diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/01-basic.at | 2 | ||||
| -rw-r--r-- | test/apiv2/20-containers.at | 9 | ||||
| -rw-r--r-- | test/apiv2/44-mounts.at | 2 | ||||
| -rw-r--r-- | test/e2e/cp_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/network_connect_disconnect_test.go | 7 | ||||
| -rw-r--r-- | test/e2e/run_selinux_test.go | 49 | ||||
| -rw-r--r-- | test/python/docker/build_labels/Dockerfile | 1 | ||||
| -rw-r--r-- | test/python/docker/compat/test_images.py | 8 | ||||
| -rw-r--r-- | test/system/065-cp.bats | 220 | ||||
| -rw-r--r-- | test/system/410-selinux.bats | 20 |
10 files changed, 256 insertions, 63 deletions
diff --git a/test/apiv2/01-basic.at b/test/apiv2/01-basic.at index 1ddf49c6f..1357e0ca6 100644 --- a/test/apiv2/01-basic.at +++ b/test/apiv2/01-basic.at @@ -18,7 +18,7 @@ t HEAD libpod/_ping 200 for i in /version version; do t GET $i 200 \ .Components[0].Name="Podman Engine" \ - .Components[0].Details.APIVersion=3.0.0 \ + .Components[0].Details.APIVersion=3.1.0-dev \ .Components[0].Details.MinAPIVersion=3.0.0 \ .Components[0].Details.Os=linux \ .ApiVersion=1.40 \ diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 18364a47d..f73d03123 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -263,3 +263,12 @@ t GET containers/json 200 \ .[0].Ports[0].Type="tcp" podman stop bar + +# Test CPU limit (NanoCPUs) +t POST containers/create '"Image":"'$IMAGE'","HostConfig":{"NanoCpus":500000}' 201 \ + .Id~[0-9a-f]\\{64\\} +cid=$(jq -r '.Id' <<<"$output") +t GET containers/$cid/json 200 \ + .HostConfig.NanoCpus=500000 + +t DELETE containers/$cid?v=true 204 diff --git a/test/apiv2/44-mounts.at b/test/apiv2/44-mounts.at index fe202576d..5dc560852 100644 --- a/test/apiv2/44-mounts.at +++ b/test/apiv2/44-mounts.at @@ -4,7 +4,7 @@ podman pull $IMAGE &>/dev/null # Test various HostConfig options tmpfs_name="/mytmpfs" -t POST containers/create?name=hostconfig_test '"Image":"'$IMAGE'","Cmd":["df"],"HostConfig":{"TmpFs":{"'$tmpfs_name'":"rw"}}' 201 \ +t POST containers/create?name=hostconfig_test '"Image":"'$IMAGE'","Cmd":["df"],"HostConfig":{"Binds":["/tmp/doesnotexist:/test1"],"TmpFs":{"'$tmpfs_name'":"rw"}}' 201 \ .Id~[0-9a-f]\\{64\\} cid=$(jq -r '.Id' <<<"$output") diff --git a/test/e2e/cp_test.go b/test/e2e/cp_test.go index c0fb3f887..c0fb61544 100644 --- a/test/e2e/cp_test.go +++ b/test/e2e/cp_test.go @@ -212,6 +212,7 @@ var _ = Describe("Podman cp", func() { // Copy the root dir "/" of a container to the host. It("podman cp the root directory from the ctr to an existing directory on the host ", func() { + SkipIfRootless("cannot copy tty devices in rootless mode") container := "copyroottohost" session := podmanTest.RunTopContainer(container) session.WaitWithDefaultTimeout() diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index eb8ad7181..e9a7b421f 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -193,6 +193,13 @@ var _ = Describe("Podman network connect and disconnect", func() { exec = podmanTest.Podman([]string{"exec", "-it", "test", "ip", "addr", "show", "eth1"}) exec.WaitWithDefaultTimeout() Expect(exec.ExitCode()).To(BeZero()) + + // make sure no logrus errors are shown https://github.com/containers/podman/issues/9602 + rm := podmanTest.Podman([]string{"rm", "-f", "test"}) + rm.WaitWithDefaultTimeout() + Expect(rm.ExitCode()).To(BeZero()) + Expect(rm.ErrorToString()).To(Equal("")) + }) It("podman network connect when not running", func() { diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 8c712b1be..6abe152a9 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -2,6 +2,7 @@ package integration import ( "os" + "path/filepath" . "github.com/containers/podman/v3/test/utils" . "github.com/onsi/ginkgo" @@ -294,4 +295,52 @@ var _ = Describe("Podman run", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("container_t")) }) + + It("podman test --ipc=net", func() { + session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("container_t")) + }) + + It("podman test --ipc=net", func() { + session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("container_t")) + }) + + It("podman test --runtime=/PATHTO/kata-runtime", func() { + runtime := podmanTest.OCIRuntime + podmanTest.OCIRuntime = filepath.Join(podmanTest.TempDir, "kata-runtime") + err := os.Symlink("/bin/true", podmanTest.OCIRuntime) + Expect(err).To(BeNil()) + if IsRemote() { + podmanTest.StopRemoteService() + podmanTest.StartRemoteService() + } + session := podmanTest.Podman([]string{"create", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + cid := session.OutputToString() + session = podmanTest.Podman([]string{"inspect", "--format", "{{ .ProcessLabel }}", cid}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(ContainSubstring("container_kvm_t")) + + podmanTest.OCIRuntime = runtime + if IsRemote() { + podmanTest.StopRemoteService() + podmanTest.StartRemoteService() + } + }) + + It("podman test init labels", func() { + session := podmanTest.Podman([]string{"create", ubi_init, "/sbin/init"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + cid := session.OutputToString() + session = podmanTest.Podman([]string{"inspect", "--format", "{{ .ProcessLabel }}", cid}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(ContainSubstring("container_init_t")) + }) }) diff --git a/test/python/docker/build_labels/Dockerfile b/test/python/docker/build_labels/Dockerfile new file mode 100644 index 000000000..f6e07066c --- /dev/null +++ b/test/python/docker/build_labels/Dockerfile @@ -0,0 +1 @@ +FROM quay.io/libpod/alpine:latest diff --git a/test/python/docker/compat/test_images.py b/test/python/docker/compat/test_images.py index 842e38f31..4a90069a9 100644 --- a/test/python/docker/compat/test_images.py +++ b/test/python/docker/compat/test_images.py @@ -149,6 +149,14 @@ class TestImages(unittest.TestCase): self.assertEqual(len(self.client.images.list()), 2) + def test_build_image(self): + labels = {"apple": "red", "grape": "green"} + _ = self.client.images.build(path="test/python/docker/build_labels", labels=labels, tag="labels") + image = self.client.images.get("labels") + self.assertEqual(image.labels["apple"], labels["apple"]) + self.assertEqual(image.labels["grape"], labels["grape"]) + + if __name__ == "__main__": # Setup temporary space diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats index 312106b36..88ed983d8 100644 --- a/test/system/065-cp.bats +++ b/test/system/065-cp.bats @@ -15,6 +15,7 @@ load helpers random-1-$(random_string 15) random-2-$(random_string 20) ) + echo "${randomcontent[0]}" > $srcdir/hostfile0 echo "${randomcontent[1]}" > $srcdir/hostfile1 echo "${randomcontent[2]}" > $srcdir/hostfile2 @@ -24,6 +25,10 @@ load helpers run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity run_podman exec cpcontainer mkdir /srv/subdir + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + # format is: <id> | <destination arg to cp> | <full dest path> | <test name> # where: # id is 0-2, one of the random strings/files @@ -44,8 +49,7 @@ load helpers 0 | subdir | /srv/subdir/hostfile0 | copy to workdir/subdir " - # Copy one of the files into container, exec+cat, confirm the file - # is there and matches what we expect + # RUNNING container while read id dest dest_fullname description; do run_podman cp $srcdir/hostfile$id cpcontainer:$dest run_podman exec cpcontainer cat $dest_fullname @@ -67,6 +71,44 @@ load helpers is "$output" 'Error: "/IdoNotExist/" could not be found on container cpcontainer: No such file or directory' \ "copy into nonexistent path in container" + run_podman kill cpcontainer + run_podman rm -f cpcontainer + + # CREATED container + while read id dest dest_fullname description; do + run_podman create --name cpcontainer --workdir=/srv $cpimage sleep infinity + run_podman cp $srcdir/hostfile$id cpcontainer:$dest + run_podman start cpcontainer + run_podman exec cpcontainer cat $dest_fullname + is "$output" "${randomcontent[$id]}" "$description (cp -> ctr:$dest)" + run_podman kill cpcontainer + run_podman rm -f cpcontainer + done < <(parse_table "$tests") + + run_podman rmi -f $cpimage +} + +@test "podman cp file from host to container tmpfs mount" { + srcdir=$PODMAN_TMPDIR/cp-test-file-host-to-ctr + mkdir -p $srcdir + content=tmpfile-content$(random_string 20) + echo $content > $srcdir/file + + # RUNNING container + run_podman run -d --mount type=tmpfs,dst=/tmp --name cpcontainer $IMAGE sleep infinity + run_podman cp $srcdir/file cpcontainer:/tmp + run_podman exec cpcontainer cat /tmp/file + is "$output" "${content}" "cp to running container's tmpfs" + run_podman kill cpcontainer + run_podman rm -f cpcontainer + + # CREATED container (with copy up) + run_podman create --mount type=tmpfs,dst=/tmp --name cpcontainer $IMAGE sleep infinity + run_podman cp $srcdir/file cpcontainer:/tmp + run_podman start cpcontainer + run_podman exec cpcontainer cat /tmp/file + is "$output" "${content}" "cp to created container's tmpfs" + run_podman kill cpcontainer run_podman rm -f cpcontainer } @@ -87,6 +129,10 @@ load helpers run_podman exec cpcontainer sh -c "echo ${randomcontent[1]} > /srv/containerfile1" run_podman exec cpcontainer sh -c "mkdir /srv/subdir; echo ${randomcontent[2]} > /srv/subdir/containerfile2" + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + # format is: <id> | <source arg to cp> | <destination arg (appended to $srcdir) to cp> | <full dest path (appended to $srcdir)> | <test name> tests=" 0 | /tmp/containerfile | | /containerfile | copy to srcdir/ @@ -98,20 +144,33 @@ load helpers 2 | subdir/containerfile2 | / | /containerfile2 | copy from workdir/subdir (rel path) to srcdir " - # Copy one of the files to the host, cat, confirm the file - # is there and matches what we expect + # RUNNING container while read id src dest dest_fullname description; do # dest may be "''" for empty table cells if [[ $dest == "''" ]];then unset dest fi run_podman cp cpcontainer:$src "$srcdir$dest" - run cat $srcdir$dest_fullname - is "$output" "${randomcontent[$id]}" "$description (cp ctr:$src to \$srcdir$dest)" - rm $srcdir/$dest_fullname + is "$(< $srcdir$dest_fullname)" "${randomcontent[$id]}" "$description (cp ctr:$src to \$srcdir$dest)" + rm $srcdir$dest_fullname done < <(parse_table "$tests") + run_podman kill cpcontainer + run_podman rm -f cpcontainer + # Created container + run_podman create --name cpcontainer --workdir=/srv $cpimage + while read id src dest dest_fullname description; do + # dest may be "''" for empty table cells + if [[ $dest == "''" ]];then + unset dest + fi + run_podman cp cpcontainer:$src "$srcdir$dest" + is "$(< $srcdir$dest_fullname)" "${randomcontent[$id]}" "$description (cp ctr:$src to \$srcdir$dest)" + rm $srcdir$dest_fullname + done < <(parse_table "$tests") run_podman rm -f cpcontainer + + run_podman rmi -f $cpimage } @@ -134,6 +193,10 @@ load helpers run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity run_podman exec cpcontainer mkdir /srv/subdir + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + # format is: <source arg to cp (appended to srcdir)> | <destination arg to cp> | <full dest path> | <test name> tests=" | / | /dir-test | copy to root @@ -141,9 +204,10 @@ load helpers / | /tmp | /tmp/dir-test | copy to tmp /. | /usr/ | /usr/ | copy contents of dir to usr/ | . | /srv/dir-test | copy to workdir (rel path) - | subdir/. | /srv/subdir/dir-test | copy to workdir subdir (rel path) + | subdir/. | /srv/subdir/dir-test | copy to workdir subdir (rel path) " + # RUNNING container while read src dest dest_fullname description; do # src may be "''" for empty table cells if [[ $src == "''" ]];then @@ -156,52 +220,97 @@ load helpers run_podman exec cpcontainer cat $dest_fullname/hostfile1 is "$output" "${randomcontent[1]}" "$description (cp -> ctr:$dest)" done < <(parse_table "$tests") - + run_podman kill cpcontainer run_podman rm -f cpcontainer + + # CREATED container + while read src dest dest_fullname description; do + # src may be "''" for empty table cells + if [[ $src == "''" ]];then + unset src + fi + run_podman create --name cpcontainer --workdir=/srv $cpimage