diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/20-containers.at | 9 | ||||
| -rw-r--r-- | test/e2e/common_test.go | 4 | ||||
| -rw-r--r-- | test/e2e/create_test.go | 12 | ||||
| -rw-r--r-- | test/e2e/history_test.go | 17 | ||||
| -rw-r--r-- | test/e2e/inspect_test.go | 23 | ||||
| -rw-r--r-- | test/e2e/network_create_test.go | 17 | ||||
| -rw-r--r-- | test/e2e/ps_test.go | 7 | ||||
| -rw-r--r-- | test/e2e/pull_test.go | 10 | ||||
| -rw-r--r-- | test/e2e/rm_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/run_working_dir_test.go | 6 | ||||
| -rw-r--r-- | test/e2e/search_test.go | 13 | ||||
| -rw-r--r-- | test/python/docker/test_images.py | 12 | ||||
| -rw-r--r-- | test/system/030-run.bats | 21 | ||||
| -rw-r--r-- | test/system/040-ps.bats | 17 | ||||
| -rw-r--r-- | test/system/050-stop.bats | 43 | ||||
| -rw-r--r-- | test/system/070-build.bats | 58 | ||||
| -rw-r--r-- | test/system/075-exec.bats | 2 | ||||
| -rw-r--r-- | test/system/400-unprivileged-access.bats | 11 | ||||
| -rw-r--r-- | test/system/410-selinux.bats | 11 |
20 files changed, 250 insertions, 47 deletions
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index decdc4754..0da196e46 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -237,3 +237,12 @@ t GET containers/$cid/json 200 \ t DELETE containers/$cid 204 t DELETE images/${MultiTagName}?force=true 200 # vim: filetype=sh + +# Test Volumes field adds an anonymous volume +t POST containers/create '"Image":"'$IMAGE'","Volumes":{"/test":{}}' 201 \ + .Id~[0-9a-f]\\{64\\} +cid=$(jq -r '.Id' <<<"$output") +t GET containers/$cid/json 200 \ + .Mounts[0].Destination="/test" + +t DELETE containers/$cid?v=true 204 diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 2668b1e7b..781bbb6d2 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -10,6 +10,7 @@ import ( "sort" "strconv" "strings" + "sync" "testing" "time" @@ -84,6 +85,7 @@ type testResultsSortedLength struct{ testResultsSorted } func (a testResultsSorted) Less(i, j int) bool { return a[i].length < a[j].length } var testResults []testResult +var testResultsMutex sync.Mutex func TestMain(m *testing.M) { if reexec.Init() { @@ -349,7 +351,9 @@ func (p *PodmanTestIntegration) InspectContainer(name string) []define.InspectCo func processTestResult(f GinkgoTestDescription) { tr := testResult{length: f.Duration.Seconds(), name: f.TestText} + testResultsMutex.Lock() testResults = append(testResults, tr) + testResultsMutex.Unlock() } func GetPortLock(port string) storage.Locker { diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index a4931ff2d..73d92e5a0 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -282,7 +282,7 @@ var _ = Describe("Podman create", func() { }) It("podman create using image list by tag", func() { - session := podmanTest.Podman([]string{"create", "--pull=always", "--override-arch=arm64", "--name=foo", ALPINELISTTAG}) + session := podmanTest.Podman([]string{"create", "--pull=always", "--arch=arm64", "--name=foo", ALPINELISTTAG}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To((Equal(0))) session = podmanTest.Podman([]string{"inspect", "--format", "{{.Image}}", "foo"}) @@ -296,7 +296,7 @@ var _ = Describe("Podman create", func() { }) It("podman create using image list by digest", func() { - session := podmanTest.Podman([]string{"create", "--pull=always", "--override-arch=arm64", "--name=foo", ALPINELISTDIGEST}) + session := podmanTest.Podman([]string{"create", "--pull=always", "--arch=arm64", "--name=foo", ALPINELISTDIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To((Equal(0))) session = podmanTest.Podman([]string{"inspect", "--format", "{{.Image}}", "foo"}) @@ -310,7 +310,7 @@ var _ = Describe("Podman create", func() { }) It("podman create using image list instance by digest", func() { - session := podmanTest.Podman([]string{"create", "--pull=always", "--override-arch=arm64", "--name=foo", ALPINEARM64DIGEST}) + session := podmanTest.Podman([]string{"create", "--pull=always", "--arch=arm64", "--name=foo", ALPINEARM64DIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To((Equal(0))) session = podmanTest.Podman([]string{"inspect", "--format", "{{.Image}}", "foo"}) @@ -324,7 +324,7 @@ var _ = Describe("Podman create", func() { }) It("podman create using cross-arch image list instance by digest", func() { - session := podmanTest.Podman([]string{"create", "--pull=always", "--override-arch=arm64", "--name=foo", ALPINEARM64DIGEST}) + session := podmanTest.Podman([]string{"create", "--pull=always", "--arch=arm64", "--name=foo", ALPINEARM64DIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To((Equal(0))) session = podmanTest.Podman([]string{"inspect", "--format", "{{.Image}}", "foo"}) @@ -652,10 +652,10 @@ var _ = Describe("Podman create", func() { expectedError := "no image found in manifest list for architecture bogus" Expect(session.ErrorToString()).To(ContainSubstring(expectedError)) - session = podmanTest.Podman([]string{"create", "--platform=linux/arm64", "--override-os", "windows", ALPINE}) + session = podmanTest.Podman([]string{"create", "--platform=linux/arm64", "--os", "windows", ALPINE}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(125)) - expectedError = "--platform option can not be specified with --override-arch or --override-os" + expectedError = "--platform option can not be specified with --arch or --os" Expect(session.ErrorToString()).To(ContainSubstring(expectedError)) session = podmanTest.Podman([]string{"create", "-q", "--platform=linux/arm64", ALPINE}) diff --git a/test/e2e/history_test.go b/test/e2e/history_test.go index fea3f4d43..1c57c60de 100644 --- a/test/e2e/history_test.go +++ b/test/e2e/history_test.go @@ -65,6 +65,23 @@ var _ = Describe("Podman history", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(len(session.OutputToStringArray())).To(BeNumerically(">", 0)) + + session = podmanTest.Podman([]string{"history", "--no-trunc", "--format", "{{.ID}}", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + lines := session.OutputToStringArray() + Expect(len(lines)).To(BeNumerically(">", 0)) + // the image id must be 64 chars long + Expect(len(lines[0])).To(BeNumerically("==", 64)) + + session = podmanTest.Podman([]string{"history", "--no-trunc", "--format", "{{.CreatedBy}}", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + lines = session.OutputToStringArray() + Expect(len(lines)).To(BeNumerically(">", 0)) + Expect(session.OutputToString()).ToNot(ContainSubstring("...")) + // the second line in the alpine history contains a command longer than 45 chars + Expect(len(lines[1])).To(BeNumerically(">", 45)) }) It("podman history with json flag", func() { diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index 97f77414e..8fc9721f9 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -443,4 +443,27 @@ var _ = Describe("Podman inspect", func() { Expect(inspect.OutputToString()).To(Equal(`"{"80/tcp":[{"HostIp":"","HostPort":"8080"}]}"`)) }) + It("Verify container inspect has default network", func() { + SkipIfRootless("Requires root CNI networking") + ctrName := "testctr" + session := podmanTest.Podman([]string{"run", "-d", "--name", ctrName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + inspect := podmanTest.InspectContainer(ctrName) + Expect(len(inspect)).To(Equal(1)) + Expect(len(inspect[0].NetworkSettings.Networks)).To(Equal(1)) + }) + + It("Verify stopped container still has default network in inspect", func() { + SkipIfRootless("Requires root CNI networking") + ctrName := "testctr" + session := podmanTest.Podman([]string{"create", "--name", ctrName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + inspect := podmanTest.InspectContainer(ctrName) + Expect(len(inspect)).To(Equal(1)) + Expect(len(inspect[0].NetworkSettings.Networks)).To(Equal(1)) + }) }) diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 73e18cbce..1bf2a2691 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -375,4 +375,21 @@ var _ = Describe("Podman network create", func() { Expect(nc).To(ExitWithError()) }) + It("podman network create with internal should not have dnsname", func() { + net := "internal-test" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", "--internal", net}) + nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(net) + Expect(nc.ExitCode()).To(BeZero()) + // Not performing this check on remote tests because it is a logrus error which does + // not come back via stderr on the remote client. + if !IsRemote() { + Expect(nc.ErrorToString()).To(ContainSubstring("dnsname and --internal networks are incompatible")) + } + nc = podmanTest.Podman([]string{"network", "inspect", net}) + nc.WaitWithDefaultTimeout() + Expect(nc.ExitCode()).To(BeZero()) + Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname")) + }) + }) diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 13701fc3b..d12534219 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -396,11 +396,14 @@ var _ = Describe("Podman ps", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session = podmanTest.Podman([]string{"ps", "--pod", "--no-trunc"}) - + session = podmanTest.Podman([]string{"ps", "--no-trunc"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Not(ContainSubstring(podid))) + session = podmanTest.Podman([]string{"ps", "--pod", "--no-trunc"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring(podid)) }) diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index 7099a2904..4b73004da 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -92,7 +92,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull by digest (image list)", func() { - session := podmanTest.Podman([]string{"pull", "--override-arch=arm64", ALPINELISTDIGEST}) + session := podmanTest.Podman([]string{"pull", "--arch=arm64", ALPINELISTDIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) // inspect using the digest of the list @@ -135,7 +135,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull by instance digest (image list)", func() { - session := podmanTest.Podman([]string{"pull", "--override-arch=arm64", ALPINEARM64DIGEST}) + session := podmanTest.Podman([]string{"pull", "--arch=arm64", ALPINEARM64DIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) // inspect using the digest of the list @@ -175,7 +175,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull by tag (image list)", func() { - session := podmanTest.Podman([]string{"pull", "--override-arch=arm64", ALPINELISTTAG}) + session := podmanTest.Podman([]string{"pull", "--arch=arm64", ALPINELISTTAG}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) // inspect using the tag we used for pulling @@ -503,10 +503,10 @@ var _ = Describe("Podman pull", func() { expectedError := "no image found in manifest list for architecture bogus" Expect(session.ErrorToString()).To(ContainSubstring(expectedError)) - session = podmanTest.Podman([]string{"pull", "--platform=linux/arm64", "--override-os", "windows", ALPINE}) + session = podmanTest.Podman([]string{"pull", "--platform=linux/arm64", "--os", "windows", ALPINE}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(125)) - expectedError = "--platform option can not be specified with --override-arch or --override-os" + expectedError = "--platform option can not be specified with --arch or --os" Expect(session.ErrorToString()).To(ContainSubstring(expectedError)) session = podmanTest.Podman([]string{"pull", "-q", "--platform=linux/arm64", ALPINE}) diff --git a/test/e2e/rm_test.go b/test/e2e/rm_test.go index ca142d7f3..4c50a61ef 100644 --- a/test/e2e/rm_test.go +++ b/test/e2e/rm_test.go @@ -132,7 +132,7 @@ var _ = Describe("Podman rm", func() { latest := "-l" if IsRemote() { - latest = "test1" + latest = cid } result := podmanTest.Podman([]string{"rm", latest}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 19060ecdc..caeaf190e 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -669,7 +669,7 @@ USER bin` }) It("podman run with secrets", func() { - SkipIfRemote("--default-mount-file option is not supported in podman-remote") + SkipIfRemote("--default-mounts-file option is not supported in podman-remote") containersDir := filepath.Join(podmanTest.TempDir, "containers") err := os.MkdirAll(containersDir, 0755) Expect(err).To(BeNil()) diff --git a/test/e2e/run_working_dir_test.go b/test/e2e/run_working_dir_test.go index 7d8db361c..59538448e 100644 --- a/test/e2e/run_working_dir_test.go +++ b/test/e2e/run_working_dir_test.go @@ -2,7 +2,6 @@ package integration import ( "os" - "strings" . "github.com/containers/podman/v2/test/utils" . "github.com/onsi/ginkgo" @@ -41,12 +40,9 @@ var _ = Describe("Podman run", func() { }) It("podman run a container using non existing --workdir", func() { - if !strings.Contains(podmanTest.OCIRuntime, "crun") { - Skip("Test only works on crun") - } session := podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", ALPINE, "pwd"}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(127)) + Expect(session.ExitCode()).To(Equal(126)) }) It("podman run a container on an image with a workdir", func() { diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index 1d86ae744..4a11802c3 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -299,7 +299,6 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if force secure is true", func() { - SkipIfRemote("FIXME This should work on podman-remote") if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -324,15 +323,11 @@ registries = ['{{.Host}}:{{.Port}}']` registryFileTmpl.Execute(&buffer, registryEndpoints[5]) podmanTest.setRegistriesConfigEnv(buffer.Bytes()) ioutil.WriteFile(fmt.Sprintf("%s/registry5.conf", tempdir), buffer.Bytes(), 0644) - if IsRemote() { - podmanTest.RestartRemoteService() - defer podmanTest.RestartRemoteService() - } search := podmanTest.Podman([]string{"search", image, "--tls-verify=true"}) search.WaitWithDefaultTimeout() - Expect(search.ExitCode()).To(Equal(0)) + Expect(search.ExitCode()).To(Equal(125)) Expect(search.OutputToString()).Should(BeEmpty()) match, _ := search.ErrorGrepString("error") Expect(match).Should(BeTrue()) @@ -342,7 +337,6 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if registry is not listed as insecure", func() { - SkipIfRemote("FIXME This should work on podman-remote") if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -376,7 +370,7 @@ registries = ['{{.Host}}:{{.Port}}']` search := podmanTest.Podman([]string{"search", image}) search.WaitWithDefaultTimeout() - Expect(search.ExitCode()).To(Equal(0)) + Expect(search.ExitCode()).To(Equal(125)) Expect(search.OutputToString()).Should(BeEmpty()) match, _ := search.ErrorGrepString("error") Expect(match).Should(BeTrue()) @@ -386,7 +380,6 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if one registry is not listed as insecure", func() { - SkipIfRemote("FIXME This should work on podman-remote") if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -431,7 +424,7 @@ registries = ['{{.Host}}:{{.Port}}']` search := podmanTest.Podman([]string{"search", "my-alpine"}) search.WaitWithDefaultTimeout() - Expect(search.ExitCode()).To(Equal(0)) + Expect(search.ExitCode()).To(Equal(125)) Expect(search.OutputToString()).Should(BeEmpty()) match, _ := search.ErrorGrepString("error") Expect(match).Should(BeTrue()) diff --git a/test/python/docker/test_images.py b/test/python/docker/test_images.py index 1fa4aade9..f2b6a5190 100644 --- a/test/python/docker/test_images.py +++ b/test/python/docker/test_images.py @@ -82,8 +82,16 @@ class TestImages(unittest.TestCase): def test_search_image(self): """Search for image""" - for r in self.client.images.search("libpod/alpine"): - self.assertIn("quay.io/libpod/alpine", r["Name"]) + for r in self.client.images.search("alpine"): + self.assertIn("alpine", r["Name"]) + + def test_search_bogus_image(self): + """Search for bogus image should throw exception""" + try: + r = self.client.images.search("bogus/bogus") + except: + return + self.assertTrue(len(r)==0) def test_remove_image(self): """Remove image""" diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 29dc95dc3..dcf1da370 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -589,4 +589,25 @@ json-file | f is "${lines[1]}" "$rand" "Container runs successfully despite warning" } +@test "podman run - check workdir" { + # Workdirs specified via the CLI are not created on the root FS. + run_podman 126 run --rm --workdir /i/do/not/exist $IMAGE pwd + # Note: remote error prepends an attach error. + is "$output" "Error: .*workdir \"/i/do/not/exist\" does not exist on container.*" + + testdir=$PODMAN_TMPDIR/volume + mkdir -p $testdir + randomcontent=$(random_string 10) + echo "$randomcontent" > $testdir/content + + # Workdir does not exist on the image but is volume mounted. + run_podman run --rm --workdir /IamNotOnTheImage -v $testdir:/IamNotOnTheImage $IMAGE cat content + is "$output" "$randomcontent" "cat random content" + + # Workdir does not exist on the image but is created by the runtime as it's + # a subdir of a volume. + run_podman run --rm --workdir /IamNotOntheImage -v $testdir/content:/IamNotOntheImage/foo $IMAGE cat foo + is "$output" "$randomcontent" "cat random content" +} + # vim: filetype=sh diff --git a/test/system/040-ps.bats b/test/system/040-ps.bats index 0ae8b0ce0..ae27c479f 100644 --- a/test/system/040-ps.bats +++ b/test/system/040-ps.bats @@ -82,11 +82,10 @@ load helpers run_podman rm -a } -@test "podman ps -a --storage" { - skip_if_remote "ps --storage does not work over remote" +@test "podman ps -a --external" { # Setup: ensure that we have no hidden storage containers - run_podman ps --storage -a + run_podman ps --external -a is "${#lines[@]}" "1" "setup check: no storage containers at start of test" # Force a buildah timeout; this leaves a buildah container behind @@ -98,18 +97,18 @@ EOF run_podman ps -a is "${#lines[@]}" "1" "podman ps -a does not see buildah container" - run_podman ps --storage -a - is "${#lines[@]}" "2" "podman ps -a --storage sees buildah container" + run_podman ps --external -a + is "${#lines[@]}" "2" "podman ps -a --external sees buildah container" is "${lines[1]}" \ "[0-9a-f]\{12\} \+$IMAGE *buildah .