diff options
Diffstat (limited to 'test/system')
26 files changed, 227 insertions, 98 deletions
diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index 888c075b8..2e5ebe4a3 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -101,7 +101,9 @@ function setup() { fi run_podman 125 --remote - is "$output" "Error: missing command 'podman COMMAND'" "podman remote show usage message without running endpoint" + is "$output" "Error: missing command 'podman COMMAND' +Try 'podman --help' for more information." \ + "podman --remote show usage message without running endpoint" } # This is for development only; it's intended to make sure our timeout diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 0ea0f8356..045045fa6 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -37,7 +37,7 @@ cgroupVersion: v[12] # FIXME: if we're ever able to get package versions on Debian, # add '-[0-9]' to all '*.package' queries below. tests=" -host.buildahVersion | [0-9.] +host.buildahVersion | [1-9][0-9]*\.[0-9.]\\\+.* host.conmon.path | $expr_path host.conmon.package | .*conmon.* host.cgroupManager | \\\(systemd\\\|cgroupfs\\\) diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 649987dfd..1e9d5f181 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -19,8 +19,8 @@ load helpers @test "podman images - custom formats" { tests=" -{{.ID}} | [0-9a-f]\\\{12\\\} -{{.ID| upper}} | [0-9A-F]\\\{12\\\} +{{.ID}} | [0-9a-f]\\\{12\\\}\\\$ +{{.ID| upper}} | [0-9A-F]\\\{12\\\}\\\$ {{.Repository}}:{{.Tag}} | $PODMAN_TEST_IMAGE_FQN {{.Labels.created_by}} | test/system/build-testimage {{.Labels.created_at}} | 20[0-9-]\\\+T[0-9:]\\\+Z @@ -28,7 +28,7 @@ load helpers parse_table "$tests" | while read fmt expect; do run_podman images --format "$fmt" - is "$output" "$expect\$" "podman images $fmt" + is "$output" "$expect" "podman images --format '$fmt'" done run_podman images --format "{{.ID}}" --no-trunc diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 3d9d834b3..4080f08b4 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -517,7 +517,8 @@ json-file | f cid="$output" run_podman inspect --format "{{.ImageName}}" $cid - is "$output" "$newtag" "container .ImageName is the container-create name" + is "$output" "$newtag:latest" \ + "container .ImageName is the container-create name" # Same thing, but now with a :tag, and making sure it works with --name newtag2="${newtag}:$(random_string 6|tr A-Z a-z)" @@ -526,7 +527,8 @@ json-file | f cname="$(random_string 14|tr A-Z a-z)" run_podman create --name $cname $newtag2 run_podman inspect --format "{{.ImageName}}" $cname - is "$output" "$newtag2" "container .ImageName is the container-create name" + is "$output" "$newtag2" \ + "container .ImageName is the container-create name, with :tag" # Clean up. run_podman rm $cid $cname @@ -718,7 +720,7 @@ EOF run_podman 125 run --device-cgroup-rule="b 7:2" --rm $IMAGE is "$output" 'Error: invalid device cgroup rule requires type, major:Minor, and access rules: "b 7:2"' run_podman 125 run --device-cgroup-rule="x 7:* rmw" --rm $IMAGE - is "$output" "Error: invalid device type in device-access-add:" + is "$output" "Error: invalid device type in device-access-add: x" run_podman 125 run --device-cgroup-rule="a a:* rmw" --rm $IMAGE is "$output" "Error: strconv.ParseInt: parsing \"a\": invalid syntax" } diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats index a04d2ac74..76ce12b81 100644 --- a/test/system/035-logs.bats +++ b/test/system/035-logs.bats @@ -135,31 +135,38 @@ function _log_test_until() { s_after="after_$(random_string)_${driver}" before=$(date --iso-8601=seconds) - sleep 5 + sleep 1 run_podman run --log-driver=$driver -d --name test $IMAGE sh -c \ "echo $s_before; trap 'echo $s_after; exit' SIGTERM; while :; do sleep 1; done" # sleep a second to make sure the date is after the first echo sleep 1 run_podman stop test - # sleep for 20 seconds to get the proper after time - sleep 20 + run_podman wait test - run_podman logs test - is "$output" \ - "$s_before + # Sigh. Stupid journald has a lag. Wait a few seconds for it to catch up. + retries=20 + s_both="$s_before $s_after" + while [[ $retries -gt 0 ]]; do + run_podman logs test + if [[ "$output" = "$s_both" ]]; then + break + fi + retries=$((retries - 1)) + sleep 0.1 + done + if [[ $retries -eq 0 ]]; then + die "Timed out waiting for before&after in podman logs: $output" + fi run_podman logs --until $before test - is "$output" \ - "" + is "$output" "" "podman logs --until before" - after=$(date --iso-8601=seconds) + after=$(date --date='+1 second' --iso-8601=seconds) run_podman logs --until $after test - is "$output" \ - "$s_before -$s_after" + is "$output" "$s_both" "podman logs --until after" run_podman rm -f test } diff --git a/test/system/040-ps.bats b/test/system/040-ps.bats index 182d75547..63f57efdc 100644 --- a/test/system/040-ps.bats +++ b/test/system/040-ps.bats @@ -90,26 +90,48 @@ load helpers is "${#lines[@]}" "1" "setup check: no storage containers at start of test" # Force a buildah timeout; this leaves a buildah container behind + local t0=$SECONDS PODMAN_TIMEOUT=5 run_podman 124 build -t thiswillneverexist - <<EOF FROM $IMAGE +RUN touch /intermediate.image.to.be.pruned RUN sleep 30 EOF + local t1=$SECONDS + local delta_t=$((t1 - t0)) + if [[ $delta_t -gt 10 ]]; then + # FIXME FIXME FIXME: when buildah issue 3544 gets fixed and vendored, + # change 'echo' to 'die' + echo "podman build did not get killed within 10 seconds (actual time: $delta_t seconds)" + fi run_podman ps -a - is "${#lines[@]}" "1" "podman ps -a does not see buildah container" + is "${#lines[@]}" "1" "podman ps -a does not see buildah containers" run_podman ps --external -a - is "${#lines[@]}" "2" "podman ps -a --external sees buildah container" + is "${#lines[@]}" "3" "podman ps -a --external sees buildah containers" is "${lines[1]}" \ "[0-9a-f]\{12\} \+$IMAGE *buildah .* seconds ago .* storage .* ${PODMAN_TEST_IMAGE_NAME}-working-container" \ "podman ps --external" - cid="${lines[1]:0:12}" - # 'rm -a' should be a NOP run_podman rm -a run_podman ps --external -a - is "${#lines[@]}" "2" "podman ps -a --external sees buildah container" + is "${#lines[@]}" "3" "podman ps -a --external sees buildah containers" + + # Cannot prune intermediate image as it's being used by a buildah + # container. + run_podman image prune -f + is "$output" "" "No image is pruned" + + # --external for removing buildah containers. + run_podman image prune -f --external + is "${#lines[@]}" "1" "Image used by build container is pruned" + + # One buildah container has been removed. + run_podman ps --external -a + is "${#lines[@]}" "2" "podman ps -a --external sees buildah containers" + + cid="${lines[1]:0:12}" # We can't rm it without -f, but podman should issue a helpful message run_podman 2 rm "$cid" diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats index 63a93e13b..ba37ea5e1 100644 --- a/test/system/060-mount.bats +++ b/test/system/060-mount.bats @@ -125,6 +125,7 @@ load helpers run_podman exec $cid find /image-mount/etc/ # Clean up + run_podman stop -t 0 $cid run_podman rm -f $cid } @@ -147,6 +148,7 @@ load helpers run_podman inspect --format "{{(index .Mounts 0).RW}}" $cid is "$output" "true" "inspect data includes image mount source" + run_podman stop -t 0 $cid run_podman rm -f $cid } diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats index 39f439e7b..38c38d671 100644 --- a/test/system/065-cp.bats +++ b/test/system/065-cp.bats @@ -256,6 +256,7 @@ load helpers " # From RUNNING container + local -a destcontainers=() while read id src dest dest_fullname description; do # dest may be "''" for empty table cells if [[ $dest == "''" ]];then @@ -265,26 +266,25 @@ load helpers # To RUNNING container run_podman run -d $IMAGE sleep infinity destcontainer="$output" + destcontainers+=($destcontainer) run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman exec $destcontainer cat "/$dest_fullname" is "$output" "${randomcontent[$id]}" "$description (cp ctr:$src to /$dest)" - run_podman kill $destcontainer - run_podman rm -f $destcontainer # To CREATED container run_podman create $IMAGE sleep infinity destcontainer="$output" + destcontainers+=($destcontainer) run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman start $destcontainer run_podman exec $destcontainer cat "/$dest_fullname" is "$output" "${randomcontent[$id]}" "$description (cp ctr:$src to /$dest)" - run_podman kill $destcontainer - run_podman rm -f $destcontainer done < <(parse_table "$tests") - run_podman kill cpcontainer - run_podman rm -f cpcontainer + run_podman kill cpcontainer ${destcontainers[@]} + run_podman rm -f cpcontainer ${destcontainers[@]} # From CREATED container + destcontainers=() run_podman create --name cpcontainer --workdir=/srv $cpimage while read id src dest dest_fullname