diff options
Diffstat (limited to 'test')
67 files changed, 1253 insertions, 254 deletions
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 25843e61c..4bb00398e 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -51,6 +51,21 @@ cid=$(jq -r '.[0].Id' <<<"$output") t DELETE libpod/containers/$cid 204 +# Issue #6799: it should be possible to start a container, even w/o args. +t POST libpod/containers/create?name=test_noargs Image=${IMAGE} 201 \ + .Id~[0-9a-f]\\{64\\} +cid=$(jq -r '.Id' <<<"$output") +# Prior to the fix in #6835, this would fail 500 "args must not be empty" +t POST libpod/containers/${cid}/start '' 204 +# Container should exit almost immediately. Wait for it, confirm successful run +t POST libpod/containers/${cid}/wait '' 200 '0' +t GET libpod/containers/${cid}/json 200 \ + .Id=$cid \ + .State.Status~\\\(exited\\\|stopped\\\) \ + .State.Running=false \ + .State.ExitCode=0 +t DELETE libpod/containers/$cid 204 + CNAME=myfoo podman run --name $CNAME $IMAGE -td top t GET libpod/containers/json?all=true 200 \ @@ -62,7 +77,8 @@ t POST "libpod/commit?container=nonesuch" '' 404 # Comment can only be used with docker format, not OCI cparam="repo=newrepo&comment=foo&author=bob" -t POST "libpod/commit?container=$CNAME&$cparam" '' 500 +t POST "libpod/commit?container=$CNAME&$cparam" '' 500 \ + .cause="messages are only compatible with the docker image format (-f docker)" # Commit a new image from the container t POST "libpod/commit?container=$CNAME" '' 200 \ diff --git a/test/e2e/attach_test.go b/test/e2e/attach_test.go index 9fd1466aa..827b7568d 100644 --- a/test/e2e/attach_test.go +++ b/test/e2e/attach_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -42,6 +40,7 @@ var _ = Describe("Podman attach", func() { }) It("podman attach to non-running container", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"create", "--name", "test1", "-d", "-i", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -52,6 +51,7 @@ var _ = Describe("Podman attach", func() { }) It("podman container attach to non-running container", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"container", "create", "--name", "test1", "-d", "-i", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -87,6 +87,7 @@ var _ = Describe("Podman attach", func() { Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) }) It("podman attach to the latest container", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"run", "-d", "--name", "test1", ALPINE, "/bin/sh", "-c", "while true; do echo test1; sleep 1; done"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 9c8078f16..c72d2243a 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -40,6 +38,7 @@ var _ = Describe("Podman build", func() { // Let's first do the most simple build possible to make sure stuff is // happy and then clean up after ourselves to make sure that works too. It("podman build and remove basic alpine", func() { + SkipIfRemote() session := podmanTest.PodmanNoCache([]string{"build", "build/basicalpine"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -69,6 +68,7 @@ var _ = Describe("Podman build", func() { // Check that builds with different values for the squash options // create the appropriate number of layers, then clean up after. It("podman build basic alpine with squash", func() { + SkipIfRemote() session := podmanTest.PodmanNoCache([]string{"build", "-f", "build/squash/Dockerfile.squash-a", "-t", "test-squash-a:latest", "build/squash"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -154,6 +154,7 @@ var _ = Describe("Podman build", func() { }) It("podman build basic alpine and print id to external file", func() { + SkipIfRemote() // Switch to temp dir and restore it afterwards cwd, err := os.Getwd() diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 51f290159..4fc5b3da9 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -14,6 +14,7 @@ import ( "time" "github.com/containers/libpod/v2/libpod/define" + "github.com/containers/libpod/v2/pkg/cgroups" "github.com/containers/libpod/v2/pkg/inspect" "github.com/containers/libpod/v2/pkg/rootless" . "github.com/containers/libpod/v2/test/utils" @@ -151,6 +152,8 @@ var _ = SynchronizedBeforeSuite(func() []byte { return []byte(path) }, func(data []byte) { + cwd, _ := os.Getwd() + INTEGRATION_ROOT = filepath.Join(cwd, "../../") LockTmpDir = string(data) }) @@ -595,3 +598,31 @@ func SkipIfNotFedora() { ginkgo.Skip("Test can only run on Fedora") } } + +func isRootless() bool { + return os.Geteuid() != 0 +} + +func SkipIfCgroupV1() { + cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() + Expect(err).To(BeNil()) + + if !cgroupsv2 { + Skip("Skip on systems with cgroup V1 systems") + } +} + +func SkipIfCgroupV2() { + cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() + Expect(err).To(BeNil()) + + if cgroupsv2 { + Skip("Skip on systems with cgroup V2 systems") + } +} + +// PodmanAsUser is the exec call to podman on the filesystem with the specified uid/gid and environment +func (p *PodmanTestIntegration) PodmanAsUser(args []string, uid, gid uint32, cwd string, env []string) *PodmanSessionIntegration { + podmanSession := p.PodmanAsUserBase(args, uid, gid, cwd, env, false, false, nil) + return &PodmanSessionIntegration{podmanSession} +} diff --git a/test/e2e/config/containers.conf b/test/e2e/config/containers.conf index 0a07676c4..5f852468d 100644 --- a/test/e2e/config/containers.conf +++ b/test/e2e/config/containers.conf @@ -50,3 +50,5 @@ dns_servers=[ "1.2.3.4", ] dns_options=[ "debug", ] tz = "Pacific/Honolulu" + +umask = "0002" diff --git a/test/e2e/config_amd64.go b/test/e2e/config_amd64.go index 7e5765ac7..151120058 100644 --- a/test/e2e/config_amd64.go +++ b/test/e2e/config_amd64.go @@ -5,9 +5,11 @@ var ( STORAGE_OPTIONS = "--storage-driver vfs" ROOTLESS_STORAGE_FS = "vfs" ROOTLESS_STORAGE_OPTIONS = "--storage-driver vfs" - CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, nginx, redis, registry, infra, labels, healthcheck} + CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, nginx, redis, registry, infra, labels, healthcheck, ubi_init, ubi_minimal} nginx = "quay.io/libpod/alpine_nginx:latest" BB_GLIBC = "docker.io/library/busybox:glibc" registry = "docker.io/library/registry:2.6" labels = "quay.io/libpod/alpine_labels:latest" + ubi_minimal = "registry.access.redhat.com/ubi8-minimal" + ubi_init = "registry.access.redhat.com/ubi8-init" ) diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 23d8dd197..aebbca855 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -218,6 +218,17 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("HST")) + }) + It("podman run containers.conf umask", func() { + //containers.conf umask set to 0002 + if !strings.Contains(podmanTest.OCIRuntime, "crun") { + Skip("Test only works on crun") + } + session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "sh", "-c", "umask"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("0002")) }) + }) diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index e52b37417..a6f4f830b 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -1,11 +1,10 @@ -// +build !remote - package integration import ( "os" "time" + "github.com/containers/libpod/v2/pkg/rootless" . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -19,7 +18,6 @@ var _ = Describe("Podman create with --ip flag", func() { ) BeforeEach(func() { - SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -39,18 +37,21 @@ var _ = Describe("Podman create with --ip flag", func() { }) It("Podman create --ip with garbage address", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "114232346", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result).To(ExitWithError()) }) It("Podman create --ip with v6 address", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "2001:db8:bad:beef::1", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result).To(ExitWithError()) }) It("Podman create --ip with non-allocatable IP", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -64,19 +65,25 @@ var _ = Describe("Podman create with --ip flag", func() { ip := GetRandomIPAddress() result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", ip, ALPINE, "ip", "addr"}) result.WaitWithDefaultTimeout() - Expect(result.ExitCode()).To(Equal(0)) + // Rootless static ip assignment should error + if rootless.IsRootless() { + Expect(result.ExitCode()).To(Equal(125)) + } else { + Expect(result.ExitCode()).To(Equal(0)) - result = podmanTest.Podman([]string{"start", "test"}) - result.WaitWithDefaultTimeout() - Expect(result.ExitCode()).To(Equal(0)) + result = podmanTest.Podman([]string{"start", "test"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) - result = podmanTest.Podman([]string{"logs", "test"}) - result.WaitWithDefaultTimeout() - Expect(result.ExitCode()).To(Equal(0)) - Expect(result.OutputToString()).To(ContainSubstring(ip + "/16")) + result = podmanTest.Podman([]string{"logs", "test"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.OutputToString()).To(ContainSubstring(ip + "/16")) + } }) It("Podman create two containers with the same IP", func() { + SkipIfRootless() ip := GetRandomIPAddress() result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go index fbe11440c..33675d607 100644 --- a/test/e2e/create_staticmac_test.go +++ b/test/e2e/create_staticmac_test.go @@ -1,10 +1,9 @@ -// +build !remote - package integration import ( "os" + "github.com/containers/libpod/v2/pkg/rootless" . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -18,7 +17,6 @@ var _ = Describe("Podman run with --mac-address flag", func() { ) BeforeEach(func() { - SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -40,7 +38,11 @@ var _ = Describe("Podman run with --mac-address flag", func() { It("Podman run --mac-address", func() { result := podmanTest.Podman([]string{"run", "--mac-address", "92:d0:c6:0a:29:34", ALPINE, "ip", "addr"}) result.WaitWithDefaultTimeout() - Expect(result.ExitCode()).To(Equal(0)) - Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:0a:29:34")) + if rootless.IsRootless() { + Expect(result.ExitCode()).To(Equal(125)) + } else { + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:0a:29:34")) + } }) }) diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index f21f17d39..09b4f5911 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -5,6 +5,7 @@ import ( "io/ioutil" "os" "path/filepath" + "strings" . