summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/apiv2/python/rest_api/fixtures/podman.py4
-rw-r--r--test/e2e/pod_infra_container_test.go16
-rw-r--r--test/e2e/run_dns_test.go3
-rw-r--r--test/e2e/run_networking_test.go12
-rw-r--r--test/e2e/run_userns_test.go13
-rw-r--r--test/e2e/toolbox_test.go9
-rw-r--r--test/system/030-run.bats13
-rw-r--r--test/system/065-cp.bats8
-rw-r--r--test/system/075-exec.bats1
-rw-r--r--test/system/160-volumes.bats13
-rw-r--r--test/system/170-run-userns.bats14
-rw-r--r--test/system/200-pod.bats2
-rw-r--r--test/system/500-networking.bats103
13 files changed, 175 insertions, 36 deletions
diff --git a/test/apiv2/python/rest_api/fixtures/podman.py b/test/apiv2/python/rest_api/fixtures/podman.py
index c700571b9..f2db6f498 100644
--- a/test/apiv2/python/rest_api/fixtures/podman.py
+++ b/test/apiv2/python/rest_api/fixtures/podman.py
@@ -20,10 +20,6 @@ class Podman:
cgroupfs = os.getenv("CGROUP_MANAGER", "systemd")
self.cmd.append(f"--cgroup-manager={cgroupfs}")
- if os.getenv("DEBUG"):
- self.cmd.append("--log-level=debug")
- self.cmd.append("--syslog=true")
-
self.anchor_directory = tempfile.mkdtemp(prefix="podman_restapi_")
self.cmd.append("--root=" + os.path.join(self.anchor_directory, "crio"))
self.cmd.append("--runroot=" + os.path.join(self.anchor_directory, "crio-run"))
diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go
index db366b612..6373b949a 100644
--- a/test/e2e/pod_infra_container_test.go
+++ b/test/e2e/pod_infra_container_test.go
@@ -377,21 +377,19 @@ var _ = Describe("Podman pod create", func() {
Expect(result.OutputToString()).To(ContainSubstring(infraID))
})
- It("podman run --add-host in pod", func() {
- session := podmanTest.Podman([]string{"pod", "create"})
+ It("podman run --add-host in pod should fail", func() {
+ session := podmanTest.Podman([]string{"pod", "create", "--add-host", "host1:127.0.0.1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
podID := session.OutputToString()
- // verify we can add a host to the infra's /etc/hosts
- // N/B: Using alpine for ping, since BB ping throws
- // permission denied error as of Fedora 33.
- session = podmanTest.Podman([]string{"run", "--pod", podID, "--add-host", "foobar:127.0.0.1", ALPINE, "ping", "-c", "1", "foobar"})
+ session = podmanTest.Podman([]string{"create", "--pod", podID, "--add-host", "foobar:127.0.0.1", ALPINE, "ping", "-c", "1", "foobar"})
session.WaitWithDefaultTimeout()
- Expect(session).Should(Exit(0))
+ Expect(session).Should(ExitWithError())
+ Expect(session.ErrorToString()).To(ContainSubstring("extra host entries must be specified on the pod: network cannot be configured when it is shared with a pod"))
- // verify we can see the other hosts of infra's /etc/hosts
- session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "ping", "-c", "1", "foobar"})
+ // verify we can see the pods hosts
+ session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "ping", "-c", "1", "host1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
})
diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go
index a313e8d40..7561a2e85 100644
--- a/test/e2e/run_dns_test.go
+++ b/test/e2e/run_dns_test.go
@@ -78,8 +78,7 @@ var _ = Describe("Podman run dns", func() {
session := podmanTest.Podman([]string{"run", "--add-host=foobar:1.1.1.1", "--add-host=foobaz:2001:db8::68", ALPINE, "cat", "/etc/hosts"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
- Expect(session.OutputToStringArray()).To(ContainElement(HavePrefix("1.1.1.1 foobar")))
- Expect(session.OutputToStringArray()).To(ContainElement(HavePrefix("2001:db8::68 foobaz")))
+ Expect(session.OutputToStringArray()).To(ContainElements(HavePrefix("1.1.1.1\tfoobar"), HavePrefix("2001:db8::68\tfoobaz")))
})
It("podman run add hostname", func() {
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 696668e52..49c387227 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -608,6 +608,18 @@ EXPOSE 2004-2005/tcp`, ALPINE)
