diff options
Diffstat (limited to 'test')
54 files changed, 510 insertions, 263 deletions
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 187073fb9..15b5dc4be 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -3,8 +3,11 @@ # test container-related endpoints # -podman pull $IMAGE &>/dev/null +# WORKDIR=/data +ENV_WORKDIR_IMG=docker.io/library/redis:alpine +podman pull $IMAGE &>/dev/null +podman pull $ENV_WORKDIR_IMG &>/dev/null # Unimplemented #t POST libpod/containers/create '' 201 'sdf' @@ -203,4 +206,22 @@ t POST containers/${cid_top}/stop "" 204 t DELETE containers/$cid 204 t DELETE containers/$cid_top 204 +# test the apiv2 create, should't ignore the ENV and WORKDIR from the image +t POST containers/create '"Image":"'$ENV_WORKDIR_IMG'","Env":["testKey1"]' 201 \ + .Id~[0-9a-f]\\{64\\} +cid=$(jq -r '.Id' <<<"$output") +t GET containers/$cid/json 200 \ + .Config.Env~"REDIS_VERSION=" \ + .Config.Env~"testEnv1=" \ + .Config.WorkingDir="/data" # default is /data +t DELETE containers/$cid 204 + +# test the WORKDIR +t POST containers/create '"Image":"'$ENV_WORKDIR_IMG'","WorkingDir":"/dataDir"' 201 \ + .Id~[0-9a-f]\\{64\\} +cid=$(jq -r '.Id' <<<"$output") +t GET containers/$cid/json 200 \ + .Config.WorkingDir="/dataDir" +t DELETE containers/$cid 204 + # vim: filetype=sh diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 93186bc8b..f22a4c3af 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -27,7 +27,7 @@ var _ = Describe("Podman checkpoint", func() { ) BeforeEach(func() { - SkipIfRootless() //checkpoint not supported in rootless mode + SkipIfRootless("checkpoint not supported in rootless mode") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 1943020c3..c663a4dca 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -599,6 +599,26 @@ func (p *PodmanTestIntegration) CreateSeccompJson(in []byte) (string, error) { return jsonFile, nil } +func checkReason(reason string) { + if len(reason) < 5 { + panic("Test must specify a reason to skip") + } +} + +func SkipIfRootlessCgroupsV1(reason string) { + checkReason(reason) + if os.Geteuid() != 0 && !CGROUPSV2 { + Skip("[rootless]: " + reason) + } +} + +func SkipIfRootless(reason string) { + checkReason(reason) + if os.Geteuid() != 0 { + ginkgo.Skip("[rootless]: " + reason) + } +} + func SkipIfNotFedora() { info := GetHostDistributionInfo() if info.Distribution != "fedora" { @@ -610,21 +630,32 @@ func isRootless() bool { return os.Geteuid() != 0 } -func SkipIfCgroupV1() { - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) +func SkipIfCgroupV1(reason string) { + checkReason(reason) + if !CGROUPSV2 { + Skip(reason) + } +} - if !cgroupsv2 { - Skip("Skip on systems with cgroup V1 systems") +func SkipIfCgroupV2(reason string) { + checkReason(reason) + if CGROUPSV2 { + Skip(reason) } } -func SkipIfCgroupV2() { - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) +func isContainerized() bool { + // This is set to "podman" by podman automatically + if os.Getenv("container") != "" { + return true + } + return false +} - if cgroupsv2 { - Skip("Skip on systems with cgroup V2 systems") +func SkipIfContainerized(reason string) { + checkReason(reason) + if isContainerized() { + Skip(reason) } } diff --git a/test/e2e/config.go b/test/e2e/config.go index 0e1850614..49a47c7da 100644 --- a/test/e2e/config.go +++ b/test/e2e/config.go @@ -23,8 +23,4 @@ var ( // This image has a bogus/invalid seccomp profile which should // yield a json error when being read. alpineBogusSeccomp = "docker.io/libpod/alpine-with-bogus-seccomp:label" - - // v2fail is a temporary variable to help us track - // tests that fail in v2 - v2fail = "does not pass integration tests with v2 podman" ) diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 02c5d1428..965e51973 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -41,7 +41,7 @@ var _ = Describe("Podman run", func() { }) It("podman run limits test", func() { - SkipIfRootlessCgroupsV1() + SkipIfRootlessCgroupsV1("Setting limits not supported on cgroupv1 for rootless users") //containers.conf is set to "nofile=500:500" session := podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "ulimit", "-n"}) session.WaitWithDefaultTimeout() @@ -179,6 +179,12 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("1000")) + + // Ignore containers.conf setting if --net=host + session = podmanTest.Podman([]string{"run", "--rm", "--net", "host", fedoraMinimal, "cat", "/proc/sys/net/ipv4/ping_group_range"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).ToNot((ContainSubstring("1000"))) }) It("podman run containers.conf search domain", func() { diff --git a/test/e2e/cp_test.go b/test/e2e/cp_test.go index a53485fa4..0a9fa990c 100644 --- a/test/e2e/cp_test.go +++ b/test/e2e/cp_test.go @@ -269,11 +269,11 @@ var _ = Describe("Podman cp", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session = podmanTest.Podman([]string{"exec", "-u", "testuser", "testctr", "touch", "testfile"}) + session = podmanTest.Podman([]string{"exec", "-u", "testuser", "testctr", "touch", "/tmp/testfile"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session = podmanTest.Podman([]string{"cp", "--pause=false", "testctr:testfile", "testfile1"}) + session = podmanTest.Podman([]string{"cp", "--pause=false", "testctr:/tmp/testfile", "testfile1"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index 57d1c3f2c..7a2267617 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -49,7 +49,7 @@ var _ = Describe("Podman create with --ip flag", func() { }) It("Podman create --ip with non-allocatable IP", func() { - SkipIfRootless() // --ip is not supported in rootless mode + SkipIfRootless("--ip is not supported in rootless mode") result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -81,7 +81,7 @@ var _ = Describe("Podman create with --ip flag", func() { }) It("Podman create two containers with the same IP", func() { - SkipIfRootless() // --ip not supported in rootless mode + SkipIfRootless("--ip not supported in rootless mode") ip := GetRandomIPAddress() result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index 45dbe9b56..96a234446 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -552,7 +552,7 @@ var _ = Describe("Podman create", func() { }) It("create container in pod with IP should fail", func() { - SkipIfRootless() //Setting IP not supported in rootless mode + SkipIfRootless("Setting IP not supported in rootless mode") name := "createwithstaticip" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() @@ -564,7 +564,7 @@ var _ = Describe("Podman create", func() { }) It("create container in pod with mac should fail", func() { - SkipIfRootless() //Setting MAC Address not supported in rootless mode + SkipIfRootless("Setting MAC Address not supported in rootless mode") name := "createwithstaticmac" pod := podmanTest.RunTopContainerInPod("", "new:"+name) pod.WaitWithDefaultTimeout() @@ -609,4 +609,21 @@ var _ = Describe("Podman create", func() { Expect(session.ExitCode()).ToNot(BeZero()) }) + It("create use local store image if input image contains a manifest list", func() { + session := podmanTest.Podman([]string{"pull", BB}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + session = podmanTest.Podman([]string{"manifest", "create", "mylist"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"manifest", "add", "--all", "mylist", BB}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + session = podmanTest.Podman([]string{"create", "mylist"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + }) }) diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 7d50c02b2..93a713f28 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -286,7 +286,7 @@ var _ = Describe("Podman exec", func() { It("podman exec preserves container groups with --user and --group-add", func() { SkipIfRemote("FIXME: This is broken SECCOMP Failues?") - dockerfile := `FROM fedora-minimal + dockerfile := `FROM registry.fedoraproject.org/fedora-minimal RUN groupadd -g 4000 first RUN groupadd -g 4001 second RUN useradd -u 1000 auser` diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go index 0a0b2799b..fa87302ee 100644 --- a/test/e2e/libpod_suite_remote_test.go +++ b/test/e2e/libpod_suite_remote_test.go @@ -24,16 +24,10 @@ func IsRemote() bool { } func SkipIfRemote(reason string) { - ginkgo.Skip("[remote]: " + reason) -} - -func SkipIfRootlessCgroupsV1() { -} - -func SkipIfRootless() { - if os.Geteuid() != 0 { - ginkgo.Skip("This function is not enabled for rootless podman") + if len(reason) < 5 { + panic("SkipIfRemote must specify a reason to skip") } + ginkgo.Skip("[remote]: " + reason) } // Podman is the exec call to podman on the filesystem diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 00d066fea..a9da922de 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -8,8 +8,6 @@ import ( "os" "path/filepath" "strings" - - . "github.com/onsi/ginkgo" ) func IsRemote() bool { @@ -19,18 +17,6 @@ func IsRemote() bool { func SkipIfRemote(string) { } -func SkipIfRootlessCgroupsV1() { - if os.Geteuid() != 0 && !CGROUPSV2 { - Skip("Rooless requires cgroupsV2 to set limits") - } -} - -func SkipIfRootless() { - if os.Geteuid() != 0 { - Skip("This function is not enabled for rootless podman") - } -} - // Podman is the exec call to podman on the filesystem func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration { podmanSession := p.PodmanBase(args, false, false) diff --git a/test/e2e/libpod_suite_varlink_test.go b/test/e2e/libpod_suite_varlink_test.go index f901cbec9..275a1115e 100644 --- a/test/e2e/libpod_suite_varlink_test.go +++ b/test/e2e/libpod_suite_varlink_test.go @@ -23,19 +23,10 @@ func IsRemote() bool { return true } -func SkipIfRootlessCgroupsV1() { -} - func SkipIfRemote(reason string) { ginkgo.Skip("[remote]: " + reason) } -func SkipIfRootless() { - if os.Geteuid() != 0 { - ginkgo.Skip("This function is not enabled for rootless podman") - } -} - // Podman is the exec call to podman on the filesystem func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration { podmanSession := p.PodmanBase(args, false, false) diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go index 52357b00a..b1255c00a 100644 --- a/test/e2e/login_logout_test.go +++ b/test/e2e/login_logout_test.go @@ -47,7 +47,7 @@ var _ = Describe("Podman login and logout", func() { se := SystemExec("setenforce", []string{"0"}) se.WaitWithDefaultTimeout() if se.ExitCode() != 0 { - Skip("Can not disable selinux, this may cause problem for reading cert files inside container.") + Skip("Cannot disable selinux, this may cause problem for reading cert files inside container.") } defer SystemExec("setenforce", []string{"1"}) } @@ -87,7 +87,7 @@ var _ = Describe("Podman login and logout", func() { Expect(session.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } }) @@ -116,8 +116,6 @@ var _ = Describe("Podman login and logout", func() { }) It("podman login and logout without registry parameter", func() { - SkipIfRootless() - registriesConf, err := ioutil.TempFile("", "TestLoginWithoutParameter") Expect(err).To(BeNil()) defer registriesConf.Close() @@ -231,7 +229,7 @@ var _ = Describe("Podman login and logout", func() { Expect(session.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry1", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } session = podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test", server}) diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index 33aac48d5..b85132814 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -8,6 +8,7 @@ import ( . "github.com/containers/podman/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gexec" ) var _ = Describe("Podman manifest", func() { @@ -49,6 +50,16 @@ var _ = Describe("Podman manifest", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman manifest inspect", func() { + session := podmanTest.Podman([]string{"manifest", "inspect", BB}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"manifest", "inspect", "docker.io/library/busybox"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + }) + It("podman manifest add", func() { session := podmanTest.Podman([]string{"manifest", "create", "foo"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index 4f60cc6df..4223961a6 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -18,7 +18,7 @@ var _ = Describe("Podman mount", func() { ) BeforeEach(func() { - SkipIfRootless() + SkipIfRootless("Podman mount requires podman unshare first to work") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -189,7 +189,6 @@ var _ = Describe("Podman mount", func() { }) It("podman list running container", func() { - SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code. setup := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"}) setup.WaitWithDefaultTimeout() @@ -212,7 +211,6 @@ var _ = Describe("Podman mount", func() { }) It("podman list multiple mounted containers", func() { - SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code. setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup.WaitWithDefaultTimeout() @@ -257,7 +255,6 @@ var _ = Describe("Podman mount", func() { }) It("podman list mounted container", func() { - SkipIfRootless() // FIXME: We need to do a podman unshare before executing this code. setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) setup.WaitWithDefaultTimeout() diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index f6d9f2cc3..edd76739f 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -58,7 +58,7 @@ func genericPluginsToPortMap(plugins interface{}, pluginType string) (network.Po func (p *PodmanTestIntegration) removeCNINetwork(name string) { session := p.Podman([]string{"network", "rm", "-f", name}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(BeZero()) + Expect(session.ExitCode()).To(BeNumerically("<=", 1)) } func removeNetworkDevice(name string) { @@ -178,7 +178,7 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with name and IPv6 subnet", func() { - SkipIfRootless() // FIXME I believe this should work in rootlessmode + SkipIfRootless("FIXME I believe this should work in rootlessmode") var ( results []network.NcList diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go index 2ea8291fc..a15359ea3 100644 --- a/test/e2e/network_test.go +++ b/test/e2e/network_test.go @@ -25,6 +25,42 @@ func removeConf(confPath string) { } } +// generateNetworkConfig generates a cni config with a random name +// it returns the network name and the filepath +func generateNetworkConfig(p *PodmanTestIntegration) (string, string) { + // generate a random name to preven conflicts with other tests + name := "net" + stringid.GenerateNonCryptoID() + path := filepath.Join(p.CNIConfigDir, fmt.Sprintf("%s.conflist", name)) + conf := fmt.Sprintf(`{ + "cniVersion": "0.3.0", + "name": "%s", + "plugins": [ + { + "type": "bridge", + "bridge": "cni1", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "10.99.0.0/16", + "routes": [ + { "dst": "0.0.0.0/0" } + ] + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + }`, name) + writeConf([]byte(conf), path) + + return name, path +} + var _ = Describe("Podman network", func() { var ( tempdir string @@ -48,84 +84,44 @@ var _ = Describe("Podman network", func() { }) - var ( - secondConf = `{ - "cniVersion": "0.3.0", - "name": "podman-integrationtest", - "plugins": [ - { - "type": "bridge", - "bridge": "cni1", - "isGateway": true, - "ipMasq": true, - "ipam": { - "type": "host-local", - "subnet": "10.99.0.0/16", - "routes": [ - { "dst": "0.0.0.0/0" } - ] - } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": true - } - } - ] -}` - ) - It("podman network list", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeTrue()) + Expect(session.LineInOutputContains(name)).To(BeTrue()) }) It("podman