diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/libpod_suite_test.go | 20 | ||||
| -rw-r--r-- | test/e2e/run_cgroup_parent_test.go | 4 | ||||
| -rw-r--r-- | test/e2e/run_memory_test.go | 3 | ||||
| -rw-r--r-- | test/e2e/run_selinux_test.go | 87 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 54 | ||||
| -rw-r--r-- | test/e2e/search_test.go | 4 |
6 files changed, 112 insertions, 60 deletions
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index a1e9ba57a..d521632d7 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -31,7 +31,7 @@ var ( CGROUP_MANAGER = "systemd" STORAGE_OPTIONS = "--storage-driver vfs" ARTIFACT_DIR = "/tmp/.artifacts" - CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, nginx, redis, registry, infra} + CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, nginx, redis, registry, infra, labels} RESTORE_IMAGES = []string{ALPINE, BB} ALPINE = "docker.io/library/alpine:latest" BB = "docker.io/library/busybox:latest" @@ -41,6 +41,7 @@ var ( redis = "docker.io/library/redis:alpine" registry = "docker.io/library/registry:2" infra = "k8s.gcr.io/pause:3.1" + labels = "quay.io/baude/alpine_labels:latest" defaultWaitTimeout = 90 ) @@ -62,6 +63,7 @@ type PodmanTest struct { ArtifactPath string TempDir string CgroupManager string + Host HostOS } // HostOS is a simple struct for the test os @@ -125,6 +127,7 @@ func CreateTempDirInTempDir() (string, error) { // PodmanCreate creates a PodmanTest instance for the tests func PodmanCreate(tempDir string) PodmanTest { + host := GetHostDistributionInfo() cwd, _ := os.Getwd() podmanBinary := filepath.Join(cwd, "../../bin/podman") @@ -148,7 +151,19 @@ func PodmanCreate(tempDir string) PodmanTest { cgroupManager = os.Getenv("CGROUP_MANAGER") } - runCBinary := "/usr/bin/runc" + // Ubuntu doesn't use systemd cgroups + if host.Distribution == "ubuntu" { + cgroupManager = "cgroupfs" + } + + runCBinary, err := exec.LookPath("runc") + // If we cannot find the runc binary, setting to something static as we have no way + // to return an error. The tests will fail and point out that the runc binary could + // not be found nicely. + if err != nil { + runCBinary = "/usr/bin/runc" + } + CNIConfigDir := "/etc/cni/net.d" p := PodmanTest{ @@ -163,6 +178,7 @@ func PodmanCreate(tempDir string) PodmanTest { ArtifactPath: ARTIFACT_DIR, TempDir: tempDir, CgroupManager: cgroupManager, + Host: host, } // Setup registries.conf ENV variable diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index 00b8d952d..f266fafa4 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -45,7 +45,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() { Specify("no --cgroup-parent", func() { cgroup := "/libpod_parent" - if !containerized() { + if !containerized() && podmanTest.CgroupManager != "cgroupfs" { cgroup = "/machine.slice" } run := podmanTest.Podman([]string{"run", fedoraMinimal, "cat", "/proc/self/cgroup"}) @@ -56,7 +56,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() { }) Specify("valid --cgroup-parent using slice", func() { - if containerized() { + if containerized() || podmanTest.CgroupManager == "cgroupfs" { Skip("Requires Systemd cgroup manager support") } cgroup := "aaaa.slice" diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index cc2b969a9..d1768138b 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -39,6 +39,9 @@ var _ = Describe("Podman run memory", func() { }) It("podman run memory-reservation test", func() { + if podmanTest.Host.Distribution == "ubuntu" { + Skip("Unable to perform test on Ubuntu distributions due to memory management") + } session := podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go new file mode 100644 index 000000000..ebe6604cc --- /dev/null +++ b/test/e2e/run_selinux_test.go @@ -0,0 +1,87 @@ +package integration + +import ( + "fmt" + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "github.com/opencontainers/selinux/go-selinux" +) + +var _ = Describe("Podman run", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + if !selinux.GetEnabled() { + Skip("SELinux not enabled") + } + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) + GinkgoWriter.Write([]byte(timedResult)) + }) + + It("podman run