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" @@ -499,4 +500,46 @@ var _ = Describe("Podman create", func() { Expect(data[0].Config.Timezone).To(Equal("local")) }) + It("podman create --umask", func() { + if !strings.Contains(podmanTest.OCIRuntime, "crun") { + Skip("Test only works on crun") + } + + session := podmanTest.Podman([]string{"create", "--name", "default", ALPINE}) + session.WaitWithDefaultTimeout() + inspect := podmanTest.Podman([]string{"inspect", "default"}) + inspect.WaitWithDefaultTimeout() + data := inspect.InspectContainerToJSON() + Expect(len(data)).To(Equal(1)) + Expect(data[0].Config.Umask).To(Equal("0022")) + + session = podmanTest.Podman([]string{"create", "--umask", "0002", "--name", "umask", ALPINE}) + session.WaitWithDefaultTimeout() + inspect = podmanTest.Podman([]string{"inspect", "umask"}) + inspect.WaitWithDefaultTimeout() + data = inspect.InspectContainerToJSON() + Expect(len(data)).To(Equal(1)) + Expect(data[0].Config.Umask).To(Equal("0002")) + + session = podmanTest.Podman([]string{"create", "--umask", "0077", "--name", "fedora", fedoraMinimal}) + session.WaitWithDefaultTimeout() + inspect = podmanTest.Podman([]string{"inspect", "fedora"}) + inspect.WaitWithDefaultTimeout() + data = inspect.InspectContainerToJSON() + Expect(len(data)).To(Equal(1)) + Expect(data[0].Config.Umask).To(Equal("0077")) + + session = podmanTest.Podman([]string{"create", "--umask", "22", "--name", "umask-short", ALPINE}) + session.WaitWithDefaultTimeout() + inspect = podmanTest.Podman([]string{"inspect", "umask-short"}) + inspect.WaitWithDefaultTimeout() + data = inspect.InspectContainerToJSON() + Expect(len(data)).To(Equal(1)) + Expect(data[0].Config.Umask).To(Equal("0022")) + + session = podmanTest.Podman([]string{"create", "--umask", "9999", "--name", "bad", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + Expect(session.ErrorToString()).To(ContainSubstring("Invalid umask")) + }) }) diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go index 7f9550255..9b527b88e 100644 --- a/test/e2e/events_test.go +++ b/test/e2e/events_test.go @@ -15,11 +15,11 @@ import ( var _ = Describe("Podman events", func() { var ( tempdir string - err error podmanTest *PodmanTestIntegration ) BeforeEach(func() { + var err error tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -136,6 +136,7 @@ var _ = Describe("Podman events", func() { Expect(ec).To(Equal(0)) test := podmanTest.Podman([]string{"events", "--stream=false", "--format", "json"}) test.WaitWithDefaultTimeout() + Expect(test.ExitCode()).To(BeZero()) jsonArr := test.OutputToStringArray() Expect(len(jsonArr)).To(Not(BeZero())) eventsMap := make(map[string]string) @@ -143,10 +144,10 @@ var _ = Describe("Podman events", func() { Expect(err).To(BeNil()) _, exist := eventsMap["Status"] Expect(exist).To(BeTrue()) - Expect(test.ExitCode()).To(BeZero()) test = podmanTest.Podman([]string{"events", "--stream=false", "--format", "{{json.}}"}) test.WaitWithDefaultTimeout() + Expect(test.ExitCode()).To(BeZero()) jsonArr = test.OutputToStringArray() Expect(len(jsonArr)).To(Not(BeZero())) eventsMap = make(map[string]string) @@ -154,6 +155,5 @@ var _ = Describe("Podman events", func() { Expect(err).To(BeNil()) _, exist = eventsMap["Status"] Expect(exist).To(BeTrue()) - Expect(test.ExitCode()).To(BeZero()) }) }) diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 4f744e401..0e60c4a7d 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -79,7 +79,6 @@ var _ = Describe("Podman exec", func() { }) It("podman exec environment test", func() { - Skip(v2remotefail) setup := podmanTest.RunTopContainer("test1") setup.WaitWithDefaultTimeout() Expect(setup.ExitCode()).To(Equal(0)) @@ -99,7 +98,6 @@ var _ = Describe("Podman exec", func() { It("podman exec os.Setenv env", func() { // remote doesn't properly interpret os.Setenv - SkipIfRemote() setup := podmanTest.RunTopContainer("test1") setup.WaitWithDefaultTimeout() Expect(setup.ExitCode()).To(Equal(0)) @@ -159,7 +157,6 @@ var _ = Describe("Podman exec", func() { }) It("podman exec with user only in container", func() { - Skip(v2remotefail) testUser := "test123" setup := podmanTest.Podman([]string{"run", "--name", "test1", "-d", fedoraMinimal, "sleep", "60"}) setup.WaitWithDefaultTimeout() @@ -176,7 +173,6 @@ var _ = Describe("Podman exec", func() { }) It("podman exec with user from run", func() { - Skip(v2remotefail) testUser := "guest" setup := podmanTest.Podman([]string{"run", "--user", testUser, "-d", ALPINE, "top"}) setup.WaitWithDefaultTimeout() @@ -196,7 +192,6 @@ var _ = Describe("Podman exec", func() { }) It("podman exec simple working directory test", func() { - Skip(v2remotefail) setup := podmanTest.RunTopContainer("test1") setup.WaitWithDefaultTimeout() Expect(setup.ExitCode()).To(Equal(0)) diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index 987e4779c..7a3bfdf61 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -254,8 +252,6 @@ var _ = Describe("Podman generate kube", func() { }) It("podman generate with user and reimport kube on pod", func() { - // This test fails on ubuntu due to https://github.com/seccomp/containers-golang/pull/27 - SkipIfNotFedora() podName := "toppod" _, rc, _ := podmanTest.CreatePod(podName) Expect(rc).To(Equal(0)) diff --git a/test/e2e/info_test.go b/test/e2e/info_test.go index e38ace53f..8aa9712fd 100644 --- a/test/e2e/info_test.go +++ b/test/e2e/info_test.go @@ -11,6 +11,7 @@ import ( . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gexec" ) var _ = Describe("Podman Info", func() { @@ -35,11 +36,30 @@ var _ = Describe("Podman Info", func() { processTestResult(f) }) - It("podman info json output", func() { - session := podmanTest.Podman([]string{"info", "--format=json"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - + It("podman info --format json", func() { + tests := []struct { + input string + success bool + exitCode int + }{ + {"json", true, 0}, + {" json", true, 0}, + {"json ", true, 0}, + {" json ", true, 0}, + {"{{json .}}", true, 0}, + {"{{ json .}}", true, 0}, + {"{{json . }}", true, 0}, + {" {{ json . }} ", true, 0}, + {"{{json }}", false, 125}, + {"{{json .", false, 125}, + {"json . }}", false, 0}, // Note: this does NOT fail but produces garbage + } + for _, tt := range tests { + session := podmanTest.Podman([]string{"info", "--format", tt.input}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(tt.exitCode)) + Expect(session.IsJSONOutputValid()).To(Equal(tt.success)) + } }) It("podman info --format GO template", func() { diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go index 8a071a911..263139064 100644 --- a/test/e2e/libpod_suite_remote_test.go +++ b/test/e2e/libpod_suite_remote_test.go @@ -28,11 +28,6 @@ func SkipIfRootless() { ginkgo.Skip("This function is not enabled for rootless podman") } } -func SkipIfRootlessV2() { - if os.Geteuid() != 0 { - ginkgo.Skip("This function is not enabled for v2 rootless podman") - } -} // Podman is the exec call to podman on the filesystem func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration { diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 3543bd110..bfd898108 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -9,7 +9,7 @@ import ( "path/filepath" "strings" - "github.com/onsi/ginkgo" + . "github.com/onsi/ginkgo" ) func SkipIfRemote() { @@ -17,13 +17,7 @@ func SkipIfRemote() { func SkipIfRootless() { if os.Geteuid() != 0 { - ginkgo.Skip("This function is not enabled for rootless podman") - } -} - -func SkipIfRootlessV2() { - if os.Geteuid() != 0 { - ginkgo.Skip("This function is not enabled for v2 rootless podman") + Skip("This function is not enabled for rootless podman") } } @@ -52,12 +46,6 @@ func (p *PodmanTestIntegration) PodmanNoEvents(args []string) *PodmanSessionInte return &PodmanSessionIntegration{podmanSession} } -// PodmanAsUser is the exec call to podman on the filesystem with the specified uid/gid and environment -func (p *PodmanTestIntegration) PodmanAsUser(args []string, uid, gid uint32, cwd string, env []string) *PodmanSessionIntegration { - podmanSession := p.PodmanAsUserBase(args, uid, gid, cwd, env, false, false, nil) - return &PodmanSessionIntegration{podmanSession} -} - func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() { defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf") os.Setenv("REGISTRIES_CONFIG_PATH", defaultFile) diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go index df2613334..879291c36 100644 --- a/test/e2e/load_test.go +++ b/test/e2e/load_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -125,6 +123,7 @@ var _ = Describe("Podman load", func() { }) It("podman load directory", func() { + SkipIfRemote() outdir := filepath.Join(podmanTest.TempDir, "alpine") save := podmanTest.PodmanNoCache([]string{"save", "--format", "oci-dir", "-o", outdir, ALPINE}) @@ -228,6 +227,7 @@ var _ = Describe("Podman load", func() { }) It("podman load localhost registry from dir", func() { + SkipIfRemote() outfile := filepath.Join(podmanTest.TempDir, "load") setup := podmanTest.PodmanNoCache([]string{"tag", BB, "hello:world"}) diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go index 3bdce970b..66f764925 100644 --- a/test/e2e/login_logout_test.go +++ b/test/e2e/login_logout_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/logs_test.go b/test/e2e/logs_test.go index 1ceab9161..dd69e4ce8 100644 --- a/test/e2e/logs_test.go +++ b/test/e2e/logs_test.go @@ -121,7 +121,6 @@ var _ = Describe("Podman logs", func() { }) It("latest and container name should fail", func() { - SkipIfRemote() // -l not supported results := podmanTest.Podman([]string{"logs", "-l", "foobar"}) results.WaitWithDefaultTimeout() Expect(results).To(ExitWithError()) @@ -159,7 +158,6 @@ var _ = Describe("Podman logs", func() { }) It("using journald for container with container tag", func() { - SkipIfRemote() Skip("need to verify images have correct packages for journald") logc := podmanTest.Podman([]string{"run", "--log-driver", "journald", "--log-opt=tag={{.ImageName}}", "-d", ALPINE, "sh", "-c", "echo podman; sleep 0.1; echo podman; sleep 0.1; echo podman"}) logc.WaitWithDefaultTimeout() @@ -178,7 +176,6 @@ var _ = Describe("Podman logs", func() { It("using journald for container name", func() { Skip("need to verify images have correct packages for journald") - SkipIfRemote() containerName := "inside-journal" logc := podmanTest.Podman([]string{"run", "--log-driver", "journald", "-d", "--name", containerName, ALPINE, "sh", "-c", "echo podman; sleep 0.1; echo podman; sleep 0.1; echo podman"}) logc.WaitWithDefaultTimeout() @@ -273,7 +270,6 @@ var _ = Describe("Podman logs", func() { }) It("streaming output", func() { - Skip(v2remotefail) containerName := "logs-f-rm" logc := podmanTest.Podman([]string{"run", "--rm", "--name", containerName, "-dt", ALPINE, "sh", "-c", "echo podman; sleep 1; echo podman"}) @@ -314,7 +310,6 @@ var _ = Describe("Podman logs", func() { }) It("follow output stopped container", func() { - Skip(v2remotefail) containerName := "logs-f" logc := podmanTest.Podman([]string{"run", "--name", containerName, "-d", ALPINE, "true"}) diff --git a/test/e2e/namespace_test.go b/test/e2e/namespace_test.go index 70472f384..5756a8fa2 100644 --- a/test/e2e/namespace_test.go +++ b/test/e2e/namespace_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -35,6 +33,7 @@ var _ = Describe("Podman namespaces", func() { }) It("podman namespace test", func() { + SkipIfRemote() podman1 := podmanTest.Podman([]string{"--namespace", "test1", "run", "-d", ALPINE, "echo", "hello"}) podman1.WaitWithDefaultTimeout() Expect(podman1.ExitCode()).To(Equal(0)) diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 83b0ce32c..24f711ae7 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -140,6 +138,7 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with name and subnet", func() { + SkipIfRemote() var ( results []network.NcList ) diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 23604f47d..052db3842 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -8,6 +6,7 @@ import ( "io/ioutil" "os" "path/filepath" + "strings" "text/template" . "github.com/containers/libpod/v2/test/utils" @@ -50,6 +49,10 @@ spec: {{ range .Cmd }} - {{.}} {{ end }} + args: + {{ range .Arg }} + - {{.}} + {{ end }} env: - name: PATH value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -82,6 +85,11 @@ spec: {{ end }} privileged: false readOnlyRootFilesystem: false + ports: + - containerPort: {{ .Port }} + hostIP: {{ .HostIP }} + hostPort: {{ .Port }} + protocol: TCP workingDir: / {{ end }} {{ end }} @@ -129,6 +137,10 @@ spec: {{ range .Cmd }} - {{.}} {{ end }} + args: + {{ range .Arg }} + - {{.