network list -q", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls", "--quiet"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeTrue()) + Expect(session.LineInOutputContains(name)).To(BeTrue()) }) It("podman network list --filter success", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls", "--filter", "plugin=bridge"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeTrue()) + Expect(session.LineInOutputContains(name)).To(BeTrue()) }) It("podman network list --filter failure", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls", "--filter", "plugin=test"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeFalse()) + Expect(session.LineInOutputContains(name)).To(BeFalse()) }) It("podman network rm no args", func() { @@ -135,26 +131,23 @@ var _ = Describe("Podman network", func() { }) It("podman network rm", func() { - SkipIfRootless() // FIXME: This one is definitely broken in rootless mode - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + SkipIfRootless("FIXME: This one is definitely broken in rootless mode") + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) session := podmanTest.Podman([]string{"network", "ls", "--quiet"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.LineInOutputContains("podman-integrationtest")).To(BeTrue()) + Expect(session.LineInOutputContains(name)).To(BeTrue()) - rm := podmanTest.Podman([]string{"network", "rm", "podman-integrationtest"}) + rm := podmanTest.Podman([]string{"network", "rm", name}) rm.WaitWithDefaultTimeout() Expect(rm.ExitCode()).To(BeZero()) results := podmanTest.Podman([]string{"network", "ls", "--quiet"}) results.WaitWithDefaultTimeout() Expect(results.ExitCode()).To(Equal(0)) - Expect(results.LineInOutputContains("podman-integrationtest")).To(BeFalse()) + Expect(results.LineInOutputContains(name)).To(BeFalse()) }) It("podman network inspect no args", func() { @@ -164,13 +157,10 @@ var _ = Describe("Podman network", func() { }) It("podman network inspect", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) - expectedNetworks := []string{"podman-integrationtest"} + expectedNetworks := []string{name} if !rootless.IsRootless() { // rootful image contains "podman/cni/87-podman-bridge.conflist" for "podman" network expectedNetworks = append(expectedNetworks, "podman") @@ -182,13 +172,10 @@ var _ = Describe("Podman network", func() { }) It("podman network inspect", func() { - // Setup, use uuid to prevent conflict with other tests - uuid := stringid.GenerateNonCryptoID() - secondPath := filepath.Join(podmanTest.CNIConfigDir, fmt.Sprintf("%s.conflist", uuid)) - writeConf([]byte(secondConf), secondPath) - defer removeConf(secondPath) + name, path := generateNetworkConfig(podmanTest) + defer removeConf(path) - session := podmanTest.Podman([]string{"network", "inspect", "podman-integrationtest", "--format", "{{.cniVersion}}"}) + session := podmanTest.Podman([]string{"network", "inspect", name, "--format", "{{.cniVersion}}"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOutputContains("0.3.0")).To(BeTrue()) @@ -265,11 +252,18 @@ var _ = Describe("Podman network", func() { Expect(rmAll.ExitCode()).To(BeZero()) }) + It("podman network remove bogus", func() { + session := podmanTest.Podman([]string{"network", "rm", "bogus"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(1)) + }) + It("podman network remove --force with pod", func() { netName := "testnet" session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName) session = podmanTest.Podman([]string{"pod", "create", "--network", netName}) session.WaitWithDefaultTimeout() @@ -280,6 +274,10 @@ var _ = Describe("Podman network", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(BeZero()) + session = podmanTest.Podman([]string{"network", "rm", netName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(2)) + session = podmanTest.Podman([]string{"network", "rm", "--force", netName}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(BeZero()) @@ -301,11 +299,13 @@ var _ = Describe("Podman network", func() { session := podmanTest.Podman([]string{"network", "create", netName1}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName1) netName2 := "net2" session = podmanTest.Podman([]string{"network", "create", netName2}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName2) session = podmanTest.Podman([]string{"network", "rm", netName1, netName2}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/pause_test.go b/test/e2e/pause_test.go index a49304bbe..a90ffcc87 100644 --- a/test/e2e/pause_test.go +++ b/test/e2e/pause_test.go @@ -7,7 +7,6 @@ import ( "path/filepath" "strings" - "github.com/containers/podman/v2/pkg/cgroups" . "github.com/containers/podman/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -24,16 +23,13 @@ var _ = Describe("Podman pause", func() { createdState := "created" BeforeEach(func() { - SkipIfRootlessCgroupsV1() // Pause is not supported in cgroups v1 + SkipIfRootlessCgroupsV1("Pause is not supported in cgroups v1") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) } - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if cgroupsv2 { + if CGROUPSV2 { b, err := ioutil.ReadFile("/proc/self/cgroup") if err != nil { Skip("cannot read self cgroup") diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index ce0b51517..f69b6ca7b 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -416,4 +416,16 @@ entrypoint ["/fromimage"] Expect(check2.ExitCode()).To(Equal(0)) Expect(check2.OutputToString()).To(Equal("/fromcommand:[/fromcommand]")) }) + + It("podman create pod with slirp network option", func() { + name := "test" + session := podmanTest.Podman([]string{"pod", "create", "--name", name, "--network", "slirp4netns:port_handler=slirp4netns", "-p", "8082:8000"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + check := podmanTest.Podman([]string{"pod", "inspect", "--format", "{{.InfraConfig.NetworkOptions.slirp4netns}}", name}) + check.WaitWithDefaultTimeout() + Expect(check.ExitCode()).To(Equal(0)) + Expect(check.OutputToString()).To(Equal("[port_handler=slirp4netns]")) + }) }) diff --git a/test/e2e/pod_pause_test.go b/test/e2e/pod_pause_test.go index 182d99d51..3dabf7b4a 100644 --- a/test/e2e/pod_pause_test.go +++ b/test/e2e/pod_pause_test.go @@ -18,7 +18,7 @@ var _ = Describe("Podman pod pause", func() { pausedState := "paused" BeforeEach(func() { - SkipIfRootlessCgroupsV1() // Pause is not supported in cgroups v1 + SkipIfRootlessCgroupsV1("Pause is not supported in cgroups v1") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/pod_rm_test.go b/test/e2e/pod_rm_test.go index cb9b93a15..24643e6b2 100644 --- a/test/e2e/pod_rm_test.go +++ b/test/e2e/pod_rm_test.go @@ -195,8 +195,7 @@ var _ = Describe("Podman pod rm", func() { It("podman rm bogus pod", func() { session := podmanTest.Podman([]string{"pod", "rm", "bogus"}) session.WaitWithDefaultTimeout() - // TODO: `podman rm` returns 1 for a bogus container. Should the RC be consistent? - Expect(session.ExitCode()).To(Equal(125)) + Expect(session.ExitCode()).To(Equal(1)) }) It("podman rm bogus pod and a running pod", func() { @@ -209,11 +208,11 @@ var _ = Describe("Podman pod rm", func() { session = podmanTest.Podman([]string{"pod", "rm", "bogus", "test1"}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(125)) + Expect(session.ExitCode()).To(Equal(1)) session = podmanTest.Podman([]string{"pod", "rm", "test1", "bogus"}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(125)) + Expect(session.ExitCode()).To(Equal(1)) }) It("podman rm --ignore bogus pod and a running pod", func() { diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index 02fb3bc57..1ffbe282b 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -17,7 +17,7 @@ var _ = Describe("Podman pod stats", func() { BeforeEach(func() { if os.Geteuid() != 0 { - SkipIfCgroupV2() + SkipIfCgroupV2("--cgroup-manager=cgroupfs