* seconds ago .* storage .* ${PODMAN_TEST_IMAGE_NAME}-working-container" \ - "podman ps --storage" + "podman ps --external" cid="${lines[1]:0:12}" # 'rm -a' should be a NOP run_podman rm -a - run_podman ps --storage -a - is "${#lines[@]}" "2" "podman ps -a --storage sees buildah container" + run_podman ps --external -a + is "${#lines[@]}" "2" "podman ps -a --external sees buildah container" # We can't rm it without -f, but podman should issue a helpful message run_podman 2 rm "$cid" @@ -118,7 +117,7 @@ EOF # With -f, we can remove it. run_podman rm -f "$cid" - run_podman ps --storage -a + run_podman ps --external -a is "${#lines[@]}" "1" "storage container has been removed" } diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats index 548fd56ee..7d9f1fcb3 100644 --- a/test/system/050-stop.bats +++ b/test/system/050-stop.bats @@ -30,6 +30,49 @@ load helpers run_podman rm $cid } +# #9051 : podman stop --all was not working with podman-remote +@test "podman stop --all" { + # Start three containers, create (without running) a fourth + run_podman run -d --name c1 $IMAGE sleep 20 + run_podman run -d --name c2 $IMAGE sleep 40 + run_podman run -d --name c3 $IMAGE sleep 60 + run_podman create --name c4 $IMAGE sleep 80 + + # podman ps (without -a) should show the three running containers + run_podman ps --sort names --format '{{.Names}}--{{.Status}}' + is "${#lines[*]}" "3" "podman ps shows exactly three containers" + is "${lines[0]}" "c1--Up.*" "podman ps shows running container (1)" + is "${lines[1]}" "c2--Up.*" "podman ps shows running container (2)" + is "${lines[2]}" "c3--Up.*" "podman ps shows running container (3)" + + # Stop -a + run_podman stop -a -t 1 + + # Now podman ps (without -a) should show nothing. + run_podman ps --format '{{.Names}}' + is "$output" "" "podman ps, after stop -a, shows no running containers" + + # ...but with -a, containers are shown + run_podman ps -a --sort names --format '{{.Names}}--{{.Status}}' + is "${#lines[*]}" "4" "podman ps -a shows exactly four containers" + is "${lines[0]}" "c1--Exited.*" "ps -a, first stopped container" + is "${lines[1]}" "c2--Exited.*" "ps -a, second stopped container" + is "${lines[2]}" "c3--Exited.*" "ps -a, third stopped container" + is "${lines[3]}" "c4--Created.*" "ps -a, created container (unaffected)" +} + +# #9051 : podman stop --ignore was not working with podman-remote +@test "podman stop --ignore" { + name=thiscontainerdoesnotexist + run_podman 125 stop $name + is "$output" \ + "Error: no container with name or ID $name found: no such container" \ + "podman stop nonexistent container" + + run_podman stop --ignore $name + is "$output" "" "podman stop nonexistent container, with --ignore" +} + # Test fallback diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 0e83a184b..6b5bc68fb 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -29,6 +29,29 @@ EOF run_podman rmi -f build_test } +@test "podman build - basic test with --pull" { + rand_filename=$(random_string 20) + rand_content=$(random_string 50) + + run_podman tag $IMAGE localhost/localonly + + tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir + dockerfile=$tmpdir/Dockerfile + cat >$dockerfile <<EOF +FROM localhost/localonly +RUN echo $rand_content > /$rand_filename +EOF + # With --pull, Podman would try to pull a newer image but use the local one + # if present. See #9111. + run_podman build --pull -t build_test $tmpdir + + run_podman run --rm build_test cat /$rand_filename + is "$output" "$rand_content" "reading generated file in image" + + run_podman rmi -f build_test localhost/localonly +} + @test "podman build - global runtime flags test" { skip_if_remote "--runtime-flag flag not supported for remote" @@ -126,6 +149,23 @@ EOF label_name=l$(random_string 8) label_value=$(random_string 12) + # #8679: Create a secrets directory, and mount it in the container + # (can only test locally; podman-remote has no --default-mounts-file opt) + MOUNTS_CONF= + secret_contents="ceci nest pas un secret" + CAT_SECRET="echo $secret_contents" + if ! is_remote; then + mkdir $tmpdir/secrets + echo $tmpdir/secrets:/run/secrets > $tmpdir/mounts.conf + + secret_filename=secretfile-$(random_string 20) + secret_contents=shhh-$(random_string 30)-shhh + echo $secret_contents >$tmpdir/secrets/$secret_filename + + MOUNTS_CONF=--default-mounts-file=$tmpdir/mounts.conf + CAT_SECRET="cat /run/secrets/$secret_filename" + fi + # Command to run on container startup with no args cat >$tmpdir/mycmd <<EOF #!