summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/e2e/mount_rootless_test.go21
-rw-r--r--test/e2e/mount_test.go139
-rw-r--r--test/e2e/run_ns_test.go31
-rw-r--r--test/e2e/run_passwd_test.go8
-rw-r--r--test/e2e/run_userns_test.go25
-rw-r--r--test/e2e/untag_test.go10
-rw-r--r--test/system/070-build.bats95
-rwxr-xr-xtest/system/helpers.t2
8 files changed, 316 insertions, 15 deletions
diff --git a/test/e2e/mount_rootless_test.go b/test/e2e/mount_rootless_test.go
index ec7a573cb..312258532 100644
--- a/test/e2e/mount_rootless_test.go
+++ b/test/e2e/mount_rootless_test.go
@@ -59,4 +59,25 @@ var _ = Describe("Podman mount", func() {
session.WaitWithDefaultTimeout()
Expect(setup.ExitCode()).To(Equal(0))
})
+
+ It("podman image mount", func() {
+ setup := podmanTest.PodmanNoCache([]string{"pull", ALPINE})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ mount := podmanTest.PodmanNoCache([]string{"image", "mount", ALPINE})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).ToNot(Equal(0))
+ Expect(mount.ErrorToString()).To(ContainSubstring("podman unshare"))
+ })
+
+ It("podman unshare image podman mount", func() {
+ setup := podmanTest.PodmanNoCache([]string{"pull", ALPINE})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ session := podmanTest.Podman([]string{"unshare", PODMAN_BINARY, "image", "mount", ALPINE})
+ session.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+ })
})
diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go
index 0749a34f2..a2b448337 100644
--- a/test/e2e/mount_test.go
+++ b/test/e2e/mount_test.go
@@ -282,4 +282,143 @@ var _ = Describe("Podman mount", func() {
umount.WaitWithDefaultTimeout()
Expect(umount.ExitCode()).To(Equal(0))
})
+
+ It("podman image mount", func() {
+ setup := podmanTest.PodmanNoCache([]string{"pull", ALPINE})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ images := podmanTest.PodmanNoCache([]string{"images"})
+ images.WaitWithDefaultTimeout()
+ Expect(images.ExitCode()).To(Equal(0))
+
+ mount := podmanTest.PodmanNoCache([]string{"image", "mount", ALPINE})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+
+ umount := podmanTest.PodmanNoCache([]string{"image", "umount", ALPINE})
+ umount.WaitWithDefaultTimeout()
+ Expect(umount.ExitCode()).To(Equal(0))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ Expect(mount.OutputToString()).To(Equal(""))
+
+ // Mount multiple times
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount", ALPINE})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount", ALPINE})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+
+ // Unmount once
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount", ALPINE})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ Expect(mount.OutputToString()).To(ContainSubstring(ALPINE))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "umount", "--all"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ })
+
+ It("podman mount with json format", func() {
+ setup := podmanTest.PodmanNoCache([]string{"pull", fedoraMinimal})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ mount := podmanTest.PodmanNoCache([]string{"image", "mount", fedoraMinimal})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+
+ j := podmanTest.PodmanNoCache([]string{"image", "mount", "--format=json"})
+ j.WaitWithDefaultTimeout()
+ Expect(j.ExitCode()).To(Equal(0))
+ Expect(j.IsJSONOutputValid()).To(BeTrue())
+
+ umount := podmanTest.PodmanNoCache([]string{"image", "umount", fedoraMinimal})
+ umount.WaitWithDefaultTimeout()
+ Expect(umount.ExitCode()).To(Equal(0))
+ })
+
+ It("podman mount many", func() {
+ setup := podmanTest.PodmanNoCache([]string{"pull", fedoraMinimal})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ setup = podmanTest.PodmanNoCache([]string{"pull", ALPINE})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ setup = podmanTest.PodmanNoCache([]string{"pull", "busybox"})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
+ mount1 := podmanTest.PodmanNoCache([]string{"image", "mount", fedoraMinimal, ALPINE, "busybox"})
+ mount1.WaitWithDefaultTimeout()
+ Expect(mount1.ExitCode()).To(Equal(0))
+
+ umount := podmanTest.PodmanNoCache([]string{"image", "umount", fedoraMinimal, ALPINE})
+ umount.WaitWithDefaultTimeout()