}} + {{ end }} env: - name: PATH value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin @@ -171,6 +183,7 @@ spec: var ( defaultCtrName = "testCtr" defaultCtrCmd = []string{"top"} + defaultCtrArg = []string{"-d", "1.5"} defaultCtrImage = ALPINE defaultPodName = "testPod" defaultDeploymentName = "testDeployment" @@ -322,17 +335,20 @@ type Ctr struct { Name string Image string Cmd []string + Arg []string SecurityContext bool Caps bool CapAdd []string CapDrop []string PullPolicy string + HostIP string + Port string } // getCtr takes a list of ctrOptions and returns a Ctr with sane defaults // and the configured options func getCtr(options ...ctrOption) *Ctr { - c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, true, false, nil, nil, ""} + c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, defaultCtrArg, true, false, nil, nil, "", "", ""} for _, option := range options { option(&c) } @@ -347,6 +363,12 @@ func withCmd(cmd []string) ctrOption { } } +func withArg(arg []string) ctrOption { + return func(c *Ctr) { + c.Arg = arg + } +} + func withImage(img string) ctrOption { return func(c *Ctr) { c.Image = img @@ -379,6 +401,13 @@ func withPullPolicy(policy string) ctrOption { } } +func withHostIP(ip string, port string) ctrOption { + return func(c *Ctr) { + c.HostIP = ip + c.Port = port + } +} + func getCtrNameInPod(pod *Pod) string { return fmt.Sprintf("%s-%s", pod.Name, defaultCtrName) } @@ -430,6 +459,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman play kube test correct command", func() { + SkipIfRemote() pod := getPod() err := generatePodKubeYaml(pod, kubeYaml) Expect(err).To(BeNil()) @@ -438,14 +468,52 @@ var _ = Describe("Podman generate kube", func() { kube.WaitWithDefaultTimeout() Expect(kube.ExitCode()).To(Equal(0)) - inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod)}) + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Cmd }}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + // Use the defined command to override the image's command + correctCmd := "[" + strings.Join(defaultCtrCmd, " ") + " " + strings.Join(defaultCtrArg, " ") + Expect(inspect.OutputToString()).To(ContainSubstring(correctCmd)) + }) + + It("podman play kube test correct command with only set command in yaml file", func() { + SkipIfRemote() + pod := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg(nil)))) + err := generatePodKubeYaml(pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Cmd }}'"}) inspect.WaitWithDefaultTimeout() Expect(inspect.ExitCode()).To(Equal(0)) - Expect(inspect.OutputToString()).To(ContainSubstring(defaultCtrCmd[0])) + // Use the defined command to override the image's command, and don't set the args + // so the full command in result should not contains the image's command + Expect(inspect.OutputToString()).To(ContainSubstring(`[echo hello]`)) + }) + + It("podman play kube test correct command with only set args in yaml file", func() { + pod := getPod(withCtr(getCtr(withImage(redis), withCmd(nil), withArg([]string{"echo", "hello"})))) + err := generatePodKubeYaml(pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .Config.Cmd }}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + // this image's ENTRYPOINT is called `docker-entrypoint.sh` + // so result should be `docker-entrypoint.sh + withArg(...)` + Expect(inspect.OutputToString()).To(ContainSubstring(`[docker-entrypoint.sh echo hello]`)) }) It("podman play kube test correct output", func() { - p := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"})))) + SkipIfRemote() + p := getPod(withCtr(getCtr(withCmd([]string{"echo", "hello"}), withArg([]string{"world"})))) err := generatePodKubeYaml(p, kubeYaml) Expect(err).To(BeNil()) @@ -457,12 +525,12 @@ var _ = Describe("Podman generate kube", func() { logs := podmanTest.Podman([]string{"logs", getCtrNameInPod(p)}) logs.WaitWithDefaultTimeout() Expect(logs.ExitCode()).To(Equal(0)) - Expect(logs.OutputToString()).To(ContainSubstring("hello")) + Expect(logs.OutputToString()).To(ContainSubstring("hello world")) inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(p), "--format", "'{{ .Config.Cmd }}'"}) inspect.WaitWithDefaultTimeout() Expect(inspect.ExitCode()).To(Equal(0)) - Expect(inspect.OutputToString()).To(ContainSubstring("hello")) + Expect(inspect.OutputToString()).To(ContainSubstring(`[echo hello world]`)) }) It("podman play kube test hostname", func() { @@ -498,7 +566,7 @@ var _ = Describe("Podman generate kube", func() { It("podman play kube cap add", func() { capAdd := "CAP_SYS_ADMIN" - ctr := getCtr(withCapAdd([]string{capAdd}), withCmd([]string{"cat", "/proc/self/status"})) + ctr := getCtr(withCapAdd([]string{capAdd}), withCmd([]string{"cat", "/proc/self/status"}), withArg(nil)) pod := getPod(withCtr(ctr)) err := generatePodKubeYaml(pod, kubeYaml) @@ -548,6 +616,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman play kube seccomp container level", func() { + SkipIfRemote() // expect play kube is expected to set a seccomp label if it's applied as an annotation jsonFile, err := podmanTest.CreateSeccompJson(seccompPwdEPERM) if err != nil { @@ -556,7 +625,7 @@ var _ = Describe("Podman generate kube", func() { } ctrAnnotation := "container.seccomp.security.alpha.kubernetes.io/" + defaultCtrName - ctr := getCtr(withCmd([]string{"pwd"})) + ctr := getCtr(withCmd([]string{"pwd"}), withArg(nil)) pod := getPod(withCtr(ctr), withAnnotation(ctrAnnotation, "localhost/"+filepath.Base(jsonFile))) err = generatePodKubeYaml(pod, kubeYaml) @@ -574,6 +643,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman play kube seccomp pod level", func() { + SkipIfRemote() // expect play kube is expected to set a seccomp label if it's applied as an annotation jsonFile, err := podmanTest.CreateSeccompJson(seccompPwdEPERM) if err != nil { @@ -582,7 +652,7 @@ var _ = Describe("Podman generate kube", func() { } defer os.Remove(jsonFile) - ctr := getCtr(withCmd([]string{"pwd"})) + ctr := getCtr(withCmd([]string{"pwd"}), withArg(nil)) pod := getPod(withCtr(ctr), withAnnotation("seccomp.security.alpha.kubernetes.io/pod", "localhost/"+filepath.Base(jsonFile))) err = generatePodKubeYaml(pod, kubeYaml) @@ -725,6 +795,7 @@ spec: // Deployment related tests It("podman play kube deployment 1 replica test correct command", func() { + SkipIfRemote() deployment := getDeployment() err := generateDeploymentKubeYaml(deployment, kubeYaml) Expect(err).To(BeNil()) @@ -734,13 +805,16 @@ spec: Expect(kube.ExitCode()).To(Equal(0)) podNames := getPodNamesInDeployment(deployment) - inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(&podNames[0])}) + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(&podNames[0]), "--format", "'{{ .Config.Cmd }}'"}) inspect.WaitWithDefaultTimeout() Expect(inspect.ExitCode()).To(Equal(0)) - Expect(inspect.OutputToString()).To(ContainSubstring(defaultCtrCmd[0])) + // yaml's command shuold override the image's Entrypoint + correctCmd := "[" + strings.Join(defaultCtrCmd, " ") + " " + strings.Join(defaultCtrArg, " ") + Expect(inspect.OutputToString()).To(ContainSubstring(correctCmd)) }) It("podman play kube deployment more than 1 replica test correct command", func() { + SkipIfRemote() var i, numReplicas int32 numReplicas = 5 deployment := getDeployment(withReplicas(numReplicas)) @@ -752,11 +826,31 @@ spec: Expect(kube.ExitCode()).To(Equal(0)) podNames := getPodNamesInDeployment(deployment) + correctCmd := "[" + strings.Join(defaultCtrCmd, " ") + " " + strings.Join(defaultCtrArg, " ") for i = 0; i < numReplicas; i++ { - inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(&podNames[i])}) + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(&podNames[i]), "--format", "'{{ .Config.Cmd }}'"}) inspect.WaitWithDefaultTimeout() Expect(inspect.ExitCode()).To(Equal(0)) - Expect(inspect.OutputToString()).To(ContainSubstring(defaultCtrCmd[0])) + Expect(inspect.OutputToString()).To(ContainSubstring(correctCmd)) } }) + + It("podman play kube test with network portbindings", func() { + ip := "127.0.0.100" + port := "5000" + ctr := getCtr(withHostIP(ip, port), withImage(BB)) + + pod := getPod(withCtr(ctr)) + err := generatePodKubeYaml(pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"port", getCtrNameInPod(pod)}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(Equal("5000/tcp -> 127.0.0.100:5000")) + }) }) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 57737ad59..016eaaa99 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -7,6 +7,7 @@ import ( "path/filepath" "strings" + "github.com/containers/libpod/v2/pkg/rootless" . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -238,17 +239,20 @@ var _ = Describe("Podman pod create", func() { }) It("podman create pod with IP address", func() { - SkipIfRootless() name := "test" ip := GetRandomIPAddress() podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name}) podCreate.WaitWithDefaultTimeout() - Expect(podCreate.ExitCode()).To(Equal(0)) - - podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"}) - podResolvConf.WaitWithDefaultTimeout() - Expect(podResolvConf.ExitCode()).To(Equal(0)) - Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue()) + // Rootless should error + if rootless.IsRootless() { + Expect(podCreate.ExitCode()).To(Equal(125)) + } else { + Expect(podCreate.ExitCode()).To(Equal(0)) + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue()) + } }) It("podman create pod with IP address and no infra should fail", func() { @@ -262,17 +266,20 @@ var _ = Describe("Podman pod create", func() { It("podman create pod with MAC address", func() { SkipIfRemote() - SkipIfRootless() name := "test" mac := "92:d0:c6:0a:29:35" podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name}) podCreate.WaitWithDefaultTimeout() - Expect(podCreate.ExitCode()).To(Equal(0)) - - podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"}) - podResolvConf.WaitWithDefaultTimeout() - Expect(podResolvConf.ExitCode()).To(Equal(0)) - Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue()) + // Rootless should error + if rootless.IsRootless() { + Expect(podCreate.ExitCode()).To(Equal(125)) + } else { + Expect(podCreate.ExitCode()).To(Equal(0)) + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue()) + } }) It("podman create pod with MAC address and no infra should fail", func() { diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index 49105310b..a5fa21187 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -227,6 +225,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod pid NS", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"pod", "create", "--share", "pid"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -258,6 +257,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod not sharing pid", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"pod", "create", "--share", "net"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -283,6 +283,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod ipc NS", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"pod", "create", "--share", "ipc"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go index e2c2ac607..16bf1c4c9 100644 --- a/test/e2e/pod_inspect_test.go +++ b/test/e2e/pod_inspect_test.go @@ -1,8 +1,11 @@ package integration import ( + "encoding/json" "os" + "github.com/containers/libpod/v2/libpod/define" + . