diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/exec_test.go | 14 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 25 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 15 |
3 files changed, 53 insertions, 1 deletions
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index df86eab15..e6f63a391 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -119,6 +119,19 @@ var _ = Describe("Podman exec", func() { Expect(session.ExitCode()).To(Equal(100)) }) + It("podman exec in keep-id container drops privileges", func() { + SkipIfNotRootless("This function is not enabled for rootful podman") + ctrName := "testctr1" + testCtr := podmanTest.Podman([]string{"run", "-d", "--name", ctrName, "--userns=keep-id", ALPINE, "top"}) + testCtr.WaitWithDefaultTimeout() + Expect(testCtr.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"exec", ctrName, "grep", "CapEff", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("0000000000000000")) + }) + It("podman exec --privileged", func() { session := podmanTest.Podman([]string{"run", "--privileged", "--rm", ALPINE, "sh", "-c", "grep ^CapBnd /proc/self/status | cut -f 2"}) session.WaitWithDefaultTimeout() @@ -143,7 +156,6 @@ var _ = Describe("Podman exec", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring(bndPerms)) - }) It("podman exec --privileged", func() { diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 23930b4f7..cefe00655 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1588,4 +1588,29 @@ WORKDIR /madethis`, BB) Expect(session.OutputToString()).To(ContainSubstring("mysecret")) }) + + It("podman run --requires", func() { + depName := "ctr1" + depContainer := podmanTest.Podman([]string{"create", "--name", depName, ALPINE, "top"}) + depContainer.WaitWithDefaultTimeout() + Expect(depContainer.ExitCode()).To(Equal(0)) + + mainName := "ctr2" + mainContainer := podmanTest.Podman([]string{"run", "--name", mainName, "--requires", depName, "-d", ALPINE, "top"}) + mainContainer.WaitWithDefaultTimeout() + Expect(mainContainer.ExitCode()).To(Equal(0)) + + stop := podmanTest.Podman([]string{"stop", "--all"}) + stop.WaitWithDefaultTimeout() + Expect(stop.ExitCode()).To(Equal(0)) + + start := podmanTest.Podman([]string{"start", mainName}) + start.WaitWithDefaultTimeout() + Expect(start.ExitCode()).To(Equal(0)) + + running := podmanTest.Podman([]string{"ps", "-q"}) + running.WaitWithDefaultTimeout() + Expect(running.ExitCode()).To(Equal(0)) + Expect(len(running.OutputToStringArray())).To(Equal(2)) + }) }) diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 804dd46b1..cda054b15 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -209,4 +209,19 @@ load helpers run_podman rm -f $cid } +@test "podman rootless cni adds /usr/sbin to PATH" { + is_rootless || skip "only meaningful for rootless" + + local mynetname=testnet-$(random_string 10) + run_podman network create $mynetname + + # Test that rootless cni adds /usr/sbin to $PATH + # iptables is located under /usr/sbin and is needed for the CNI plugins. + # Debian doesn't add /usr/sbin to $PATH for rootless users so we have to add it. + PATH=/usr/local/bin:/usr/bin run_podman run --rm --network $mynetname $IMAGE ip addr + is "$output" ".*eth0.*" "Interface eth0 not found in ip addr output" + + run_podman network rm -f $mynetname +} + # vim: filetype=sh |