+ Expect(umount.ExitCode()).To(Equal(0))
+
+ mount := podmanTest.PodmanNoCache([]string{"image", "mount"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ Expect(mount.OutputToString()).To(ContainSubstring("busybox"))
+
+ mount1 = podmanTest.PodmanNoCache([]string{"image", "unmount", "busybox"})
+ mount1.WaitWithDefaultTimeout()
+ Expect(mount1.ExitCode()).To(Equal(0))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ Expect(mount.OutputToString()).To(Equal(""))
+
+ mount1 = podmanTest.PodmanNoCache([]string{"image", "mount", fedoraMinimal, ALPINE, "busybox"})
+ mount1.WaitWithDefaultTimeout()
+ Expect(mount1.ExitCode()).To(Equal(0))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ Expect(mount.OutputToString()).To(ContainSubstring(fedoraMinimal))
+ Expect(mount.OutputToString()).To(ContainSubstring(ALPINE))
+
+ umount = podmanTest.PodmanNoCache([]string{"image", "umount", "--all"})
+ umount.WaitWithDefaultTimeout()
+ Expect(umount.ExitCode()).To(Equal(0))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ Expect(mount.OutputToString()).To(Equal(""))
+
+ mount1 = podmanTest.PodmanNoCache([]string{"image", "mount", "--all"})
+ mount1.WaitWithDefaultTimeout()
+ Expect(mount1.ExitCode()).To(Equal(0))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ Expect(mount.OutputToString()).To(ContainSubstring(fedoraMinimal))
+ Expect(mount.OutputToString()).To(ContainSubstring(ALPINE))
+
+ umount = podmanTest.PodmanNoCache([]string{"image", "umount", "--all"})
+ umount.WaitWithDefaultTimeout()
+ Expect(umount.ExitCode()).To(Equal(0))
+
+ mount = podmanTest.PodmanNoCache([]string{"image", "mount"})
+ mount.WaitWithDefaultTimeout()
+ Expect(mount.ExitCode()).To(Equal(0))
+ Expect(mount.OutputToString()).To(Equal(""))
+ })
})
diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go
index 2b6da2888..5242e04d2 100644
--- a/test/e2e/run_ns_test.go
+++ b/test/e2e/run_ns_test.go
@@ -2,6 +2,7 @@ package integration
import (
"os"
+ "os/exec"
"strings"
. "github.com/containers/podman/v2/test/utils"
@@ -102,4 +103,34 @@ var _ = Describe("Podman run ns", func() {
session.WaitWithDefaultTimeout()
Expect(session).To(ExitWithError())
})
+
+ It("podman run --ipc=host --pid=host", func() {
+ cmd := exec.Command("ls", "-l", "/proc/self/ns/pid")
+ res, err := cmd.Output()
+ Expect(err).To(BeNil())
+ fields := strings.Split(string(res), " ")
+ hostPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ cmd = exec.Command("ls", "-l", "/proc/self/ns/ipc")
+ res, err = cmd.Output()
+ Expect(err).To(BeNil())
+ fields = strings.Split(string(res), " ")
+ hostIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ session := podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/pid"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ fields = strings.Split(session.OutputToString(), " ")
+ ctrPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ session = podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/ipc"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ fields = strings.Split(session.OutputToString(), " ")
+ ctrIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
+
+ Expect(hostPidNS).To(Equal(ctrPidNS))
+ Expect(hostIpcNS).To(Equal(ctrIpcNS))
+ })
+
})
diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go
index a1414e313..8dea7d39b 100644
--- a/test/e2e/run_passwd_test.go
+++ b/test/e2e/run_passwd_test.go
@@ -33,27 +33,27 @@ var _ = Describe("Podman run passwd", func() {
})
It("podman run no user specified ", func() {
- session := podmanTest.Podman([]string{"run", BB, "mount"})
+ session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeFalse())
})
It("podman run user specified in container", func() {
- session := podmanTest.Podman([]string{"run", "-u", "bin", BB, "mount"})
+ session := podmanTest.Podman([]string{"run", "--read-only", "-u", "bin", BB, "mount"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeFalse())
})
It("podman run UID specified in container", func() {
- session := podmanTest.Podman([]string{"run", "-u", "2:1", BB, "mount"})
+ session := podmanTest.Podman([]string{"run", "--read-only", "-u", "2:1", BB, "mount"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeFalse())
})
It("podman run UID not specified in container", func() {