description; do # dest may be "''" for empty table cells @@ -295,23 +295,21 @@ load helpers # To RUNNING container run_podman run -d $IMAGE sleep infinity destcontainer="$output" + destcontainers+=($destcontainer) run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman exec $destcontainer cat "/$dest_fullname" is "$output" "${randomcontent[$id]}" "$description (cp ctr:$src to /$dest)" - run_podman kill $destcontainer - run_podman rm -f $destcontainer - # To CREATED container run_podman create $IMAGE sleep infinity destcontainer="$output" + destcontainers+=($destcontainer) run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman start $destcontainer run_podman exec $destcontainer cat "/$dest_fullname" is "$output" "${randomcontent[$id]}" "$description (cp ctr:$src to /$dest)" - run_podman kill $destcontainer - run_podman rm -f $destcontainer done < <(parse_table "$tests") - run_podman rm -f cpcontainer + run_podman kill ${destcontainers[@]} + run_podman rm -f cpcontainer ${destcontainers[@]} run_podman rmi -f $cpimage } @@ -496,6 +494,7 @@ load helpers " # From RUNNING container + local -a destcontainers=() while read src dest dest_fullname description; do if [[ $src == "''" ]];then unset src @@ -510,28 +509,27 @@ load helpers # To RUNNING container run_podman run -d $IMAGE sleep infinity destcontainer="$output" + destcontainers+=($destcontainer) run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman exec $destcontainer cat "/$dest_fullname/containerfile0" "/$dest_fullname/containerfile1" is "$output" "${randomcontent[0]} ${randomcontent[1]}" "$description" - run_podman kill $destcontainer - run_podman rm -f $destcontainer # To CREATED container run_podman create $IMAGE sleep infinity destcontainer="$output" + destcontainers+=($destcontainer) run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman start $destcontainer run_podman exec $destcontainer cat "/$dest_fullname/containerfile0" "/$dest_fullname/containerfile1" is "$output" "${randomcontent[0]} ${randomcontent[1]}" "$description" - run_podman kill $destcontainer - run_podman rm -f $destcontainer done < <(parse_table "$tests") - run_podman kill cpcontainer - run_podman rm -f cpcontainer + run_podman kill cpcontainer ${destcontainers[@]} + run_podman rm -f cpcontainer ${destcontainers[@]} # From CREATED container + destcontainers=() run_podman create --name cpcontainer --workdir=/srv $cpimage while read src dest dest_fullname description; do if [[ $src == "''" ]];then @@ -547,26 +545,25 @@ ${randomcontent[1]}" "$description" # To RUNNING container run_podman run -d $IMAGE sleep infinity destcontainer="$output" + destcontainers+=($destcontainer) run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman exec $destcontainer cat "/$dest_fullname/containerfile0" "/$dest_fullname/containerfile1" is "$output" "${randomcontent[0]} ${randomcontent[1]}" "$description" - run_podman kill $destcontainer - run_podman rm -f $destcontainer # To CREATED container run_podman create $IMAGE sleep infinity destcontainer="$output" + destcontainers+=($destcontainer) run_podman start $destcontainer run_podman cp cpcontainer:$src $destcontainer:"/$dest" run_podman exec $destcontainer cat "/$dest_fullname/containerfile0" "/$dest_fullname/containerfile1" is "$output" "${randomcontent[0]} ${randomcontent[1]}" "$description" - run_podman kill $destcontainer - run_podman rm -f $destcontainer done < <(parse_table "$tests") - run_podman rm -f cpcontainer + run_podman kill ${destcontainers[@]} + run_podman rm -f cpcontainer ${destcontainers[@]} run_podman rmi -f $cpimage } diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 0e1396fc6..4e89e299a 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -956,6 +956,15 @@ EOF run_podman build -t build_test $tmpdir } +@test "podman build build context is a symlink to a directory" { + tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir/target + ln -s target $tmpdir/link + echo FROM $IMAGE > $tmpdir/link/Dockerfile + echo RUN echo hello >> $tmpdir/link/Dockerfile + run_podman build -t build_test $tmpdir/link +} + function teardown() { # A timeout or other error in 'build' can leave behind stale images # that podman can't even see and which will cascade into subsequent diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index b7367d153..de767a1e8 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -77,7 +77,7 @@ load helpers is "${lines[1]}" "3000+0 records out" "dd: number of records out" # Verify sha. '% *' strips off the path, keeping only the SHA run_podman exec $cid sha512sum /tmp/bigfile - is "${output% *}" "$expect" "SHA of file in container" + is "${output% *}" "$expect " "SHA of file in container" # Clean up run_podman exec $cid touch /stop diff --git a/test/system/080-pause.bats b/test/system/080-pause.bats index 1eb47dcfb..2314324a9 100644 --- a/test/system/080-pause.bats +++ b/test/system/080-pause.bats @@ -48,6 +48,7 @@ load helpers # would imply that the container never paused. is "$max_delta" "[3456]" "delta t between paused and restarted" + run_podman stop -t 0 $cname run_podman rm -f $cname # Pause/unpause on nonexistent name or id - these should all fail @@ -73,6 +74,7 @@ load helpers is "$output" "$cid" "podman unpause output" run_podman ps --format '{{.ID}} {{.Names}} {{.Status}}' is "$output" "${cid:0:12} $cname Up.*" "podman ps on resumed container" + run_podman stop -t 0 $cname run_podman rm -f $cname run_podman rm -f notrunning } diff --git a/test/system/120-load.bats b/test/system/120-load.bats index 97ea0f528..e9959271f 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -11,7 +11,7 @@ load helpers # initialize, read image ID and name get_iid_and_name() { run_podman images -a --format '{{.ID}} {{.Repository}}:{{.Tag}}' - read iid img_name < <(echo "$output") + read iid img_name <<<"$output" archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar } @@ -32,7 +32,7 @@ verify_iid_and_name() { echo "I am an invalid file and should cause a podman-load error" > $invalid run_podman 125 load -i $invalid # podman and podman-remote emit different messages; this is a common string - is "$output" ".*payload does not match any of the supported image formats .*" \ + is "$output" ".*payload does not match any of the supported image formats:.*" \ "load -i INVALID fails with expected diagnostic" } @@ -62,7 +62,7 @@ verify_iid_and_name() { # FIXME: cannot compare IID, see #7371, so we check only the tag run_podman images $fqin --format '{{.Repository}}:{{.Tag}}' - is "$output" "$fqin" "image preserves name across save/load" + is "${lines[0]}" "$fqin" "image preserves name across save/load" # Load with a new tag local new_name=x1$(random_string 14 | tr A-Z a-z) @@ -129,7 +129,7 @@ verify_iid_and_name() { @test "podman load - redirect corrupt payload" { run_podman 125 load <<< "Danger, Will Robinson!! This is a corrupt tarball!" is "$output" \ - ".*payload does not match any of the supported image formats .*" \ + ".*payload does not match any of the supported image formats:.*" \ "Diagnostic from 'podman load' unknown/corrupt payload" } @@ -183,4 +183,16 @@ verify_iid_and_name() { run_podman rmi -f $img1 $img2 } +@test "podman save --oci-accept-uncompressed-layers" { + archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar + untar=$PODMAN_TMPDIR/myuntar-$(random_string 8) + mkdir -p $untar + + # Create a tarball, unpack it and make sure the layers are uncompressed. + run_podman save -o $archive --format oci-archive --uncompressed $IMAGE + run tar -C $untar -xvf $archive + run file $untar/blobs/sha256/* + is "$output" ".*POSIX tar archive" "layers are uncompressed" +} + # vim: filetype=sh diff --git a/test/system/125-import.bats b/test/system/125-import.bats index 5995d71bf..5b8d84a2f 100644 --- a/test/system/125-import.bats +++ b/test/system/125-import.bats @@ -20,26 +20,26 @@ load helpers # Simple import run_podman import -q $archive iid="$output" - run_podman run -t --rm $iid cat /random.txt + run_podman run --rm $iid cat /random.txt is "$output" "$random_content" "simple import" run_podman rmi -f $iid # Simple import via stdin run_podman import -q - < <(cat $archive) iid="$output" - run_podman run -t --rm $iid cat /random.txt + run_podman run --rm $iid cat /random.txt is "$output" "$random_content" "simple import via stdin" run_podman rmi -f $iid # Tagged import run_podman import -q $archive $fqin - run_podman run -t --rm $fqin cat /random.txt + run_podman run --rm $fqin cat /random.txt is "$output" "$random_content" "tagged import" run_podman rmi -f $fqin # Tagged import via stdin run_podman import -q - $fqin < <(cat $archive) - run_podman run -t --rm $fqin cat /random.txt + run_podman run --rm $fqin cat /random.txt is "$output" "$random_content" "tagged import via stdin" run_podman rmi -f $fqin } @@ -100,7 +100,7 @@ EOF # Confirm exit within timeout run_podman ps -a --filter name=$a_cnt --format '{{.Status}}' - is "$output" "Exited (33)" "Exit by non-TERM/KILL" + is "$output" "Exited (33) .