Expect(ctr2).Should(Exit(0))
})
+ It("podman run --net container: and --add-host should fail", func() {
+ ctrName := "ctrToJoin"
+ ctr1 := podmanTest.RunTopContainer(ctrName)
+ ctr1.WaitWithDefaultTimeout()
+ Expect(ctr1).Should(Exit(0))
+
+ ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--add-host", "host1:127.0.0.1", ALPINE, "true"})
+ ctr2.WaitWithDefaultTimeout()
+ Expect(ctr2).Should(ExitWithError())
+ Expect(ctr2.ErrorToString()).Should(ContainSubstring("cannot set extra host entries when the container is joined to another containers network namespace: invalid configuration"))
+ })
+
It("podman run --net container: copies hosts and resolv", func() {
ctrName := "ctr1"
ctr1 := podmanTest.RunTopContainer(ctrName)
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go
index 5a046b0a4..092621c27 100644
--- a/test/e2e/run_userns_test.go
+++ b/test/e2e/run_userns_test.go
@@ -78,12 +78,18 @@ var _ = Describe("Podman UserNS support", func() {
It("podman --userns=keep-id", func() {
session := podmanTest.Podman([]string{"run", "--userns=keep-id", "alpine", "id", "-u"})
session.WaitWithDefaultTimeout()
+ if os.Geteuid() == 0 {
+ Expect(session).Should(Exit(125))
+ return
+ }
+
Expect(session).Should(Exit(0))
uid := fmt.Sprintf("%d", os.Geteuid())
Expect(session.OutputToString()).To(ContainSubstring(uid))
})
It("podman --userns=keep-id check passwd", func() {
+ SkipIfNotRootless("keep-id only works in rootless mode")
session := podmanTest.Podman([]string{"run", "--userns=keep-id", "alpine", "id", "-un"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
@@ -93,6 +99,7 @@ var _ = Describe("Podman UserNS support", func() {
})
It("podman --userns=keep-id root owns /usr", func() {
+ SkipIfNotRootless("keep-id only works in rootless mode")
session := podmanTest.Podman([]string{"run", "--userns=keep-id", "alpine", "stat", "-c%u", "/usr"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
@@ -100,6 +107,7 @@ var _ = Describe("Podman UserNS support", func() {
})
It("podman --userns=keep-id --user root:root", func() {
+ SkipIfNotRootless("keep-id only works in rootless mode")
session := podmanTest.Podman([]string{"run", "--userns=keep-id", "--user", "root:root", "alpine", "id", "-u"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
@@ -107,10 +115,7 @@ var _ = Describe("Podman UserNS support", func() {
})
It("podman run --userns=keep-id can add users", func() {
- if os.Geteuid() == 0 {
- Skip("Test only runs without root")
- }
-
+ SkipIfNotRootless("keep-id only works in rootless mode")
userName := os.Getenv("USER")
if userName == "" {
Skip("Can't complete test if no username available")
diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go
index b34fd299c..1fc28a06d 100644
--- a/test/e2e/toolbox_test.go
+++ b/test/e2e/toolbox_test.go
@@ -160,6 +160,7 @@ var _ = Describe("Toolbox-specific testing", func() {
})
It("podman create --userns=keep-id --user root:root - entrypoint - entrypoint is executed as root", func() {
+ SkipIfNotRootless("only meaningful when run rootless")
session := podmanTest.Podman([]string{"run", "--userns=keep-id", "--user", "root:root", ALPINE,
"id"})
session.WaitWithDefaultTimeout()
@@ -168,6 +169,7 @@ var _ = Describe("Toolbox-specific testing", func() {
})
It("podman create --userns=keep-id + podman exec - correct names of user and group", func() {
+ SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
var err error
@@ -199,6 +201,7 @@ var _ = Describe("Toolbox-specific testing", func() {
})
It("podman create --userns=keep-id - entrypoint - adding user with useradd and then removing their password", func() {
+ SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
var username string = "testuser"
@@ -238,6 +241,7 @@ var _ = Describe("Toolbox-specific testing", func() {
})
It("podman create --userns=keep-id + podman exec - adding group with groupadd", func() {
+ SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
