diff options
Diffstat (limited to 'test/e2e')
| -rw-r--r-- | test/e2e/config/containers.conf | 2 | ||||
| -rw-r--r-- | test/e2e/containers_conf_test.go | 11 | ||||
| -rw-r--r-- | test/e2e/generate_kube_test.go | 35 | ||||
| -rw-r--r-- | test/e2e/inspect_test.go | 24 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 6 |
5 files changed, 78 insertions, 0 deletions
diff --git a/test/e2e/config/containers.conf b/test/e2e/config/containers.conf index 5a5e4b7a5..fdf679664 100644 --- a/test/e2e/config/containers.conf +++ b/test/e2e/config/containers.conf @@ -53,6 +53,8 @@ tz = "Pacific/Honolulu" umask = "0002" +annotations=["run.oci.keep_original_groups=1",] + [engine] network_cmd_options=["allow_host_loopback=true"] diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 719ac9fac..c78c93b8c 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -320,4 +320,15 @@ var _ = Describe("Podman run", func() { Expect(session.OutputToString()).To(Equal("0022")) }) + It("podman run containers.conf annotations test", func() { + //containers.conf is set to "run.oci.keep_original_groups=1" + session := podmanTest.Podman([]string{"create", "--rm", "--name", "test", fedoraMinimal}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", "--format", "{{ .Config.Annotations }}", "test"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.OutputToString()).To(ContainSubstring("run.oci.keep_original_groups:1")) + }) + }) diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index bcfab0f68..cd949c666 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -699,4 +699,39 @@ ENTRYPOINT /bin/sleep` Expect(containers[0].Command).To(Equal([]string{"/bin/sh", "-c", "/bin/sleep"})) Expect(containers[0].Args).To(Equal([]string{"10s"})) }) + + It("podman generate kube - --privileged container", func() { + session := podmanTest.Podman([]string{"create", "--pod", "new:testpod", "--privileged", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "testpod"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + // Now make sure that the capabilities aren't set. + pod := new(v1.Pod) + err := yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + + containers := pod.Spec.Containers + Expect(len(containers)).To(Equal(1)) + Expect(containers[0].SecurityContext.Capabilities).To(BeNil()) + + // Now make sure we can also `play` it. + kubeFile := filepath.Join(podmanTest.TempDir, "kube.yaml") + + kube = podmanTest.Podman([]string{"generate", "kube", "testpod", "-f", kubeFile}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + // Remove the pod so play can recreate it. + kube = podmanTest.Podman([]string{"pod", "rm", "-f", "testpod"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + kube = podmanTest.Podman([]string{"play", "kube", kubeFile}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + }) }) diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index 8fc9721f9..12bc886a8 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -466,4 +466,28 @@ var _ = Describe("Podman inspect", func() { Expect(len(inspect)).To(Equal(1)) Expect(len(inspect[0].NetworkSettings.Networks)).To(Equal(1)) }) + + It("Container inspect with unlimited uilimits should be -1", func() { + ctrName := "testctr" + session := podmanTest.Podman([]string{"run", "-d", "--ulimit", "core=-1:-1", "--name", ctrName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", ctrName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(BeZero()) + + data := inspect.InspectContainerToJSON() + ulimits := data[0].HostConfig.Ulimits + Expect(len(ulimits)).To(BeNumerically(">", 0)) + found := false + for _, ulimit := range ulimits { + if ulimit.Name == "RLIMIT_CORE" { + found = true + Expect(ulimit.Soft).To(BeNumerically("==", -1)) + Expect(ulimit.Hard).To(BeNumerically("==", -1)) + } + } + Expect(found).To(BeTrue()) + }) }) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 76d362288..934b78202 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -332,6 +332,9 @@ var _ = Describe("Podman run", func() { It("podman run user capabilities test", func() { // We need to ignore the containers.conf on the test distribution for this test os.Setenv("CONTAINERS_CONF", "/dev/null") + if IsRemote() { + podmanTest.RestartRemoteService() + } session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", ALPINE, "grep", "CapBnd", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -424,6 +427,9 @@ var _ = Describe("Podman run", func() { It("podman run user capabilities test with image", func() { // We need to ignore the containers.conf on the test distribution for this test os.Setenv("CONTAINERS_CONF", "/dev/null") + if IsRemote() { + podmanTest.RestartRemoteService() + } dockerfile := `FROM busybox USER bin` podmanTest.BuildImage(dockerfile, "test", "false") |