diff options
Diffstat (limited to 'test/e2e')
-rw-r--r-- | test/e2e/build_test.go | 23 | ||||
-rw-r--r-- | test/e2e/generate_systemd_test.go | 40 | ||||
-rw-r--r-- | test/e2e/load_test.go | 8 | ||||
-rw-r--r-- | test/e2e/ps_test.go | 6 | ||||
-rw-r--r-- | test/e2e/pull_test.go | 43 | ||||
-rw-r--r-- | test/e2e/run_apparmor_test.go | 13 | ||||
-rw-r--r-- | test/e2e/run_privileged_test.go | 42 | ||||
-rw-r--r-- | test/e2e/run_test.go | 12 | ||||
-rw-r--r-- | test/e2e/runlabel_test.go | 15 | ||||
-rw-r--r-- | test/e2e/save_test.go | 47 | ||||
-rw-r--r-- | test/e2e/systemd_test.go | 8 | ||||
l--------- | test/e2e/testdata/image | 1 |
12 files changed, 242 insertions, 16 deletions
diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 9fd82e149..0b6e919d0 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -57,6 +57,29 @@ var _ = Describe("Podman build", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman build with logfile", func() { + SkipIfRemote() + logfile := filepath.Join(podmanTest.TempDir, "logfile") + session := podmanTest.PodmanNoCache([]string{"build", "--tag", "test", "--logfile", logfile, "build/basicalpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Verify that OS and Arch are being set + inspect := podmanTest.PodmanNoCache([]string{"inspect", "test"}) + inspect.WaitWithDefaultTimeout() + data := inspect.InspectImageJSON() + Expect(data[0].Os).To(Equal(runtime.GOOS)) + Expect(data[0].Architecture).To(Equal(runtime.GOARCH)) + + st, err := os.Stat(logfile) + Expect(err).To(BeNil()) + Expect(st.Size()).To(Not(Equal(0))) + + session = podmanTest.PodmanNoCache([]string{"rmi", "alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + // If the context directory is pointing at a file and not a directory, // that's a no no, fail out. It("podman build context directory a file", func() { diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go index 60d9162d1..da2f67754 100644 --- a/test/e2e/generate_systemd_test.go +++ b/test/e2e/generate_systemd_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -61,7 +59,7 @@ var _ = Describe("Podman generate systemd", func() { session = podmanTest.Podman([]string{"generate", "systemd", "--restart-policy", "bogus", "foobar"}) session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError()) - found, _ := session.ErrorGrepString("Error: bogus is not a valid restart policy") + found, _ := session.ErrorGrepString("bogus is not a valid restart policy") Expect(found).Should(BeTrue()) }) @@ -191,7 +189,7 @@ var _ = Describe("Podman generate systemd", func() { Expect(found).To(BeTrue()) }) - It("podman generate systemd --new", func() { + It("podman generate systemd --new --name foo", func() { n := podmanTest.Podman([]string{"create", "--name", "foo", "alpine", "top"}) n.WaitWithDefaultTimeout() Expect(n.ExitCode()).To(Equal(0)) @@ -204,6 +202,29 @@ var _ = Describe("Podman generate systemd", func() { found, _ := session.GrepString("# container-foo.service") Expect(found).To(BeTrue()) + found, _ = session.GrepString(" --replace ") + Expect(found).To(BeTrue()) + + found, _ = session.GrepString("stop --ignore --cidfile %t/container-foo.ctr-id -t 42") + Expect(found).To(BeTrue()) + }) + + It("podman generate systemd --new --name=foo", func() { + n := podmanTest.Podman([]string{"create", "--name=foo", "alpine", "top"}) + n.WaitWithDefaultTimeout() + Expect(n.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"generate", "systemd", "-t", "42", "--name", "--new", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Grepping the output (in addition to unit tests) + found, _ := session.GrepString("# container-foo.service") + Expect(found).To(BeTrue()) + + found, _ = session.GrepString(" --replace ") + Expect(found).To(BeTrue()) + found, _ = session.GrepString("stop --ignore --cidfile %t/container-foo.ctr-id -t 42") Expect(found).To(BeTrue()) }) @@ -383,4 +404,15 @@ var _ = Describe("Podman generate systemd", func() { found, _ = session.GrepString("pod rm --ignore -f --pod-id-file %t/pod-foo.pod-id") Expect(found).To(BeTrue()) }) + + It("podman generate systemd --format json", func() { + n := podmanTest.Podman([]string{"create", "--name", "foo", ALPINE}) + n.WaitWithDefaultTimeout() + Expect(n.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"generate", "systemd", "--format", "json", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.IsJSONOutputValid()).To(BeTrue()) + }) }) diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go index 6a7f15e1f..2b401a09d 100644 --- a/test/e2e/load_test.go +++ b/test/e2e/load_test.go @@ -269,4 +269,12 @@ var _ = Describe("Podman load", func() { result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) }) + + It("podman load multi-image archive", func() { + result := podmanTest.PodmanNoCache([]string{"load", "-i", "./testdata/image/docker-two-images.tar.xz"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.LineInOutputContains("example.com/empty:latest")).To(BeTrue()) + Expect(result.LineInOutputContains("example.com/empty/but:different")).To(BeTrue()) + }) }) diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index a734d399d..a2338c924 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -104,11 +104,13 @@ var _ = Describe("Podman