diff options
Diffstat (limited to 'test/system')
| -rw-r--r-- | test/system/015-help.bats | 18 | ||||
| -rw-r--r-- | test/system/030-run.bats | 41 | ||||
| -rw-r--r-- | test/system/200-pod.bats | 41 | ||||
| -rw-r--r-- | test/system/250-systemd.bats | 8 | ||||
| -rw-r--r-- | test/system/410-selinux.bats | 19 |
5 files changed, 124 insertions, 3 deletions
diff --git a/test/system/015-help.bats b/test/system/015-help.bats index 14af8e1a4..3d05b44fe 100644 --- a/test/system/015-help.bats +++ b/test/system/015-help.bats @@ -34,13 +34,16 @@ function check_help() { dprint "$command_string --help" run_podman "$@" $cmd --help + local full_help="$output" # The line immediately after 'Usage:' gives us a 1-line synopsis - usage=$(echo "$output" | grep -A1 '^Usage:' | tail -1) + usage=$(echo "$full_help" | grep -A1 '^Usage:' | tail -1) [ -n "$usage" ] || die "podman $cmd: no Usage message found" # e.g. 'podman ps' should not show 'podman container ps' in usage - is "$usage" " $command_string .*" "Usage string matches command" + # Trailing space in usage handles 'podman system renumber' which + # has no ' [flags]' + is "$usage " " $command_string .*" "Usage string matches command" # If usage ends in '[command]', recurse into subcommands if expr "$usage" : '.*\[command\]$' >/dev/null; then @@ -59,6 +62,17 @@ function check_help() { die "'flags' must precede arguments in usage: $usage" fi + # Cross-check: if usage includes '[flags]', there must be a + # longer 'Flags:' section in the full --help output; vice-versa, + # if 'Flags:' is in full output, usage line must have '[flags]'. + if expr "$usage" : '.*\[flag' >/dev/null; then + if ! expr "$full_help" : ".*Flags:" >/dev/null; then + die "$command_string: Usage includes '[flags]' but has no 'Flags:' subsection" + fi + elif expr "$full_help" : ".*Flags:" >/dev/null; then + die "$command_string: --help has 'Flags:' section but no '[flags]' in synopsis" + fi + # If usage lists no arguments (strings in ALL CAPS), confirm # by running with 'invalid-arg' and expecting failure. if ! expr "$usage" : '.*[A-Z]' >/dev/null; then diff --git a/test/system/030-run.bats b/test/system/030-run.bats index eeecea2e5..bc6347012 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -201,4 +201,45 @@ echo $rand | 0 | $rand "podman will not overwrite existing cidfile" } +@test "podman run docker-archive" { + # Create an image that, when run, outputs a random magic string + expect=$(random_string 20) + run_podman run --name myc --entrypoint="[\"/bin/echo\",\"$expect\"]" $IMAGE + is "$output" "$expect" "podman run --entrypoint echo-randomstring" + + # Save it as a tar archive + run_podman commit myc myi + archive=$PODMAN_TMPDIR/archive.tar + run_podman save myi -o $archive + is "$output" "" "podman save" + + # Clean up image and container from container storage... + run_podman rmi myi + run_podman rm myc + + # ... then confirm we can run from archive. This re-imports the image + # and runs it, producing our random string as the last line. + run_podman run docker-archive:$archive + is "${lines[0]}" "Getting image source signatures" "podman run docker-archive, first line of output" + is "$output" ".*Copying blob" "podman run docker-archive" + is "$output" ".*Copying config" "podman run docker-archive" + is "$output" ".*Writing manifest" "podman run docker-archive" + is "${lines[-1]}" "$expect" "podman run docker-archive: expected random string output" + + # Clean up container as well as re-imported image + run_podman rm -a + run_podman rmi myi + + # Repeat the above, with podman-create and podman-start. + run_podman create docker-archive:$archive + cid=${lines[-1]} + + run_podman start --attach $cid + is "$output" "$expect" "'podman run' of 'podman-create docker-archive'" + + # Clean up. + run_podman rm $cid + run_podman rmi myi +} + # vim: filetype=sh diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 9a6b39057..0e9d9132e 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -150,6 +150,18 @@ function random_ip() { pod_id_file=${PODMAN_TMPDIR}/pod-id-file + # Randomly-assigned ports in the 5xxx and 6xxx range + for port_in in $(shuf -i 5000-5999);do + if ! { exec 3<> /dev/tcp/127.0.0.1/$port_in; } &>/dev/null; then + break + fi + done + for port_out in $(shuf -i 6000-6999);do + if ! { exec 3<> /dev/tcp/127.0.0.1/$port_out; } &>/dev/null; then + break + fi + done + # Create a pod with all the desired options # FIXME: --ip=$ip fails: # Error adding network: failed to allocate all requested IPs @@ -161,6 +173,7 @@ function random_ip() { --dns "$dns_server" \ --dns-search "$dns_search" \ --dns-opt "$dns_opt" \ + --publish "$port_out:$port_in" \ --label "${labelname}=${labelvalue}" pod_id="$output" @@ -199,6 +212,34 @@ function random_ip() { run_podman pod ps --no-trunc --filter "label=${labelname}=${labelvalue}" --format '{{.ID}}' is "$output" "$pod_id" "pod ps --filter label=..." + # Test local port forwarding, as well as 'ps' output showing ports + # Run 'nc' in a container, waiting for input on the published port. + c_name=$(random_string 15) + run_podman run -d --pod mypod --name $c_name $IMAGE nc -l -p $port_in + cid="$output" + + # Try running another container also listening on the same port. + run_podman 1 run --pod mypod --name dsfsdfsdf $IMAGE nc -l -p $port_in + is "$output" "nc: bind: Address in use" \ + "two containers cannot bind to same port" + + # While the container is still running, run 'podman ps' (no --format) + # and confirm that the output includes the published port + run_podman ps --filter id=$cid + is "${lines[1]}" "${cid:0:12} $IMAGE nc -l -p $port_in .* 0.0.0.0:$port_out->$port_in/tcp $c_name" \ + "output of 'podman ps'" + + # send a random string to the container. This will cause the container + # to output the string to its logs, then exit. + teststring=$(random_string 30) + echo "$teststring" | nc 127.0.0.1 $port_out + + # Confirm that the container log output is the string we sent it. + run_podman logs $cid + is "$output" "$teststring" "test string received on container" + + # Clean up + run_podman rm $cid run_podman pod rm -f mypod } diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index 4bee13414..b7035cdda 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -41,7 +41,7 @@ function teardown() { fi cname=$(random_string) - run_podman create --name $cname --detach $IMAGE top + run_podman create --name $cname --label "io.containers.autoupdate=image" --detach $IMAGE top run_podman generate systemd --new $cname echo "$output" > "$UNIT_FILE" @@ -64,6 +64,12 @@ function teardown() { run_podman logs $cname is "$output" ".*Load average:.*" "running container 'top'-like output" + # Exercise `podman auto-update`. + # TODO: this will at least run auto-update code but won't perform an update + # since the image didn't change. We need to improve on that and run + # an image from a local registry instead. + run_podman auto-update + # All good. Stop service, clean up. run $SYSTEMCTL stop "$SERVICE_NAME" if [ $status -ne 0 ]; then diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 8a0477eff..1769730f0 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -63,4 +63,23 @@ function check_label() { check_label "--security-opt label=level:s0:c1,c2" "container_t" "s0:c1,c2" } +# pr #6752 +@test "podman selinux: inspect multiple labels" { + if [ ! -e /usr/sbin/selinuxenabled ] || ! /usr/sbin/selinuxenabled; then + skip "selinux disabled or not available" + fi + + run_podman run -d --name myc \ + --security-opt seccomp=unconfined \ + --security-opt label=type:spc_t \ + --security-opt label=level:s0 \ + $IMAGE sh -c 'while test ! -e /stop; do sleep 0.1; done' + run_podman inspect --format='{{ .HostConfig.SecurityOpt }}' myc + is "$output" "\[label=type:spc_t,label=level:s0 seccomp=unconfined]" \ + "'podman inspect' preserves all --security-opts" + + run_podman exec myc touch /stop + run_podman rm -f myc +} + # vim: filetype=sh |