diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/10-images.at | 4 | ||||
| -rw-r--r-- | test/apiv2/20-containers.at | 4 | ||||
| -rw-r--r-- | test/e2e/build_test.go | 12 | ||||
| -rw-r--r-- | test/e2e/checkpoint_test.go | 173 | ||||
| -rw-r--r-- | test/e2e/generate_kube_test.go | 24 | ||||
| -rw-r--r-- | test/e2e/run_memory_test.go | 42 | ||||
| -rw-r--r-- | test/e2e/run_passwd_test.go | 12 | ||||
| -rw-r--r-- | test/e2e/run_staticip_test.go | 15 | ||||
| -rw-r--r-- | test/python/docker/compat/test_images.py | 1 | ||||
| -rw-r--r-- | test/system/010-images.bats | 60 | ||||
| -rw-r--r-- | test/system/030-run.bats | 47 | ||||
| -rw-r--r-- | test/system/170-run-userns.bats | 38 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 3 | ||||
| -rw-r--r-- | test/system/helpers.bash | 10 |
14 files changed, 387 insertions, 58 deletions
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at index 07b63e566..36c2fc6aa 100644 --- a/test/apiv2/10-images.at +++ b/test/apiv2/10-images.at @@ -53,8 +53,8 @@ t POST "images/create?fromImage=alpine" 200 .error~null .status~".*Download comp t POST "images/create?fromImage=alpine&tag=latest" 200 # 10977 - handle platform parameter correctly -t POST "images/create?fromImage=alpine&platform=linux/arm64" 200 -t GET "images/alpine/json" 200 \ +t POST "images/create?fromImage=testimage:20210610&platform=linux/arm64" 200 +t GET "images/testimage:20210610/json" 200 \ .Architecture=arm64 # Make sure that new images are pulled diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index e931ceebe..5a02ca3cb 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -46,6 +46,10 @@ t GET /containers/json?all=true 200 \ .[0].Image=$IMAGE \ $network_expect +# compat API imageid with sha256: prefix +t GET containers/json?limit=1 200 \ + .[0].ImageID~sha256:[0-9a-f]\\{64\\} + # Make sure `limit` works. t GET libpod/containers/json?limit=1 200 \ length=1 \ diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 5ed873f78..d4f0a2b04 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -238,19 +238,25 @@ var _ = Describe("Podman build", func() { Expect("sha256:" + data[0].ID).To(Equal(string(id))) }) - It("podman Test PATH in built image", func() { + It("podman Test PATH and reserved annotation in built image", func() { path := "/tmp:/bin:/usr/bin:/usr/sbin" session := podmanTest.Podman([]string{ - "build", "--pull-never", "-f", "build/basicalpine/Containerfile.path", "-t", "test-path", + "build", "--annotation", "io.podman.annotations.seccomp=foobar", "--pull-never", "-f", "build/basicalpine/Containerfile.path", "-t", "test-path", }) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - session = podmanTest.Podman([]string{"run", "test-path", "printenv", "PATH"}) + session = podmanTest.Podman([]string{"run", "--name", "foobar", "test-path", "printenv", "PATH"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) stdoutLines := session.OutputToStringArray() Expect(stdoutLines[0]).Should(Equal(path)) + + // Reserved annotation should not be applied from the image to the container. + session = podmanTest.Podman([]string{"inspect", "foobar"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).NotTo(ContainSubstring("io.podman.annotations.seccomp")) }) It("podman build --http_proxy flag", func() { diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 064c82621..4771f8e58 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -91,25 +91,97 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) cid := session.OutputToString() - result := podmanTest.Podman([]string{"container", "checkpoint", cid}) + // Check if none of the checkpoint/restore specific information is displayed + // for newly started containers. + inspect := podmanTest.Podman([]string{"inspect", cid}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + inspectOut := inspect.InspectContainerToJSON() + Expect(inspectOut[0].State.Checkpointed).To(BeFalse(), ".State.Checkpointed") + Expect(inspectOut[0].State.Restored).To(BeFalse(), ".State.Restored") + Expect(inspectOut[0].State.CheckpointPath).To(Equal("")) + Expect(inspectOut[0].State.CheckpointLog).To(Equal("")) + Expect(inspectOut[0].State.RestoreLog).To(Equal("")) + + result := podmanTest.Podman([]string{ + "container", + "checkpoint", + "--keep", + cid, + }) result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) - inspect := podmanTest.Podman([]string{"inspect", cid}) + // For a checkpointed container we expect the checkpoint related information + // to be populated. + inspect = podmanTest.Podman([]string{"inspect", cid}) inspect.WaitWithDefaultTimeout() Expect(inspect).Should(Exit(0)) - inspectOut := inspect.InspectContainerToJSON() + inspectOut = inspect.InspectContainerToJSON() Expect(inspectOut[0].State.Checkpointed).To(BeTrue(), ".State.Checkpointed") + Expect(inspectOut[0].State.Restored).To(BeFalse(), ".State.Restored") + Expect(inspectOut[0].State.CheckpointPath).To(ContainSubstring("userdata/checkpoint")) + Expect(inspectOut[0].State.CheckpointLog).To(ContainSubstring("userdata/dump.log")) + Expect(inspectOut[0].State.RestoreLog).To(Equal("")) - result = podmanTest.Podman([]string{"container", "restore", cid}) + result = podmanTest.Podman([]string{ + "container", + "restore", + "--keep", + cid, + }) result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + inspect = podmanTest.Podman([]string{"inspect", cid}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + inspectOut = inspect.InspectContainerToJSON() + Expect(inspectOut[0].State.Restored).To(BeTrue(), ".State.Restored") + Expect(inspectOut[0].State.Checkpointed).To(BeFalse(), ".State.Checkpointed") + Expect(inspectOut[0].State.CheckpointPath).To(ContainSubstring("userdata/checkpoint")) + Expect(inspectOut[0].State.CheckpointLog).To(ContainSubstring("userdata/dump.log")) + Expect(inspectOut[0].State.RestoreLog).To(ContainSubstring("userdata/restore.log")) + + result = podmanTest.Podman([]string{ + "container", + "stop", + "--timeout", + "0", + cid, + }) + result.WaitWithDefaultTimeout() + + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + + result = podmanTest.Podman([]string{ + "container", + "start", + cid, + }) + result.WaitWithDefaultTimeout() + + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + + // Stopping and starting the container should remove all checkpoint + // related information from inspect again. + inspect = podmanTest.Podman([]string{"inspect", cid}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + inspectOut = inspect.InspectContainerToJSON() + Expect(inspectOut[0].State.Checkpointed).To(BeFalse(), ".State.Checkpointed") + Expect(inspectOut[0].State.Restored).To(BeFalse(), ".State.Restored") + Expect(inspectOut[0].State.CheckpointPath).To(Equal("")) + Expect(inspectOut[0].State.CheckpointLog).To(Equal("")) + Expect(inspectOut[0].State.RestoreLog).To(Equal("")) }) It("podman checkpoint a running container by name", func() { @@ -867,6 +939,9 @@ var _ = Describe("Podman checkpoint", func() { }) It("podman checkpoint container with --pre-checkpoint", func() { + if !criu.MemTrack() { + Skip("system (architecture/kernel/CRIU) does not support memory tracking") + } if !strings.Contains(podmanTest.OCIRuntime, "runc") { Skip("Test only works on runc 1.0-rc3 or higher.") } @@ -900,6 +975,9 @@ var _ = Describe("Podman checkpoint", func() { It("podman checkpoint container with --pre-checkpoint and export (migration)", func() { SkipIfRemote("--import-previous is not yet supported on the remote client") + if !criu.MemTrack() { + Skip("system (architecture/kernel/CRIU) does not support memory tracking") + } if !strings.Contains(podmanTest.OCIRuntime, "runc") { Skip("Test only works on runc 1.0-rc3 or higher.") } @@ -1553,4 +1631,91 @@ var _ = Describe("Podman checkpoint", func() { // Remove exported checkpoint os.Remove(fileName) }) + + It("podman checkpoint and restore dev/shm content with --export and --import", func() { + localRunString := getRunString([]string{"--rm", ALPINE, "top"}) + session := podmanTest.Podman(localRunString) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + cid := session.OutputToString() + + // Add test file in dev/shm + result := podmanTest.Podman([]string{"exec", cid, "/bin/sh", "-c", "echo test" + cid + "test > /dev/shm/test.output"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + + session = podmanTest.Podman([]string{"inspect", "--format", "{{.OCIRuntime}}", cid}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + runtime := session.OutputToString() + + checkpointFileName := "/tmp/checkpoint-" + cid + ".tar.gz" + result = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", checkpointFileName}) + result.WaitWithDefaultTimeout() + + // As the container has been started with '--rm' it will be completely + // cleaned up after checkpointing. + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(0)) + + result = podmanTest.Podman([]string{"container", "restore", "-i", checkpointFileName}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + // The restored container should have the same runtime as the original container + result = podmanTest.Podman([]string{"inspect", "--format", "{{.OCIRuntime}}", cid}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal(runtime)) + + // Verify the test file content in dev/shm + result = podmanTest.Podman([]string{"exec", cid, "cat", "/dev/shm/test.output"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring("test" + cid + "test")) + + // Remove exported checkpoint + os.Remove(checkpointFileName) + }) + + It("podman checkpoint and restore dev/shm content", func() { + localRunString := getRunString([]string{ALPINE, "top"}) + session := podmanTest.Podman(localRunString) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + cid := session.OutputToString() + + // Add test file in dev/shm + result := podmanTest.Podman([]string{"exec", cid, "/bin/sh", "-c", "echo test" + cid + "test > /dev/shm/test.output"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + + result = podmanTest.Podman([]string{"container", "checkpoint", cid}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) + + result = podmanTest.Podman([]string{"container", "restore", cid}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + // Verify the test file content in dev/shm + result = podmanTest.Podman([]string{"exec", cid, "cat", "/dev/shm/test.output"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring("test" + cid + "test")) + + result = podmanTest.Podman([]string{"rm", "-t", "0", "-fa"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + }) }) diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index cfa264de2..16f2c4272 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -1100,4 +1100,28 @@ USER test1` Expect(pod.GetAnnotations()).To(HaveKeyWithValue("io.containers.autoupdate.authfile/"+ctr, "/some/authfile.json")) } }) + + It("podman generate kube can export env variables correctly", func() { + // Fixes https://github.com/containers/podman/issues/12647 + // PR https://github.com/containers/podman/pull/12648 + + ctrName := "gen-kube-env-ctr" + podName := "gen-kube-env" + session1 := podmanTest.Podman([]string{"run", "-d", "--pod", "new:" + podName, "--name", ctrName, + "-e", "FOO=bar", + "-e", "HELLO=WORLD", + "alpine", "top"}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", podName}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + pod := new(v1.Pod) + err := yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + + Expect(pod.Spec.Containers[0].Env).To(HaveLen(2)) + }) }) diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index 04952bb03..04fac6bfb 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -3,7 +3,6 @@ package integration import ( "fmt" "os" - "strconv" . "github.com/containers/podman/v3/test/utils" . "github.com/onsi/ginkgo" @@ -79,45 +78,4 @@ var _ = Describe("Podman run memory", func() { Expect(session.OutputToString()).To(Equal(limit)) }) } - - It("podman run kernel-memory test", func() { - if podmanTest.Host.Distribution == "ubuntu" { - Skip("Unable to perform test on Ubuntu distributions due to memory management") - } - - var session *PodmanSessionIntegration - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--net=none", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"}) - } else { - session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) - } - - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - Expect(session.OutputToString()).To(Equal("41943040")) - }) - - It("podman run kernel-memory test", func() { - if podmanTest.Host.Distribution == "ubuntu" { - Skip("Unable to perform test on Ubuntu distributions due to memory management") - } - var session *PodmanSessionIntegration - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--memory", "256m", "--memory-swap", "-1", ALPINE, "cat", "/sys/fs/cgroup/memory.swap.max"}) - } else { - session = podmanTest.Podman([]string{"run", "--cgroupns=private", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"}) - } - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - output := session.OutputToString() - Expect(err).To(BeNil()) - if CGROUPSV2 { - Expect(output).To(Equal("max")) - } else { - crazyHighNumber, err := strconv.ParseInt(output, 10, 64) - Expect(err).To(BeZero()) - Expect(crazyHighNumber).To(BeNumerically(">", 936854771712)) - } - }) }) diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 6d1d26914..2207a50a8 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -125,4 +125,16 @@ USER 1000`, ALPINE) Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) }) + + It("podman run --no-manage-passwd flag", func() { + run := podmanTest.Podman([]string{"run", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + Expect(run.OutputToString()).To(ContainSubstring("1234:1234")) + + run = podmanTest.Podman([]string{"run", "--passwd=false", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + Expect(run.OutputToString()).NotTo((ContainSubstring("1234:1234"))) + }) }) diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index eb7dc9d11..2f3c3025a 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -7,6 +7,7 @@ import ( "time" . "github.com/containers/podman/v3/test/utils" + "github.com/containers/storage/pkg/stringid" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" @@ -65,6 +66,20 @@ var _ = Describe("Podman run with --ip flag", func() { Expect(result.OutputToString()).To(ContainSubstring(ip + "/16")) }) + It("Podman run with specified static IPv6 has correct IP", func() { + netName := "ipv6-" + stringid.GenerateNonCryptoID() + ipv6 := "fd46:db93:aa76:ac37::10" + net := podmanTest.Podman([]string{"network", "create", "--subnet", "fd46:db93:aa76:ac37::/64", netName}) + net.