- session := podmanTest.Podman([]string{"run", "-u", "20001:1", BB, "mount"})
+ session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:1", BB, "mount"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeTrue())
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go
index 198217433..25f8d0d15 100644
--- a/test/e2e/run_userns_test.go
+++ b/test/e2e/run_userns_test.go
@@ -111,6 +111,31 @@ var _ = Describe("Podman UserNS support", func() {
Expect(session.OutputToString()).To(Equal("0"))
})
+ It("podman run --userns=keep-id can add users", func() {
+ if os.Geteuid() == 0 {
+ Skip("Test only runs without root")
+ }
+
+ userName := os.Getenv("USER")
+ if userName == "" {
+ Skip("Can't complete test if no username available")
+ }
+
+ ctrName := "ctr-name"
+ session := podmanTest.Podman([]string{"run", "--userns=keep-id", "--user", "root:root", "-d", "--stop-signal", "9", "--name", ctrName, fedoraMinimal, "sleep", "600"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ exec1 := podmanTest.Podman([]string{"exec", "-t", "-i", ctrName, "cat", "/etc/passwd"})
+ exec1.WaitWithDefaultTimeout()
+ Expect(exec1.ExitCode()).To(Equal(0))
+ Expect(exec1.OutputToString()).To(ContainSubstring(userName))
+
+ exec2 := podmanTest.Podman([]string{"exec", "-t", "-i", ctrName, "useradd", "testuser"})
+ exec2.WaitWithDefaultTimeout()
+ Expect(exec2.ExitCode()).To(Equal(0))
+ })
+
It("podman --userns=auto", func() {
u, err := user.Current()
Expect(err).To(BeNil())
diff --git a/test/e2e/untag_test.go b/test/e2e/untag_test.go
index 50da76f7c..4e6dd6462 100644
--- a/test/e2e/untag_test.go
+++ b/test/e2e/untag_test.go
@@ -33,7 +33,11 @@ var _ = Describe("Podman untag", func() {
})
It("podman untag all", func() {
- Skip(v2remotefail)
+ SkipIfRemote()
+ setup := podmanTest.PodmanNoCache([]string{"pull", ALPINE})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
tags := []string{ALPINE, "registry.com/foo:bar", "localhost/foo:bar"}
cmd := []string{"tag"}
@@ -63,6 +67,10 @@ var _ = Describe("Podman untag", func() {
})
It("podman tag/untag - tag normalization", func() {
+ setup := podmanTest.PodmanNoCache([]string{"pull", ALPINE})
+ setup.WaitWithDefaultTimeout()
+ Expect(setup.ExitCode()).To(Equal(0))
+
tests := []struct {
tag, normalized string
}{
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 84d3adec1..627b9caa6 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -109,6 +109,7 @@ EOF
s_env1=$(random_string 20)
s_env2=$(random_string 25)
s_env3=$(random_string 30)
+ s_env4=$(random_string 40)
# Label name: make sure it begins with a letter! jq barfs if you
# try to ask it for '.foo.<N>xyz', i.e. any string beginning with digit
@@ -118,11 +119,17 @@ EOF
# Command to run on container startup with no args
cat >$tmpdir/mycmd <<EOF
#!/bin/sh
+PATH=/usr/bin:/bin
pwd
echo "\$1"
-echo "\$MYENV1"
-echo "\$MYENV2"
-echo "\$MYENV3"
+printenv | grep MYENV | sort | sed -e 's/^MYENV.=//'
+EOF
+
+ # For overridding with --env-file
+ cat >$PODMAN_TMPDIR/env-file <<EOF
+MYENV3=$s_env3
+http_proxy=http-proxy-in-env-file
+https_proxy=https-proxy-in-env-file
EOF
cat >$tmpdir/Containerfile <<EOF
@@ -130,11 +137,25 @@ FROM $IMAGE
LABEL $label_name=$label_value
RUN mkdir $workdir
WORKDIR $workdir
+
+# Test for #7094 - chowning of invalid symlinks
+RUN mkdir -p /a/b/c
+RUN ln -s /no/such/nonesuch /a/b/c/badsymlink
+RUN ln -s /bin/mydefaultcmd /a/b/c/goodsymlink
+RUN touch /a/b/c/myfile
+RUN chown -h 1:2 /a/b/c/badsymlink /a/b/c/goodsymlink /a/b/c/myfile
+VOLUME /a/b/c
+
+# Test for environment passing and override
ENV MYENV1=$s_env1
-ENV MYENV2 $s_env2
-ENV MYENV3 this-should-be-overridden
+ENV MYENV2 this-should-be-overridden-by-env-host
+ENV MYENV3 this-should-be-overridden-by-env-file
+ENV MYENV4 this-should-be-overridden-by-cmdline
+ENV http_proxy http-proxy-in-image
+ENV ftp_proxy ftp-proxy-in-image
ADD mycmd /bin/mydefaultcmd
RUN chmod 755 /bin/mydefaultcmd
+RUN chown 2:3 /bin/mydefaultcmd
CMD ["/bin/mydefaultcmd","$s_echo"]
EOF
@@ -143,12 +164,28 @@ EOF
run_podman build -t build_test -f build-test/Containerfile build-test
# Run without args - should run the above script. Verify its output.
- run_podman run --rm -e MYENV3="$s_env3" build_test
+ export MYENV2="$s_env2"
+ export MYENV3="env-file-should-override-env-host!"
