diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/images_test.go | 4 | ||||
| -rw-r--r-- | test/e2e/mount_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/port_test.go | 4 | ||||
| -rw-r--r-- | test/e2e/rmi_test.go | 3 | ||||
| -rw-r--r-- | test/e2e/run_cpu_test.go | 4 | ||||
| -rw-r--r-- | test/e2e/run_volume_test.go | 28 | ||||
| -rw-r--r-- | test/system/030-run.bats | 18 |
7 files changed, 53 insertions, 10 deletions
diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go index 4eadc77e7..8203e4273 100644 --- a/test/e2e/images_test.go +++ b/test/e2e/images_test.go @@ -155,13 +155,13 @@ var _ = Describe("Podman images", func() { retapline.WaitWithDefaultTimeout() Expect(retapline.ExitCode()).To(Equal(0)) Expect(len(retapline.OutputToStringArray())).To(Equal(2)) - Expect(retapline.LineInOutputContains("alpine")) + Expect(retapline.LineInOutputContains("alpine")).To(BeTrue()) retapline = podmanTest.PodmanNoCache([]string{"images", "-f", "reference=alpine"}) retapline.WaitWithDefaultTimeout() Expect(retapline.ExitCode()).To(Equal(0)) Expect(len(retapline.OutputToStringArray())).To(Equal(2)) - Expect(retapline.LineInOutputContains("alpine")) + Expect(retapline.LineInOutputContains("alpine")).To(BeTrue()) retnone := podmanTest.PodmanNoCache([]string{"images", "-q", "-f", "reference=bogus"}) retnone.WaitWithDefaultTimeout() diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index 61abdf6fc..3197aa655 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -77,7 +77,7 @@ var _ = Describe("Podman mount", func() { j := podmanTest.Podman([]string{"mount", "--format=json"}) j.WaitWithDefaultTimeout() Expect(j.ExitCode()).To(Equal(0)) - Expect(j.IsJSONOutputValid()) + Expect(j.IsJSONOutputValid()).To(BeTrue()) umount := podmanTest.Podman([]string{"umount", cid}) umount.WaitWithDefaultTimeout() diff --git a/test/e2e/port_test.go b/test/e2e/port_test.go index b15d8e133..53fc33a01 100644 --- a/test/e2e/port_test.go +++ b/test/e2e/port_test.go @@ -135,12 +135,12 @@ var _ = Describe("Podman port", func() { result1 := podmanTest.Podman([]string{"port", "-l", "5000"}) result1.WaitWithDefaultTimeout() Expect(result1.ExitCode()).To(BeZero()) - Expect(result1.LineInOuputStartsWith("0.0.0.0:5000")) + Expect(result1.LineInOuputStartsWith("0.0.0.0:5000")).To(BeTrue()) // Check that the second port was honored result2 := podmanTest.Podman([]string{"port", "-l", "5001"}) result2.WaitWithDefaultTimeout() Expect(result2.ExitCode()).To(BeZero()) - Expect(result2.LineInOuputStartsWith("0.0.0.0:5001")) + Expect(result2.LineInOuputStartsWith("0.0.0.0:5001")).To(BeTrue()) }) }) diff --git a/test/e2e/rmi_test.go b/test/e2e/rmi_test.go index d4e2407ec..506adee7e 100644 --- a/test/e2e/rmi_test.go +++ b/test/e2e/rmi_test.go @@ -282,6 +282,7 @@ RUN find $LOCAL session := podmanTest.PodmanNoCache([]string{"image", "rm"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(125)) - Expect(session.LineInOutputContains("image name or ID must be specified")) + match, _ := session.ErrorGrepString("image name or ID must be specified") + Expect(match).To(BeTrue()) }) }) diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go index 4be9da3d2..42f17985c 100644 --- a/test/e2e/run_cpu_test.go +++ b/test/e2e/run_cpu_test.go @@ -60,7 +60,7 @@ var _ = Describe("Podman run cpu", func() { } result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) - Expect(result.LineInOutputContains("5000")) + Expect(result.LineInOutputContains("5000")).To(BeTrue()) }) It("podman run cpu-quota", func() { @@ -78,7 +78,7 @@ var _ = Describe("Podman run cpu", func() { } result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) - Expect(result.LineInOutputContains("5000")) + Expect(result.LineInOutputContains("5000")).To(BeTrue()) }) It("podman run cpus", func() { diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index abb93a149..5bad6744b 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -162,4 +162,32 @@ var _ = Describe("Podman run with volumes", func() { Expect(session.OutputToString()).To(ContainSubstring("/testvol1")) Expect(session.OutputToString()).To(ContainSubstring("/testvol2")) }) + + It("podman run with volumes and suid/dev/exec options", func() { + mountPath := filepath.Join(podmanTest.TempDir, "secrets") + os.Mkdir(mountPath, 0755) + session := podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:/run/test:suid,dev,exec", mountPath), ALPINE, "grep", "/run/test", "/proc/self/mountinfo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + found, matches := session.GrepString("/run/test") + Expect(found).Should(BeTrue()) + Expect(matches[0]).To(Not(ContainSubstring("noexec"))) + Expect(matches[0]).To(Not(ContainSubstring("nodev"))) + Expect(matches[0]).To(Not(ContainSubstring("nosuid"))) + + session = podmanTest.Podman([]string{"run", "--rm", "--tmpfs", "/run/test:suid,dev,exec", ALPINE, "grep", "/run/test", "/proc/self/mountinfo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + found, matches = session.GrepString("/run/test") + Expect(found).Should(BeTrue()) + Expect(matches[0]).To(Not(ContainSubstring("noexec"))) + Expect(matches[0]).To(Not(ContainSubstring("nodev"))) + Expect(matches[0]).To(Not(ContainSubstring("nosuid"))) + }) + + It("podman run with noexec can't exec", func() { + session := podmanTest.Podman([]string{"run", "--rm", "-v", "/bin:/hostbin:noexec", ALPINE, "/hostbin/ls", "/"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + }) }) diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 9e609b434..f279a0c75 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -4,13 +4,27 @@ load helpers @test "podman run - basic tests" { rand=$(random_string 30) + + # 2019-09 Fedora 31 and rawhide (32) are switching from runc to crun + # because of cgroups v2; crun emits different error messages. + # Default to runc: + err_no_such_cmd="Error: .*: starting container process caused .*exec:.*stat /no/such/command: no such file or directory" + err_no_exec_dir="Error: .*: starting container process caused .*exec:.* permission denied" + + # ...but check the configured runtime engine, and switch to crun as needed + run_podman info --format '{{ .host.OCIRuntime.path }}' + if expr "$output" : ".*/crun"; then + err_no_such_cmd="Error: executable file not found in \$PATH: No such file or directory: OCI runtime command not found error" + err_no_exec_dir="Error: open executable: Operation not permitted: OCI runtime permission denied error" + fi + tests=" true | 0 | false | 1 | sh -c 'exit 32' | 32 | echo $rand | 0 | $rand -/no/such/command | 127 | Error: .*: starting container process caused .*exec:.*stat /no/such/command: no such file or directory -/etc | 126 | Error: .*: starting container process caused .*exec:.* permission denied +/no/such/command | 127 | $err_no_such_cmd +/etc | 126 | $err_no_exec_dir " while read cmd expected_rc expected_output; do |