summaryrefslogtreecommitdiff
path: root/test/e2e
diff options
context:
space:
mode:
Diffstat (limited to 'test/e2e')
-rw-r--r--test/e2e/play_kube_test.go2
-rw-r--r--test/e2e/pod_create_test.go220
-rw-r--r--test/e2e/pod_initcontainers_test.go4
-rw-r--r--test/e2e/pod_ps_test.go16
-rw-r--r--test/e2e/run_cgroup_parent_test.go1
-rw-r--r--test/e2e/run_device_test.go33
6 files changed, 256 insertions, 20 deletions
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 66bfdefe7..e3096d932 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -1114,7 +1114,7 @@ var _ = Describe("Podman play kube", func() {
})
It("podman play kube should share ipc,net,uts when shareProcessNamespace is set", func() {
- SkipIfRootless("Requires root priviledges for sharing few namespaces")
+ SkipIfRootless("Requires root privileges for sharing few namespaces")
err := writeYaml(sharedNamespacePodYaml, kubeYaml)
Expect(err).To(BeNil())
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index 4c6788b9d..f6f532ce9 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -4,6 +4,7 @@ import (
"fmt"
"io/ioutil"
"os"
+ "os/user"
"path/filepath"
"strconv"
"strings"
@@ -621,4 +622,223 @@ ENTRYPOINT ["sleep","99999"]
Expect(podCreate).Should(ExitWithError())
})
+
+ It("podman pod create with --userns=keep-id", func() {
+ if os.Geteuid() == 0 {
+ Skip("Test only runs without root")
+ }
+
+ podName := "testPod"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--userns", "keep-id", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+
+ session := podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "id", "-u"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ uid := fmt.Sprintf("%d", os.Geteuid())
+ ok, _ := session.GrepString(uid)
+ Expect(ok).To(BeTrue())
+
+ // Check passwd
+ session = podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "id", "-un"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ u, err := user.Current()
+ Expect(err).To(BeNil())
+ ok, _ = session.GrepString(u.Name)
+ Expect(ok).To(BeTrue())
+
+ // root owns /usr
+ session = podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "stat", "-c%u", "/usr"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(Equal("0"))
+
+ // fail if --pod and --userns set together
+ session = podmanTest.Podman([]string{"run", "--pod", podName, "--userns", "keep-id", ALPINE, "id", "-u"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(125))
+ })
+
+ It("podman pod create with --userns=keep-id can add users", func() {
+ if os.Geteuid() == 0 {
+ Skip("Test only runs without root")
+ }
+
+ podName := "testPod"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--userns", "keep-id", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+
+ ctrName := "ctr-name"
+ session := podmanTest.Podman([]string{"run", "--pod", podName, "-d", "--stop-signal", "9", "--name", ctrName, fedoraMinimal, "sleep", "600"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ // container inside pod inherits user form infra container if --user is not set
+ // etc/passwd entry will look like 1000:*:1000:1000:container user:/:/bin/sh
+ exec1 := podmanTest.Podman([]string{"exec", ctrName, "cat", "/etc/passwd"})
+ exec1.WaitWithDefaultTimeout()
+ Expect(exec1).Should(Exit(0))
+ Expect(exec1.OutputToString()).To(ContainSubstring("container"))
+
+ exec2 := podmanTest.Podman([]string{"exec", ctrName, "useradd", "testuser"})
+ exec2.WaitWithDefaultTimeout()
+ Expect(exec2).Should(Exit(0))
+
+ exec3 := podmanTest.Podman([]string{"exec", ctrName, "cat", "/etc/passwd"})
+ exec3.WaitWithDefaultTimeout()
+ Expect(exec3).Should(Exit(0))
+ Expect(exec3.OutputToString()).To(ContainSubstring("testuser"))
+ })
+
+ It("podman pod create with --userns=auto", func() {
+ u, err := user.Current()
+ Expect(err).To(BeNil())
+ name := u.Name
+ if name == "root" {
+ name = "containers"
+ }
+
+ content, err := ioutil.ReadFile("/etc/subuid")
+ if err != nil {
+ Skip("cannot read /etc/subuid")
+ }
+ if !strings.Contains(string(content), name) {
+ Skip("cannot find mappings for the current user")
+ }
+
+ m := make(map[string]string)
+ for i := 0; i < 5; i++ {
+ podName := "testPod" + strconv.Itoa(i)
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--userns=auto", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+
+ session := podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "cat", "/proc/self/uid_map"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ l := session.OutputToString()
+ Expect(strings.Contains(l, "1024")).To(BeTrue())