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName) + Expect(net).To(Exit(0)) + + result := podmanTest.Podman([]string{"run", "-ti", "--network", netName, "--ip6", ipv6, ALPINE, "ip", "addr"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(ipv6 + "/64")) + }) + It("Podman run with --network bridge:ip=", func() { ip := GetRandomIPAddress() result := podmanTest.Podman([]string{"run", "-ti", "--network", "bridge:ip=" + ip, ALPINE, "ip", "addr"}) diff --git a/test/python/docker/compat/test_images.py b/test/python/docker/compat/test_images.py index 1e2b531b7..485a0e419 100644 --- a/test/python/docker/compat/test_images.py +++ b/test/python/docker/compat/test_images.py @@ -79,6 +79,7 @@ class TestImages(unittest.TestCase): # Add more images self.client.images.pull(constant.BB) self.assertEqual(len(self.client.images.list()), 2) + self.assertEqual(len(self.client.images.list(all=True)), 2) # List images with filter self.assertEqual(len(self.client.images.list(filters={"reference": "alpine"})), 1) diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 9de31f96c..201418620 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -240,4 +240,64 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z run_podman rmi test:1.0 } + +@test "podman images - rmi -af removes all containers and pods" { + pname=$(random_string) + run_podman create --pod new:$pname $IMAGE + + run_podman inspect --format '{{.ID}}' $IMAGE + imageID=$output + + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + pauseImage=localhost/podman-pause:$output + run_podman inspect --format '{{.ID}}' $pauseImage + pauseID=$output + + run_podman 2 rmi -a + is "$output" "Error: 2 errors occurred: +.** Image used by .*: image is in use by a container +.** Image used by .*: image is in use by a container" + + run_podman rmi -af + is "$output" "Untagged: $IMAGE +Untagged: $pauseImage +Deleted: $imageID +Deleted: $pauseID" "infra images gets removed as well" + + run_podman images --noheading + is "$output" "" + run_podman ps --all --noheading + is "$output" "" + run_podman pod ps --noheading + is "$output" "" + + run_podman create --pod new:$pname $IMAGE +} + +@test "podman images - rmi -f can remove infra images" { + pname=$(random_string) + run_podman create --pod new:$pname $IMAGE + + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + pauseImage=localhost/podman-pause:$output + run_podman inspect --format '{{.ID}}' $pauseImage + pauseID=$output + + run_podman 2 rmi $pauseImage + is "$output" "Error: Image used by .* image is in use by a container" + + run_podman rmi -f $pauseImage + is "$output" "Untagged: $pauseImage +Deleted: $pauseID" + + # Force-removing the infra container removes the pod and all its containers. + run_podman ps --all --noheading + is "$output" "" + run_podman pod ps --noheading + is "$output" "" + + # Other images are still present. + run_podman image exists $IMAGE +} + # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 6f1fa600a..d81a0758c 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -711,6 +711,18 @@ EOF run_podman rmi nomtab } +@test "podman run --hostuser tests" { + skip_if_not_rootless "test whether hostuser is successfully added" + user=$(id -un) + run_podman 1 run --rm $IMAGE grep $user /etc/passwd + run_podman run --hostuser=$user --rm $IMAGE grep $user /etc/passwd + user=$(id -u) + run_podman run --hostuser=$user --rm $IMAGE grep $user /etc/passwd + run_podman run --hostuser=$user --user $user --rm $IMAGE grep $user /etc/passwd + user=bogus + run_podman 126 run --hostuser=$user --rm $IMAGE grep $user /etc/passwd +} + @test "podman run --device-cgroup-rule tests" { skip_if_rootless "cannot add devices in rootless mode" @@ -756,4 +768,39 @@ EOF is "$output" ".*TERM=abc" "missing TERM environment variable despite TERM being set on commandline" } +@test "podman run - no /etc/hosts" { + skip_if_rootless "cannot move /etc/hosts file as a rootless user" + tmpfile=$PODMAN_TMPDIR/hosts + mv /etc/hosts $tmpfile + run_podman '?' run --rm --add-host "foo.com:1.2.3.4" $IMAGE cat "/etc/hosts" + mv $tmpfile /etc/hosts + is "$status" 0 "podman run without /etc/hosts file should work" + is "$output" "1.2.3.4 foo.com.*" "users can add hosts even without /etc/hosts" +} + +# rhbz#1854566 : $IMAGE has incorrect permission 555 on the root '/' filesystem +@test "podman run image with filesystem permission" { + # make sure the IMAGE image have permissiong of 555 like filesystem RPM expects + run_podman run --rm $IMAGE stat -c %a / + is "$output" "555" "directory permissions on /" +} + +# rhbz#1763007 : the --log-opt for podman run does not work as expected +@test "podman run with log-opt option" { + # Pseudorandom size of the form N.NNN. The '| 1' handles '0.NNN' or 'N.NN0', + # which podman displays as 'NNN kB' or 'N.NN MB' respectively. + size=$(printf "%d.