which doesn't work in rootless mode") } tempdir, err = CreateTempDirInTempDir() @@ -175,7 +175,7 @@ var _ = Describe("Podman pod stats", func() { It("podman stats on net=host post", func() { // --net=host not supported for rootless pods at present - SkipIfRootlessCgroupsV1() // Pause stats not supported in cgroups v1 + SkipIfRootlessCgroupsV1("Pause stats not supported in cgroups v1") podName := "testPod" podCreate := podmanTest.Podman([]string{"pod", "create", "--net=host", "--name", podName}) podCreate.WaitWithDefaultTimeout() diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index aabec4f55..82a842146 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -206,7 +206,7 @@ var _ = Describe("Podman ps", func() { }) It("podman ps namespace flag with go template format", func() { - Skip(v2fail) + Skip("FIXME: table still not supported in podman ps command") _, ec, _ := podmanTest.RunLsContainer("test1") Expect(ec).To(Equal(0)) diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index 2280d16cc..edc17fdbf 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -1,9 +1,8 @@ package integration import ( - "os" - "fmt" + "os" "path/filepath" "strings" @@ -400,4 +399,101 @@ var _ = Describe("Podman pull", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Not(Equal(0))) }) + + It("podman pull + inspect from unqualified-search registry", func() { + // Regression test for #6381: + // Make sure that `pull shortname` and `inspect shortname` + // refer to the same image. + + // We already tested pulling, so we can save some energy and + // just restore local artifacts and tag them. + podmanTest.RestoreArtifact(ALPINE) + podmanTest.RestoreArtifact(BB) + + // What we want is at least two images which have the same name + // and are prefixed with two different unqualified-search + // registries from ../registries.conf. + // + // A `podman inspect $name` must yield the one from the _first_ + // matching registry in the registries.conf. + getID := func(image string) string { + setup := podmanTest.PodmanNoCache([]string{"image", "inspect", image}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + data := setup.InspectImageJSON() // returns []inspect.ImageData + Expect(len(data)).To(Equal(1)) + return data[0].ID + } + + untag := func(image string) { + setup := podmanTest.PodmanNoCache([]string{"untag", image}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + setup = podmanTest.PodmanNoCache([]string{"image", "inspect", image}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + data := setup.InspectImageJSON() // returns []inspect.ImageData + Expect(len(data)).To(Equal(1)) + Expect(len(data[0].RepoTags)).To(Equal(0)) + } + + tag := func(image, tag string) { + setup := podmanTest.PodmanNoCache([]string{"tag", image, tag}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + setup = podmanTest.PodmanNoCache([]string{"image", "exists", tag}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + } + + image1 := getID(ALPINE) + image2 := getID(BB) + + // $ head -n2 ../registries.conf + // [registries.search] + // registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org'] + registries := []string{"docker.io", "quay.io", "registry.fedoraproject.org"} + name := "foo/test:tag" + tests := []struct { + // tag1 has precedence (see list above) over tag2 when + // doing an inspect on "test:tag". + tag1, tag2 string + }{ + { + fmt.Sprintf("%s/%s", registries[0], name), + fmt.Sprintf("%s/%s", registries[1], name), + }, + { + fmt.Sprintf("%s/%s", registries[0], name), + fmt.Sprintf("%s/%s", registries[2], name), + }, + { + fmt.Sprintf("%s/%s", registries[1], name), + fmt.Sprintf("%s/%s", registries[2], name), + }, + } + + for _, t := range tests { + // 1) untag both images + // 2) tag them according to `t` + // 3) make sure that an inspect of `name` returns `image1` with `tag1` + untag(image1) + untag(image2) + tag(image1, t.tag1) + tag(image2, t.tag2) + + setup := podmanTest.PodmanNoCache([]string{"image", "inspect", name}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + data := setup.InspectImageJSON() // returns []inspect.ImageData + Expect(len(data)).To(Equal(1)) + Expect(len(data[0].RepoTags)).To(Equal(1)) + Expect(data[0].RepoTags[0]).To(Equal(t.tag1)) + Expect(data[0].ID).To(Equal(image1)) + } + }) }) diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go index 9d2daaf9d..45b8769a2 100644 --- a/test/e2e/push_test.go +++ b/test/e2e/push_test.go @@ -70,7 +70,7 @@ var _ = Describe("Podman push", func() { Expect(session.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } push := podmanTest.PodmanNoCache([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) @@ -87,7 +87,7 @@ var _ = Describe("Podman push", func() { }) It("podman push to local registry with authorization", func() { - SkipIfRootless() // FIXME: Creating content in certs.d we use directories in homedir + SkipIfRootless("FIXME: Creating content in certs.d we use directories in homedir") if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -132,7 +132,7 @@ var _ = Describe("Podman push", func() { Expect(session.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } session = podmanTest.PodmanNoCache([]string{"logs", "registry"}) diff --git a/test/e2e/rm_test.go b/test/e2e/rm_test.go index cc2f7daf1..7eff8c6ed 100644 --- a/test/e2e/rm_test.go +++ b/test/e2e/rm_test.go @@ -228,11 +228,11 @@ var _ = Describe("Podman rm", func() { session = podmanTest.Podman([]string{"rm", "bogus", "test1"}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(125)) + Expect(session.ExitCode()).To(Equal(1)) session = podmanTest.Podman([]string{"rm", "test1", "bogus"}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(125)) + Expect(session.ExitCode()).To(Equal(1)) }) It("podman rm --ignore bogus container and a running container", func() { diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index b10937953..5765d5ef6 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -18,7 +18,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() { ) BeforeEach(func() { - SkipIfRootlessCgroupsV1() // cgroup parent is not supported in cgroups v1 + SkipIfRootlessCgroupsV1("cgroup parent is not supported in cgroups v1") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -48,7 +48,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() { }) Specify("no --cgroup-parent", func() { - SkipIfRootless() // FIXME This seems to be broken in rootless mode + SkipIfRootless("FIXME This seems to be broken in rootless mode") cgroup := "/libpod_parent" if !Containerized() && podmanTest.CgroupManager != "cgroupfs" { cgroup = "/machine.slice" diff --git a/test/e2e/run_cleanup_test.go b/test/e2e/run_cleanup_test.go index 34b6ba4ff..5f6c9007a 100644 --- a/test/e2e/run_cleanup_test.go +++ b/test/e2e/run_cleanup_test.go @@ -34,7 +34,7 @@ var _ = Describe("Podman run exit", func() { It("podman run -d mount cleanup test", func() { SkipIfRemote("podman-remote does not support mount") - SkipIfRootless() // FIXME podman mount requires podman unshare first + SkipIfRootless("FIXME podman mount requires podman unshare first") result := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go index 86cc9d1c5..d8b57c230 100644 --- a/test/e2e/run_cpu_test.go +++ b/test/e2e/run_cpu_test.go @@ -4,7 +4,6 @@ import ( "io/ioutil" "os" - "github.com/containers/podman/v2/pkg/cgroups" . "github.com/containers/podman/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -18,17 +17,14 @@ var _ = Describe("Podman run cpu", func() { ) BeforeEach(func() { - SkipIfRootlessCgroupsV1() + SkipIfRootlessCgroupsV1("Setting CPU not supported on cgroupv1 for rootless users") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) } - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if cgroupsv2 { + if CGROUPSV2 { if err := ioutil.WriteFile("/sys/fs/cgroup/cgroup.subtree_control", []byte("+cpuset"), 