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -59,7 +62,6 @@ var _ = Describe("Podman pod inspect", func() { }) It("podman pod inspect (CreateCommand)", func() { - Skip(v2remotefail) podName := "myTestPod" createCommand := []string{"pod", "create", "--name", podName, "--hostname", "rudolph", "--share", "net"} @@ -80,4 +82,22 @@ var _ = Describe("Podman pod inspect", func() { index := len(inspectCreateCommand) - len(createCommand) Expect(inspectCreateCommand[index:]).To(Equal(createCommand)) }) + + It("podman pod inspect outputs port bindings", func() { + podName := "testPod" + create := podmanTest.Podman([]string{"pod", "create", "--name", podName, "-p", "8080:80"}) + create.WaitWithDefaultTimeout() + Expect(create.ExitCode()).To(Equal(0)) + + inspectOut := podmanTest.Podman([]string{"pod", "inspect", podName}) + inspectOut.WaitWithDefaultTimeout() + Expect(inspectOut.ExitCode()).To(Equal(0)) + + inspectJSON := new(define.InspectPodData) + err := json.Unmarshal(inspectOut.Out.Contents(), inspectJSON) + Expect(err).To(BeNil()) + Expect(inspectJSON.InfraConfig).To(Not(BeNil())) + Expect(len(inspectJSON.InfraConfig.PortBindings["80/tcp"])).To(Equal(1)) + Expect(inspectJSON.InfraConfig.PortBindings["80/tcp"][0].HostPort).To(Equal("8080")) + }) }) diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go index fce131e20..7a6223158 100644 --- a/test/e2e/pod_pod_namespaces.go +++ b/test/e2e/pod_pod_namespaces.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -63,6 +61,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container dontshare PIDNS", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"pod", "create"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index 6cf392bd7..04068de06 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -1,11 +1,8 @@ -// +build !remote - package integration import ( "os" - "github.com/containers/libpod/v2/pkg/cgroups" . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -13,16 +10,14 @@ import ( var _ = Describe("Podman pod stats", func() { var ( + err error tempdir string podmanTest *PodmanTestIntegration ) BeforeEach(func() { - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if os.Geteuid() != 0 && !cgroupsv2 { - Skip("This function is not enabled for rootless podman not running on cgroups v2") + if os.Geteuid() != 0 { + SkipIfCgroupV2() } tempdir, err = CreateTempDirInTempDir() diff --git a/test/e2e/pod_top_test.go b/test/e2e/pod_top_test.go index f86d23d84..40e8d77d8 100644 --- a/test/e2e/pod_top_test.go +++ b/test/e2e/pod_top_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -58,6 +56,7 @@ var _ = Describe("Podman top", func() { }) It("podman pod top on pod", func() { + SkipIfRemote() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) diff --git a/test/e2e/port_test.go b/test/e2e/port_test.go index 897505588..b247fcaa3 100644 --- a/test/e2e/port_test.go +++ b/test/e2e/port_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -49,6 +47,7 @@ var _ = Describe("Podman port", func() { }) It("podman port -l nginx", func() { + SkipIfRemote() session, cid := podmanTest.RunNginxWithHealthCheck("") Expect(session.ExitCode()).To(Equal(0)) @@ -64,6 +63,7 @@ var _ = Describe("Podman port", func() { }) It("podman container port -l nginx", func() { + SkipIfRemote() session, cid := podmanTest.RunNginxWithHealthCheck("") Expect(session.ExitCode()).To(Equal(0)) @@ -79,6 +79,7 @@ var _ = Describe("Podman port", func() { }) It("podman port -l port nginx", func() { + SkipIfRemote() session, cid := podmanTest.RunNginxWithHealthCheck("") Expect(session.ExitCode()).To(Equal(0)) @@ -127,18 +128,18 @@ var _ = Describe("Podman port", func() { lock2 := GetPortLock("5001") defer lock2.Unlock() - setup := podmanTest.Podman([]string{"run", "-dt", "-p", "5000:5000", "-p", "5001:5001", ALPINE, "top"}) + setup := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", "5000:5000", "-p", "5001:5001", ALPINE, "top"}) setup.WaitWithDefaultTimeout() Expect(setup.ExitCode()).To(BeZero()) // Check that the first port was honored - result1 := podmanTest.Podman([]string{"port", "-l", "5000"}) + result1 := podmanTest.Podman([]string{"port", "test", "5000"}) result1.WaitWithDefaultTimeout() Expect(result1.ExitCode()).To(BeZero()) Expect(result1.LineInOuputStartsWith("0.0.0.0:5000")).To(BeTrue()) // Check that the second port was honored - result2 := podmanTest.Podman([]string{"port", "-l", "5001"}) + result2 := podmanTest.Podman([]string{"port", "test", "5001"}) result2.WaitWithDefaultTimeout() Expect(result2.ExitCode()).To(BeZero()) Expect(result2.LineInOuputStartsWith("0.0.0.0:5001")).To(BeTrue()) diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index eec2877e8..665cd1b55 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -237,6 +235,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull from docker-archive", func() { + SkipIfRemote() podmanTest.RestoreArtifact(ALPINE) tarfn := filepath.Join(podmanTest.TempDir, "alp.tar") session := podmanTest.PodmanNoCache([]string{"save", "-o", tarfn, "alpine"}) @@ -255,6 +254,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull from oci-archive", func() { + SkipIfRemote() podmanTest.RestoreArtifact(ALPINE) tarfn := filepath.Join(podmanTest.TempDir, "oci-alp.tar") session := podmanTest.PodmanNoCache([]string{"save", "--format", "oci-archive", "-o", tarfn, "alpine"}) @@ -273,6 +273,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull from local directory", func() { + SkipIfRemote() podmanTest.RestoreArtifact(ALPINE) dirpath := filepath.Join(podmanTest.TempDir, "alpine") os.MkdirAll(dirpath, os.ModePerm) @@ -297,6 +298,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull from local OCI directory", func() { + SkipIfRemote() podmanTest.RestoreArtifact(ALPINE) dirpath := filepath.Join(podmanTest.TempDir, "alpine") os.MkdirAll(dirpath, os.ModePerm) diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go new file mode 100644 index 000000000..344309b93 --- /dev/null +++ b/test/e2e/run_apparmor_test.go @@ -0,0 +1,158 @@ +// +build !remote + +package integration + +import ( + "fmt" + "io/ioutil" + "os" + "path/filepath" + + "github.com/containers/common/pkg/apparmor" + . "github.com/containers/libpod/v2/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +func skipIfAppArmorEnabled() { + if apparmor.IsEnabled() { + Skip("Apparmor is enabled") + } +} +func skipIfAppArmorDisabled() { + if !apparmor.IsEnabled() { + Skip("Apparmor is not enabled") + } +} + +var _ = Describe("Podman run", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman run apparmor default", func() { + skipIfAppArmorDisabled() + session := podmanTest.Podman([]string{"create", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal(apparmor.Profile)) + }) + + It("podman run no apparmor --privileged", func() { + skipIfAppArmorDisabled() + session := podmanTest.Podman([]string{"create", "--privileged", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal("")) + }) + + It("podman run no apparmor --security-opt=apparmor.Profile --privileged", func() { + skipIfAppArmorDisabled() + session := podmanTest.Podman([]string{"create", "--security-opt", fmt.Sprintf("apparmor=%s", apparmor.Profile), "--privileged", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal(apparmor.Profile)) + }) + + It("podman run apparmor aa-test-profile", func() { + skipIfAppArmorDisabled() + aaProfile := ` +#include <tunables/global> +profile aa-test-profile flags=(attach_disconnected,mediate_deleted) { + #include <abstractions/base> + deny mount, + deny /sys/[^f]*/** wklx, + deny /sys/f[^s]*/** wklx, + deny /sys/fs/[^c]*/** wklx, + deny /sys/fs/c[^g]*/** wklx, + deny /sys/fs/cg[^r]*/** wklx, + deny /sys/firmware/efi/efivars/** rwklx, + deny /sys/kernel/security/** rwklx, +} +` + aaFile := filepath.Join(os.TempDir(), "aaFile") + Expect(ioutil.WriteFile(aaFile, []byte(aaProfile), 0755)).To(BeNil()) + parse := SystemExec("apparmor_parser", []string{"-Kr", aaFile}) + Expect(parse.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=aa-test-profile", "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal("aa-test-profile")) + }) + + It("podman run apparmor invalid", func() { + skipIfAppArmorDisabled() + session := podmanTest.Podman([]string{"run", "--security-opt", "apparmor=invalid", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(Equal(0)) + }) + + It("podman run apparmor unconfined", func() { + skipIfAppArmorDisabled() + session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=unconfined", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal("unconfined")) + }) + + It("podman run apparmor disabled --security-opt apparmor fails", func() { + skipIfAppArmorEnabled() + // Should fail if user specifies apparmor on disabled system + session := podmanTest.Podman([]string{"create", "--security-opt", fmt.Sprintf("apparmor=%s", apparmor.Profile), ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(Equal(0)) + }) + + It("podman run apparmor disabled no default", func() { + skipIfAppArmorEnabled() + // Should succeed if user specifies apparmor on disabled system + session := podmanTest.Podman([]string{"create", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal("")) + }) +}) diff --git a/test/e2e/run_cleanup_test.go b/test/e2e/run_cleanup_test.go index 7c83acc40..596c224aa 100644 --- a/test/e2e/run_cleanup_test.go +++ b/test/e2e/run_cleanup_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -35,6 +33,7 @@ var _ = Describe("Podman run exit", func() { }) It("podman run -d mount cleanup test", func() { + SkipIfRemote() SkipIfRootless() result := podmanTest.Podman([]string{"run", "-dt", ALPINE, "top"}) diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go index b4785c513..b1fb0e628 100644 --- a/test/e2e/run_cpu_test.go +++ b/test/e2e/run_cpu_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index a5e1e0269..8798b2dc1 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -75,11 +73,17 @@ var _ = Describe("Podman run device", func() { It("podman run device host device and container device parameter are directories", func() { SkipIfRootless() - SystemExec("mkdir", []string{"/dev/foodevdir"}) - SystemExec("mknod", []string{"/dev/foodevdir/null", "c", "1", "3"}) - session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/foodevdir:/dev/bar", ALPINE, "ls", "/dev/bar/null"}) + Expect(os.MkdirAll("/dev/foodevdir", os.ModePerm)).To(BeNil()) + defer os.RemoveAll("/dev/foodevdir") + + mknod := SystemExec("mknod", []string{"/dev/foodevdir/null", "c", "1", "3"}) + mknod.WaitWithDefaultTimeout() + Expect(mknod.