diff options
Diffstat (limited to 'test/system')
| -rw-r--r-- | test/system/010-images.bats | 60 | ||||
| -rw-r--r-- | test/system/030-run.bats | 51 | ||||
| -rw-r--r-- | test/system/040-ps.bats | 12 | ||||
| -rw-r--r-- | test/system/070-build.bats | 2 | ||||
| -rw-r--r-- | test/system/130-kill.bats | 14 | ||||
| -rw-r--r-- | test/system/170-run-userns.bats | 38 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 18 | ||||
| -rw-r--r-- | test/system/700-play.bats | 2 | ||||
| -rw-r--r-- | test/system/helpers.bash | 10 |
9 files changed, 188 insertions, 19 deletions
diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 9de31f96c..201418620 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -240,4 +240,64 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z run_podman rmi test:1.0 } + +@test "podman images - rmi -af removes all containers and pods" { + pname=$(random_string) + run_podman create --pod new:$pname $IMAGE + + run_podman inspect --format '{{.ID}}' $IMAGE + imageID=$output + + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + pauseImage=localhost/podman-pause:$output + run_podman inspect --format '{{.ID}}' $pauseImage + pauseID=$output + + run_podman 2 rmi -a + is "$output" "Error: 2 errors occurred: +.** Image used by .*: image is in use by a container +.** Image used by .*: image is in use by a container" + + run_podman rmi -af + is "$output" "Untagged: $IMAGE +Untagged: $pauseImage +Deleted: $imageID +Deleted: $pauseID" "infra images gets removed as well" + + run_podman images --noheading + is "$output" "" + run_podman ps --all --noheading + is "$output" "" + run_podman pod ps --noheading + is "$output" "" + + run_podman create --pod new:$pname $IMAGE +} + +@test "podman images - rmi -f can remove infra images" { + pname=$(random_string) + run_podman create --pod new:$pname $IMAGE + + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + pauseImage=localhost/podman-pause:$output + run_podman inspect --format '{{.ID}}' $pauseImage + pauseID=$output + + run_podman 2 rmi $pauseImage + is "$output" "Error: Image used by .* image is in use by a container" + + run_podman rmi -f $pauseImage + is "$output" "Untagged: $pauseImage +Deleted: $pauseID" + + # Force-removing the infra container removes the pod and all its containers. + run_podman ps --all --noheading + is "$output" "" + run_podman pod ps --noheading + is "$output" "" + + # Other images are still present. + run_podman image exists $IMAGE +} + # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 5937d38f8..d81a0758c 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -586,9 +586,7 @@ json-file | f @test "podman run with --net=host and --port prints warning" { rand=$(random_string 10) - # Please keep the duplicate "--net" options; this tests against #8507, - # a regression in which subsequent --net options did not override earlier. - run_podman run --rm -p 8080 --net=none --net=host $IMAGE echo $rand + run_podman run --rm -p 8080 --net=host $IMAGE echo $rand is "${lines[0]}" \ "Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use" \ "Warning is emitted before container output" @@ -713,6 +711,18 @@ EOF run_podman rmi nomtab } +@test "podman run --hostuser tests" { + skip_if_not_rootless "test whether hostuser is successfully added" + user=$(id -un) + run_podman 1 run --rm $IMAGE grep $user /etc/passwd + run_podman run --hostuser=$user --rm $IMAGE grep $user /etc/passwd + user=$(id -u) + run_podman run --hostuser=$user --rm $IMAGE grep $user /etc/passwd + run_podman run --hostuser=$user --user $user --rm $IMAGE grep $user /etc/passwd + user=bogus + run_podman 126 run --hostuser=$user --rm $IMAGE grep $user /etc/passwd +} + @test "podman run --device-cgroup-rule tests" { skip_if_rootless "cannot add devices in rootless mode" @@ -758,4 +768,39 @@ EOF is "$output" ".*TERM=abc" "missing TERM environment variable despite TERM being set on commandline" } +@test "podman run - no /etc/hosts" { + skip_if_rootless "cannot move /etc/hosts file as a rootless user" + tmpfile=$PODMAN_TMPDIR/hosts + mv /etc/hosts $tmpfile + run_podman '?' run --rm --add-host "foo.com:1.2.3.4" $IMAGE cat "/etc/hosts" + mv $tmpfile /etc/hosts + is "$status" 0 "podman run without /etc/hosts file should work" + is "$output" "1.2.3.4 foo.com.