+ m[l] = l
+ }
+ // check for no duplicates
+ Expect(len(m)).To(Equal(5))
+ })
+
+ It("podman pod create --userns=auto:size=%d", func() {
+ u, err := user.Current()
+ Expect(err).To(BeNil())
+
+ name := u.Name
+ if name == "root" {
+ name = "containers"
+ }
+
+ content, err := ioutil.ReadFile("/etc/subuid")
+ if err != nil {
+ Skip("cannot read /etc/subuid")
+ }
+ if !strings.Contains(string(content), name) {
+ Skip("cannot find mappings for the current user")
+ }
+
+ podName := "testPod"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--userns=auto:size=500", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+ session := podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "cat", "/proc/self/uid_map"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ ok, _ := session.GrepString("500")
+
+ podName = "testPod-1"
+ podCreate = podmanTest.Podman([]string{"pod", "create", "--userns=auto:size=3000", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+ session = podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "cat", "/proc/self/uid_map"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ ok, _ = session.GrepString("3000")
+
+ Expect(ok).To(BeTrue())
+ })
+
+ It("podman pod create --userns=auto:uidmapping=", func() {
+ u, err := user.Current()
+ Expect(err).To(BeNil())
+
+ name := u.Name
+ if name == "root" {
+ name = "containers"
+ }
+
+ content, err := ioutil.ReadFile("/etc/subuid")
+ if err != nil {
+ Skip("cannot read /etc/subuid")
+ }
+ if !strings.Contains(string(content), name) {
+ Skip("cannot find mappings for the current user")
+ }
+
+ podName := "testPod"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--userns=auto:uidmapping=0:0:1", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+ session := podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "cat", "/proc/self/uid_map"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ output := session.OutputToString()
+ Expect(output).To(MatchRegexp("\\s0\\s0\\s1"))
+
+ podName = "testPod-1"
+ podCreate = podmanTest.Podman([]string{"pod", "create", "--userns=auto:size=8192,uidmapping=0:0:1", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+ session = podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "cat", "/proc/self/uid_map"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ ok, _ := session.GrepString("8191")
+ Expect(ok).To(BeTrue())
+ })
+
+ It("podman pod create --userns=auto:gidmapping=", func() {
+ u, err := user.Current()
+ Expect(err).To(BeNil())
+
+ name := u.Name
+ if name == "root" {
+ name = "containers"
+ }
+
+ content, err := ioutil.ReadFile("/etc/subuid")
+ if err != nil {
+ Skip("cannot read /etc/subuid")
+ }
+ if !strings.Contains(string(content), name) {
+ Skip("cannot find mappings for the current user")
+ }
+
+ podName := "testPod"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--userns=auto:gidmapping=0:0:1", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+ session := podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "cat", "/proc/self/gid_map"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ output := session.OutputToString()
+ Expect(output).To(MatchRegexp("\\s0\\s0\\s1"))
+
+ podName = "testPod-1"
+ podCreate = podmanTest.Podman([]string{"pod", "create", "--userns=auto:size=8192,gidmapping=0:0:1", "--name", podName})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate).Should(Exit(0))
+ session = podmanTest.Podman([]string{"run", "--pod", podName, ALPINE, "cat", "/proc/self/gid_map"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ ok, _ := session.GrepString("8191")
+ Expect(ok).To(BeTrue())
+ })
+
})
diff --git a/test/e2e/pod_initcontainers_test.go b/test/e2e/pod_initcontainers_test.go
index 606294f51..11e7ca400 100644
--- a/test/e2e/pod_initcontainers_test.go
+++ b/test/e2e/pod_initcontainers_test.go
@@ -98,10 +98,10 @@ var _ = Describe("Podman init containers", func() {
Expect(checkLog.OutputToString()).To(Equal(content))
})
- It("podman make sure oneshot container is removed", func() {
+ It("podman make sure once container is removed", func() {
filename := filepath.Join("/dev/shm", RandomString(12))
content := RandomString(16)
- session := podmanTest.Podman([]string{"create", "--init-ctr", "oneshot", "--pod", "new:foobar", ALPINE, "bin/sh", "-c", fmt.Sprintf("echo %s > %s", content, filename)})
+ session := podmanTest.Podman([]string{"create", "--init-ctr", "once", "--pod", "new:foobar", ALPINE, "bin/sh", "-c", fmt.Sprintf("echo %s > %s", content, filename)})