%03d" $(($RANDOM % 10 | 1)) $(($RANDOM % 100 | 1))) + run_podman run -d --rm --log-opt max-size=${size}m $IMAGE sleep 5 + cid=$output + run_podman inspect --format "{{ .HostConfig.LogConfig.Size }}" $cid + is "$output" "${size}MB" + run_podman rm -t 0 -f $cid +} + +@test "podman run --kernel-memory warning" { + # Not sure what situations this fails in, but want to make sure warning shows. + run_podman '?' run --rm --kernel-memory 100 $IMAGE false + is "$output" ".*The --kernel-memory flag is no longer supported. This flag is a noop." "warn on use of --kernel-memory" + +} # vim: filetype=sh diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index eb6c4e259..a5be591ef 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -17,7 +17,7 @@ function _require_crun() { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" _require_crun - run chroot --groups 1234 / ${PODMAN} run --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id + run chroot --groups 1234 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id is "$output" ".*65534(nobody)" "Check group leaked into user namespace" } @@ -25,30 +25,56 @@ function _require_crun() { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" _require_crun - run chroot --groups 1234,5678 / ${PODMAN} run --group-add keep-groups $IMAGE id + run chroot --groups 1234,5678 / ${PODMAN} run --rm --group-add keep-groups $IMAGE id is "$output" ".*1234" "Check group leaked into container" } @test "podman --group-add without keep-groups while in a userns" { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" - run chroot --groups 1234,5678 / ${PODMAN} run --uidmap 0:200000:5000 --group-add 457 $IMAGE id + run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" } @test "podman --remote --group-add keep-groups " { if is_remote; then - run_podman 125 run --group-add keep-groups $IMAGE id + run_podman 125 run --rm --group-add keep-groups $IMAGE id is "$output" ".*not supported in remote mode" "Remote check --group-add keep-groups" fi } @test "podman --group-add without keep-groups " { - run_podman run --group-add 457 $IMAGE id + run_podman run --rm --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" } @test "podman --group-add keep-groups plus added groups " { - run_podman 125 run --group-add keep-groups --group-add 457 $IMAGE id + run_podman 125 run --rm --group-add keep-groups --group-add 457 $IMAGE id is "$output" ".*the '--group-add keep-groups' option is not allowed with any other --group-add options" "Check group leaked into container" } + +@test "podman userns=auto in config file" { + skip_if_remote "userns=auto is set on the server" + + if is_rootless; then + egrep -q "^$(id -un):" /etc/subuid || skip "no IDs allocated for current user" + else + egrep -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'" + fi + + cat > $PODMAN_TMPDIR/userns_auto.conf <<EOF +[containers] +userns="auto" +EOF + # First make sure a user namespace is created + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman run -d $IMAGE sleep infinity + cid=$output + + run_podman inspect --format '{{.HostConfig.UsernsMode}}' $cid + is "$output" "private" "Check that a user namespace was created for the container" + + run_podman rm -t 0 -f $cid + + # Then check that the main user is not mapped into the user namespace + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman 0 run --rm $IMAGE awk '{if($2 == "0"){exit 1}}' /proc/self/uid_map /proc/self/gid_map +} diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 4d36163d7..2b5ad44dc 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -139,10 +139,11 @@ load helpers @test "podman run with slirp4ns assigns correct addresses to /etc/hosts" { CIDR="$(random_rfc1918_subnet)" + IP=$(hostname -I | cut -f 1 -d " ") local conname=con-$(random_string 10) run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ --name $conname --hostname $conname $IMAGE cat /etc/hosts - is "$output" ".*${CIDR}.2 host.containers.internal" "host.containers.internal should be the cidr+2 address" + is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be the cidr+2 address" is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address" } diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 97b6db05c..415c9010e 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -398,6 +398,16 @@ function skip_if_rootless() { fi } +###################### +# skip_if_not_rootless # ...with an optional message +###################### +function skip_if_not_rootless() { + if ! is_rootless; then + local msg=$(_add_label_if_missing "$1" "rootfull") + skip "${msg:-not applicable under rootlfull podman}" + fi +} + #################### # skip_if_remote # ...with an optional message #################### |