACTION_MAIL_PASSWORD}} + subject: Github workflow error on ${{github.repository}} + to: ${{env.RCPTCSV}} + from: ${{secrets.ACTION_MAIL_SENDER}} + body: Job failed: https://github.com/${{github.repository}}/runs/${{github.job}}?check_suite_focus=true diff --git a/contrib/cirrus/cron-fail_addrs.csv b/contrib/cirrus/cron-fail_addrs.csv deleted file mode 100644 index 276158163..000000000 --- a/contrib/cirrus/cron-fail_addrs.csv +++ /dev/null @@ -1 +0,0 @@ -rh.container.bot@gmail.com,podman-monitor@lists.podman.io diff --git a/pkg/api/handlers/utils/errors.go b/pkg/api/handlers/utils/errors.go index 919a8df1e..bf60b2c84 100644 --- a/pkg/api/handlers/utils/errors.go +++ b/pkg/api/handlers/utils/errors.go @@ -40,10 +40,12 @@ func VolumeNotFound(w http.ResponseWriter, name string, err error) { } func ContainerNotFound(w http.ResponseWriter, name string, err error) { - if errors.Cause(err) != define.ErrNoSuchCtr { + switch errors.Cause(err) { + case define.ErrNoSuchCtr, define.ErrCtrExists: + Error(w, http.StatusNotFound, err) + default: InternalServerError(w, err) } - Error(w, http.StatusNotFound, err) } func ImageNotFound(w http.ResponseWriter, name string, err error) { diff --git a/pkg/specgen/generate/security.go b/pkg/specgen/generate/security.go index 2eaf71897..9c6709905 100644 --- a/pkg/specgen/generate/security.go +++ b/pkg/specgen/generate/security.go @@ -246,7 +246,7 @@ func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, // Ignore net sysctls if --net=host if s.NetNS.IsHost() && strings.HasPrefix(sysctlKey, "net.") { - return errors.Wrapf(define.ErrInvalidArg, "sysctl %s=%s can't be set since Host Namespace set to host", sysctlKey, sysctlVal) + return errors.Wrapf(define.ErrInvalidArg, "sysctl %s=%s can't be set since Network Namespace set to host", sysctlKey, sysctlVal) } // Ignore uts sysctls if --uts=host diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index 3f2d7f6bb..a3c972b3e 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -213,6 +213,8 @@ EOF # Podman volume user test @test "podman volume user test" { is_rootless || skip "only meaningful when run rootless" + skip_if_remote "not applicable on podman-remote" + user="1000:2000" newuser="100:200" tmpdir=${PODMAN_TMPDIR}/volume_$(random_string) diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index dbdfd4b9d..056a056f6 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -245,7 +245,8 @@ function check_label() { is "$output" "system_u:object_r:container_file_t:$level $tmpdir" \ "Confined Relabel Correctly" - if is_rootless; then + # podman-remote has no 'unshare' + if is_rootless && ! is_remote; then run_podman unshare touch $tmpdir/test1 # Relabel entire directory run_podman unshare chcon system_u:object_r:usr_t:s0 $tmpdir |