diff options
Diffstat (limited to 'test/system')
| -rw-r--r-- | test/system/010-images.bats | 60 | ||||
| -rw-r--r-- | test/system/030-run.bats | 47 | ||||
| -rw-r--r-- | test/system/170-run-userns.bats | 38 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 3 | ||||
| -rw-r--r-- | test/system/helpers.bash | 10 |
5 files changed, 151 insertions, 7 deletions
diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 9de31f96c..201418620 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -240,4 +240,64 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z run_podman rmi test:1.0 } + +@test "podman images - rmi -af removes all containers and pods" { + pname=$(random_string) + run_podman create --pod new:$pname $IMAGE + + run_podman inspect --format '{{.ID}}' $IMAGE + imageID=$output + + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + pauseImage=localhost/podman-pause:$output + run_podman inspect --format '{{.ID}}' $pauseImage + pauseID=$output + + run_podman 2 rmi -a + is "$output" "Error: 2 errors occurred: +.** Image used by .*: image is in use by a container +.** Image used by .*: image is in use by a container" + + run_podman rmi -af + is "$output" "Untagged: $IMAGE +Untagged: $pauseImage +Deleted: $imageID +Deleted: $pauseID" "infra images gets removed as well" + + run_podman images --noheading + is "$output" "" + run_podman ps --all --noheading + is "$output" "" + run_podman pod ps --noheading + is "$output" "" + + run_podman create --pod new:$pname $IMAGE +} + +@test "podman images - rmi -f can remove infra images" { + pname=$(random_string) + run_podman create --pod new:$pname $IMAGE + + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + pauseImage=localhost/podman-pause:$output + run_podman inspect --format '{{.ID}}' $pauseImage + pauseID=$output + + run_podman 2 rmi $pauseImage + is "$output" "Error: Image used by .* image is in use by a container" + + run_podman rmi -f $pauseImage + is "$output" "Untagged: $pauseImage +Deleted: $pauseID" + + # Force-removing the infra container removes the pod and all its containers. + run_podman ps --all --noheading + is "$output" "" + run_podman pod ps --noheading + is "$output" "" + + # Other images are still present. + run_podman image exists $IMAGE +} + # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 6f1fa600a..d81a0758c 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -711,6 +711,18 @@ EOF run_podman rmi nomtab } +@test "podman run --hostuser tests" { + skip_if_not_rootless "test whether hostuser is successfully added" + user=$(id -un) + run_podman 1 run --rm $IMAGE grep $user /etc/passwd + run_podman run --hostuser=$user --rm $IMAGE grep $user /etc/passwd + user=$(id -u) + run_podman run --hostuser=$user --rm $IMAGE grep $user /etc/passwd + run_podman run --hostuser=$user --user $user --rm $IMAGE grep $user /etc/passwd + user=bogus + run_podman 126 run --hostuser=$user --rm $IMAGE grep $user /etc/passwd +} + @test "podman run --device-cgroup-rule tests" { skip_if_rootless "cannot add devices in rootless mode" @@ -756,4 +768,39 @@ EOF is "$output" ".*TERM=abc" "missing TERM environment variable despite TERM being set on commandline" } +@test "podman run - no /etc/hosts" { + skip_if_rootless "cannot move /etc/hosts file as a rootless user" + tmpfile=$PODMAN_TMPDIR/hosts + mv /etc/hosts $tmpfile + run_podman '?' run --rm --add-host "foo.com:1.2.3.4" $IMAGE cat "/etc/hosts" + mv $tmpfile /etc/hosts + is "$status" 0 "podman run without /etc/hosts file should work" + is "$output" "1.2.3.4 foo.com.*" "users can add hosts even without /etc/hosts" +} + +# rhbz#1854566 : $IMAGE has incorrect permission 555 on the root '/' filesystem +@test "podman run image with filesystem permission" { + # make sure the IMAGE image have permissiong of 555 like filesystem RPM expects + run_podman run --rm $IMAGE stat -c %a / + is "$output" "555" "directory permissions on /" +} + +# rhbz#1763007 : the --log-opt for podman run does not work as expected +@test "podman run with log-opt option" { + # Pseudorandom size of the form N.NNN. The '| 1' handles '0.NNN' or 'N.NN0', + # which podman displays as 'NNN kB' or 'N.NN MB' respectively. + size=$(printf "%d.%03d" $(($RANDOM % 10 | 1)) $(($RANDOM % 100 | 1))) + run_podman run -d --rm --log-opt max-size=${size}m $IMAGE sleep 5 + cid=$output + run_podman inspect --format "{{ .HostConfig.LogConfig.Size }}" $cid + is "$output" "${size}MB" + run_podman rm -t 0 -f $cid +} + +@test "podman run --kernel-memory warning" { + # Not sure what situations this fails in, but want to make sure warning shows. + run_podman '?' run --rm --kernel-memory 100 $IMAGE false + is "$output" ".