*" "Exit by non-TERM/KILL" run_podman rm -f $a_cnt run_podman rmi $b_img $a_img diff --git a/test/system/150-login.bats b/test/system/150-login.bats index ed925044c..c003a0409 100644 --- a/test/system/150-login.bats +++ b/test/system/150-login.bats @@ -245,7 +245,7 @@ function _test_skopeo_credential_sharing() { is "$status" "0" "skopeo inspect - exit status" got_name=$(jq -r .Name <<<"$output") - is "$got_name" "$registry/$dest_name" "skopeo inspect -> Name" + is "$got_name" "$registry/$destname" "skopeo inspect -> Name" # Now try without a valid login; it should fail run_podman logout "$@" $registry diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index e21be9ea4..c02525e0d 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -191,7 +191,7 @@ EOF run_podman run --rm -v my_vol:/data $IMAGE sh -c "echo hello >> /data/test" run_podman volume create my_vol2 - tarfile=hello$(random_string | tr A-Z a-z).tar + tarfile=${PODMAN_TMPDIR}/hello$(random_string | tr A-Z a-z).tar run_podman volume export my_vol --output=$tarfile # we want to use `run_podman volume export my_vol` but run_podman is wrapping EOF run_podman volume import my_vol2 - < $tarfile @@ -261,7 +261,8 @@ EOF # prune should remove v4 run_podman volume prune --force - is "$output" "${v[4]}" "volume prune, with 1, 2, 3 in use, deletes only 4" + is "$(echo $(sort <<<$output))" "${v[4]} ${v[5]} ${v[6]}" \ + "volume prune, with 1, 2, 3 in use, deletes only 4, 5, 6" # Remove the container using v2 and v3. Prune should now remove those. # The 'echo sort' is to get the output sorted and in one line. diff --git a/test/system/220-healthcheck.bats b/test/system/220-healthcheck.bats index e416629e6..28fe8eb92 100644 --- a/test/system/220-healthcheck.bats +++ b/test/system/220-healthcheck.bats @@ -12,13 +12,13 @@ function _check_health { local testname="$1" local tests="$2" - run_podman inspect --format json healthcheck_c + run_podman inspect --format "{{json .State.Healthcheck}}" healthcheck_c parse_table "$tests" | while read field expect;do # (kludge to deal with parse_table and empty strings) if [ "$expect" = "''" ]; then expect=""; fi - actual=$(jq -r ".[0].State.Healthcheck.$field" <<<"$output") + actual=$(jq -r ".$field" <<<"$output") is "$actual" "$expect" "$testname - .State.Healthcheck.$field" done } @@ -108,6 +108,7 @@ Log[-1].Output | is "$output" "unhealthy" "output from 'podman healthcheck run'" # Clean up + run_podman stop -t 0 healthcheck_c run_podman rm -f healthcheck_c run_podman rmi healthcheck_i } diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats index 0dae569a8..395e6f94f 100644 --- a/test/system/260-sdnotify.bats +++ b/test/system/260-sdnotify.bats @@ -70,7 +70,7 @@ function _stop_socat() { # Check that MAINPID=xxxxx points to a running conmon process function _assert_mainpid_is_conmon() { - local mainpid=$(expr "$1" : "MAINPID=\([0-9]\+\)") + local mainpid=$(expr "$1" : ".*MAINPID=\([0-9]\+\)") test -n "$mainpid" || die "Could not parse '$1' as 'MAINPID=nnnn'" test -d /proc/$mainpid || die "sdnotify MAINPID=$mainpid - but /proc/$mainpid does not exist" @@ -121,7 +121,7 @@ function _assert_mainpid_is_conmon() { # we look for READY=1 _anywhere_ in the output, not just the last line. is "$output" ".*READY=1.*" "sdnotify sent READY=1" - _assert_mainpid_is_conmon "${lines[0]}" + _assert_mainpid_is_conmon "$output" # Done. Stop container, clean up. run_podman exec $cid touch /stop @@ -163,7 +163,7 @@ function _assert_mainpid_is_conmon() { is "$output" ".*READY=1" "received READY=1 through notify socket" - _assert_mainpid_is_conmon "${lines[0]}" + _assert_mainpid_is_conmon "$output" # Done. Stop container, clean up. run_podman exec $cid touch /stop diff --git a/test/system/270-socket-activation.bats b/test/system/270-socket-activation.bats index 031ba161b..dd439d3ae 100644 --- a/test/system/270-socket-activation.bats +++ b/test/system/270-socket-activation.bats @@ -69,26 +69,36 @@ function teardown() { @test "podman system service - socket activation - no container" { run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR http://podman/libpod/_ping - is "$output" "OK" "podman service responses normally" + is "$output" "OK" "podman service responds normally" } -@test "podman system service - socket