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/foodevdir:/dev/bar", ALPINE, "stat", "-c%t:%T", "/dev/bar/null"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("1:3")) }) It("podman run device host device with --privileged", func() { diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go index beed80fd2..a44fb7187 100644 --- a/test/e2e/run_dns_test.go +++ b/test/e2e/run_dns_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_entrypoint_test.go b/test/e2e/run_entrypoint_test.go index 76e021552..f6019b37a 100644 --- a/test/e2e/run_entrypoint_test.go +++ b/test/e2e/run_entrypoint_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -46,6 +44,7 @@ CMD [] }) It("podman run entrypoint", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] ` @@ -57,6 +56,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run entrypoint with cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest CMD [ "-v"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] @@ -69,6 +69,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run entrypoint with user cmd overrides image cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest CMD [ "-v"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] @@ -81,6 +82,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run entrypoint with user cmd no image cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] ` @@ -92,6 +94,7 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] }) It("podman run user entrypoint overrides image entrypoint and image cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest CMD ["-i"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] @@ -101,9 +104,15 @@ ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOuputStartsWith("Linux")).To(BeTrue()) + + session = podmanTest.Podman([]string{"run", "--entrypoint", "", "foobar.com/entrypoint:latest", "uname"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.LineInOuputStartsWith("Linux")).To(BeTrue()) }) It("podman run user entrypoint with command overrides image entrypoint and image cmd", func() { + SkipIfRemote() dockerfile := `FROM docker.io/library/alpine:latest CMD ["-i"] ENTRYPOINT ["grep", "Alpine", "/etc/os-release"] diff --git a/test/e2e/run_env_test.go b/test/e2e/run_env_test.go index c6fb1ad1b..305e37c12 100644 --- a/test/e2e/run_env_test.go +++ b/test/e2e/run_env_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index 0e88c09b3..379e74629 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -78,13 +76,7 @@ var _ = Describe("Podman run memory", func() { }) It("podman run memory-swappiness test", func() { - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if cgroupsv2 { - Skip("Memory swappiness not supported on cgroups v2") - } - + SkipIfCgroupV2() session := podmanTest.Podman([]string{"run", "--memory-swappiness=15", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.swappiness"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -92,12 +84,7 @@ var _ = Describe("Podman run memory", func() { }) It("podman run kernel-memory test", func() { - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if cgroupsv2 { - Skip("Kernel memory not supported on cgroups v2") - } + SkipIfCgroupV2() session := podmanTest.Podman([]string{"run", "--kernel-memory=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 5a463d46f..a22f79180 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -88,6 +86,20 @@ var _ = Describe("Podman run networking", func() { Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal("")) }) + It("podman run -p 8080:80/TCP", func() { + name := "testctr" + // "TCP" in upper characters + session := podmanTest.Podman([]string{"create", "-t", "-p", "8080:80/TCP", "--name", name, ALPINE, "/bin/sh"}) + session.WaitWithDefaultTimeout() + inspectOut := podmanTest.InspectContainer(name) + Expect(len(inspectOut)).To(Equal(1)) + Expect(len(inspectOut[0].NetworkSettings.Ports)).To(Equal(1)) + // "tcp" in lower characters + Expect(len(inspectOut[0].NetworkSettings.Ports["80/tcp"])).To(Equal(1)) + Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostPort).To(Equal("8080")) + Expect(inspectOut[0].NetworkSettings.Ports["80/tcp"][0].HostIP).To(Equal("")) + }) + It("podman run -p 80/udp", func() { name := "testctr" session := podmanTest.Podman([]string{"create", "-t", "-p", "80/udp", "--name", name, ALPINE, "/bin/sh"}) @@ -221,11 +233,40 @@ var _ = Describe("Podman run networking", func() { Expect(ncBusy).To(ExitWithError()) }) + It("podman run network expose host port 8081 to container port 8000 using rootlesskit port handler", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=rootlesskit", "-dt", "-p", "8081:8000", ALPINE, "/bin/sh"}) + session.Wait(30) + Expect(session.ExitCode()).To(Equal(0)) + + ncBusy := SystemExec("nc", []string{"-l", "-p", "8081"}) + Expect(ncBusy).To(ExitWithError()) + }) + + It("podman run network expose host port 8082 to container port 8000 using slirp4netns port handler", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=slirp4netns", "-dt", "-p", "8082:8000", ALPINE, "/bin/sh"}) + session.Wait(30) + Expect(session.ExitCode()).To(Equal(0)) + ncBusy := SystemExec("nc", []string{"-l", "-p", "8082"}) + Expect(ncBusy).To(ExitWithError()) + }) + + It("podman run network expose host port 8080 to container port 8000 using invalid port handler", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:port_handler=invalid", "-dt", "-p", "8080:8000", ALPINE, "/bin/sh"}) + session.Wait(30) + Expect(session.ExitCode()).To(Not(Equal(0))) + }) + + It("podman run slirp4netns network with host loopback", func() { + session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:allow_host_loopback=true", ALPINE, "ping", "-c1", "10.0.2.2"}) + session.Wait(30) + Expect(session.ExitCode()).To(Equal(0)) + }) + It("podman run network expose ports in image metadata", func() { - session := podmanTest.Podman([]string{"create", "-dt", "-P", nginx}) + session := podmanTest.Podman([]string{"create", "--name", "test", "-dt", "-P", nginx}) session.Wait(90) Expect(session.ExitCode()).To(Equal(0)) - results := podmanTest.Podman([]string{"inspect", "-l"}) + results := podmanTest.Podman([]string{"inspect", "test"}) results.Wait(30) Expect(results.ExitCode()).To(Equal(0)) Expect(results.OutputToString()).To(ContainSubstring(`"80/tcp":`)) @@ -234,11 +275,11 @@ var _ = Describe("Podman run networking", func() { It("podman run network expose duplicate host port results in error", func() { SkipIfRootless() - session := podmanTest.Podman([]string{"run", "-dt", "-p", "80", ALPINE, "/bin/sh"}) + session := podmanTest.Podman([]string{"run", "--name", "test", "-dt", "-p", "80", ALPINE, "/bin/sh"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - inspect := podmanTest.Podman([]string{"inspect", "-l"}) + inspect := podmanTest.Podman([]string{"inspect", "test"}) inspect.WaitWithDefaultTimeout() Expect(inspect.ExitCode()).To(Equal(0)) @@ -393,6 +434,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run in custom CNI network with --static-ip", func() { + SkipIfRemote() SkipIfRootless() netName := "podmantestnetwork" ipAddr := "10.20.30.128" diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go index 96ca2fc56..181b453c1 100644 --- a/test/e2e/run_ns_test.go +++ b/test/e2e/run_ns_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 3152f166b..40385e3ad 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index 03fb71656..8efbe0690 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_restart_test.go b/test/e2e/run_restart_test.go index 0a1c7e134..fa9cb2495 100644 --- a/test/e2e/run_restart_test.go +++ b/test/e2e/run_restart_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -35,11 +33,12 @@ var _ = Describe("Podman run restart containers", func() { }) It("Podman start after successful run", func() { - session := podmanTest.Podman([]string{"run", ALPINE, "ls"}) + SkipIfRemote() + session := podmanTest.Podman([]string{"run", "--name", "test", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session2 := podmanTest.Podman([]string{"start", "--attach", "--latest"}) + session2 := podmanTest.Podman([]string{"start", "--attach", "test"}) session2.WaitWithDefaultTimeout() Expect(session2.ExitCode()).To(Equal(0)) }) diff --git a/test/e2e/run_seccomp.go b/test/e2e/run_seccomp.go index a6a14618c..ec688135b 100644 --- a/test/e2e/run_seccomp.go +++ b/test/e2e/run_seccomp.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go index 148b18daa..50209a989 100644 --- a/test/e2e/run_security_labels.go +++ b/test/e2e/run_security_labels.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -129,6 +127,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman container runlabel (podman --version)", func() { + SkipIfRemote() PodmanDockerfile := ` FROM alpine:latest LABEL io.containers.capabilities=chown,mknod` diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 7c1946534..c88441fbc 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index 8377636cf..de7663cc2 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 6cbedb457..4f4eb1028 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -160,10 +158,10 @@ var _ = Describe("Podman run", func() { }) It("podman run a container with --init", func() { - session := podmanTest.Podman([]string{"run", "--init", ALPINE, "ls"}) + session := podmanTest.Podman([]string{"run", "--name", "test", "--init", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - result := podmanTest.Podman([]string{"inspect", "-l"}) + result := podmanTest.Podman([]string{"inspect", "test"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) conData := result.InspectContainerToJSON() @@ -172,10 +170,10 @@ var _ = Describe("Podman run", func() { }) It("podman run a container with --init and --init-path", func() { - session := podmanTest.Podman([]string{"run", "--init", "--init-path", "/usr/libexec/podman/catatonit", ALPINE, "ls"}) + session := podmanTest.Podman([]string{"run", "--name", "test", "--init", "--init-path", "/usr/libexec/podman/catatonit", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - result := podmanTest.Podman([]string{"inspect", "-l"}) + result := podmanTest.Podman([]string{"inspect", "test"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) conData := result.InspectContainerToJSON() @@ -184,10 +182,10 @@ var _ = Describe("Podman run", func() { }) It("podman run a container without --init", func() { - session := podmanTest.Podman([]string{"run", ALPINE, "ls"}) + session := podmanTest.Podman([]string{"run", "--name", "test", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - result := podmanTest.Podman([]string{"inspect", "-l"}) + result := podmanTest.Podman([]string{"inspect", "test"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) conData := result.InspectContainerToJSON() @@ -259,11 +257,14 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("00000000a80425fb")) + }) + It("podman run user capabilities test with image", func() { + SkipIfRemote() dockerfile := `FROM busybox USER bin` podmanTest.BuildImage(dockerfile, "test", "false") - session = podmanTest.Podman([]string{"run", "--rm", "--user", "bin", "test", "grep", "CapBnd", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", "test", "grep", "CapBnd", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("00000000a80425fb")) @@ -510,6 +511,7 @@ USER bin` }) It("podman run with secrets", func() { + SkipIfRemote() containersDir := filepath.Join(podmanTest.TempDir, "containers") err := os.MkdirAll(containersDir, 0755) Expect(err).To(BeNil()) @@ -674,6 +676,7 @@ USER bin` }) It("podman run with built-in volume image", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"run", "--rm", redis, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -820,16 +823,22 @@ USER mail` }) It("podman run --rm should work", func() { - session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "ls"}) + session := podmanTest.Podman([]string{"run", "--name", "test", "--rm", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"wait", "test"}) + session.WaitWithDefaultTimeout() + Expect(session).To(ExitWithError()) numContainers := podmanTest.NumberOfContainers() Expect(numContainers).To(Equal(0)) }) It("podman run --rm failed container should delete itself", func() { - session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "foo"}) + session := podmanTest.Podman([]string{"run", "--name", "test", "--rm", ALPINE, "foo"}) + session.WaitWithDefaultTimeout() + Expect(session).To(ExitWithError()) + session = podmanTest.Podman([]string{"wait", "test"}) session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError()) @@ -841,6 +850,10 @@ USER mail` session := podmanTest.Podman([]string{"run", ALPINE, "foo"}) session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError()) + // If remote we could have a race condition + session = podmanTest.Podman([]string{"wait", "test"}) + session.WaitWithDefaultTimeout() + Expect(session).To(ExitWithError()) numContainers := podmanTest.NumberOfContainers() Expect(numContainers).To(Equal(1)) @@ -881,7 +894,7 @@ USER mail` }) It("podman run with restart-policy always restarts containers", func() { - + SkipIfRemote() testDir := filepath.Join(podmanTest.RunRoot, "restart-test") err := os.MkdirAll(testDir, 0755) Expect(err).To(BeNil()) @@ -995,14 +1008,12 @@ USER mail` }) It("podman run should fail with nonexist authfile", func() { - SkipIfRemote() session := podmanTest.Podman([]string{"run", "--authfile", "/tmp/nonexist", ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Not(Equal(0))) }) It("podman run --device-cgroup-rule", func() { - SkipIfRemote() SkipIfRootless() deviceCgroupRule := "c 42:* rwm" session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) @@ -1072,4 +1083,44 @@ USER mail` Expect(session.OutputToString()).To(ContainSubstring(h)) }) + + It("podman run verify pids-limit", func() { + SkipIfCgroupV1() + limit := "4321" + session := podmanTest.Podman([]string{"run", "--pids-limit", limit, "--rm", ALPINE, "cat", "/sys/fs/cgroup/pids.max"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring(limit)) + }) + + It("podman run umask", func() { + if !strings.Contains(podmanTest.OCIRuntime, "crun") { + Skip("Test only works on crun") + } + + session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "sh", "-c", "umask"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("0022")) + + session = podmanTest.Podman([]string{"run", "--umask", "0002", "--rm", ALPINE, "sh", "-c", "umask"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("0002")) + + session = podmanTest.Podman([]string{"run", "--umask", "0077", "--rm", fedoraMinimal, "umask"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("0077")) + + session = podmanTest.Podman([]string{"run", "--umask", "22", "--rm", ALPINE, "sh", "-c", "umask"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("0022")) + + session = podmanTest.Podman([]string{"run", "--umask", "9999", "--rm", ALPINE, "sh", "-c", "umask"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + Expect(session.ErrorToString()).To(ContainSubstring("Invalid umask")) + }) }) diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index 42f13537d..b82fa7acb 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 92988ff87..63aa116f8 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -9,6 +7,7 @@ import ( "path/filepath" "strings" + "github.com/containers/libpod/v2/pkg/rootless" . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -198,6 +197,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman run with volumes and suid/dev/exec options", func() { + SkipIfRemote() mountPath := filepath.Join(podmanTest.TempDir, "secrets") os.Mkdir(mountPath, 0755) @@ -227,6 +227,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman run with tmpfs named volume mounts and unmounts", func() { + SkipIfRemote() SkipIfRootless() volName := "testvol" mkVolume := podmanTest.Podman([]string{"volume", "create", "--opt", "type=tmpfs", "--opt", "device=tmpfs", "--opt", "o=nodev", "testvol"}) @@ -314,6 +315,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman run with anonymous volume", func() { + SkipIfRemote() list1 := podmanTest.Podman([]string{"volume", "list", "--quiet"}) list1.WaitWithDefaultTimeout() Expect(list1.ExitCode()).To(Equal(0)) @@ -332,6 +334,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("podman rm -v removes anonymous volume", func() { + SkipIfRemote() list1 := podmanTest.Podman([]string{"volume", "list", "--quiet"}) list1.WaitWithDefaultTimeout() Expect(list1.ExitCode()).To(Equal(0)) @@ -433,6 +436,7 @@ var _ = Describe("Podman run with volumes", func() { }) It("Podman mount over image volume with trailing /", func() { + SkipIfRemote() image := "podman-volume-test:trailing" dockerfile := ` FROM alpine:latest @@ -450,4 +454,93 @@ VOLUME /test/` Expect(data[0].Mounts[0].Source).To(Equal("/tmp")) Expect(data[0].Mounts[0].Destination).To(Equal("/test")) }) + + It("podman run with overlay volume flag", func() { + SkipIfRemote() + if os.Getenv("container") != "" { + Skip("Overlay mounts not supported when running in a container") + } + if rootless.IsRootless() { + if _, err := exec.LookPath("fuse_overlay"); err != nil { + Skip("Fuse-Overlayfs required for rootless overlay mount test") + } + } + mountPath := filepath.Join(podmanTest.TempDir, "secrets") + os.Mkdir(mountPath, 0755) + testFile := filepath.Join(mountPath, "test1") + f, err := os.Create(testFile) + f.Close() + + // Make sure host directory gets mounted in to container as overlay + session := podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:/run/test:O", mountPath), ALPINE, "grep", "/run/test", "/proc/self/mountinfo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + found, matches := session.GrepString("/run/test") + Expect(found).Should(BeTrue()) + Expect(matches[0]).To(ContainSubstring("overlay")) + + // Make sure host files show up in the container + session = podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:/run/test:O", mountPath), ALPINE, "ls", "/run/test/test1"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Make sure modifications in container do not show up on host + session = podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:/run/test:O", mountPath), ALPINE, "touch", "/run/test/container"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + _, err = os.Stat(filepath.Join(mountPath, "container")) + Expect(err).To(Not(BeNil())) + + // Make sure modifications in container disappear when container is stopped + session = podmanTest.Podman([]string{"create", "-d", "-v", fmt.Sprintf("%s:/run/test:O", mountPath), ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"start", "-l"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"exec", "-l", "touch", "/run/test/container"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"exec", "-l", "ls", "/run/test/container"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"stop", "-l"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"start", "-l"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"exec", "-l", "ls", "/run/test/container"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + }) + + It("overlay volume conflicts with named volume and mounts", func() { + mountPath := filepath.Join(podmanTest.TempDir, "secrets") + os.Mkdir(mountPath, 0755) + testFile := filepath.Join(mountPath, "test1") + f, err := os.Create(testFile) + Expect(err).To(BeNil()) + f.Close() + mountSrc := filepath.Join(podmanTest.TempDir, "vol-test1") + err = os.MkdirAll(mountSrc, 0755) + Expect(err).To(BeNil()) + mountDest := "/run/test" + volName := "myvol" + + session := podmanTest.Podman([]string{"volume", "create", volName}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // overlay and named volume destinations conflict + session = podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:%s:O", mountPath, mountDest), "-v", fmt.Sprintf("%s:%s", volName, mountDest), ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + // overlay and bind mount destinations conflict + session = podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:%s:O", mountPath, mountDest), "--mount", fmt.Sprintf("type=bind,src=%s,target=%s", mountSrc, mountDest), ALPINE}) + Expect(session.ExitCode()).To(Not(Equal(0))) + // overlay and tmpfs mount destinations conflict + session = podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:%s:O", mountPath, mountDest), "--mount", fmt.Sprintf("type=tmpfs,target=%s", mountDest), ALPINE}) + Expect(session.ExitCode()).To(Not(Equal(0))) + }) }) diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go index 3383fbd1e..aae193aa0 100644 --- a/test/e2e/runlabel_test.go +++ b/test/e2e/runlabel_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -48,6 +46,7 @@ var _ = Describe("podman container runlabel", func() { }) It("podman container runlabel (podman --version)", func() { + SkipIfRemote() image := "podman-runlabel-test:podman" podmanTest.BuildImage(PodmanDockerfile, image, "false") @@ -61,6 +60,7 @@ var _ = Describe("podman container runlabel", func() { }) It("podman container runlabel (ls -la)", func() { + SkipIfRemote() image := "podman-runlabel-test:ls" podmanTest.BuildImage(LsDockerfile, image, "false") diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index aeab3ac56..65e981bbd 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -229,6 +227,7 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search attempts HTTP if registry is in registries.insecure and force secure is false", func() { + SkipIfRemote() if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -269,6 +268,7 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if force secure is true", func() { + SkipIfRemote() if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -307,6 +307,7 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if registry is not listed as insecure", func() { + SkipIfRemote() if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -345,6 +346,7 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if one registry is not listed as insecure", func() { + SkipIfRemote() if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go index 009bb9cac..37a99076e 100644 --- a/test/e2e/stats_test.go +++ b/test/e2e/stats_test.go @@ -7,7 +7,6 @@ import ( "os" "time" - "github.com/containers/libpod/v2/pkg/cgroups" . "github.com/containers/libpod/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -22,12 +21,10 @@ var _ = Describe("Podman stats", func() { ) BeforeEach(func() { - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if os.Geteuid() != 0 && !cgroupsv2 { - Skip("This function is not enabled for rootless podman not running on cgroups v2") + if os.Geteuid() != 0 { + SkipIfCgroupV1() } + var err error tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/system_connection_test.go b/test/e2e/system_connection_test.go new file mode 100644 index 000000000..4c750ee7f --- /dev/null +++ b/test/e2e/system_connection_test.go @@ -0,0 +1,176 @@ +package integration + +import ( + "fmt" + "io/ioutil" + "os" + + "github.com/containers/common/pkg/config" + . "github.com/containers/libpod/v2/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gbytes" + . "github.com/onsi/gomega/gexec" +) + +var _ = Describe("podman system connection", func() { + ConfPath := struct { + Value string + IsSet bool + }{} + + var ( + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + ConfPath.Value, ConfPath.IsSet = os.LookupEnv("CONTAINERS_CONF") + conf, err := ioutil.TempFile("", "containersconf") + if err != nil { + panic(err) + } + os.Setenv("CONTAINERS_CONF", conf.Name()) + + tempdir, err := CreateTempDirInTempDir() + if err != nil { + panic(err) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + }) + + AfterEach(func() { + podmanTest.Cleanup() + os.Remove(os.Getenv("CONTAINERS_CONF")) + if ConfPath.IsSet { + os.Setenv("CONTAINERS_CONF", ConfPath.Value) + } else { + os.Unsetenv("CONTAINERS_CONF") + } + + f := CurrentGinkgoTestDescription() + timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) + GinkgoWriter.Write([]byte(timedResult)) + }) + + It("add", func() { + cmd := []string{"system", "connection", "add", + "--default", + "--identity", "~/.ssh/id_rsa", + "QA", + "ssh://root@server.fubar.com:2222/run/podman/podman.sock", + } + session := podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.Out).Should(Say("")) + + cfg, err := config.ReadCustomConfig() + Expect(err).ShouldNot(HaveOccurred()) + Expect(cfg.Engine.ActiveService).To(Equal("QA")) + Expect(cfg.Engine.ServiceDestinations["QA"]).To(Equal( + config.Destination{ + URI: "ssh://root@server.fubar.com:2222/run/podman/podman.sock", + Identity: "~/.ssh/id_rsa", + }, + )) + + cmd = []string{"system", "connection", "rename", + "QA", + "QE", + } + session = podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + cfg, err = config.ReadCustomConfig() + Expect(err).ShouldNot(HaveOccurred()) + Expect(cfg.Engine.ActiveService).To(Equal("QE")) + Expect(cfg.Engine.ServiceDestinations["QE"]).To(Equal( + config.Destination{ + URI: "ssh://root@server.fubar.com:2222/run/podman/podman.sock", + Identity: "~/.ssh/id_rsa", + }, + )) + }) + + It("remove", func() { + cmd := []string{"system", "connection", "add", + "--default", + "--identity", "~/.ssh/id_rsa", + "QA", + "ssh://root@server.fubar.com:2222/run/podman/podman.sock", + } + session := podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + for i := 0; i < 2; i++ { + cmd = []string{"system", "connection", "remove", "QA"} + session = podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.Out).Should(Say("")) + + cfg, err := config.ReadCustomConfig() + Expect(err).ShouldNot(HaveOccurred()) + Expect(cfg.Engine.ActiveService).To(BeEmpty()) + Expect(cfg.Engine.ServiceDestinations).To(BeEmpty()) + } + }) + + It("default", func() { + for _, name := range []string{"devl", "qe"} { + cmd := []string{"system", "connection", "add", + "--default", + "--identity", "~/.ssh/id_rsa", + name, + "ssh://root@server.fubar.com:2222/run/podman/podman.sock", + } + session := podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + } + + cmd := []string{"system", "connection", "default", "devl"} + session := podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.Out).Should(Say("")) + + cfg, err := config.ReadCustomConfig() + Expect(err).ShouldNot(HaveOccurred()) + Expect(cfg.Engine.ActiveService).To(Equal("devl")) + + cmd = []string{"system", "connection", "list"} + session = podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.Out).Should(Say("Name *Identity *URI")) + }) + + It("failed default", func() { + cmd := []string{"system", "connection", "default", "devl"} + session := podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).ShouldNot(Exit(0)) + Expect(session.Err).Should(Say("destination is not defined")) + }) + + It("failed rename", func() { + cmd := []string{"system", "connection", "rename", "devl", "QE"} + session := podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).ShouldNot(Exit(0)) + Expect(session.Err).Should(Say("destination is not defined")) + }) + + It("empty list", func() { + cmd := []string{"system", "connection", "list"} + session := podmanTest.Podman(cmd) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.Out).Should(Say("")) + Expect(session.Err).Should(Say("")) + }) +}) diff --git a/test/e2e/system_df_test.go b/test/e2e/system_df_test.go index 01ceac325..b179a29d4 100644 --- a/test/e2e/system_df_test.go +++ b/test/e2e/system_df_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -37,6 +35,7 @@ var _ = Describe("podman system df", func() { }) It("podman system df", func() { + SkipIfRemote() session := podmanTest.Podman([]string{"create", ALPINE}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -56,8 +55,22 @@ var _ = Describe("podman system df", func() { images := strings.Fields(session.OutputToStringArray()[1]) containers := strings.Fields(session.OutputToStringArray()[2]) volumes := strings.Fields(session.OutputToStringArray()[3]) - Expect(images[1]).To(Equal("9")) + Expect(images[1]).To(Equal("11")) Expect(containers[1]).To(Equal("2")) Expect(volumes[2]).To(Equal("1")) }) + + It("podman system df image with no tag", func() { + session := podmanTest.PodmanNoCache([]string{"create", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"image", "untag", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"system", "df"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) }) diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index 3db8fc3a6..268f62f5b 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -81,13 +79,8 @@ WantedBy=multi-user.target }) It("podman run container with systemd PID1", func() { - systemdImage := "fedora" - pull := podmanTest.Podman([]string{"pull", systemdImage}) - pull.WaitWithDefaultTimeout() - Expect(pull.ExitCode()).To(Equal(0)) - ctrName := "testSystemd" - run := podmanTest.Podman([]string{"run", "--name", ctrName, "-t", "-i", "-d", systemdImage, "/usr/sbin/init"}) + run := podmanTest.Podman([]string{"run", "--name", ctrName, "-t", "-i", "-d", ubi_init, "/sbin/init"}) run.WaitWithDefaultTimeout() Expect(run.ExitCode()).To(Equal(0)) ctrID := run.OutputToString() @@ -117,5 +110,40 @@ WantedBy=multi-user.target systemctl.WaitWithDefaultTimeout() Expect(systemctl.ExitCode()).To(Equal(0)) Expect(strings.Contains(systemctl.OutputToString(), "State:")).To(BeTrue()) + + result := podmanTest.Podman([]string{"inspect", ctrName}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + conData := result.InspectContainerToJSON() + Expect(len(conData)).To(Equal(1)) + Expect(conData[0].Config.SystemdMode).To(BeTrue()) + }) + + It("podman create container with systemd entrypoint triggers systemd mode", func() { + ctrName := "testCtr" + run := podmanTest.Podman([]string{"create", "--name", ctrName, "--entrypoint", "/sbin/init", ubi_init}) + run.WaitWithDefaultTimeout() + Expect(run.ExitCode()).To(Equal(0)) + + result := podmanTest.Podman([]string{"inspect", ctrName}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + conData := result.InspectContainerToJSON() + Expect(len(conData)).To(Equal(1)) + Expect(conData[0].Config.SystemdMode).To(BeTrue()) + }) + + It("podman create container with systemd=always triggers systemd mode", func() { + ctrName := "testCtr" + run := podmanTest.Podman([]string{"create", "--name", ctrName, "--systemd", "always", ALPINE}) + run.WaitWithDefaultTimeout() + Expect(run.ExitCode()).To(Equal(0)) + + result := podmanTest.Podman([]string{"inspect", ctrName}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + conData := result.InspectContainerToJSON() + Expect(len(conData)).To(Equal(1)) + Expect(conData[0].Config.SystemdMode).To(BeTrue()) }) }) diff --git a/test/e2e/top_test.go b/test/e2e/top_test.go index 157a7fe46..f4d1ec857 100644 --- a/test/e2e/top_test.go +++ b/test/e2e/top_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -55,22 +53,22 @@ var _ = Describe("Podman top", func() { }) It("podman top on container", func() { - session := podmanTest.Podman([]string{"run", "-d", ALPINE, "top", "-d", "2"}) + session := podmanTest.Podman([]string{"run", "--name", "test", "-d", ALPINE, "top", "-d", "2"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - result := podmanTest.Podman([]string{"top", "-l"}) + result := podmanTest.Podman([]string{"top", "test"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) Expect(len(result.OutputToStringArray())).To(BeNumerically(">", 1)) }) It("podman container top on container", func() { - session := podmanTest.Podman([]string{"container", "run", "-d", ALPINE, "top", "-d", "2"}) + session := podmanTest.Podman([]string{"container", "run", "--name", "test", "-d", ALPINE, "top", "-d", "2"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - result := podmanTest.Podman([]string{"container", "top", "-l"}) + result := podmanTest.Podman([]string{"container", "top", "test"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) Expect(len(result.OutputToStringArray())).To(BeNumerically(">", 1)) diff --git a/test/e2e/version_test.go b/test/e2e/version_test.go index 775be6511..eb1d1b733 100644 --- a/test/e2e/version_test.go +++ b/test/e2e/version_test.go @@ -55,17 +55,29 @@ var _ = Describe("Podman version", func() { }) It("podman version --format json", func() { - session := podmanTest.Podman([]string{"version", "--format", "json"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - Expect(session.IsJSONOutputValid()).To(BeTrue()) - }) - - It("podman version --format json", func() { - session := podmanTest.Podman([]string{"version", "--format", "{{ json .}}"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - Expect(session.IsJSONOutputValid()).To(BeTrue()) + tests := []struct { + input string + success bool + exitCode int + }{ + {"json", true, 0}, + {" json", true, 0}, + {"json ", true, 0}, + {" json ", true, 0}, + {"{{json .}}", true, 0}, + {"{{ json .}}", true, 0}, + {"{{json . }}", true, 0}, + {" {{ json . }} ", true, 0}, + {"{{json }}", false, 125}, + {"{{json .", false, 125}, + {"json . }}", false, 0}, // Note: this does NOT fail but produces garbage + } + for _, tt := range tests { + session := podmanTest.Podman([]string{"version", "--format", tt.input}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(tt.exitCode)) + Expect(session.IsJSONOutputValid()).To(Equal(tt.success)) + } }) It("podman version --format GO template", func() { diff --git a/test/e2e/volume_prune_test.go b/test/e2e/volume_prune_test.go index c4fafa406..d98b02824 100644 --- a/test/e2e/volume_prune_test.go +++ b/test/e2e/volume_prune_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( diff --git a/test/system/015-help.bats b/test/system/015-help.bats index 3d05b44fe..76d29d22c 100644 --- a/test/system/015-help.bats +++ b/test/system/015-help.bats @@ -78,7 +78,8 @@ function check_help() { if ! expr "$usage" : '.*[A-Z]' >/dev/null; then if [ "$cmd" != "help" ]; then dprint "$command_string invalid-arg" - run_podman 125 "$@" $cmd invalid-arg + run_podman '?' "$@" $cmd invalid-arg + is "$status" 125 "'$command_string invalid-arg' - exit status" is "$output" "Error: .* takes no arguments" \ "'$command_string' with extra (invalid) arguments" fi @@ -104,7 +105,8 @@ function check_help() { # The </dev/null protects us from 'podman login' which will # try to read username/password from stdin. dprint "$command_string (without required args)" - run_podman 125 "$@" $cmd </dev/null + run_podman '?' "$@" $cmd </dev/null + is "$status" 125 "'$command_string' with no arguments - exit status" is "$output" "Error:.* \(require\|specif\|must\|provide\|need\|choose\|accepts\)" \ "'$command_string' without required arg" @@ -126,7 +128,8 @@ function check_help() { local rhs=$(sed -e 's/^[^A-Z]\+[A-Z]/X/' -e 's/ | /-or-/g' <<<"$usage") local n_args=$(wc -w <<<"$rhs") - run_podman 125 "$@" $cmd $(seq --format='x%g' 0 $n_args) + run_podman '?' "$@" $cmd $(seq --format='x%g' 0 $n_args) + is "$status" 125 "'$command_string' with >$n_args arguments - exit status" is "$output" "Error:.* \(takes no arguments\|requires exactly $n_args arg\|accepts at most\|too many arguments\|accepts $n_args arg(s), received\|accepts between .* and .* arg(s), received \)" \ "'$command_string' with >$n_args arguments" @@ -140,13 +143,17 @@ function check_help() { # Any command that takes subcommands, must throw error if called # without one. dprint "podman $@" - run_podman 125 "$@" - is "$output" "Error: missing command .*$@ COMMAND" + run_podman '?' "$@" + is "$status" 125 "'podman $*' without any subcommand - exit status" + is "$output" "Error: missing command .*$@ COMMAND" \ + "'podman $*' without any subcommand - expected error message" # Assume that 'NoSuchCommand' is not a command dprint "podman $@ NoSuchCommand" - run_podman 125 "$@" NoSuchCommand - is "$output" "Error: unrecognized command .*$@ NoSuchCommand" + run_podman '?' "$@" NoSuchCommand + is "$status" 125 "'podman $* NoSuchCommand' - exit status" + is "$output" "Error: unrecognized command .