*" "users can add hosts even without /etc/hosts" +} + +# rhbz#1854566 : $IMAGE has incorrect permission 555 on the root '/' filesystem +@test "podman run image with filesystem permission" { + # make sure the IMAGE image have permissiong of 555 like filesystem RPM expects + run_podman run --rm $IMAGE stat -c %a / + is "$output" "555" "directory permissions on /" +} + +# rhbz#1763007 : the --log-opt for podman run does not work as expected +@test "podman run with log-opt option" { + # Pseudorandom size of the form N.NNN. The '| 1' handles '0.NNN' or 'N.NN0', + # which podman displays as 'NNN kB' or 'N.NN MB' respectively. + size=$(printf "%d.%03d" $(($RANDOM % 10 | 1)) $(($RANDOM % 100 | 1))) + run_podman run -d --rm --log-opt max-size=${size}m $IMAGE sleep 5 + cid=$output + run_podman inspect --format "{{ .HostConfig.LogConfig.Size }}" $cid + is "$output" "${size}MB" + run_podman rm -t 0 -f $cid +} + +@test "podman run --kernel-memory warning" { + # Not sure what situations this fails in, but want to make sure warning shows. + run_podman '?' run --rm --kernel-memory 100 $IMAGE false + is "$output" ".*The --kernel-memory flag is no longer supported. This flag is a noop." "warn on use of --kernel-memory" + +} # vim: filetype=sh diff --git a/test/system/040-ps.bats b/test/system/040-ps.bats index 09a0f8de1..61b290415 100644 --- a/test/system/040-ps.bats +++ b/test/system/040-ps.bats @@ -83,10 +83,10 @@ load helpers run_podman rm -a } -@test "podman ps -a --external" { +@test "podman ps --external" { # Setup: ensure that we have no hidden storage containers - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "1" "setup check: no storage containers at start of test" # Force a buildah timeout; this leaves a buildah container behind @@ -107,7 +107,7 @@ EOF run_podman ps -a is "${#lines[@]}" "1" "podman ps -a does not see buildah containers" - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "3" "podman ps -a --external sees buildah containers" is "${lines[1]}" \ "[0-9a-f]\{12\} \+$IMAGE *buildah .* seconds ago .* storage .* ${PODMAN_TEST_IMAGE_NAME}-working-container" \ @@ -115,7 +115,7 @@ EOF # 'rm -a' should be a NOP run_podman rm -a - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "3" "podman ps -a --external sees buildah containers" # Cannot prune intermediate image as it's being used by a buildah @@ -128,7 +128,7 @@ EOF is "${#lines[@]}" "1" "Image used by build container is pruned" # One buildah container has been removed. - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "2" "podman ps -a --external sees buildah containers" cid="${lines[1]:0:12}" @@ -140,7 +140,7 @@ EOF # With -f, we can remove it. run_podman rm -t 0 -f "$cid" - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "1" "storage container has been removed" } diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 3c47b1f5b..5e920506d 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -115,7 +115,7 @@ FROM $IMAGE RUN echo $rand_content EOF - run_podman 125 --runtime-flag invalidflag build -t build_test $tmpdir + run_podman 1 --runtime-flag invalidflag build -t build_test $tmpdir is "$output" ".*invalidflag" "failed when passing undefined flags to the runtime" } diff --git a/test/system/130-kill.bats b/test/system/130-kill.bats index 1ff3a7b61..a9456e03c 100644 --- a/test/system/130-kill.bats +++ b/test/system/130-kill.bats @@ -116,4 +116,18 @@ load helpers is "$output" "Error: valid signals are 1 through 64" "podman create" } +@test "podman kill - print IDs or raw input" { + # kill -a must print the IDs + run_podman run --rm -d $IMAGE top + ctrID="$output" + run_podman kill -a + is "$output" "$ctrID" + + # kill $input must print $input + cname=$(random_string) + run_podman run --rm -d --name $cname $IMAGE top + run_podman kill $cname + is "$output" $cname +} + # vim: filetype=sh diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index eb6c4e259..a5be591ef 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -17,7 +17,7 @@ function _require_crun() { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" _require_crun - run chroot --groups 1234 / ${PODMAN} run --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id + run chroot --groups 1234 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id is "$output" ".*65534(nobody)" "Check group leaked into user namespace" } @@ -25,30 +25,56 @@ function _require_crun() { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" _require_crun - run chroot --groups 1234,5678 / ${PODMAN} run --group-add keep-groups $IMAGE id + run chroot --groups 1234,5678 / ${PODMAN} run --rm --group-add keep-groups $IMAGE id is "$output" ".