diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/run_security_labels.go | 4 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 6 | ||||
| -rw-r--r-- | test/system/020-tag.bats | 19 |
3 files changed, 26 insertions, 3 deletions
diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go index 7c8597866..2a0b0467d 100644 --- a/test/e2e/run_security_labels.go +++ b/test/e2e/run_security_labels.go @@ -130,7 +130,7 @@ var _ = Describe("Podman generate kube", func() { SkipIfRemote("runlabel not supported on podman-remote") PodmanDockerfile := ` FROM alpine:latest -LABEL io.containers.capabilities=chown,mknod` +LABEL io.containers.capabilities=chown,kill` image := "podman-caps:podman" podmanTest.BuildImage(PodmanDockerfile, image, "false") @@ -145,7 +145,7 @@ LABEL io.containers.capabilities=chown,mknod` ctr := inspect.InspectContainerToJSON() caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("CAP_CHOWN,CAP_MKNOD")) + Expect(caps).To(Equal("CAP_CHOWN,CAP_KILL")) }) }) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 2d4f3a42d..292df529c 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -261,6 +261,8 @@ var _ = Describe("Podman run", func() { }) It("podman run user capabilities test", func() { + // We need to ignore the containers.conf on the test distribution for this test + os.Setenv("CONTAINERS_CONF", "/dev/null") session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", ALPINE, "grep", "CapBnd", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -293,6 +295,8 @@ var _ = Describe("Podman run", func() { }) It("podman run user capabilities test with image", func() { + // We need to ignore the containers.conf on the test distribution for this test + os.Setenv("CONTAINERS_CONF", "/dev/null") SkipIfRemote("FIXME This should work on podman-remote") dockerfile := `FROM busybox USER bin` @@ -1134,7 +1138,7 @@ USER mail` It("podman run --device-cgroup-rule", func() { SkipIfRootless("rootless users are not allowed to mknod") deviceCgroupRule := "c 42:* rwm" - session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) + session := podmanTest.Podman([]string{"run", "--cap-add", "mknod", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) session = podmanTest.Podman([]string{"exec", "test", "mknod", "newDev", "c", "42", "1"}) diff --git a/test/system/020-tag.bats b/test/system/020-tag.bats index 7593ad68f..1f5eede39 100644 --- a/test/system/020-tag.bats +++ b/test/system/020-tag.bats @@ -32,4 +32,23 @@ function _tag_and_check() { is "$output" "Error: \"registry.com/foo:bar\": no such tag" } +@test "podman untag all" { + # First get the image ID + run_podman inspect --format '{{.ID}}' $IMAGE + iid=$output + + # Add a couple of tags + run_podman tag $IMAGE registry.com/1:latest registry.com/2:latest registry.com/3:latest + + # Untag with arguments to for all tags to be removed + run_podman untag $iid + + # Now make sure all tags are removed + run_podman image inspect $iid --format "{{.RepoTags}}" + is "$output" "\[\]" "untag by ID leaves empty set of tags" + + # Restore image + run_podman tag $iid $IMAGE +} + # vim: filetype=sh |