var groupName string = "testgroup"
@@ -268,6 +272,7 @@ var _ = Describe("Toolbox-specific testing", func() {
})
It("podman create --userns=keep-id - entrypoint - modifying existing user with usermod - add to new group, change home/shell/uid", func() {
+ SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
var badHomeDir string = "/home/badtestuser"
var badShell string = "/bin/sh"
@@ -315,6 +320,7 @@ var _ = Describe("Toolbox-specific testing", func() {
})
It("podman run --privileged --userns=keep-id --user root:root - entrypoint - (bind)mounting", func() {
+ SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
session = podmanTest.Podman([]string{"run", "--privileged", "--userns=keep-id", "--user", "root:root", ALPINE,
@@ -329,6 +335,7 @@ var _ = Describe("Toolbox-specific testing", func() {
})
It("podman create + start - with all needed switches for create - sleep as entry-point", func() {
+ SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
// These should be most of the switches that Toolbox uses to create a "toolbox" container
@@ -365,8 +372,8 @@ var _ = Describe("Toolbox-specific testing", func() {
})
It("podman run --userns=keep-id check $HOME", func() {
+ SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
-
currentUser, err := user.Current()
Expect(err).To(BeNil())
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 526003c2d..283c3aea9 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -272,9 +272,11 @@ echo $rand | 0 | $rand
# symptom only manifests on a fedora container image -- we have no
# reproducer on alpine. Checking directory ownership is good enough.
@test "podman run : user namespace preserved root ownership" {
+ keep="--userns=keep-id"
+ is_rootless || keep=""
for priv in "" "--privileged"; do
for user in "--user=0" "--user=100"; do
- for keepid in "" "--userns=keep-id"; do
+ for keepid in "" ${keep}; do
opts="$priv $user $keepid"
for dir in /etc /usr;do
@@ -289,6 +291,7 @@ echo $rand | 0 | $rand
# #6829 : add username to /etc/passwd inside container if --userns=keep-id
@test "podman run : add username to /etc/passwd if --userns=keep-id" {
+ skip_if_not_rootless "--userns=keep-id only works in rootless mode"
# Default: always run as root
run_podman run --rm $IMAGE id -un
is "$output" "root" "id -un on regular container"
@@ -339,6 +342,7 @@ echo $rand | 0 | $rand
# #6991 : /etc/passwd is modifiable
@test "podman run : --userns=keep-id: passwd file is modifiable" {
+ skip_if_not_rootless "--userns=keep-id only works in rootless mode"
run_podman run -d --userns=keep-id --cap-add=dac_override $IMAGE sh -c 'while ! test -e /tmp/stop; do sleep 0.1; done'
cid="$output"
@@ -782,7 +786,7 @@ EOF
mv $hosts_tmp /etc/hosts
assert "$status" = 0 \
"podman run without /etc/hosts file should work"
- assert "$output" =~ "^1\.2\.3\.4 foo.com.*" \
+ assert "$output" =~ "^1\.2\.3\.4[[:blank:]]foo\.com.*" \
"users can add hosts even without /etc/hosts"
}
@@ -827,6 +831,9 @@ EOF
# CVE-2022-1227 : podman top joins container mount NS and uses nsenter from image
@test "podman top does not use nsenter from image" {
+ keepid="--userns=keep-id"
+ is_rootless || keepid=""
+
tmpdir=$PODMAN_TMPDIR/build-test
mkdir -p $tmpdir
tmpbuilddir=$tmpdir/build
@@ -841,7 +848,7 @@ EOF
test_image="cve_2022_1227_test"
run_podman build -t $test_image $tmpbuilddir
- run_podman run -d --userns=keep-id $test_image top
+ run_podman run -d ${keepid} $test_image top
ctr="$output"
run_podman top $ctr huser,user
run_podman rm -f -t0 $ctr
diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats
index fe9292fd0..cfbeff3ae 100644
--- a/test/system/065-cp.bats
+++ b/test/system/065-cp.bats
@@ -119,7 +119,9 @@ load helpers
echo "content" > $srcdir/hostfile
userid=$(id -u)
- run_podman run --user=$userid --userns=keep-id -d --name cpcontainer $IMAGE sleep infinity
+ keepid="--userns=keep-id"
+ is_rootless || keepid=""
+ run_podman run --user=$userid ${keepid} -d --name cpcontainer $IMAGE sleep infinity