*1234" "Check group leaked into container" } @test "podman --group-add without keep-groups while in a userns" { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" - run chroot --groups 1234,5678 / ${PODMAN} run --uidmap 0:200000:5000 --group-add 457 $IMAGE id + run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" } @test "podman --remote --group-add keep-groups " { if is_remote; then - run_podman 125 run --group-add keep-groups $IMAGE id + run_podman 125 run --rm --group-add keep-groups $IMAGE id is "$output" ".*not supported in remote mode" "Remote check --group-add keep-groups" fi } @test "podman --group-add without keep-groups " { - run_podman run --group-add 457 $IMAGE id + run_podman run --rm --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" } @test "podman --group-add keep-groups plus added groups " { - run_podman 125 run --group-add keep-groups --group-add 457 $IMAGE id + run_podman 125 run --rm --group-add keep-groups --group-add 457 $IMAGE id is "$output" ".*the '--group-add keep-groups' option is not allowed with any other --group-add options" "Check group leaked into container" } + +@test "podman userns=auto in config file" { + skip_if_remote "userns=auto is set on the server" + + if is_rootless; then + egrep -q "^$(id -un):" /etc/subuid || skip "no IDs allocated for current user" + else + egrep -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'" + fi + + cat > $PODMAN_TMPDIR/userns_auto.conf <<EOF +[containers] +userns="auto" +EOF + # First make sure a user namespace is created + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman run -d $IMAGE sleep infinity + cid=$output + + run_podman inspect --format '{{.HostConfig.UsernsMode}}' $cid + is "$output" "private" "Check that a user namespace was created for the container" + + run_podman rm -t 0 -f $cid + + # Then check that the main user is not mapped into the user namespace + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman 0 run --rm $IMAGE awk '{if($2 == "0"){exit 1}}' /proc/self/uid_map /proc/self/gid_map +} diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index deadfa90a..2b5ad44dc 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -16,6 +16,21 @@ load helpers if [[ ${output} = ${heading} ]]; then die "network ls --noheading did not remove heading: $output" fi + + # check deterministic list order + local net1=a-$(random_string 10) + local net2=b-$(random_string 10) + local net3=c-$(random_string 10) + run_podman network create $net1 + run_podman network create $net2 + run_podman network create $net3 + + run_podman network ls --quiet + # just check the the order of the created networks is correct + # we cannot do an exact match since developer and CI systems could contain more networks + is "$output" ".*$net1.*$net2.*$net3.*podman.*" "networks sorted alphabetically" + + run_podman network rm $net1 $net2 $net3 } # Copied from tsweeney's https://github.com/containers/podman/issues/4827 @@ -124,10 +139,11 @@ load helpers @test "podman run with slirp4ns assigns correct addresses to /etc/hosts" { CIDR="$(random_rfc1918_subnet)" + IP=$(hostname -I | cut -f 1 -d " ") local conname=con-$(random_string 10) run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ --name $conname --hostname $conname $IMAGE cat /etc/hosts - is "$output" ".*${CIDR}.2 host.containers.internal" "host.containers.internal should be the cidr+2 address" + is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be the cidr+2 address" is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address" } diff --git a/test/system/700-play.bats b/test/system/700-play.bats index b77d41920..88c7cad87 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -104,8 +104,6 @@ RELABEL="system_u:object_r:container_file_t:s0" TESTDIR=$PODMAN_TMPDIR/testdir mkdir -p $TESTDIR echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml - run_podman 125 play kube --network bridge $PODMAN_TMPDIR/test.yaml - is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host" run_podman 125 play kube --network host $PODMAN_TMPDIR/test.yaml is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host" run_podman play kube --network slirp4netns:port_handler=slirp4netns $PODMAN_TMPDIR/test.yaml diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 2f36c2239..958a0e87c 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -402,6 +402,16 @@ function skip_if_rootless() { fi } +###################### +# skip_if_not_rootless # ...with an optional message +###################### +function skip_if_not_rootless() { + if ! is_rootless; then + local msg=$(_add_label_if_missing "$1" "rootfull") + skip "${msg:-not applicable under rootlfull podman}" + fi +} + #################### # skip_if_remote # ...with an optional message #################### |