0644); err != nil { Skip("cpuset controller not available on the current kernel") } diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index 828da3494..1c2602631 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -72,7 +72,7 @@ var _ = Describe("Podman run device", func() { }) It("podman run device host device and container device parameter are directories", func() { - SkipIfRootless() // Can not create devices in /dev in rootless mode + SkipIfRootless("Cannot create devices in /dev in rootless mode") Expect(os.MkdirAll("/dev/foodevdir", os.ModePerm)).To(BeNil()) defer os.RemoveAll("/dev/foodevdir") diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index a3dc9bae5..b3913c1e6 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -3,7 +3,6 @@ package integration import ( "os" - "github.com/containers/podman/v2/pkg/cgroups" . "github.com/containers/podman/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -17,9 +16,8 @@ var _ = Describe("Podman run memory", func() { ) BeforeEach(func() { - SkipIfRootlessCgroupsV1() + SkipIfRootlessCgroupsV1("Setting Memory not supported on cgroupv1 for rootless users") - SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -37,12 +35,9 @@ var _ = Describe("Podman run memory", func() { }) It("podman run memory test", func() { - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - var session *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.max"}) } else { session = podmanTest.Podman([]string{"run", "--memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.limit_in_bytes"}) @@ -57,28 +52,21 @@ var _ = Describe("Podman run memory", func() { Skip("Unable to perform test on Ubuntu distributions due to memory management") } - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - var session *PodmanSessionIntegration - if cgroupsv2 { - session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.high"}) + if CGROUPSV2 { + session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"}) } else { session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) } session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - if cgroupsv2 { - Expect(session.OutputToString()).To(Equal("max")) - } else { - Expect(session.OutputToString()).To(Equal("41943040")) - } + Expect(session.OutputToString()).To(Equal("41943040")) }) It("podman run memory-swappiness test", func() { - SkipIfCgroupV2() + SkipIfCgroupV2("memory-swappiness not supported on cgroupV2") session := podmanTest.Podman([]string{"run", "--memory-swappiness=15", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.swappiness"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -86,8 +74,18 @@ var _ = Describe("Podman run memory", func() { }) It("podman run kernel-memory test", func() { - SkipIfCgroupV2() - session := podmanTest.Podman([]string{"run", "--kernel-memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"}) + if podmanTest.Host.Distribution == "ubuntu" { + Skip("Unable to perform test on Ubuntu distributions due to memory management") + } + + var session *PodmanSessionIntegration + + if CGROUPSV2 { + session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"}) + } else { + session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) + } + session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Equal("41943040")) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index a67324b2b..044e56e6c 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -55,7 +55,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose port 222", func() { - SkipIfRootless() // iptables is not supported for rootless users + SkipIfRootless("iptables is not supported for rootless users") session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", "-P", ALPINE, "/bin/sh"}) session.Wait(30) Expect(session.ExitCode()).To(Equal(0)) @@ -252,7 +252,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose host port 80 to container port 8000", func() { - SkipIfRootless() // iptables is not supported for rootless users + SkipIfRootless("iptables is not supported for rootless users") session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"}) session.Wait(30) Expect(session.ExitCode()).To(Equal(0)) @@ -367,7 +367,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose duplicate host port results in error", func() { - SkipIfRootless() // FIXME we should be able to run this test in rootless mode with different ports + SkipIfRootless("FIXME we should be able to run this test in rootless mode with different ports") session := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", "80", ALPINE, "/bin/sh"}) session.WaitWithDefaultTimeout() @@ -478,9 +478,9 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network in user created network namespace", func() { - SkipIfRootless() // ip netns is not supported for rootless users + SkipIfRootless("ip netns is not supported for rootless users") if Containerized() { - Skip("Can not be run within a container.") + Skip("Cannot be run within a container.") } addXXX := SystemExec("ip", []string{"netns", "add", "xxx"}) Expect(addXXX.ExitCode()).To(Equal(0)) @@ -495,9 +495,9 @@ var _ = Describe("Podman run networking", func() { }) It("podman run n user created network namespace with resolv.conf", func() { - SkipIfRootless() // ip netns is not supported for rootless users + SkipIfRootless("ip netns is not supported for rootless users") if Containerized() { - Skip("Can not be run within a container.") + Skip("Cannot be run within a container.") } addXXX2 := SystemExec("ip", []string{"netns", "add", "xxx2"}) Expect(addXXX2.ExitCode()).To(Equal(0)) @@ -527,7 +527,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run in custom CNI network with --static-ip", func() { - SkipIfRootless() //Rootless mode does not support --ip + SkipIfRootless("Rootless mode does not support --ip") netName := "podmantestnetwork" ipAddr := "10.25.30.128" create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName}) @@ -542,7 +542,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run with new:pod and static-ip", func() { - SkipIfRootless() // Rootless does not support --ip + SkipIfRootless("Rootless does not support --ip") netName := "podmantestnetwork2" ipAddr := "10.25.40.128" podname := "testpod" diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index a20088776..ab11128ba 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -106,7 +106,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman privileged should inherit host devices", func() { - SkipIfRootless() // FIXME: This seems to be broken for rootless mode, /dev/ is close to the same + SkipIfRootless("FIXME: This seems to be broken for rootless mode, /dev/ is close to the same") session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "-l", "/dev"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go index 7c8597866..2a0b0467d 100644 --- a/test/e2e/run_security_labels.go +++ b/test/e2e/run_security_labels.go @@ -130,7 +130,7 @@ var _ = Describe("Podman generate kube", func() { SkipIfRemote("runlabel not supported on podman-remote") PodmanDockerfile := ` FROM alpine:latest -LABEL io.containers.capabilities=chown,mknod` +LABEL io.containers.capabilities=chown,kill` image := "podman-caps:podman" podmanTest.BuildImage(PodmanDockerfile, image, "false") @@ -145,7 +145,7 @@ LABEL io.containers.capabilities=chown,mknod` ctr := inspect.InspectContainerToJSON() caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("CAP_CHOWN,CAP_MKNOD")) + Expect(caps).To(Equal("CAP_CHOWN,CAP_KILL")) }) }) diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index 959c823b5..8383b1812 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -19,7 +19,7 @@ var _ = Describe("Podman run with --ip flag", func() { ) BeforeEach(func() { - SkipIfRootless() //rootless does not support --ip + SkipIfRootless("rootless does not support --ip") tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 5c28f18f2..292df529c 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -261,6 +261,8 @@ var _ = Describe("Podman run", func() { }) It("podman run user capabilities test", func() { + // We need to ignore the containers.conf on the test distribution for this test + os.Setenv("CONTAINERS_CONF", "/dev/null") session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", ALPINE, "grep", "CapBnd", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -293,6 +295,8 @@ var _ = Describe("Podman run", func() { }) It("podman run user capabilities test with image", func() { + // We need to ignore the containers.conf on the test distribution for this test + os.Setenv("CONTAINERS_CONF", "/dev/null") SkipIfRemote("FIXME This should work on podman-remote") dockerfile := `FROM busybox USER bin` @@ -309,7 +313,7 @@ USER bin` }) It("podman run limits test", func() { - SkipIfRootlessCgroupsV1() + SkipIfRootlessCgroupsV1("Setting limits not supported on cgroupv1 for rootless users") if !isRootless() { session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"}) @@ -368,16 +372,21 @@ USER bin` }) It("podman run sysctl test", func() { - SkipIfRootless() // Network sysclts are not avalable root rootless + SkipIfRootless("Network sysctls are not avalable root rootless") session := podmanTest.Podman([]string{"run", "--rm", "--sysctl", "net.core.somaxconn=65535", ALPINE, "sysctl", "net.core.somaxconn"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("net.core.somaxconn = 65535")) + + // network sysctls should fail if --net=host is set + session = podmanTest.Podman([]string{"run", "--net", "host", "--rm", "--sysctl", "net.core.somaxconn=65535", ALPINE, "sysctl", "net.core.somaxconn"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) }) It("podman run blkio-weight test", func() { - SkipIfRootless() // FIXME: This is blowing up because of no /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control file - // SkipIfRootlessCgroupsV1() + SkipIfRootless("FIXME: This is blowing up because of no /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control file") + SkipIfRootlessCgroupsV1("Setting blkio-weight not supported on cgroupv1 for rootless users") if !CGROUPSV2 { if _, err := os.Stat("/sys/fs/cgroup/blkio/blkio.weight"); os.IsNotExist(err) { Skip("Kernel does not support blkio.weight") @@ -399,8 +408,9 @@ USER bin` }) It("podman run device-read-bps test", func() { - SkipIfRootless() // FIXME: Missing /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control - SkipIfRootlessCgroupsV1() + SkipIfRootless("FIXME: Missing /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control") + SkipIfRootlessCgroupsV1("Setting device-read-bps not supported on cgroupv1 for rootless users") + var session *PodmanSessionIntegration if CGROUPSV2 { @@ -417,8 +427,9 @@ USER bin` }) It("podman run device-write-bps test", func() { - SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist - SkipIfRootlessCgroupsV1() + SkipIfRootless("FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist") + SkipIfRootlessCgroupsV1("Setting device-write-bps not supported on cgroupv1 for rootless users") + var session *PodmanSessionIntegration if CGROUPSV2 { @@ -434,8 +445,8 @@ USER bin` }) It("podman run device-read-iops test", func() { - SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist - SkipIfRootlessCgroupsV1() + SkipIfRootless("FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist") + SkipIfRootlessCgroupsV1("Setting device-read-iops not supported on cgroupv1 for rootless users") var session *PodmanSessionIntegration if CGROUPSV2 { @@ -452,8 +463,8 @@ USER bin` }) It("podman run device-write-iops test", func() { - SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist - SkipIfRootlessCgroupsV1() + SkipIfRootless("FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist") + SkipIfRootlessCgroupsV1("Setting device-write-iops not supported on cgroupv1 for rootless users") var session *PodmanSessionIntegration if CGROUPSV2 { @@ -570,7 +581,7 @@ USER bin` }) It("podman run with FIPS mode secrets", func() { - SkipIfRootless() // rootless can not manipulate system-fips file + SkipIfRootless("rootless can not manipulate system-fips file") fipsFile := "/etc/system-fips" err = ioutil.WriteFile(fipsFile, []byte{}, 0755) Expect(err).To(BeNil()) @@ -889,7 +900,7 @@ USER mail` }) It("podman run --mount type=bind,bind-nonrecursive", func() { - SkipIfRootless() // rootless users are not allowed to mount bind-nonrecursive (Could this be a Kernel bug? + SkipIfRootless("FIXME: rootless users are not allowed to mount bind-nonrecursive (Could this be a Kernel bug?") session := podmanTest.Podman([]string{"run", "--mount", "type=bind,bind-nonrecursive,slave,src=/,target=/host", fedoraMinimal, "findmnt", "-nR", "/host"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -1049,8 +1060,8 @@ USER mail` }) It("podman run with cgroups=disabled runs without cgroups", func() { - SkipIfRootless() // FIXME: I believe this should work but need to fix this test - SkipIfRootlessCgroupsV1() + SkipIfRootless("FIXME: I believe this should work but need to fix this test") + SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") // Only works on crun if !strings.Contains(podmanTest.OCIRuntime, "crun") { Skip("Test only works on crun") @@ -1082,7 +1093,7 @@ USER mail` }) It("podman run with cgroups=enabled makes cgroups", func() { - SkipIfRootlessCgroupsV1() + SkipIfRootlessCgroupsV1("Enable cgroups not supported on cgroupv1 for rootless users") // Only works on crun if !strings.Contains(podmanTest.OCIRuntime, "crun") { Skip("Test only works on crun") @@ -1125,9 +1136,9 @@ USER mail` }) It("podman run --device-cgroup-rule", func() { - SkipIfRootless() // rootless users are not allowed to mknod + SkipIfRootless("rootless users are not allowed to mknod") deviceCgroupRule := "c 42:* rwm" - session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) + session := podmanTest.Podman([]string{"run", "--cap-add", "mknod", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) session = podmanTest.Podman([]string{"exec", "test", "mknod", "newDev", "c", "42", "1"}) @@ -1203,7 +1214,7 @@ USER mail` }) It("podman run verify pids-limit", func() { - SkipIfCgroupV1() + SkipIfCgroupV1("pids-limit not supported on cgroup V1") limit := "4321" session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index fc9245e62..92d3418e3 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -227,7 +227,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman run with tmpfs named volume mounts and unmounts", func() { - SkipIfRootless() // FIXME: rootless podman mount requires you to be in a user namespace + SkipIfRootless("FIXME: rootless podman mount requires you to be in a user namespace") SkipIfRemote("podman-remote does not support --volumes this test could be simplified to be tested on Remote.") volName := "testvol" mkVolume := podmanTest.Podman([]string{"volume", "create", "--opt", "type=tmpfs", "--opt", "device=tmpfs", "--opt", "o=nodev", "testvol"}) diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index a3d56ad89..19365909d 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -186,7 +186,7 @@ registries = ['{{.Host}}:{{.Port}}']` Expect(fakereg.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } search := podmanTest.Podman([]string{"search", @@ -213,7 +213,7 @@ registries = ['{{.Host}}:{{.Port}}']` Expect(registry.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry3", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } podmanTest.RestoreArtifact(ALPINE) @@ -250,7 +250,7 @@ registries = ['{{.Host}}:{{.Port}}']` Expect(registry.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry4", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } podmanTest.RestoreArtifact(ALPINE) @@ -290,7 +290,7 @@ registries = ['{{.Host}}:{{.Port}}']` Expect(registry.