diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/config.go | 9 | ||||
| -rw-r--r-- | test/e2e/healthcheck_run_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/mount_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/run_seccomp.go | 70 | ||||
| -rw-r--r-- | test/e2e/run_signal_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/save_test.go | 2 | ||||
| -rw-r--r-- | test/endpoint/commit.go | 2 | ||||
| -rw-r--r-- | test/system/TODO.md | 2 | ||||
| -rwxr-xr-x | test/test_podman_pods.sh | 4 | ||||
| -rw-r--r-- | test/utils/common_function_test.go | 2 |
10 files changed, 88 insertions, 9 deletions
diff --git a/test/e2e/config.go b/test/e2e/config.go index aeb7affee..12d0e545e 100644 --- a/test/e2e/config.go +++ b/test/e2e/config.go @@ -14,4 +14,13 @@ var ( BB = "docker.io/library/busybox:latest" healthcheck = "docker.io/libpod/alpine_healthcheck:latest" ImageCacheDir = "/tmp/podman/imagecachedir" + + // This image has seccomp profiles that blocks all syscalls. + // The intention behind blocking all syscalls is to prevent + // regressions in the future. The required syscalls can vary + // depending on which runtime we're using. + alpineSeccomp = "docker.io/libpod/alpine-with-seccomp:latest" + // This image has a bogus/invalid seccomp profile which should + // yield a json error when being read. + alpineBogusSeccomp = "docker.io/libpod/alpine-with-bogus-seccomp:latest" ) diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go index 4acea06eb..7633261e3 100644 --- a/test/e2e/healthcheck_run_test.go +++ b/test/e2e/healthcheck_run_test.go @@ -42,7 +42,7 @@ var _ = Describe("Podman healthcheck run", func() { }) It("podman healthcheck on valid container", func() { - Skip("Extremely consistent flake - reenable on debugging") + Skip("Extremely consistent flake - re-enable on debugging") session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", healthcheck}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index dda83ba31..ac52d8c7e 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -205,7 +205,7 @@ var _ = Describe("Podman mount", func() { Expect(lmount.OutputToString()).To(Equal("")) }) - It("podman list mulitple mounted containers", func() { + It("podman list multiple mounted containers", func() { SkipIfRootless() setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) diff --git a/test/e2e/run_seccomp.go b/test/e2e/run_seccomp.go new file mode 100644 index 000000000..dcf938ad6 --- /dev/null +++ b/test/e2e/run_seccomp.go @@ -0,0 +1,70 @@ +// +build !remoteclient + +package integration + +import ( + "os" + + . "github.com/containers/libpod/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman run --seccomp-policy default", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "default", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + + It("podman run --seccomp-policy ''", func() { + // Empty string is interpreted as "default". + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + + It("podman run --seccomp-policy invalid", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "invalid", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(Equal(0)) + }) + + It("podman run --seccomp-policy image (block all syscalls)", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + // TODO: we're getting a "cannot start a container that has + // stopped" error which seems surprising. Investigate + // why that is so. + Expect(session.ExitCode()).ToNot(Equal(0)) + }) + + It("podman run --seccomp-policy image (bogus profile)", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineBogusSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + }) +}) diff --git a/test/e2e/run_signal_test.go b/test/e2e/run_signal_test.go index 1d57e6211..eee7c14fb 100644 --- a/test/e2e/run_signal_test.go +++ b/test/e2e/run_signal_test.go @@ -47,7 +47,7 @@ var _ = Describe("Podman run with --sig-proxy", func() { Specify("signals are forwarded to container using sig-proxy", func() { if podmanTest.Host.Arch == "ppc64le" { - Skip("Doesnt work on ppc64le") + Skip("Doesn't work on ppc64le") } signal := syscall.SIGFPE // Set up a socket for communication diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index 52dab923b..60825f975 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -51,7 +51,7 @@ var _ = Describe("Podman save", func() { }) It("podman save with stdout", func() { - Skip("Pipe redirection in ginkgo probably wont work") + Skip("Pipe redirection in ginkgo probably won't work") outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") save := podmanTest.PodmanNoCache([]string{"save", ALPINE, ">", outfile}) diff --git a/test/endpoint/commit.go b/test/endpoint/commit.go index 476ac6ca3..ab9af819f 100644 --- a/test/endpoint/commit.go +++ b/test/endpoint/commit.go @@ -40,7 +40,7 @@ var _ = Describe("Podman commit", func() { // run the container to be committed _ = endpointTest.startTopContainer("top") result := endpointTest.Varlink("Commit", string(b), false) - // This indicates an error occured + // This indicates an error occurred Expect(len(result.StdErrToString())).To(BeNumerically(">", 0)) }) diff --git a/test/system/TODO.md b/test/system/TODO.md index f6110d2e9..f0d311626 100644 --- a/test/system/TODO.md +++ b/test/system/TODO.md @@ -70,7 +70,7 @@ have been omitted as they are verified by repeated implied use. - [ ] Container runlabel, exists, checkpoint, exists, restore, stop, prune - Using pre-existing remote image, start it with 'podman container runlabel --pull' - - Run a named container that exits immediatly + - Run a named container that exits immediately - Confirm 'container exists' zero exit (both containers) - Checkpoint the running container - Confirm 'container exists' non-zero exit (runlabel container) diff --git a/test/test_podman_pods.sh b/test/test_podman_pods.sh index daa8acaee..f2f47f510 100755 --- a/test/test_podman_pods.sh +++ b/test/test_podman_pods.sh @@ -39,13 +39,13 @@ fi ######## -# Create a named and unamed pod +# Create a named and unnamed pod ######## podman pod create --name foobar podid=$(podman pod create) ######## -# Delete a named and unamed pod +# Delete a named and unnamed pod ######## podman pod rm foobar podman pod rm $podid diff --git a/test/utils/common_function_test.go b/test/utils/common_function_test.go index 98cb43188..46cce1076 100644 --- a/test/utils/common_function_test.go +++ b/test/utils/common_function_test.go @@ -115,7 +115,7 @@ var _ = Describe("Common functions test", func() { bytes, _ := ioutil.ReadAll(read) json.Unmarshal(bytes, compareData) - Expect(reflect.DeepEqual(testData, compareData)).To(BeTrue(), "Data chaned after we store it to file.") + Expect(reflect.DeepEqual(testData, compareData)).To(BeTrue(), "Data changed after we store it to file.") }) DescribeTable("Test Containerized", |