activation - exist container " { - run_podman run $IMAGE sleep 90 +@test "podman system service - socket activation - existing container" { + run_podman run -d $IMAGE sleep 90 + cid="$output" + run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR http://podman/libpod/_ping - is "$output" "OK" "podman service responses normally" + is "$output" "OK" "podman service responds normally" + + run_podman stop -t 0 $cid + run_podman rm -f $cid } -@test "podman system service - socket activation - kill rootless pause " { +@test "podman system service - socket activation - kill rootless pause" { if ! is_rootless; then skip "root podman no need pause process" fi - run_podman run $IMAGE sleep 90 + run_podman run -d $IMAGE sleep 90 + cid="$output" + local pause_pid="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid" if [ -f $pause_pid ]; then kill -9 $(cat $pause_pid) 2> /dev/null fi run curl -s --max-time 3 --unix-socket $SERVICE_SOCK_ADDR http://podman/libpod/_ping - is "$output" "OK" "podman service responses normally" + is "$output" "OK" "podman service responds normally" + + run_podman stop -t 0 $cid + run_podman rm -f $cid } # vim: filetype=sh diff --git a/test/system/330-corrupt-images.bats b/test/system/330-corrupt-images.bats index eeffff3ec..7f2b81835 100644 --- a/test/system/330-corrupt-images.bats +++ b/test/system/330-corrupt-images.bats @@ -74,11 +74,11 @@ function _corrupt_image_test() { # Corruptify, and confirm that 'podman images' throws an error rm -v ${PODMAN_CORRUPT_TEST_WORKDIR}/root/*-images/$id/${rm_path} run_podman 125 images - is "$output" "Error: error retrieving label for image \"$id\": you may need to remove the image to resolve the error" + is "$output" "Error: error retrieving label for image \"$id\": you may need to remove the image to resolve the error.*" # Run the requested command. Confirm it succeeds, with suitable warnings run_podman $* - is "$output" ".*error determining parent of image.*ignoring the error" \ + is "$output" ".*Failed to determine parent of image.*ignoring the error" \ "$* with missing $what_to_rm" run_podman images -a --noheading diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 5ee0e0715..7f7f23000 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -29,7 +29,7 @@ function check_label() { if [ -n "$2" ]; then # e.g. from the above example -> "s0:c45,c745" range=$(cut -d: -f4,5 <<<"$context") - is "$range" "$2" "SELinux range" + is "$range" "$2^@" "SELinux range" fi } @@ -101,7 +101,7 @@ function check_label() { --security-opt label=level:s0 \ $IMAGE sh -c 'while test ! -e /stop; do sleep 0.1; done' run_podman inspect --format='{{ .HostConfig.SecurityOpt }}' myc - is "$output" "\[label=type:spc_t,label=level:s0 seccomp=unconfined]" \ + is "$output" "[label=type:spc_t,label=level:s0 seccomp=unconfined]" \ "'podman inspect' preserves all --security-opts" run_podman exec myc touch /stop @@ -113,6 +113,14 @@ function check_label() { @test "podman selinux: shared context in (some) namespaces" { skip_if_no_selinux + # rootless users have no usable cgroups with cgroupsv1, so containers + # must use a pid namespace and not join an existing one. + skip_if_rootless_cgroupsv1 + + if [[ $(podman_runtime) == "runc" ]]; then + skip "some sort of runc bug, not worth fixing (#11784)" + fi + run_podman run -d --name myctr $IMAGE top run_podman exec myctr cat -v /proc/self/attr/current context_c1="$output" @@ -221,24 +229,25 @@ function check_label() { run_podman run -v $tmpdir:/test $IMAGE cat /proc/self/attr/current run ls -dZ ${tmpdir} - is "$output" ${LABEL} "No Relabel Correctly" + is "$output" "${LABEL} ${tmpdir}" "No Relabel Correctly" run_podman run -v $tmpdir:/test:z --security-opt label=disable $IMAGE cat /proc/self/attr/current run ls -dZ $tmpdir - is "$output" ${RELABEL} "Privileged Relabel Correctly" + is "$output" "${RELABEL} $tmpdir" "Privileged Relabel Correctly" run_podman run -v $tmpdir:/test:z --privileged $IMAGE cat /proc/self/attr/current run ls -dZ $tmpdir - is "$output" ${RELABEL} "Privileged Relabel Correctly" + is "$output" "${RELABEL} $tmpdir" "Privileged Relabel Correctly" run_podman run -v $tmpdir:/test:Z $IMAGE cat /proc/self/attr/current level=$(secon -l $output) run ls -dZ $tmpdir - is "$output" "system_u:object_r:container_file_t:$level" "Confined Relabel Correctly" + is "$output" "system_u:object_r:container_file_t:$level $tmpdir" \ + "Confined Relabel