sleep infinity + run_podman cp $srcdir$src cpcontainer:$dest + run_podman start cpcontainer + run_podman exec cpcontainer cat $dest_fullname/hostfile0 $dest_fullname/hostfile1 + is "${lines[0]}" "${randomcontent[0]}" "$description (cp -> ctr:$dest)" + is "${lines[1]}" "${randomcontent[1]}" "$description (cp -> ctr:$dest)" + run_podman kill cpcontainer + run_podman rm -f cpcontainer + done < <(parse_table "$tests") + + run_podman rmi -f $cpimage } @test "podman cp dir from container to host" { - srcdir=$PODMAN_TMPDIR/dir-test - mkdir -p $srcdir + destdir=$PODMAN_TMPDIR/cp-test-dir-ctr-to-host + mkdir -p $destdir + # Create 2 files with random content in the container. + local -a randomcontent=( + random-0-$(random_string 10) + random-1-$(random_string 15) + ) run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity - run_podman exec cpcontainer sh -c 'mkdir /srv/subdir; echo "This first file is on the container" > /srv/subdir/containerfile1' - run_podman exec cpcontainer sh -c 'echo "This second file is on the container as well" > /srv/subdir/containerfile2' + run_podman exec cpcontainer sh -c "mkdir /srv/subdir; echo ${randomcontent[0]} > /srv/subdir/containerfile0" + run_podman exec cpcontainer sh -c "echo ${randomcontent[1]} > /srv/subdir/containerfile1" # "." and "dir/." will copy the contents, so make sure that a dir ending # with dot is treated correctly. run_podman exec cpcontainer sh -c 'mkdir /tmp/subdir.; cp /srv/subdir/* /tmp/subdir./' - run_podman cp cpcontainer:/srv $srcdir - run cat $srcdir/srv/subdir/containerfile1 - is "$output" "This first file is on the container" - run cat $srcdir/srv/subdir/containerfile2 - is "$output" "This second file is on the container as well" - rm -rf $srcdir/srv/subdir - - run_podman cp cpcontainer:/srv/. $srcdir - run ls $srcdir/subdir - run cat $srcdir/subdir/containerfile1 - is "$output" "This first file is on the container" - run cat $srcdir/subdir/containerfile2 - is "$output" "This second file is on the container as well" - rm -rf $srcdir/subdir - - run_podman cp cpcontainer:/srv/subdir/. $srcdir - run cat $srcdir/containerfile1 - is "$output" "This first file is on the container" - run cat $srcdir/containerfile2 - is "$output" "This second file is on the container as well" - rm -rf $srcdir/subdir - - run_podman cp cpcontainer:/tmp/subdir. $srcdir - run cat $srcdir/subdir./containerfile1 - is "$output" "This first file is on the container" - run cat $srcdir/subdir./containerfile2 - is "$output" "This second file is on the container as well" - rm -rf $srcdir/subdir. + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + + # format is: <source arg to cp (appended to /srv)> | <full dest path> | <test name> + tests=" + /srv | /srv/subdir | copy /srv + /srv/ | /srv/subdir | copy /srv/ + /srv/. | /subdir | copy /srv/. + /srv/subdir/. | | copy /srv/subdir/. + /tmp/subdir. | /subdir. | copy /tmp/subdir. +" + + # RUNNING container + while read src dest_fullname description; do + if [[ $src == "''" ]];then + unset src + fi + if [[ $dest == "''" ]];then + unset dest + fi + if [[ $dest_fullname == "''" ]];then + unset dest_fullname + fi + run_podman cp cpcontainer:$src $destdir + is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description" + is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description" + rm -rf $destdir/* + done < <(parse_table "$tests") + run_podman kill cpcontainer + run_podman rm -f cpcontainer + # CREATED container + run_podman create --name cpcontainer --workdir=/srv $cpimage + while read src dest_fullname description; do + if [[ $src == "''" ]];then + unset src + fi + if [[ $dest == "''" ]];then + unset dest + fi + if [[ $dest_fullname == "''" ]];then + unset dest_fullname + fi + run_podman cp cpcontainer:$src $destdir + is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description" + is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description" + rm -rf $destdir/* + done < <(parse_table "$tests") run_podman rm -f cpcontainer + + run_podman rmi -f $cpimage } @@ -228,9 +337,7 @@ load helpers run_podman create --name cpcontainer -v $volume1:/tmp/volume -v $volume2:/tmp/volume/sub-volume $IMAGE run_podman cp $srcdir/hostfile cpcontainer:/tmp/volume/sub-volume - - run cat $volume2_mount/hostfile - is "$output" "This file should be in volume2" + is "$(< $volume2_mount/hostfile)" "This file should be in volume2" # Volume 1 must be empty. run ls $volume1_mount @@ -254,9 +361,7 @@ load helpers run_podman create --name cpcontainer -v $volume:/tmp/volume -v $mountdir:/tmp/volume/mount $IMAGE run_podman cp $srcdir/hostfile cpcontainer:/tmp/volume/mount - - run cat $mountdir/hostfile - is "$output" "This file should be in the mount" + is "$(< $mountdir/hostfile)" "This file should be in the mount" run_podman rm -f cpcontainer run_podman volume rm $volume @@ -284,7 +389,7 @@ load helpers # cp no longer supports wildcarding run_podman 125 cp 'cpcontainer:/tmp/*' $dstdir - run_podman rm cpcontainer + run_podman rm -f cpcontainer } @@ -308,7 +413,7 @@ load helpers # make sure there are no files in dstdir is "$(/bin/ls -1 $dstdir)" "" "incorrectly copied symlink from host" - run_podman rm cpcontainer + run_podman rm -f cpcontainer } @@ -332,7 +437,7 @@ load helpers # make sure there are no files in dstdir is "$(/bin/ls -1 $dstdir)" "" "incorrectly copied symlink from host" - run_podman rm cpcontainer + run_podman rm -f cpcontainer } @@ -352,7 +457,7 @@ load helpers # dstdir must be empty is "$(/bin/ls -1 $dstdir)" "" "incorrectly copied symlink from host" - run_podman rm cpcontainer + run_podman rm -f cpcontainer } @@ -409,6 +514,7 @@ load helpers run_podman exec cpcontainer cat /tmp/d3/x is "$output" "$rand_content3" "cp creates file named x" + run_podman kill cpcontainer run_podman rm -f cpcontainer } @@ -446,6 +552,7 @@ load helpers run_podman exec cpcontainer cat $graphroot/$rand_filename is "$output" "$rand_content" "Contents of file copied into container" + run_podman kill cpcontainer run_podman rm -f cpcontainer } @@ -494,6 +601,7 @@ load helpers run_podman 125 cp - cpcontainer:/tmp/IdoNotExist < $tar_file is "$output" 'Error: destination must be a directory when copying from stdin' + run_podman kill cpcontainer run_podman rm -f cpcontainer } @@ -527,8 +635,7 @@ load helpers fi tar xvf $srcdir/stdout.tar -C $srcdir - run cat $srcdir/file.txt - is "$output" "$rand_content" + is "$(< $srcdir/file.txt)" "$rand_content" run 1 ls $srcdir/empty.txt rm -f $srcdir/* @@ -539,11 +646,10 @@ load helpers fi tar xvf $srcdir/stdout.tar -C $srcdir - run cat $srcdir/tmp/file.txt - is "$output" "$rand_content" - run cat $srcdir/tmp/empty.txt - is "$output" "" + is "$(< $srcdir/tmp/file.txt)" "$rand_content" + is "$(< $srcdir/tmp/empty.txt)" "" + run_podman kill cpcontainer run_podman rm -f cpcontainer } diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 7482d3e55..215b2832e 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -39,17 +39,17 @@ function check_label() { } @test "podman selinux: container with label=disable" { - skip_if_rootless - check_label "--security-opt label=disable" "spc_t" } @test "podman selinux: privileged container" { - skip_if_rootless - check_label "--privileged --userns=host" "spc_t" } +@test "podman selinux: init container" { + check_label "--systemd=always" "container_init_t" +} + @test "podman selinux: pid=host" { # FIXME FIXME FIXME: Remove these lines once all VMs have >= 2.146.0 # (this is ugly, but better than an unconditional skip) @@ -74,6 +74,18 @@ function check_label() { check_label "--security-opt label=level:s0:c1,c2" "container_t" "s0:c1,c2" } +@test "podman selinux: inspect kvm labels" { + skip_if_no_selinux + skip_if_remote "runtime flag is not passed over remote" + if [ ! -e /usr/bin/kata-runtime ]; then + skip "kata-runtime not available" + fi + + run_podman create --runtime=kata --name myc $IMAGE + run_podman inspect --format='{{ .ProcessLabel }}' myc + is "$output" ".*container_kvm_t.*" +} + # pr #6752 @test "podman selinux: inspect multiple labels" { skip_if_no_selinux |