ps", func() { SkipIfRemote() _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) + _, ec, _ = podmanTest.RunLsContainer("") + Expect(ec).To(Equal(0)) - result := podmanTest.Podman([]string{"ps", "--latest"}) + result := podmanTest.Podman([]string{"ps", "-q", "--latest"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) - Expect(len(result.OutputToStringArray())).Should(BeNumerically(">", 0)) + Expect(len(result.OutputToStringArray())).Should(Equal(1)) }) It("podman ps last flag", func() { diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index 6d1cb6cbc..98b81876a 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -251,6 +251,49 @@ var _ = Describe("Podman pull", func() { session = podmanTest.PodmanNoCache([]string{"rmi", "alpine"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) + + // Pulling a multi-image archive without further specifying + // which image _must_ error out. Pulling is restricted to one + // image. + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + expectedError := "Unexpected tar manifest.json: expected 1 item, got 2" + found, _ := session.ErrorGrepString(expectedError) + Expect(found).To(Equal(true)) + + // Now pull _one_ image from a multi-image archive via the name + // and index syntax. + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:@0")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:example.com/empty:latest")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:@1")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:example.com/empty/but:different")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Now check for some errors. + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:foo.com/does/not/exist:latest")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + expectedError = "Tag \"foo.com/does/not/exist:latest\" not found" + found, _ = session.ErrorGrepString(expectedError) + Expect(found).To(Equal(true)) + + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:@2")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + expectedError = "Invalid source index @2, only 2 manifest items available" + found, _ = session.ErrorGrepString(expectedError) + Expect(found).To(Equal(true)) }) It("podman pull from oci-archive", func() { diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go index 53cac9529..7d522a752 100644 --- a/test/e2e/run_apparmor_test.go +++ b/test/e2e/run_apparmor_test.go @@ -155,4 +155,17 @@ profile aa-test-profile flags=(attach_disconnected,mediate_deleted) { inspect := podmanTest.InspectContainer(cid) Expect(inspect[0].AppArmorProfile).To(Equal("")) }) + + It("podman run apparmor disabled unconfined", func() { + skipIfAppArmorEnabled() + + session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=unconfined", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal("")) + }) }) diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index ca8da981f..064ba7d2c 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -2,13 +2,36 @@ package integration import ( "os" + "strconv" "strings" . "github.com/containers/podman/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + "github.com/syndtr/gocapability/capability" ) +// helper function for confirming that container capabilities are equal +// to those of the host, but only to the extent of caps we (podman) +// know about at compile time. That is: the kernel may have more caps +// available than we are aware of, leading to host=FFF... and ctr=3FF... +// because the latter is all we request. Accept that. +func containerCapMatchesHost(ctr_cap string, host_cap string) { + ctr_cap_n, err := strconv.ParseUint(ctr_cap, 16, 64) + Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", ctr_cap) + + host_cap_n, err := strconv.ParseUint(host_cap, 16, 64) + Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", host_cap) + + // host caps can never be zero (except rootless, which we don't test). + // and host caps must always be a superset (inclusive) of container + Expect(host_cap_n).To(BeNumerically(">", 0), "host cap %q should be nonzero", host_cap) + Expect(host_cap_n).To(BeNumerically(">=", ctr_cap_n), "host cap %q should never be less than container cap %q", host_cap, ctr_cap) + + host_cap_masked := host_cap_n & (1<<len(capability.List()) - 1) + Expect(ctr_cap_n).To(Equal(host_cap_masked), "container cap %q is not a subset of host cap %q", ctr_cap, host_cap) +} + var _ = Describe("Podman privileged container tests", func() { var ( tempdir string @@ -44,24 +67,27 @@ var _ = Describe("Podman privileged container tests", func() { It("podman privileged CapEff", func() { SkipIfRootless() - cap := SystemExec("grep", []string{"CapEff", "/proc/self/status"}) - Expect(cap.ExitCode()).To(Equal(0)) + host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) + Expect(host_cap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "grep", "CapEff", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal(cap.OutputToString())) + + containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString()) }) It("podman cap-add CapEff", func() { SkipIfRootless() - cap := SystemExec("grep", []string{"CapEff", "/proc/self/status"}) - Expect(cap.ExitCode()).To(Equal(0)) + // Get caps of current process + host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) + Expect(host_cap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--cap-add", "all", "busybox", "grep", "CapEff", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal(cap.OutputToString())) + + containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString()) }) It("podman cap-drop CapEff", func() { diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 91b0d3e48..a67f7df92 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -325,10 +325,10 @@ USER bin` Expect(session.ExitCode()).To(Equal(0)) } - session = podmanTest.Podman([]string{"run", "--rm", "--oom-score-adj=100", fedoraMinimal, "cat", "/proc/self/oom_score_adj"}) + session = podmanTest.Podman([]string{"run", "--rm", "--oom-score-adj=111", fedoraMinimal, "cat", "/proc/self/oom_score_adj"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(ContainSubstring("100")) + Expect(session.OutputToString()).To(Equal("111")) }) It("podman run limits host test", func() { @@ -919,6 +919,14 @@ USER mail` Expect(session.OutputToString()).To(Not(ContainSubstring("/dev/shm type tmpfs (ro,"))) }) + It("podman run readonly container should NOT mount /run noexec", func() { + session := podmanTest.Podman([]string{"run", "--read-only", ALPINE, "sh", "-c", "mount | grep \"/run \""}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + Expect(session.OutputToString()).To(Not(ContainSubstring("noexec"))) + }) + It("podman run with bad healthcheck retries", func() { session := podmanTest.Podman([]string{"run", "-dt", "--health-cmd", "[\"foo\"]", "--health-retries", "0", ALPINE, "top"}) session.Wait() diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go index de79b2b98..f17b4d560 100644 --- a/test/e2e/runlabel_test.go +++ b/test/e2e/runlabel_test.go @@ -72,6 +72,21 @@ var _ = Describe("podman container runlabel", func() { result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) }) + + It("podman container runlabel --display", func() { + SkipIfRemote() + image := "podman-runlabel-test:ls" + podmanTest.BuildImage(LsDockerfile, image, "false") + + result := podmanTest.Podman([]string{"container", "runlabel", "--display", "RUN", image}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.OutputToString()).To(ContainSubstring(podmanTest.PodmanBinary + " -la")) + + result = podmanTest.Podman([]string{"rmi", image}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + }) It("podman container runlabel bogus label should result in non-zero exit code", func() { result := podmanTest.Podman([]string{"container", "runlabel", "RUN", ALPINE}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index e1396f1b2..1f1258be3 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -128,4 +128,51 @@ var _ = Describe("Podman save", func() { save.WaitWithDefaultTimeout() Expect(save.ExitCode()).To(Equal(0)) }) + + It("podman save --multi-image-archive (tagged images)", func() { + multiImageSave(podmanTest, RESTORE_IMAGES) + }) + + It("podman save --multi-image-archive (untagged images)", func() { + // Refer to images via ID instead of tag. + session := podmanTest.PodmanNoCache([]string{"images", "--format", "{{.ID}}"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + ids := session.OutputToStringArray() + + Expect(len(RESTORE_IMAGES), len(ids)) + multiImageSave(podmanTest, ids) + }) }) + +// Create a multi-image archive, remove all images, load it and +// make sure that all images are (again) present. +func multiImageSave(podmanTest *PodmanTestIntegration, images []string) { + // Create the archive. + outfile := filepath.Join(podmanTest.TempDir, "temp.tar") + session := podmanTest.PodmanNoCache(append([]string{"save", "-o", outfile, "--multi-image-archive"}, images...)) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Remove all images. + session = podmanTest.PodmanNoCache([]string{"rmi", "-af"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Now load the archive. + session = podmanTest.PodmanNoCache([]string{"load", "-i", outfile}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + // Grep for each image in the `podman load` output. + for _, image := range images { + found, _ := session.GrepString(image) + Expect(found).Should(BeTrue()) + } + + // Make sure that each image has really been loaded. + for _, image := range images { + session = podmanTest.PodmanNoCache([]string{"image", "exists", image}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + } +} diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index b5114e429..9a3247b77 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -146,4 +146,12 @@ WantedBy=multi-user.target Expect(len(conData)).To(Equal(1)) Expect(conData[0].Config.SystemdMode).To(BeTrue()) }) + + It("podman run --systemd container should NOT mount /run noexec", func() { + session := podmanTest.Podman([]string{"run", "--systemd", "always", ALPINE, "sh", "-c", "mount | grep \"/run \""}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + Expect(session.OutputToString()).To(Not(ContainSubstring("noexec"))) + }) }) diff --git a/test/e2e/testdata/image b/test/e2e/testdata/image new file mode 120000 index 000000000..a9e67bf9a --- /dev/null +++ b/test/e2e/testdata/image @@ -0,0 +1 @@ +../../../libpod/image/testdata/
\ No newline at end of file |