Correctly" run_podman run -v $tmpdir:/test:z $IMAGE cat /proc/self/attr/current run ls -dZ $tmpdir - is "$output" ${RELABEL} "Shared Relabel Correctly" + is "$output" "${RELABEL} $tmpdir" "Shared Relabel Correctly" } # vim: filetype=sh diff --git a/test/system/420-cgroups.bats b/test/system/420-cgroups.bats index 89c81a742..025a20012 100644 --- a/test/system/420-cgroups.bats +++ b/test/system/420-cgroups.bats @@ -8,9 +8,7 @@ load helpers @test "podman run, preserves initial --cgroup-manager" { skip_if_remote "podman-remote does not support --cgroup-manager" - if is_rootless && is_cgroupsv1; then - skip "not supported as rootless under cgroups v1" - fi + skip_if_rootless_cgroupsv1 # Find out our default cgroup manager, and from that, get the non-default run_podman info --format '{{.Host.CgroupManager}}' diff --git a/test/system/450-interactive.bats b/test/system/450-interactive.bats index 47bdff9ab..55c2afcd4 100644 --- a/test/system/450-interactive.bats +++ b/test/system/450-interactive.bats @@ -55,9 +55,11 @@ function teardown() { cols=$(( 15 + RANDOM % 60 & 126 )) stty rows $rows cols $cols <$PODMAN_TEST_PTY + CR=$'\r' + # ...and make sure stty under podman reads that. run_podman run -it --name mystty $IMAGE stty size <$PODMAN_TEST_PTY - is "$output" "$rows $cols" "stty under podman run reads the correct dimensions" + is "$output" "$rows $cols$CR" "stty under podman run reads the correct dimensions" run_podman rm -f mystty @@ -75,7 +77,7 @@ function teardown() { @test "podman load - will not read from tty" { run_podman 125 load <$PODMAN_TEST_PTY is "$output" \ - "Error: cannot read from terminal. Use command-line redirection" \ + "Error: cannot read from terminal. Use command-line redirection or the --input flag." \ "Diagnostic from 'podman load' without redirection or -i" } @@ -84,14 +86,15 @@ function teardown() { run_podman run --tty -i --rm $IMAGE echo hello < /dev/null is "$output" ".*The input device is not a TTY.*" "-it _without_ a tty" + CR=$'\r' run_podman run --tty -i --rm $IMAGE echo hello <$PODMAN_TEST_PTY - is "$output" "hello" "-it _with_ a pty" + is "$output" "hello$CR" "-it _with_ a pty" run_podman run --tty=false -i --rm $IMAGE echo hello < /dev/null is "$output" "hello" "-tty=false: no warning" run_podman run --tty -i=false --rm $IMAGE echo hello < /dev/null - is "$output" "hello" "-i=false: no warning" + is "$output" "hello$CR" "-i=false: no warning" } # vim: filetype=sh diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index ef00d0366..29fa309f3 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -415,6 +415,10 @@ load helpers run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").MacAddress}}" mac="$output" + # check network alias for container short id + run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").Aliases}}" + is "$output" "[${cid:0:12}]" "short container id in network aliases" + run_podman network disconnect $netname $cid # check that we cannot curl (timeout after 3 sec) @@ -443,6 +447,10 @@ load helpers # connect a second network run_podman network connect $netname2 $cid + # check network2 alias for container short id + run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname2\").Aliases}}" + is "$output" "[${cid:0:12}]" "short container id in network aliases" + # curl should work run curl --max-time 3 -s $SERVER/index.txt is "$output" "$random_1" "curl 127.0.0.1:/index.txt should work" diff --git a/test/system/600-completion.bats b/test/system/600-completion.bats index fbb0da231..5f4610e9e 100644 --- a/test/system/600-completion.bats +++ b/test/system/600-completion.bats @@ -110,12 +110,10 @@ function check_shell_completion() { is "$output" ".*localhost/$random_image_name:$random_image_tag${nl}" \ "$* $cmd: actual image listed in suggestions" - # check that we complete the image with and without tag after at least one char is typed + # check that we complete the image with tag after at least one char is typed run_completion "$@" $cmd "${extra_args[@]}" "${random_image_name:0:1}" is "$output" ".*$random_image_name:$random_image_tag${nl}" \ "$* $cmd: image name:tag included in suggestions" - is "$output" ".