run_podman cp $srcdir/hostfile cpcontainer:/tmp/hostfile
run_podman exec cpcontainer stat -c "%u" /tmp/hostfile
is "$output" "$userid" "copied file is chowned to the container user"
@@ -138,7 +140,9 @@ load helpers
userid=$(id -u)
- run_podman run --user="$userid" --userns=keep-id -d --name cpcontainer $IMAGE sleep infinity
+ keepid="--userns=keep-id"
+ is_rootless || keepid=""
+ run_podman run --user=$userid ${keepid} -d --name cpcontainer $IMAGE sleep infinity
run_podman cp -a=false - cpcontainer:/tmp/ < "${tmpdir}/a.tar"
run_podman exec cpcontainer stat -c "%u:%g" /tmp/a.txt
is "$output" "1042:1043" "copied file retains uid/gid from the tar"
diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats
index 42954e5ec..0a6048b7e 100644
--- a/test/system/075-exec.bats
+++ b/test/system/075-exec.bats
@@ -87,6 +87,7 @@ load helpers
# #6829 : add username to /etc/passwd inside container if --userns=keep-id
@test "podman exec - with keep-id" {
+ skip_if_not_rootless "--userns=keep-id only works in rootless mode"
# Multiple --userns options confirm command-line override (last one wins)
run_podman run -d --userns=private --userns=keep-id $IMAGE sh -c \
"echo READY;while [ ! -f /tmp/stop ]; do sleep 1; done"
diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats
index 571d8767e..5b0460723 100644
--- a/test/system/160-volumes.bats
+++ b/test/system/160-volumes.bats
@@ -182,13 +182,14 @@ EOF
run_podman volume rm $myvol
- # Autocreated volumes should also work with keep-id
- # All we do here is check status; podman 1.9.1 would fail with EPERM
- myvol=myvol$(random_string)
- run_podman run --rm -v $myvol:/myvol:z --userns=keep-id $IMAGE \
+ if is_rootless; then
+ # Autocreated volumes should also work with keep-id
+ # All we do here is check status; podman 1.9.1 would fail with EPERM
+ myvol=myvol$(random_string)
+ run_podman run --rm -v $myvol:/myvol:z --userns=keep-id $IMAGE \
touch /myvol/myfile
-
- run_podman volume rm $myvol
+ run_podman volume rm $myvol
+ fi
}
diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats
index c020a73ab..d754306b2 100644
--- a/test/system/170-run-userns.bats
+++ b/test/system/170-run-userns.bats
@@ -94,3 +94,17 @@ EOF
is ${output} ${secret_content} "Secrets should work with user namespace"
run_podman secret rm ${test_name}
}
+
+@test "podman userns=nomap" {
+ skip_if_not_rootless "--userns=nomap only works in rootless mode"
+ ns_user=$(id -un)
+ baseuid=$(egrep "${ns_user}:" /etc/subuid | cut -f2 -d:)
+ test ! -z ${baseuid} || skip "no IDs allocated for user ${ns_user}"
+
+ test_name="test_$(random_string 12)"
+ run_podman run -d --userns=nomap $IMAGE sleep 100
+ cid=${output}
+ run_podman top ${cid} huser
+ is "${output}" "HUSER.*${baseuid}" "Container should start with baseuid from /etc/subuid not user UID"
+ run_podman rm -t 0 --force ${cid}
+}
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index 56449dcad..ef4bf1a6c 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -250,7 +250,7 @@ EOF
is "$output" ".*invalid config provided: cannot set hostname when joining the pod UTS namespace: invalid configuration" "--hostname should not be allowed in share UTS pod"
run_podman run --rm --pod $pod_id $IMAGE cat /etc/hosts
- is "$output" ".*$add_host_ip $add_host_n" "--add-host was added"
+ is "$output" ".*$add_host_ip[[:blank:]]$add_host_n" "--add-host was added"
is "$output" ".* $hostname" "--hostname is in /etc/hosts"
# ^^^^ this must be a tab, not a space
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 3bfc58a07..958aa4493 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -83,7 +83,7 @@ load helpers
}
# Issue #5466 - port-forwarding doesn't work with this option and -d
-@test "podman networking: port with --userns=keep-id" {
+@test "podman networking: port with --userns=keep-id for rootless or --uidmap=* for rootfull" {
for cidr in "" "$(random_rfc1918_subnet).0/24"; do
myport=$(random_free_port 52000-52999)