/bin/sh @@ -133,6 +173,7 @@ PATH=/usr/bin:/bin pwd echo "\$1" printenv | grep MYENV | sort | sed -e 's/^MYENV.=//' +$CAT_SECRET EOF # For overriding with --env-file; using multiple files confirms that @@ -145,10 +186,12 @@ EOF https_proxy=https-proxy-in-env-file EOF + # NOTE: it's important to not create the workdir. + # Podman will make sure to create a missing workdir + # if needed. See #9040. cat >$tmpdir/Containerfile <<EOF FROM $IMAGE LABEL $label_name=$label_value -RUN mkdir $workdir WORKDIR $workdir # Test for #7094 - chowning of invalid symlinks @@ -169,14 +212,20 @@ ENV ftp_proxy ftp-proxy-in-image ADD mycmd /bin/mydefaultcmd RUN chmod 755 /bin/mydefaultcmd RUN chown 2:3 /bin/mydefaultcmd + +RUN $CAT_SECRET + CMD ["/bin/mydefaultcmd","$s_echo"] EOF # cd to the dir, so we test relative paths (important for podman-remote) cd $PODMAN_TMPDIR - run_podman build -t build_test -f build-test/Containerfile build-test + run_podman ${MOUNTS_CONF} build \ + -t build_test -f build-test/Containerfile build-test local iid="${lines[-1]}" + # Make sure 'podman build' had the secret mounted + is "$output" ".*$secret_contents.*" "podman build has /run/secrets mounted" if is_remote; then ENVHOST="" @@ -187,7 +236,7 @@ EOF # Run without args - should run the above script. Verify its output. export MYENV2="$s_env2" export MYENV3="env-file-should-override-env-host!" - run_podman run --rm \ + run_podman ${MOUNTS_CONF} run --rm \ --env-file=$PODMAN_TMPDIR/env-file1 \ --env-file=$PODMAN_TMPDIR/env-file2 \ ${ENVHOST} \ @@ -207,6 +256,9 @@ EOF is "${lines[4]}" "$s_env3" "container default command: env3 (from envfile)" is "${lines[5]}" "$s_env4" "container default command: env4 (from cmdline)" + is "${lines[6]}" "$secret_contents" \ + "Contents of /run/secrets/$secret_filename in container" + # Proxies - environment should override container, but not env-file http_proxy=http-proxy-from-env ftp_proxy=ftp-proxy-from-env \ run_podman run --rm \ diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index c028e16c9..badf44c49 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -6,8 +6,6 @@ load helpers @test "podman exec - basic test" { - skip_if_remote "FIXME: pending #7241" - rand_filename=$(random_string 20) rand_content=$(random_string 50) diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index 6a89247e6..f26c97d1e 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -132,7 +132,11 @@ EOF # Run 'stat' on all the files, plus /dev/null. Get path, file type, # number of links, major, and minor (see below for why). Do it all # in one go, to avoid multiple podman-runs - run_podman run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]} + run_podman '?' run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]} + if [[ $status -gt 1 ]]; then + die "Unexpected exit status $status: expected 0 or 1" + fi + local devnull= for result in "${lines[@]}"; do # e.g. /proc/acpi:character special file:1:3:1 @@ -161,6 +165,11 @@ EOF # If you can think of a better way to do this check, # please feel free to fix it. is "$nlinks" "2" "$path: directory link count" + elif [[ $result =~ stat:.*No.such.file.or.directory ]]; then + # No matter what the path is, this is OK. It has to do with #8949 + # and RHEL8 and rootless and cgroups v1. Bottom line, what we care + # about is that the path not be available inside the container. + : else die "$path: Unknown file type '$type'" fi diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 1e44fe06c..7482d3e55 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -171,4 +171,15 @@ function check_label() { run_podman pod rm myselinuxpod } +# #8946 - better diagnostics for nonexistent attributes +@test "podman with nonexistent labels" { + skip_if_no_selinux + + # The '.*' in the error below is for dealing with podman-remote, which + # includes "error preparing container <sha> for attach" in output. + run_podman 126 run --security-opt label=type:foo.bar $IMAGE true + is "$output" "Error.*: \`/proc/thread-self/attr/exec\`: OCI runtime error: unable to assign security attribute" "useful diagnostic" +} + + # vim: filetype=sh |