selinux", func() { + session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("container_t") + Expect(match).Should(BeTrue()) + }) + + It("podman run selinux grep test", func() { + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=level:s0:c1,c2", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("s0:c1,c2") + Expect(match).Should(BeTrue()) + }) + + It("podman run selinux disable test", func() { + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=disable", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("spc_t") + Expect(match).Should(BeTrue()) + }) + + It("podman run selinux type check test", func() { + session := podmanTest.Podman([]string{"run", "-it", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match1, _ := session.GrepString("container_t") + match2, _ := session.GrepString("svirt_lxc_net_t") + Expect(match1 || match2).Should(BeTrue()) + }) + + It("podman run selinux type setup test", func() { + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("spc_t") + Expect(match).Should(BeTrue()) + }) + + It("podman privileged selinux", func() { + session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("spc_t") + Expect(match).Should(BeTrue()) + }) + +}) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 777b49cd8..a443d4ca5 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -10,7 +10,6 @@ import ( "github.com/mrunalp/fileutils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "github.com/opencontainers/selinux/go-selinux" ) var _ = Describe("Podman run", func() { @@ -85,59 +84,6 @@ var _ = Describe("Podman run", func() { Expect(session.ExitCode()).To(Equal(0)) }) - It("podman run selinux grep test", func() { - if !selinux.GetEnabled() { - Skip("SELinux not enabled") - } - session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=level:s0:c1,c2", ALPINE, "cat", "/proc/self/attr/current"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ := session.GrepString("s0:c1,c2") - Expect(match).Should(BeTrue()) - }) - - It("podman run selinux disable test", func() { - if !selinux.GetEnabled() { - Skip("SELinux not enabled") - } - session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=disable", ALPINE, "cat", "/proc/self/attr/current"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ := session.GrepString("spc_t") - Expect(match).Should(BeTrue()) - }) - - It("podman run selinux type check test", func() { - if !selinux.GetEnabled() { - Skip("SELinux not enabled") - } - session := podmanTest.Podman([]string{"run", "-it", ALPINE, "cat", "/proc/self/attr/current"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match1, _ := session.GrepString("container_t") - match2, _ := session.GrepString("svirt_lxc_net_t") - Expect(match1 || match2).Should(BeTrue()) - }) - - It("podman run selinux type setup test", func() { - if !selinux.GetEnabled() { - Skip("SELinux not enabled") - } - session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", ALPINE, "cat", "/proc/self/attr/current"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ := session.GrepString("spc_t") - Expect(match).Should(BeTrue()) - }) - - It("podman run seccomp undefine test", func() { - session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", ALPINE, "echo", "hello"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - match, _ := session.GrepString("hello") - Expect(match).Should(BeTrue()) - }) - It("podman run seccomp test", func() { jsonFile := filepath.Join(podmanTest.TempDir, "seccomp.json") in := []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"name":"getcwd","action":"SCMP_ACT_ERRNO"}]}`) diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index 1f06bf4a1..2848da259 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -60,10 +60,10 @@ var _ = Describe("Podman search", func() { }) It("podman search single registry flag", func() { - search := podmanTest.Podman([]string{"search", "registry.fedoraproject.org/fedora"}) + search := podmanTest.Podman([]string{"search", "registry.access.redhat.com/rhel7"}) search.WaitWithDefaultTimeout() Expect(search.ExitCode()).To(Equal(0)) - Expect(search.LineInOutputContains("fedoraproject.org/fedora")).To(BeTrue()) + Expect(search.LineInOutputContains("registry.access.redhat.com/rhel7")).To(BeTrue()) }) It("podman search format flag", func() { |