session.WaitWithDefaultTimeout()
initContainerID := session.OutputToString()
Expect(session).Should(Exit(0))
diff --git a/test/e2e/pod_ps_test.go b/test/e2e/pod_ps_test.go
index c27539d6f..b4a0df904 100644
--- a/test/e2e/pod_ps_test.go
+++ b/test/e2e/pod_ps_test.go
@@ -108,6 +108,22 @@ var _ = Describe("Podman ps", func() {
Expect(result).Should(Exit(0))
})
+ It("podman pod ps --filter until", func() {
+ name := "mypod"
+ _, ec, _ := podmanTest.CreatePod(map[string][]string{"--name": {name}})
+ Expect(ec).To(Equal(0))
+
+ result := podmanTest.Podman([]string{"pod", "ps", "--filter", "until=50"})
+ result.WaitWithDefaultTimeout()
+ Expect(result).Should(Exit(0))
+ Expect(result.OutputToString()).To(Not(ContainSubstring(name)))
+
+ result = podmanTest.Podman([]string{"pod", "ps", "--filter", "until=5000000000"})
+ result.WaitWithDefaultTimeout()
+ Expect(result).Should(Exit(0))
+ Expect(result.OutputToString()).To(ContainSubstring(name))
+ })
+
It("podman pod ps filter name regexp", func() {
_, ec, podid := podmanTest.CreatePod(map[string][]string{"--name": {"mypod"}})
Expect(ec).To(Equal(0))
diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go
index 3e261961b..82b6c3057 100644
--- a/test/e2e/run_cgroup_parent_test.go
+++ b/test/e2e/run_cgroup_parent_test.go
@@ -64,6 +64,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() {
})
Specify("always honor --cgroup-parent", func() {
+ Skip("https://github.com/containers/podman/issues/11165")
SkipIfCgroupV1("test not supported in cgroups v1")
if Containerized() || podmanTest.CgroupManager == "cgroupfs" {
Skip("Requires Systemd cgroup manager support")
diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go
index 40de1d50d..08905aed2 100644
--- a/test/e2e/run_device_test.go
+++ b/test/e2e/run_device_test.go
@@ -41,36 +41,35 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"})
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "test", "-c", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg"))
})
It("podman run device rename test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+ // TODO: Confirm absence of /dev/kmsg in container
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "test", "-c", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
It("podman run device permission test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"})
+ // TODO: Confirm write-permission failure
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "test", "-r", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg"))
})
It("podman run device rename and permission test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+ // TODO: Confirm write-permission failure
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "test", "-r", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
It("podman run device rename and bad permission test", func() {
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "true"})
session.WaitWithDefaultTimeout()
- Expect(session).To(ExitWithError())
+ Expect(session).Should(Exit(125))
})
It("podman run device host device and container device parameter are directories", func() {
@@ -89,12 +88,13 @@ var _ = Describe("Podman run device", func() {
})
It("podman run device host device with --privileged", func() {
- if _, err := os.Stat("/dev/kvm"); err != nil {
- Skip("/dev/kvm not available")
- }
- session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "/dev/kvm"})
+ session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "test", "-c", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
+ // verify --privileged is required
+ session2 := podmanTest.Podman([]string{"run", ALPINE, "test", "-c", "/dev/kmsg"})
+ session2.WaitWithDefaultTimeout()
+ Expect(session2).Should((Exit(1)))
})
It("podman run CDI device test", func() {
@@ -109,14 +109,13 @@ var _ = Describe("Podman run device", func() {
err = cmd.Run()
Expect(err).To(BeNil())
- session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "myKmsg", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
+ session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "myKmsg", ALPINE, "test", "-c", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
It("podman run --gpus noop", func() {
- session := podmanTest.Podman([]string{"run", "--gpus", "all", ALPINE, "ls", "/"})
+ session := podmanTest.Podman([]string{"run", "--gpus", "all", ALPINE, "true"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
})
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-20 04:12:59 +0000