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry5", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } podmanTest.RestoreArtifact(ALPINE) @@ -329,7 +329,7 @@ registries = ['{{.Host}}:{{.Port}}']` Expect(registry.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry6", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } podmanTest.RestoreArtifact(ALPINE) @@ -371,7 +371,7 @@ registries = ['{{.Host}}:{{.Port}}']` Expect(registryLocal.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry7", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } registryLocal = podmanTest.Podman([]string{"run", "-d", "-p", "6000:5000", "--name", "registry8", registry}) @@ -379,7 +379,7 @@ registries = ['{{.Host}}:{{.Port}}']` Expect(registryLocal.ExitCode()).To(Equal(0)) if !WaitContainerReady(podmanTest, "registry8", "listening on", 20, 1) { - Skip("Can not start docker registry.") + Skip("Cannot start docker registry.") } podmanTest.RestoreArtifact(ALPINE) diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go index 7ab435007..c8f5efa9d 100644 --- a/test/e2e/stats_test.go +++ b/test/e2e/stats_test.go @@ -21,9 +21,7 @@ var _ = Describe("Podman stats", func() { ) BeforeEach(func() { - if os.Geteuid() != 0 { - SkipIfCgroupV1() - } + SkipIfRootlessCgroupsV1("stats not supported on cgroupv1 for rootless users") var err error tempdir, err = CreateTempDirInTempDir() if err != nil { diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index 8ef1e3ac7..9e717a0eb 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -47,10 +47,8 @@ WantedBy=multi-user.target }) It("podman start container by systemd", func() { - SkipIfRootless() // rootless can not write to /etc - if os.Getenv("SKIP_USERNS") != "" { - Skip("Skip userns tests.") - } + SkipIfRootless("rootless can not write to /etc") + SkipIfContainerized("test does not have systemd as pid 1") sys_file := ioutil.WriteFile("/etc/systemd/system/redis.service", []byte(systemd_unit_file), 0644) Expect(sys_file).To(BeNil()) diff --git a/test/e2e/tree_test.go b/test/e2e/tree_test.go index c6eb0a6eb..eeb00440c 100644 --- a/test/e2e/tree_test.go +++ b/test/e2e/tree_test.go @@ -34,9 +34,7 @@ var _ = Describe("Podman image tree", func() { }) It("podman image tree", func() { - if podmanTest.RemoteTest { - Skip("Does not work on remote client") - } + SkipIfRemote("Does not work on remote client") dockerfile := `FROM docker.io/library/busybox:latest RUN mkdir hello RUN touch test.txt diff --git a/test/e2e/untag_test.go b/test/e2e/untag_test.go index 7766ce634..91a933090 100644 --- a/test/e2e/untag_test.go +++ b/test/e2e/untag_test.go @@ -33,7 +33,6 @@ var _ = Describe("Podman untag", func() { }) It("podman untag all", func() { - SkipIfRemote("FIXME This should work on podman-remote") setup := podmanTest.PodmanNoCache([]string{"pull", ALPINE}) setup.WaitWithDefaultTimeout() Expect(setup.ExitCode()).To(Equal(0)) diff --git a/test/e2e/volume_ls_test.go b/test/e2e/volume_ls_test.go index 377b721d0..4a2c2d324 100644 --- a/test/e2e/volume_ls_test.go +++ b/test/e2e/volume_ls_test.go @@ -56,7 +56,7 @@ var _ = Describe("Podman volume ls", func() { }) It("podman ls volume with Go template", func() { - Skip(v2fail) + Skip("FIXME: table still not supported in podman volume command") session := podmanTest.Podman([]string{"volume", "create", "myvol"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/volume_rm_test.go b/test/e2e/volume_rm_test.go index a072bc824..cdced1f13 100644 --- a/test/e2e/volume_rm_test.go +++ b/test/e2e/volume_rm_test.go @@ -55,7 +55,7 @@ var _ = Describe("Podman volume rm", func() { session = podmanTest.Podman([]string{"volume", "rm", "myvol"}) session.WaitWithDefaultTimeout() - Expect(session).To(ExitWithError()) + Expect(session.ExitCode()).To(Equal(2)) Expect(session.ErrorToString()).To(ContainSubstring(cid)) session = podmanTest.Podman([]string{"volume", "rm", "-f", "myvol"}) @@ -70,6 +70,12 @@ var _ = Describe("Podman volume rm", func() { podmanTest.Cleanup() }) + It("podman volume remove bogus", func() { + session := podmanTest.Podman([]string{"volume", "rm", "bogus"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(1)) + }) + It("podman rm with --all flag", func() { session := podmanTest.Podman([]string{"volume", "create", "myvol"}) session.WaitWithDefaultTimeout() diff --git a/test/registries.conf b/test/registries.conf index bb7072d45..f27a282d6 100644 --- a/test/registries.conf +++ b/test/registries.conf @@ -1,3 +1,4 @@ +# Note that changing the order here may break tests. [registries.search] registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org'] diff --git a/test/system/020-tag.bats b/test/system/020-tag.bats index 7593ad68f..1f5eede39 100644 --- a/test/system/020-tag.bats +++ b/test/system/020-tag.bats @@ -32,4 +32,23 @@ function _tag_and_check() { is "$output" "Error: \"registry.com/foo:bar\": no such tag" } +@test "podman untag all" { + # First get the image ID + run_podman inspect --format '{{.ID}}' $IMAGE + iid=$output + + # Add a couple of tags + run_podman tag $IMAGE registry.com/1:latest registry.com/2:latest registry.com/3:latest + + # Untag with arguments to for all tags to be removed + run_podman untag $iid + + # Now make sure all tags are removed + run_podman image inspect $iid --format "{{.RepoTags}}" + is "$output" "\[\]" "untag by ID leaves empty set of tags" + + # Restore image + run_podman tag $iid $IMAGE +} + # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 11edaf11c..766948ecc 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -14,7 +14,7 @@ load helpers # ...but check the configured runtime engine, and switch to crun as needed run_podman info --format '{{ .Host.OCIRuntime.Path }}' if expr "$output" : ".*/crun"; then - err_no_such_cmd="Error: executable file not found in \$PATH: No such file or directory: OCI runtime command not found error" + err_no_such_cmd="Error: executable file.* not found in \$PATH: No such file or directory: OCI runtime command not found error" err_no_exec_dir="Error: open executable: Operation not permitted: OCI runtime permission denied error" fi @@ -132,8 +132,6 @@ echo $rand | 0 | $rand } @test "podman run --pull" { - skip_if_remote "podman-remote does not emit 'Trying to pull' msgs" - run_podman run --pull=missing $IMAGE true is "$output" "" "--pull=missing [present]: no output" @@ -155,8 +153,23 @@ echo $rand | 0 | $rand run_podman run --pull=always $NONLOCAL_IMAGE true is "$output" "Trying to pull .*" "--pull=always [with image PRESENT]: re-fetches" + # Very weird corner case fixed by #7770: 'podman run foo' will run 'myfoo' + # if it exists, because the string 'foo' appears in 'myfoo'. This test + # covers that, as well as making sure that our testimage (which is always + # tagged :YYYYMMDD, never :latest) doesn't match either. + run_podman tag $IMAGE my${PODMAN_TEST_IMAGE_NAME}:latest + run_podman 125 run --pull=never $PODMAN_TEST_IMAGE_NAME true + is "$output" "Error: unable to find a name and tag match for $PODMAN_TEST_IMAGE_NAME in repotags: no such image" \ + "podman run --pull=never with shortname (and implicit :latest)" + + # ...but if we add a :latest tag (without 'my'), it should now work + run_podman tag $IMAGE ${PODMAN_TEST_IMAGE_NAME}:latest + run_podman run --pull=never ${PODMAN_TEST_IMAGE_NAME} cat /home/podman/testimage-id + is "$output" "$PODMAN_TEST_IMAGE_TAG" \ + "podman run --pull=never, with shortname, succeeds if img is present" + run_podman rm -a - run_podman rmi $NONLOCAL_IMAGE + run_podman rmi $NONLOCAL_IMAGE {my,}${PODMAN_TEST_IMAGE_NAME}:latest } # 'run --rmi' deletes the image in the end unless it's used by another container @@ -267,8 +280,6 @@ echo $rand | 0 | $rand # symptom only manifests on a fedora container image -- we have no # reproducer on alpine. Checking directory ownership is good enough. @test "podman run : user namespace preserved root ownership" { - skip_if_remote "FIXME: pending #7195" - for priv in "" "--privileged"; do for user in "--user=0" "--user=100"; do for keepid in "" "--userns=keep-id"; do @@ -286,8 +297,6 @@ echo $rand | 0 | $rand # #6829 : add username to /etc/passwd inside container if --userns=keep-id @test "podman run : add username to /etc/passwd if --userns=keep-id" { - skip_if_remote "FIXME: pending #7195" - # Default: always run as root run_podman run --rm $IMAGE id -un is "$output" "root" "id -un on regular container" @@ -310,9 +319,7 @@ echo $rand | 0 | $rand # #6991 : /etc/passwd is modifiable @test "podman run : --userns=keep-id: passwd file is modifiable" { - skip_if_remote "FIXME: pending #7195" - - run_podman run -d --userns=keep-id $IMAGE sh -c 'while ! test -e /stop; do sleep 0.1; done' + run_podman run -d --userns=keep-id --cap-add=dac_override $IMAGE sh -c 'while ! test -e /tmp/stop; do sleep 0.1; done' cid="$output" # Assign a UID that is (a) not in our image /etc/passwd and (b) not @@ -333,7 +340,7 @@ echo $rand | 0 | $rand is "$output" "newuser3:x:$uid:999:$gecos:/home/newuser3:/bin/sh" \ "newuser3 added to /etc/passwd in container" - run_podman exec $cid touch /stop + run_podman exec $cid touch /tmp/stop run_podman wait $cid } @@ -387,5 +394,42 @@ json-file | f "--log-driver InvalidDriver" } +@test "podman run --log-driver journald" { + skip_if_remote "We cannot read journalctl over remote." + + msg=$(random_string 20) + pidfile="${PODMAN_TMPDIR}/$(random_string 20)" + + run_podman run --name myctr --log-driver journald --conmon-pidfile $pidfile $IMAGE echo $msg + + journalctl --output cat _PID=$(cat $pidfile) + is "$output" "$msg" "check that journalctl output equals the container output" + + run_podman rm myctr +} + +@test "podman run --tz" { + # This file will always have a constant reference timestamp + local testfile=/home/podman/testimage-id + + run_podman run --rm $IMAGE date -r $testfile + is "$output" "Sun Sep 13 12:26:40 UTC 2020" "podman run with no TZ" + + run_podman run --rm --tz=MST7MDT $IMAGE date -r $testfile + is "$output" "Sun Sep 13 06:26:40 MDT 2020" "podman run with --tz=MST7MDT" + + # --tz=local pays attention to /etc/localtime, not $TZ. We set TZ anyway, + # to make sure podman ignores it; and, because this test is locale- + # dependent, we pick an obscure zone (+1245) that is unlikely to + # collide with any of our testing environments. + # + # To get a reference timestamp we run 'date' locally; note the explicit + # strftime() format. We can't use --iso=seconds because GNU date adds + # a colon to the TZ offset (eg -07:00) whereas alpine does not (-0700). + run date --date=@1600000000 +%Y-%m-%dT%H:%M:%S%z + expect="$output" + TZ=Pacific/Chatham run_podman run --rm --tz=local $IMAGE date -Iseconds -r $testfile + is "$output" "$expect" "podman run with --tz=local, matches host" +} # vim: filetype=sh diff --git a/test/system/070-build.bats b/test/system/070-build.bats index e3a139b4f..1329c6168 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -268,6 +268,14 @@ Labels.$label_name | $label_value is "${lines[-1]}" "... ID: [0-9a-f]\{12\} Size: .* Top Layer of: \[localhost/build_test:latest]" \ "image tree: last layer line" + # FIXME: 'image tree --whatrequires' does not work via remote + if ! is_remote; then + run_podman image tree --whatrequires $IMAGE + is "${lines[-1]}" \ + ".*ID: .* Top Layer of: \\[localhost/build_test:latest\\]" \ + "'image tree --whatrequires' shows our built image" + fi + # Clean up run_podman rmi -f build_test } diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index e9db8c27e..edd7dedc4 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -92,14 +92,14 @@ load helpers # #6829 : add username to /etc/passwd inside container if --userns=keep-id @test "podman exec - with keep-id" { run_podman run -d --userns=keep-id $IMAGE sh -c \ - "echo READY;while [ ! -f /stop ]; do sleep 1; done" + "echo READY;while [ ! -f /tmp/stop ]; do sleep 1; done" cid="$output" wait_for_ready $cid run_podman exec $cid id -un is "$output" "$(id -un)" "container is running as current user" - run_podman exec --user=$(id -un) $cid touch /stop + run_podman exec --user=$(id -un) $cid touch /tmp/stop run_podman wait $cid run_podman rm $cid } diff --git a/test/system/080-pause.bats b/test/system/080-pause.bats index 4ec0906f4..ea4c85f8f 100644 --- a/test/system/080-pause.bats +++ b/test/system/080-pause.bats @@ -6,7 +6,9 @@ load helpers @test "podman pause/unpause" { - skip_if_rootless "pause does not work rootless" + if is_rootless && ! is_cgroupsv2; then + skip "'podman pause' (rootless) only works with cgroups v2" + fi cname=$(random_string 10) run_podman run -d --name $cname $IMAGE \ diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index 3f50bd3c4..1c1e0f4ae 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -186,7 +186,6 @@ EOF # Confirm that container sees the correct id @test "podman volume with --userns=keep-id" { is_rootless || skip "only meaningful when run rootless" - skip_if_remote "FIXME: pending #7195" myvoldir=${PODMAN_TMPDIR}/volume_$(random_string) mkdir $myvoldir diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index d2454fbf4..a923402ac 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -82,6 +82,8 @@ load helpers # "network create" now works rootless, with the help of a special container @test "podman network create" { + skip_if_remote "FIXME: pending #7808" + local mynetname=testnet-$(random_string 10) local mysubnet=$(random_rfc1918_subnet) @@ -99,7 +101,7 @@ load helpers "Trying to create an already-existing network" run_podman network rm $mynetname - run_podman 125 network rm $mynetname + run_podman 1 network rm $mynetname # rootless CNI leaves behind an image pulled by SHA, hence with no tag. # Remove it if present; we can only remove it by ID. diff --git a/test/system/build-testimage b/test/system/build-testimage index ef14d3afd..53ade57f0 100755 --- a/test/system/build-testimage +++ b/test/system/build-testimage @@ -35,6 +35,12 @@ cd $tmpdir # 'image mount' test will confirm that this file exists and has our YMD tag echo $YMD >testimage-id +# ...but set the timestamp on the file itself to a constant well-known +# value, for use by the 'run --tz' test. Date value chosen for nerdiness +# and because it's in the past. (Much as I'd love FFFFFFFF, we can't +# use any future date because of unpredictable leap second adjustments). +touch --date=@1600000000 testimage-id + # 'pod' test will use this for --infra-command cat >pause <<EOF #!/bin/sh @@ -49,6 +55,7 @@ EOF chmod 755 pause # alpine because it's small and light and reliable +# - check for updates @ https://hub.docker.com/_/alpine # busybox-extras provides httpd needed in 500-networking.bats cat >Containerfile <<EOF FROM docker.io/library/alpine:3.12.0 diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 78571901d..998db5283 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -7,7 +7,7 @@ PODMAN=${PODMAN:-podman} PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"} PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"} PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"} -PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200917"} +PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200929"} PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG" # Because who wants to spell that out each time? @@ -240,6 +240,16 @@ function is_remote() { [[ "$PODMAN" =~ -remote ]] } +function is_cgroupsv1() { + # WARNING: This will break if there's ever a cgroups v3 + ! is_cgroupsv2 +} + +function is_cgroupsv2() { + cgroup_type=$(stat -f -c %T /sys/fs/cgroup) + test "$cgroup_type" = "cgroupfs" +} + ########################### # _add_label_if_missing # make sure skip messages include rootless/remote ########################### |