*$@ NoSuchCommand" \ + "'podman $* NoSuchCommand' - expected error message" # This can happen if the output of --help changes, such as between # the old command parser and cobra. diff --git a/test/system/030-run.bats b/test/system/030-run.bats index bc6347012..13fec20ad 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -242,4 +242,46 @@ echo $rand | 0 | $rand run_podman rmi myi } +# #6735 : complex interactions with multiple user namespaces +# The initial report has to do with bind mounts, but that particular +# symptom only manifests on a fedora container image -- we have no +# reproducer on alpine. Checking directory ownership is good enough. +@test "podman run : user namespace preserved root ownership" { + for priv in "" "--privileged"; do + for user in "--user=0" "--user=100"; do + for keepid in "" "--userns=keep-id"; do + opts="$priv $user $keepid" + + for dir in /etc /usr;do + run_podman run --rm $opts $IMAGE stat -c '%u:%g:%n' $dir + remove_same_dev_warning # grumble + is "$output" "0:0:$dir" "run $opts ($dir)" + done + done + done + done +} + +# #6829 : add username to /etc/passwd inside container if --userns=keep-id +@test "podman run : add username to /etc/passwd if --userns=keep-id" { + # Default: always run as root + run_podman run --rm $IMAGE id -un + is "$output" "root" "id -un on regular container" + + # This would always work on root, but is new behavior on rootless: #6829 + # adds a user entry to /etc/passwd + run_podman run --rm --userns=keep-id $IMAGE id -un + is "$output" "$(id -un)" "username on container with keep-id" + + # --privileged should make no difference + run_podman run --rm --privileged --userns=keep-id $IMAGE id -un + remove_same_dev_warning # grumble + is "$output" "$(id -un)" "username on container with keep-id" + + # ...but explicitly setting --user should override keep-id + run_podman run --rm --privileged --userns=keep-id --user=0 $IMAGE id -un + remove_same_dev_warning # grumble + is "$output" "root" "--user=0 overrides keep-id" +} + # vim: filetype=sh diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index f8c7f2766..945bcfa2d 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -6,8 +6,6 @@ load helpers @test "podman exec - basic test" { - skip_if_remote - rand_filename=$(random_string 20) rand_content=$(random_string 50) @@ -80,4 +78,24 @@ load helpers run_podman rm $cid } +# #6829 : add username to /etc/passwd inside container if --userns=keep-id +# #6593 : doesn't actually work with podman exec +@test "podman exec - with keep-id" { + skip "Please enable once #6593 is fixed" + + run_podman run -d --userns=keep-id $IMAGE sh -c \ + "echo READY;while [ ! -f /stop ]; do sleep 1; done" + cid="$output" + wait_for_ready $cid + + run_podman exec $cid id -un + is "$output" "$(id -un)" "container is running as current user" + + # Until #6593 gets fixed, this just hangs. The server process barfs with: + # unable to find user <username>: no matching entries in passwd file + run_podman exec --user=$(id -un) $cid touch /stop + run_podman wait $cid + run_podman rm $cid +} + # vim: filetype=sh diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 0e9d9132e..0ad555305 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -165,9 +165,13 @@ function random_ip() { # Create a pod with all the desired options # FIXME: --ip=$ip fails: # Error adding network: failed to allocate all requested IPs + local mac_option="--mac-address=$mac" + if is_rootless; then + mac_option= + fi run_podman pod create --name=mypod \ --pod-id-file=$pod_id_file \ - --mac-address=$mac \ + $mac_option \ --hostname=$hostname \ --add-host "$add_host_n:$add_host_ip" \ --dns "$dns_server" \ @@ -181,7 +185,7 @@ function random_ip() { is "$(<$pod_id_file)" "$pod_id" "contents of pod-id-file" # Check each of the options - if ! is_rootless; then + if [ -n "$mac_option" ]; then run_podman run --rm --pod mypod $IMAGE ip link show # 'ip' outputs hex in lower-case, ${expr,,} converts UC to lc is "$output" ".* link/ether ${mac,,} " "requested MAC address was set" diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index 98f8b8211..1384c0ab8 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -1,6 +1,7 @@ #!/usr/bin/env bats -*- bats -*- # # Tests #2730 - regular users are not able to read/write container storage +# Tests #6957 - /sys/dev (et al) are masked from unprivileged containers # load helpers @@ -97,4 +98,68 @@ EOF run_podman rm c_uidmap c_uidmap_v } + +# #6957 - mask out /proc/acpi, /sys/dev, and other sensitive system files +@test "sensitive mount points are masked without --privileged" { + # FIXME: this should match the list in pkg/specgen/generate/config_linux.go + local -a mps=( + /proc/acpi + /proc/kcore + /proc/keys + /proc/latency_stats + /proc/timer_list + /proc/timer_stats + /proc/sched_debug + /proc/scsi + /sys/firmware + /sys/fs/selinux + /sys/dev + ) + + # Some of the above may not exist on our host. Find only the ones that do. + local -a subset=() + for mp in ${mps[@]}; do + if [ -e $mp ]; then + subset+=($mp) + fi + done + + # Run 'stat' on all the files, plus /dev/null. Get path, file type, + # number of links, major, and minor (see below for why). Do it all + # in one go, to avoid multiple podman-runs + run_podman run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]} + local devnull= + for result in "${lines[@]}"; do + # e.g. /proc/acpi:character special file:1:3:1 + local IFS=: + read path type nlinks major minor <<<"$result" + + if [[ $path = "/dev/null" ]]; then + # /dev/null is our reference point: masked *files* (not directories) + # will be created as /dev/null clones. + # This depends on 'stat' returning results in argv order, + # so /dev/null is first, so we have a reference for others. + # If that ever breaks, this test will have to be done in two passes. + devnull="$major:$minor" + elif [[ $type = "character special file" ]]; then + # Container file is a character device: it must match /dev/null + is "$major:$minor" "$devnull" "$path: major/minor matches /dev/null" + elif [[ $type = "directory" ]]; then + # Directories: must be empty (only two links). + # FIXME: this is a horrible almost-worthless test! It does not + # actually check for files in the directory (expect: zero), + # merely for the nonexistence of any subdirectories! It relies + # on the observed (by Ed) fact that all the masked directories + # contain further subdirectories on the host. If there's ever + # a new masked directory that contains only files, this test + # will silently pass without any indication of error. + # If you can think of a better way to do this check, + # please feel free to fix it. + is "$nlinks" "2" "$path: directory link count" + else + die "$path: Unknown file type '$type'" + fi + done +} + # vim: filetype=sh diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 1769730f0..497e29b3e 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -19,15 +19,8 @@ function check_label() { # FIXME: on some CI systems, 'run --privileged' emits a spurious # warning line about dup devices. Ignore it. + remove_same_dev_warning local context="$output" - if [ ${#lines[@]} -gt 1 ]; then - if expr "${lines[0]}" : "WARNING: .* type, major" >/dev/null; then - echo "# ${lines[0]} [ignored]" >&3 - context="${lines[1]}" - else - die "FAILED: too much output, expected one single line" - fi - fi is "$context" ".*_u:system_r:.*" "SELinux role should always be system_r" diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 5301644d6..abca91739 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -392,5 +392,43 @@ function find_exec_pid_files() { find $storage_path -type f -iname 'exec_pid_*' fi } + + +############################# +# remove_same_dev_warning # Filter out useless warning from output +############################# +# +# On some CI systems, 'podman run --privileged' emits a useless warning: +# +# WARNING: The same type, major and minor should not be used for multiple devices. +# +# This obviously screws us up when we look at output results. +# +# This function removes the warning from $output and $lines. We don't +# do a full string match because there's another variant of that message: +# +# WARNING: Creating device "/dev/null" with same type, major and minor as existing "/dev/foodevdir/null". +# +# (We should never again see that precise error ever again, but we could +# see variants of it). +# +function remove_same_dev_warning() { + # No input arguments. We operate in-place on $output and $lines + + local i=0 + local -a new_lines=() + while [[ $i -lt ${#lines[@]} ]]; do + if expr "${lines[$i]}" : 'WARNING: .* same type, major' >/dev/null; then + : + else + new_lines+=("${lines[$i]}") + fi + i=$(( i + 1 )) + done + + lines=("${new_lines[@]}") + output=$(printf '%s\n' "${lines[@]}") +} + # END miscellaneous tools ############################################################################### diff --git a/test/system/helpers.t b/test/system/helpers.t index 7b4e48a84..a022f11c4 100755 --- a/test/system/helpers.t +++ b/test/system/helpers.t @@ -23,7 +23,8 @@ rc=0 function check_result { testnum=$(expr $testnum + 1) if [ "$1" = "$2" ]; then - echo "ok $testnum $3 = $1" + # Multi-level echo flattens newlines, makes success messages readable + echo $(echo "ok $testnum $3 = $1") else echo "not ok $testnum $3" echo "# expected: $2" @@ -141,5 +142,72 @@ done < <(parse_table "$table") # END dprint ############################################################################### +# BEGIN remove_same_dev_warning + +# Test-helper function: runs remove_same_dev_warning, compares resulting +# value of $lines and $output to expected values given on command line +function check_same_dev() { + local testname="$1"; shift + local -a expect_lines=("$@") + local nl=" +" + + remove_same_dev_warning + + # After processing, check the expected number of lines + check_result "${#lines[@]}" "${#@}" "$testname: expected # of lines" + + # ...and each expected line + local expect_output="" + local i=0 + while [ $i -lt ${#expect_lines[@]} ]; do + check_result "${lines[$i]}" "${expect_lines[$i]}" "$testname: line $i" + expect_output+="${expect_lines[$i]}$nl" + i=$(( i + 1 )) + done + + # ...and the possibly-multi-line $output + check_result "$output" "${expect_output%%$nl}" "$testname: output" +} + +# Simplest case: nothing removed. +declare -a lines=("a b c" "d" "e f") +check_same_dev "abc" "a b c" "d" "e f" + +# Confirm that the warning message is removed from the beginning +declare -a lines=( + "WARNING: The same type, major and minor should not be used for multiple devices." + "a" + "b" + "c" +) +check_same_dev "warning is removed" a b c + +# ...and from the middle (we do not expect to see this) +declare -a lines=( + "WARNING: The same type, major and minor should not be used for multiple devices." + "a" + "b" + "WARNING: The same type, major and minor should not be used for multiple devices." + "c" +) +check_same_dev "multiple warnings removed" a b c + +# Corner case: two lines of output, only one of which we care about +declare -a lines=( + "WARNING: The same type, major and minor should not be used for multiple devices." + "this is the only line we care about" +) +check_same_dev "one-line output" "this is the only line we care about" + +# Corner case: one line of output, but we expect zero. +declare -a lines=( + "WARNING: The same type, major and minor should not be used for multiple devices." +) +check_same_dev "zero-line output" + + +# END remove_same_dev_warning +############################################################################### exit $rc |