*The --kernel-memory flag is no longer supported. This flag is a noop." "warn on use of --kernel-memory" + +} # vim: filetype=sh diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index eb6c4e259..a5be591ef 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -17,7 +17,7 @@ function _require_crun() { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" _require_crun - run chroot --groups 1234 / ${PODMAN} run --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id + run chroot --groups 1234 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id is "$output" ".*65534(nobody)" "Check group leaked into user namespace" } @@ -25,30 +25,56 @@ function _require_crun() { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" _require_crun - run chroot --groups 1234,5678 / ${PODMAN} run --group-add keep-groups $IMAGE id + run chroot --groups 1234,5678 / ${PODMAN} run --rm --group-add keep-groups $IMAGE id is "$output" ".*1234" "Check group leaked into container" } @test "podman --group-add without keep-groups while in a userns" { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" - run chroot --groups 1234,5678 / ${PODMAN} run --uidmap 0:200000:5000 --group-add 457 $IMAGE id + run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" } @test "podman --remote --group-add keep-groups " { if is_remote; then - run_podman 125 run --group-add keep-groups $IMAGE id + run_podman 125 run --rm --group-add keep-groups $IMAGE id is "$output" ".*not supported in remote mode" "Remote check --group-add keep-groups" fi } @test "podman --group-add without keep-groups " { - run_podman run --group-add 457 $IMAGE id + run_podman run --rm --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" } @test "podman --group-add keep-groups plus added groups " { - run_podman 125 run --group-add keep-groups --group-add 457 $IMAGE id + run_podman 125 run --rm --group-add keep-groups --group-add 457 $IMAGE id is "$output" ".*the '--group-add keep-groups' option is not allowed with any other --group-add options" "Check group leaked into container" } + +@test "podman userns=auto in config file" { + skip_if_remote "userns=auto is set on the server" + + if is_rootless; then + egrep -q "^$(id -un):" /etc/subuid || skip "no IDs allocated for current user" + else + egrep -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'" + fi + + cat > $PODMAN_TMPDIR/userns_auto.conf <<EOF +[containers] +userns="auto" +EOF + # First make sure a user namespace is created + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman run -d $IMAGE sleep infinity + cid=$output + + run_podman inspect --format '{{.HostConfig.UsernsMode}}' $cid + is "$output" "private" "Check that a user namespace was created for the container" + + run_podman rm -t 0 -f $cid + + # Then check that the main user is not mapped into the user namespace + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman 0 run --rm $IMAGE awk '{if($2 == "0"){exit 1}}' /proc/self/uid_map /proc/self/gid_map +} diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 4d36163d7..2b5ad44dc 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -139,10 +139,11 @@ load helpers @test "podman run with slirp4ns assigns correct addresses to /etc/hosts" { CIDR="$(random_rfc1918_subnet)" + IP=$(hostname -I | cut -f 1 -d " ") local conname=con-$(random_string 10) run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ --name $conname --hostname $conname $IMAGE cat /etc/hosts - is "$output" ".*${CIDR}.2 host.containers.internal" "host.containers.internal should be the cidr+2 address" + is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be the cidr+2 address" is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address" } diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 97b6db05c..415c9010e 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -398,6 +398,16 @@ function skip_if_rootless() { fi } +###################### +# skip_if_not_rootless # ...with an optional message +###################### +function skip_if_not_rootless() { + if ! is_rootless; then + local msg=$(_add_label_if_missing "$1" "rootfull") + skip "${msg:-not applicable under rootlfull podman}" + fi +} + #################### # skip_if_remote # ...with an optional message #################### |