if [[ -z $cidr ]]; then
@@ -105,7 +105,9 @@ load helpers
# remote IP is not 127.0.0.1 (podman PR #9052).
# We could get more parseable output by using $NCAT_REMOTE_ADDR,
# but busybox nc doesn't support that.
- run_podman run -d --userns=keep-id $network_arg -p 127.0.0.1:$myport:$myport \
+ userns="--userns=keep-id"
+ is_rootless || userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536"
+ run_podman run -d ${userns} $network_arg -p 127.0.0.1:$myport:$myport \
$IMAGE nc -l -n -v -p $myport
cid="$output"
@@ -133,14 +135,50 @@ load helpers
done
}
+@test "podman pod manages /etc/hosts correctly" {
+ local pod_name=pod-$(random_string 10)
+ local infra_name=infra-$(random_string 10)
+ local con1_name=con1-$(random_string 10)
+ local con2_name=con2-$(random_string 10)
+ run_podman pod create --name $pod_name --infra-name $infra_name
+ pid="$output"
+ run_podman run --pod $pod_name --name $con1_name $IMAGE cat /etc/hosts
+ is "$output" ".*\s$pod_name $infra_name.*" "Pod hostname in /etc/hosts"
+ is "$output" ".*127.0.0.1\s$con1_name.*" "Container1 name in /etc/hosts"
+ # get the length of the hosts file
+ old_lines=${#lines[@]}
+
+ # since the first container should be cleaned up now we should only see the
+ # new host entry and the old one should be removed (lines check)
+ run_podman run --pod $pod_name --name $con2_name $IMAGE cat /etc/hosts
+ is "$output" ".*\s$pod_name $infra_name.*" "Pod hostname in /etc/hosts"
+ is "$output" ".*127.0.0.1\s$con2_name.*" "Container2 name in /etc/hosts"
+ is "${#lines[@]}" "$old_lines" "Number of hosts lines is equal"
+
+ run_podman run --pod $pod_name $IMAGE sh -c "hostname && cat /etc/hostname"
+ is "${lines[0]}" "$pod_name" "hostname is the pod hostname"
+ is "${lines[1]}" "$pod_name" "/etc/hostname contains correct pod hostname"
+
+ run_podman pod rm $pod_name
+ is "$output" "$pid" "Only ID in output (no extra errors)"
+}
+
@test "podman run with slirp4ns assigns correct addresses to /etc/hosts" {
CIDR="$(random_rfc1918_subnet)"
IP=$(hostname -I | cut -f 1 -d " ")
local conname=con-$(random_string 10)
run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \
--name $conname --hostname $conname $IMAGE cat /etc/hosts
- is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be the cidr+2 address"
+ is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be host address"
is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address"
+
+ if is_rootless; then
+ # check the slirp ip also works correct with userns
+ run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \
+ --name $conname --hostname $conname $IMAGE cat /etc/hosts
+ is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be host address"
+ is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address"
+ fi
}
@test "podman run with slirp4ns adds correct dns address to resolv.conf" {
@@ -433,9 +471,17 @@ load helpers
run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").Aliases}}"
is "$output" "[${cid:0:12}]" "short container id in network aliases"
+ # check /etc/hosts for our entry
+ run_podman exec $cid cat /etc/hosts
+ is "$output" ".*$ip.*" "hosts contain expected ip"
+
run_podman network disconnect $netname $cid
is "$output" "" "Output should be empty (no errors)"