*$random_image_name${nl}" \ - "$* $cmd: image name(w/o tag) included in suggestions" # check that we complete the image id after at least two chars are typed run_completion "$@" $cmd "${extra_args[@]}" "${random_image_id:0:2}" diff --git a/test/system/700-play.bats b/test/system/700-play.bats index 2b05cdd84..f41c50e4c 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -30,7 +30,7 @@ spec: containers: - command: - sleep - - "100" + - \"100\" env: - name: PATH value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -49,7 +49,7 @@ spec: capabilities: {} privileged: false seLinuxOptions: - level: "s0:c1,c2" + level: \"s0:c1,c2\" readOnlyRootFilesystem: false volumeMounts: - mountPath: /testdir:z @@ -69,11 +69,15 @@ RELABEL="system_u:object_r:container_file_t:s0" TESTDIR=$PODMAN_TMPDIR/testdir mkdir -p $TESTDIR echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml + run_podman play kube - < $PODMAN_TMPDIR/test.yaml if [ -e /usr/sbin/selinuxenabled -a /usr/sbin/selinuxenabled ]; then run ls -Zd $TESTDIR - is "$output" ${RELABEL} "selinux relabel should have happened" + is "$output" "${RELABEL} $TESTDIR" "selinux relabel should have happened" fi + + run_podman stop -a -t 0 + run_podman pod stop test_pod run_podman pod rm -f test_pod } @@ -84,8 +88,11 @@ RELABEL="system_u:object_r:container_file_t:s0" run_podman play kube $PODMAN_TMPDIR/test.yaml if [ -e /usr/sbin/selinuxenabled -a /usr/sbin/selinuxenabled ]; then run ls -Zd $TESTDIR - is "$output" ${RELABEL} "selinux relabel should have happened" + is "$output" "${RELABEL} $TESTDIR" "selinux relabel should have happened" fi + + run_podman stop -a -t 0 + run_podman pod stop test_pod run_podman pod rm -f test_pod } @@ -102,12 +109,19 @@ RELABEL="system_u:object_r:container_file_t:s0" infraID="$output" run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID is "$output" "slirp4netns" "network mode slirp4netns is set for the container" + + run_podman stop -a -t 0 + run_podman pod stop test_pod run_podman pod rm -f test_pod + run_podman play kube --network none $PODMAN_TMPDIR/test.yaml run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}" infraID="$output" run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID is "$output" "none" "network mode none is set for the container" + + run_podman stop -a -t 0 + run_podman pod stop test_pod run_podman pod rm -f test_pod } @@ -149,6 +163,9 @@ _EOF run_podman play kube --start=false $PODMAN_TMPDIR/test.yaml run_podman inspect --format "{{ .Config.User }}" test_pod-test is "$output" bin "expect container within pod to run as the bin user" + + run_podman stop -a -t 0 + run_podman pod stop test_pod run_podman pod rm -f test_pod run_podman rmi -f userimage:latest } diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 28ea924bb..03e1ab82b 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -428,6 +428,18 @@ function skip_if_cgroupsv1() { fi } +###################### +# skip_if_rootless_cgroupsv1 # ...with an optional message +###################### +function skip_if_rootless_cgroupsv1() { + if is_rootless; then + if ! is_cgroupsv2; then + local msg=$(_add_label_if_missing "$1" "rootless cgroupvs1") + skip "${msg:-not supported as rootless under cgroupsv1}" + fi + fi +} + ################################## # skip_if_journald_unavailable # rhbz#1895105: rootless journald permissions ################################## @@ -466,13 +478,30 @@ function is() { local expect="$2" local testname="${3:-${MOST_RECENT_PODMAN_COMMAND:-[no test name given]}}" + local is_expr= if [ -z "$expect" ]; then if [ -z "$actual" ]; then + # Both strings are empty. return fi expect='[no output]' - elif expr "$actual" : "$expect" >/dev/null; then + elif [[ "$actual" = "$expect" ]]; then + # Strings are identical. return + else + # Strings are not identical. Are there wild cards in our expect string? + if expr "$expect" : ".*[^\\][\*\[]" >/dev/null; then + # There is a '[' or '*' without a preceding backslash. + is_expr=' (using expr)' + elif [[ "${expect:0:1}" = '[' ]]; then + # String starts with '[', e.g. checking seconds like '[345]' + is_expr=' (using expr)' + fi + if [[ -n "$is_expr" ]]; then + if expr "$actual" : "$expect" >/dev/null; then + return + fi + fi fi # This is a multi-line message, which may in turn contain multi-line @@ -481,7 +510,7 @@ function is() { readarray -t actual_split <<<"$actual" printf "#/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv\n" >&2 printf "#| FAIL: $testname\n" >&2 - printf "#| expected: '%s'\n" "$expect" >&2 + printf "#| expected: '%s'%s\n" "$expect" "$is_expr" >&2 printf "#| actual: '%s'\n" "${actual_split[0]}" >&2 local line for line in "${actual_split[@]:1}"; do |