+ run_podman run --rm \
+ --env-file=$PODMAN_TMPDIR/env-file \
+ --env-host \
+ -e MYENV4="$s_env4" \
+ build_test
is "${lines[0]}" "$workdir" "container default command: pwd"
is "${lines[1]}" "$s_echo" "container default command: output from echo"
is "${lines[2]}" "$s_env1" "container default command: env1"
is "${lines[3]}" "$s_env2" "container default command: env2"
- is "${lines[4]}" "$s_env3" "container default command: env3 (from cmdline)"
+ is "${lines[4]}" "$s_env3" "container default command: env3 (from envfile)"
+ is "${lines[5]}" "$s_env4" "container default command: env4 (from cmdline)"
+
+ # Proxies - environment should override container, but not env-file
+ http_proxy=http-proxy-from-env ftp_proxy=ftp-proxy-from-env \
+ run_podman run --rm --env-file=$PODMAN_TMPDIR/env-file \
+ build_test \
+ printenv http_proxy https_proxy ftp_proxy
+ is "${lines[0]}" "http-proxy-in-env-file" "env-file overrides env"
+ is "${lines[1]}" "https-proxy-in-env-file" "env-file sets proxy var"
+ is "${lines[2]}" "ftp-proxy-from-env" "ftp-proxy is passed through"
# test that workdir is set for command-line commands also
run_podman run --rm build_test pwd
@@ -159,8 +196,9 @@ EOF
run_podman image inspect build_test
tests="
Env[1] | MYENV1=$s_env1
-Env[2] | MYENV2=$s_env2
-Env[3] | MYENV3=this-should-be-overridden
+Env[2] | MYENV2=this-should-be-overridden-by-env-host
+Env[3] | MYENV3=this-should-be-overridden-by-env-file
+Env[4] | MYENV4=this-should-be-overridden-by-cmdline
Cmd[0] | /bin/mydefaultcmd
Cmd[1] | $s_echo
WorkingDir | $workdir
@@ -173,10 +211,49 @@ Labels.$label_name | $label_value
is "$actual" "$expect" "jq .Config.$field"
done
+ # Bad symlink in volume. Prior to #7094, well, we wouldn't actually
+ # get here because any 'podman run' on a volume that had symlinks,
+ # be they dangling or valid, would barf with
+ # Error: chown <mountpath>/_data/symlink: ENOENT
+ run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/badsymlink
+ is "$output" "0:0:'/a/b/c/badsymlink' -> '/no/such/nonesuch'" \
+ "bad symlink to nonexistent file is chowned and preserved"
+
+ run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/goodsymlink
+ is "$output" "0:0:'/a/b/c/goodsymlink' -> '/bin/mydefaultcmd'" \
+ "good symlink to existing file is chowned and preserved"
+
+ run_podman run --rm build_test stat -c'%u:%g' /bin/mydefaultcmd
+ is "$output" "2:3" "target of symlink is not chowned"
+
+ run_podman run --rm build_test stat -c'%u:%g:%N' /a/b/c/myfile
+ is "$output" "0:0:/a/b/c/myfile" "file in volume is chowned to root"
+
# Clean up
run_podman rmi -f build_test
}
+@test "podman build - stdin test" {
+ if is_remote && is_rootless; then
+ skip "unreliable with podman-remote and rootless; #2972"
+ fi
+
+ # Random workdir, and multiple random strings to verify command & env
+ workdir=/$(random_string 10)
+ PODMAN_TIMEOUT=240 run_podman build -t build_test - << EOF
+FROM $IMAGE
+RUN mkdir $workdir
+WORKDIR $workdir
+RUN /bin/echo 'Test'
+EOF
+ is "$output" ".*STEP 5: COMMIT" "COMMIT seen in log"
+
+ run_podman run --rm build_test pwd
+ is "$output" "$workdir" "pwd command in container"
+
+ run_podman rmi -f build_test
+}
+
function teardown() {
# A timeout or other error in 'build' can leave behind stale images
# that podman can't even see and which will cascade into subsequent
diff --git a/test/system/helpers.t b/test/system/helpers.t
index a022f11c4..bee09505c 100755
--- a/test/system/helpers.t
+++ b/test/system/helpers.t
@@ -6,7 +6,7 @@
# anything if we have to mess with them.
#
-source $(dirname $0)/helpers.bash
+source "$(dirname $0)"/helpers.bash
die() {
echo "$(basename $0): $*" >&2
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-12-27 16:26:33 +0000