+ # check /etc/hosts again, the entry should be gone now
+ run_podman exec $cid cat /etc/hosts
+ assert "$output" !~ "$ip" "IP ($ip) should no longer be in /etc/hosts"
+
# check that we cannot curl (timeout after 3 sec)
run curl --max-time 3 -s $SERVER/index.txt
assert $status -ne 0 \
@@ -451,13 +497,18 @@ load helpers
# check that we have a new ip and mac
# if the ip is still the same this whole test turns into a nop
run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").IPAddress}}"
- assert "$output" != "$ip" \
+ new_ip="$output"
+ assert "$new_ip" != "$ip" \
"IP address did not change after podman network disconnect/connect"
run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").MacAddress}}"
assert "$output" != "$mac" \
"MAC address did not change after podman network disconnect/connect"
+ # check /etc/hosts for the new entry
+ run_podman exec $cid cat /etc/hosts
+ is "$output" ".*$new_ip.*" "hosts contain expected new ip"
+
# Disconnect/reconnect of a container *with no ports* should succeed quietly
run_podman network disconnect $netname $background_cid
is "$output" "" "disconnect of container with no open ports"
@@ -628,4 +679,48 @@ EOF
done
}
+@test "podman run CONTAINERS_CONF /etc/hosts options" {
+ skip_if_remote "CONTAINERS_CONF redirect does not work on remote"
+
+ containersconf=$PODMAN_TMPDIR/containers.conf
+ basehost=$PODMAN_TMPDIR/host
+
+ ip1="$(random_rfc1918_subnet).$((RANDOM % 256))"
+ name1=host1$(random_string)
+ ip2="$(random_rfc1918_subnet).$((RANDOM % 256))"
+ name2=host2$(random_string)
+
+ cat >$basehost <<EOF
+$ip1 $name1
+$ip2 $name2 #some comment
+EOF
+
+ containersinternal_ip="$(random_rfc1918_subnet).$((RANDOM % 256))"
+ cat >$containersconf <<EOF
+[containers]
+ base_hosts_file = "$basehost"
+ host_containers_internal_ip = "$containersinternal_ip"
+EOF
+
+ ip3="$(random_rfc1918_subnet).$((RANDOM % 256))"
+ name3=host3$(random_string)
+
+ CONTAINERS_CONF=$containersconf run_podman run --rm --add-host $name3:$ip3 $IMAGE cat /etc/hosts
+ is "$output" ".*$ip3[[:blank:]]$name3.*" "--add-host entry in /etc/host"
+ is "$output" ".*$ip1[[:blank:]]$name1.*" "first base entry in /etc/host"
+ is "$output" ".*$ip2[[:blank:]]$name2.*" "second base entry in /etc/host"
+ is "$output" ".*127.0.0.1[[:blank:]]localhost.*" "ipv4 localhost entry added"
+ is "$output" ".*::1[[:blank:]]localhost.*" "ipv6 localhost entry added"
+ is "$output" ".*$containersinternal_ip[[:blank:]]host\.containers\.internal.*" "host.containers.internal ip from config in /etc/host"
+ is "${#lines[@]}" "7" "expect 7 host entries in /etc/hosts"
+
+ # now try again with container name and hostname == host entry name
+ # in this case podman should not add its own entry thus we only have 5 entries (-1 for the removed --add-host)
+ CONTAINERS_CONF=$containersconf run_podman run --rm --name $name1 --hostname $name1 $IMAGE cat /etc/hosts
+ is "$output" ".*$ip1[[:blank:]]$name1.*" "first base entry in /etc/host"
+ is "$output" ".*$ip2[[:blank:]]$name2.*" "second base entry in /etc/host"
+ is "$output" ".*$containersinternal_ip[[:blank:]]host\.containers\.internal.*" "host.containers.internal ip from config in /etc/host"
+ is "${#lines[@]}" "5" "expect 5 host entries in /etc/hosts"
+}
+
# vim: filetype=sh