diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/run_test.go | 8 | ||||
| -rw-r--r-- | test/e2e/stats_test.go | 10 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 64 |
3 files changed, 82 insertions, 0 deletions
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 58ef9a647..f73a15633 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -264,6 +264,14 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.OutputToString()).To(BeEmpty()) Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "-d", "--name=maskCtr4", "--security-opt", "systempaths=unconfined", ALPINE, "sleep", "200"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"exec", "maskCtr4", "ls", "/sys/firmware"}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(Not(BeEmpty())) + Expect(session.ExitCode()).To(Equal(0)) }) It("podman run seccomp test", func() { diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go index 5e8a7a3d0..ab117a2a0 100644 --- a/test/e2e/stats_test.go +++ b/test/e2e/stats_test.go @@ -128,6 +128,16 @@ var _ = Describe("Podman stats", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman stats on container with forced slirp4netns", func() { + // This will force the slirp4netns net mode to be tested as root + session := podmanTest.Podman([]string{"run", "-d", "--net", "slirp4netns", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"stats", "--no-stream", "-a"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + // Regression test for #8265 It("podman stats with custom memory limits", func() { // Run thre containers. One with a memory limit. Make sure diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 44cc731cf..a824ebcd7 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -116,4 +116,68 @@ load helpers fi } +@test "podman network reload" { + skip_if_remote "podman network reload does not have remote support" + skip_if_rootless "podman network reload does not work rootless" + + random_1=$(random_string 30) + HOST_PORT=12345 + SERVER=http://127.0.0.1:$HOST_PORT + + # Create a test file with random content + INDEX1=$PODMAN_TMPDIR/hello.txt + echo $random_1 > $INDEX1 + + # Bind-mount this file with a different name to a container running httpd + run_podman run -d --name myweb -p "$HOST_PORT:80" \ + -v $INDEX1:/var/www/index.txt \ + -w /var/www \ + $IMAGE /bin/busybox-extras httpd -f -p 80 + cid=$output + + run_podman inspect $cid --format "{{.NetworkSettings.IPAddress}}" + ip="$output" + run_podman inspect $cid --format "{{.NetworkSettings.MacAddress}}" + mac="$output" + + # Verify http contents: curl from localhost + run curl -s $SERVER/index.txt + is "$output" "$random_1" "curl 127.0.0.1:/index.txt" + + # flush the CNI iptables here + run iptables -t nat -F CNI-HOSTPORT-DNAT + + # check that we cannot curl (timeout after 5 sec) + run timeout 5 curl -s $SERVER/index.txt + if [ "$status" -ne 124 ]; then + die "curl did not timeout, status code: $status" + fi + + # reload the network to recreate the iptables rules + run_podman network reload $cid + is "$output" "$cid" "Output does not match container ID" + + # check that we still have the same mac and ip + run_podman inspect $cid --format "{{.NetworkSettings.IPAddress}}" + is "$output" "$ip" "IP address changed after podman network reload" + run_podman inspect $cid --format "{{.NetworkSettings.MacAddress}}" + is "$output" "$mac" "MAC address changed after podman network reload" + + # check that we can still curl + run curl -s $SERVER/index.txt + is "$output" "$random_1" "curl 127.0.0.1:/index.txt" + + # make sure --all is working and that this + # cmd also works if the iptables still exists + run_podman network reload --all + is "$output" "$cid" "Output does not match container ID" + + # check that we can still curl + run curl -s $SERVER/index.txt + is "$output" "$random_1" "curl 127.0.0.1:/index.txt" + + # cleanup the container + run_podman rm -f $cid +} + # vim: filetype=sh |