diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/12-imagesMore.at | 4 | ||||
| -rw-r--r-- | test/e2e/cp_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/generate_kube_test.go | 32 | ||||
| -rw-r--r-- | test/e2e/network_test.go | 23 | ||||
| -rw-r--r-- | test/e2e/stop_test.go | 4 | ||||
| -rw-r--r-- | test/system/065-cp.bats | 220 | ||||
| -rw-r--r-- | test/system/070-build.bats | 114 | ||||
| -rw-r--r-- | test/system/410-selinux.bats | 11 |
8 files changed, 345 insertions, 64 deletions
diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index 4f3ddf925..ce3049106 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -46,6 +46,10 @@ t POST "images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" '' 200 # Untag the image t POST "libpod/images/$iid/untag?repo=localhost:5000/myrepo&tag=mytag" '' 201 +# Try to push non-existing image +t POST "images/localhost:5000/idonotexist/push?tlsVerify=false" '' 200 +jq -re 'select(.errorDetail)' <<<"$output" &>/dev/null || echo -e "${red}not ok: error message not found in output${nc}" 1>&2 + t GET libpod/images/$IMAGE/json 200 \ .RepoTags[-1]=$IMAGE diff --git a/test/e2e/cp_test.go b/test/e2e/cp_test.go index c0fb3f887..c0fb61544 100644 --- a/test/e2e/cp_test.go +++ b/test/e2e/cp_test.go @@ -212,6 +212,7 @@ var _ = Describe("Podman cp", func() { // Copy the root dir "/" of a container to the host. It("podman cp the root directory from the ctr to an existing directory on the host ", func() { + SkipIfRootless("cannot copy tty devices in rootless mode") container := "copyroottohost" session := podmanTest.RunTopContainer(container) session.WaitWithDefaultTimeout() diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index d7c697f28..21e006c20 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -734,4 +734,36 @@ ENTRYPOINT /bin/sleep` kube.WaitWithDefaultTimeout() Expect(kube.ExitCode()).To(Equal(0)) }) + + It("podman generate kube based on user in container", func() { + // Build an image with an entrypoint. + containerfile := `FROM quay.io/libpod/alpine:latest +RUN adduser -u 10001 -S test1 +USER test1` + + targetPath, err := CreateTempDirInTempDir() + Expect(err).To(BeNil()) + containerfilePath := filepath.Join(targetPath, "Containerfile") + err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) + Expect(err).To(BeNil()) + + image := "generatekube:test" + session := podmanTest.Podman([]string{"build", "-f", containerfilePath, "-t", image}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"create", "--pod", "new:testpod", image, "test1"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "testpod"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + pod := new(v1.Pod) + err = yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + Expect(*pod.Spec.Containers[0].SecurityContext.RunAsUser).To(Equal(int64(10001))) + }) + }) diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go index 53521cdc4..ff2e1eb66 100644 --- a/test/e2e/network_test.go +++ b/test/e2e/network_test.go @@ -352,6 +352,29 @@ var _ = Describe("Podman network", func() { Expect(rmAll.ExitCode()).To(BeZero()) }) + It("podman network remove after disconnect when container initially created with the network", func() { + SkipIfRootless("disconnect works only in non rootless container") + + container := "test" + network := "foo" + + session := podmanTest.Podman([]string{"network", "create", network}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--name", container, "--network", network, "-d", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"network", "disconnect", network, container}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"network", "rm", network}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + It("podman network remove bogus", func() { session := podmanTest.Podman([]string{"network", "rm", "bogus"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/stop_test.go b/test/e2e/stop_test.go index dd264eb0d..d6d58c94c 100644 --- a/test/e2e/stop_test.go +++ b/test/e2e/stop_test.go @@ -150,7 +150,7 @@ var _ = Describe("Podman stop", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session = podmanTest.Podman([]string{"stop", "--time", "1", "test4"}) + session = podmanTest.Podman([]string{"stop", "--time", "0", "test4"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) output := session.OutputToString() @@ -166,7 +166,7 @@ var _ = Describe("Podman stop", func() { session := podmanTest.Podman([]string{"run", "-d", "--name", "test5", ALPINE, "sleep", "100"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - session = podmanTest.Podman([]string{"stop", "--timeout", "1", "test5"}) + session = podmanTest.Podman([]string{"stop", "--timeout", "0", "test5"}) // Without timeout container stops in 10 seconds // If not stopped in 5 seconds, then --timeout did not work session.Wait(5) diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats index 312106b36..88ed983d8 100644 --- a/test/system/065-cp.bats +++ b/test/system/065-cp.bats @@ -15,6 +15,7 @@ load helpers random-1-$(random_string 15) random-2-$(random_string 20) ) + echo "${randomcontent[0]}" > $srcdir/hostfile0 echo "${randomcontent[1]}" > $srcdir/hostfile1 echo "${randomcontent[2]}" > $srcdir/hostfile2 @@ -24,6 +25,10 @@ load helpers run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity run_podman exec cpcontainer mkdir /srv/subdir + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + # format is: <id> | <destination arg to cp> | <full dest path> | <test name> # where: # id is 0-2, one of the random strings/files @@ -44,8 +49,7 @@ load helpers 0 | subdir | /srv/subdir/hostfile0 | copy to workdir/subdir " - # Copy one of the files into container, exec+cat, confirm the file - # is there and matches what we expect + # RUNNING container while read id dest dest_fullname description; do run_podman cp $srcdir/hostfile$id cpcontainer:$dest run_podman exec cpcontainer cat $dest_fullname @@ -67,6 +71,44 @@ load helpers is "$output" 'Error: "/IdoNotExist/" could not be found on container cpcontainer: No such file or directory' \ "copy into nonexistent path in container" + run_podman kill cpcontainer + run_podman rm -f cpcontainer + + # CREATED container + while read id dest dest_fullname description; do + run_podman create --name cpcontainer --workdir=/srv $cpimage sleep infinity + run_podman cp $srcdir/hostfile$id cpcontainer:$dest + run_podman start cpcontainer + run_podman exec cpcontainer cat $dest_fullname + is "$output" "${randomcontent[$id]}" "$description (cp -> ctr:$dest)" + run_podman kill cpcontainer + run_podman rm -f cpcontainer + done < <(parse_table "$tests") + + run_podman rmi -f $cpimage +} + +@test "podman cp file from host to container tmpfs mount" { + srcdir=$PODMAN_TMPDIR/cp-test-file-host-to-ctr + mkdir -p $srcdir + content=tmpfile-content$(random_string 20) + echo $content > $srcdir/file + + # RUNNING container + run_podman run -d --mount type=tmpfs,dst=/tmp --name cpcontainer $IMAGE sleep infinity + run_podman cp $srcdir/file cpcontainer:/tmp + run_podman exec cpcontainer cat /tmp/file + is "$output" "${content}" "cp to running container's tmpfs" + run_podman kill cpcontainer + run_podman rm -f cpcontainer + + # CREATED container (with copy up) + run_podman create --mount type=tmpfs,dst=/tmp --name cpcontainer $IMAGE sleep infinity + run_podman cp $srcdir/file cpcontainer:/tmp + run_podman start cpcontainer + run_podman exec cpcontainer cat /tmp/file + is "$output" "${content}" "cp to created container's tmpfs" + run_podman kill cpcontainer run_podman rm -f cpcontainer } @@ -87,6 +129,10 @@ load helpers run_podman exec cpcontainer sh -c "echo ${randomcontent[1]} > /srv/containerfile1" run_podman exec cpcontainer sh -c "mkdir /srv/subdir; echo ${randomcontent[2]} > /srv/subdir/containerfile2" + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + # format is: <id> | <source arg to cp> | <destination arg (appended to $srcdir) to cp> | <full dest path (appended to $srcdir)> | <test name> tests=" 0 | /tmp/containerfile | | /containerfile | copy to srcdir/ @@ -98,20 +144,33 @@ load helpers 2 | subdir/containerfile2 | / | /containerfile2 | copy from workdir/subdir (rel path) to srcdir " - # Copy one of the files to the host, cat, confirm the file - # is there and matches what we expect + # RUNNING container while read id src dest dest_fullname description; do # dest may be "''" for empty table cells if [[ $dest == "''" ]];then unset dest fi run_podman cp cpcontainer:$src "$srcdir$dest" - run cat $srcdir$dest_fullname - is "$output" "${randomcontent[$id]}" "$description (cp ctr:$src to \$srcdir$dest)" - rm $srcdir/$dest_fullname + is "$(< $srcdir$dest_fullname)" "${randomcontent[$id]}" "$description (cp ctr:$src to \$srcdir$dest)" + rm $srcdir$dest_fullname done < <(parse_table "$tests") + run_podman kill cpcontainer + run_podman rm -f cpcontainer + # Created container + run_podman create --name cpcontainer --workdir=/srv $cpimage + while read id src dest dest_fullname description; do + # dest may be "''" for empty table cells + if [[ $dest == "''" ]];then + unset dest + fi + run_podman cp cpcontainer:$src "$srcdir$dest" + is "$(< $srcdir$dest_fullname)" "${randomcontent[$id]}" "$description (cp ctr:$src to \$srcdir$dest)" + rm $srcdir$dest_fullname + done < <(parse_table "$tests") run_podman rm -f cpcontainer + + run_podman rmi -f $cpimage } @@ -134,6 +193,10 @@ load helpers run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity run_podman exec cpcontainer mkdir /srv/subdir + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + # format is: <source arg to cp (appended to srcdir)> | <destination arg to cp> | <full dest path> | <test name> tests=" | / | /dir-test | copy to root @@ -141,9 +204,10 @@ load helpers / | /tmp | /tmp/dir-test | copy to tmp /. | /usr/ | /usr/ | copy contents of dir to usr/ | . | /srv/dir-test | copy to workdir (rel path) - | subdir/. | /srv/subdir/dir-test | copy to workdir subdir (rel path) + | subdir/. | /srv/subdir/dir-test | copy to workdir subdir (rel path) " + # RUNNING container while read src dest dest_fullname description; do # src may be "''" for empty table cells if [[ $src == "''" ]];then @@ -156,52 +220,97 @@ load helpers run_podman exec cpcontainer cat $dest_fullname/hostfile1 is "$output" "${randomcontent[1]}" "$description (cp -> ctr:$dest)" done < <(parse_table "$tests") - + run_podman kill cpcontainer run_podman rm -f cpcontainer + + # CREATED container + while read src dest dest_fullname description; do + # src may be "''" for empty table cells + if [[ $src == "''" ]];then + unset src + fi + run_podman create --name cpcontainer --workdir=/srv $cpimage sleep infinity + run_podman cp $srcdir$src cpcontainer:$dest + run_podman start cpcontainer + run_podman exec cpcontainer cat $dest_fullname/hostfile0 $dest_fullname/hostfile1 + is "${lines[0]}" "${randomcontent[0]}" "$description (cp -> ctr:$dest)" + is "${lines[1]}" "${randomcontent[1]}" "$description (cp -> ctr:$dest)" + run_podman kill cpcontainer + run_podman rm -f cpcontainer + done < <(parse_table "$tests") + + run_podman rmi -f $cpimage } @test "podman cp dir from container to host" { - srcdir=$PODMAN_TMPDIR/dir-test - mkdir -p $srcdir + destdir=$PODMAN_TMPDIR/cp-test-dir-ctr-to-host + mkdir -p $destdir + # Create 2 files with random content in the container. + local -a randomcontent=( + random-0-$(random_string 10) + random-1-$(random_string 15) + ) run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity - run_podman exec cpcontainer sh -c 'mkdir /srv/subdir; echo "This first file is on the container" > /srv/subdir/containerfile1' - run_podman exec cpcontainer sh -c 'echo "This second file is on the container as well" > /srv/subdir/containerfile2' + run_podman exec cpcontainer sh -c "mkdir /srv/subdir; echo ${randomcontent[0]} > /srv/subdir/containerfile0" + run_podman exec cpcontainer sh -c "echo ${randomcontent[1]} > /srv/subdir/containerfile1" # "." and "dir/." will copy the contents, so make sure that a dir ending # with dot is treated correctly. run_podman exec cpcontainer sh -c 'mkdir /tmp/subdir.; cp /srv/subdir/* /tmp/subdir./' - run_podman cp cpcontainer:/srv $srcdir - run cat $srcdir/srv/subdir/containerfile1 - is "$output" "This first file is on the container" - run cat $srcdir/srv/subdir/containerfile2 - is "$output" "This second file is on the container as well" - rm -rf $srcdir/srv/subdir - - run_podman cp cpcontainer:/srv/. $srcdir - run ls $srcdir/subdir - run cat $srcdir/subdir/containerfile1 - is "$output" "This first file is on the container" - run cat $srcdir/subdir/containerfile2 - is "$output" "This second file is on the container as well" - rm -rf $srcdir/subdir - - run_podman cp cpcontainer:/srv/subdir/. $srcdir - run cat $srcdir/containerfile1 - is "$output" "This first file is on the container" - run cat $srcdir/containerfile2 - is "$output" "This second file is on the container as well" - rm -rf $srcdir/subdir - - run_podman cp cpcontainer:/tmp/subdir. $srcdir - run cat $srcdir/subdir./containerfile1 - is "$output" "This first file is on the container" - run cat $srcdir/subdir./containerfile2 - is "$output" "This second file is on the container as well" - rm -rf $srcdir/subdir. + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + + # format is: <source arg to cp (appended to /srv)> | <full dest path> | <test name> + tests=" + /srv | /srv/subdir | copy /srv + /srv/ | /srv/subdir | copy /srv/ + /srv/. | /subdir | copy /srv/. + /srv/subdir/. | | copy /srv/subdir/. + /tmp/subdir. | /subdir. | copy /tmp/subdir. +" + + # RUNNING container + while read src dest_fullname description; do + if [[ $src == "''" ]];then + unset src + fi + if [[ $dest == "''" ]];then + unset dest + fi + if [[ $dest_fullname == "''" ]];then + unset dest_fullname + fi + run_podman cp cpcontainer:$src $destdir + is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description" + is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description" + rm -rf $destdir/* + done < <(parse_table "$tests") + run_podman kill cpcontainer + run_podman rm -f cpcontainer + # CREATED container + run_podman create --name cpcontainer --workdir=/srv $cpimage + while read src dest_fullname description; do + if [[ $src == "''" ]];then + unset src + fi + if [[ $dest == "''" ]];then + unset dest + fi + if [[ $dest_fullname == "''" ]];then + unset dest_fullname + fi + run_podman cp cpcontainer:$src $destdir + is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description" + is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description" + rm -rf $destdir/* + done < <(parse_table "$tests") run_podman rm -f cpcontainer + + run_podman rmi -f $cpimage } @@ -228,9 +337,7 @@ load helpers run_podman create --name cpcontainer -v $volume1:/tmp/volume -v $volume2:/tmp/volume/sub-volume $IMAGE run_podman cp $srcdir/hostfile cpcontainer:/tmp/volume/sub-volume - - run cat $volume2_mount/hostfile - is "$output" "This file should be in volume2" + is "$(< $volume2_mount/hostfile)" "This file should be in volume2" # Volume 1 must be empty. run ls $volume1_mount @@ -254,9 +361,7 @@ load helpers run_podman create --name cpcontainer -v $volume:/tmp/volume -v $mountdir:/tmp/volume/mount $IMAGE run_podman cp $srcdir/hostfile cpcontainer:/tmp/volume/mount - - run cat $mountdir/hostfile - is "$output" "This file should be in the mount" + is "$(< $mountdir/hostfile)" "This file should be in the mount" run_podman rm -f cpcontainer run_podman volume rm $volume @@ -284,7 +389,7 @@ load helpers # cp no longer supports wildcarding run_podman 125 cp 'cpcontainer:/tmp/*' $dstdir - run_podman rm cpcontainer + run_podman rm -f cpcontainer } @@ -308,7 +413,7 @@ load helpers # make sure there are no files in dstdir is "$(/bin/ls -1 $dstdir)" "" "incorrectly copied symlink from host" - run_podman rm cpcontainer + run_podman rm -f cpcontainer } @@ -332,7 +437,7 @@ load helpers # make sure there are no files in dstdir is "$(/bin/ls -1 $dstdir)" "" "incorrectly copied symlink from host" - run_podman rm cpcontainer + run_podman rm -f cpcontainer } @@ -352,7 +457,7 @@ load helpers # dstdir must be empty is "$(/bin/ls -1 $dstdir)" "" "incorrectly copied symlink from host" - run_podman rm cpcontainer + run_podman rm -f cpcontainer } @@ -409,6 +514,7 @@ load helpers run_podman exec cpcontainer cat /tmp/d3/x is "$output" "$rand_content3" "cp creates file named x" + run_podman kill cpcontainer run_podman rm -f cpcontainer } @@ -446,6 +552,7 @@ load helpers run_podman exec cpcontainer cat $graphroot/$rand_filename is "$output" "$rand_content" "Contents of file copied into container" + run_podman kill cpcontainer run_podman rm -f cpcontainer } @@ -494,6 +601,7 @@ load helpers run_podman 125 cp - cpcontainer:/tmp/IdoNotExist < $tar_file is "$output" 'Error: destination must be a directory when copying from stdin' + run_podman kill cpcontainer run_podman rm -f cpcontainer } @@ -527,8 +635,7 @@ load helpers fi tar xvf $srcdir/stdout.tar -C $srcdir - run cat $srcdir/file.txt - is "$output" "$rand_content" + is "$(< $srcdir/file.txt)" "$rand_content" run 1 ls $srcdir/empty.txt rm -f $srcdir/* @@ -539,11 +646,10 @@ load helpers fi tar xvf $srcdir/stdout.tar -C $srcdir - run cat $srcdir/tmp/file.txt - is "$output" "$rand_content" - run cat $srcdir/tmp/empty.txt - is "$output" "" + is "$(< $srcdir/tmp/file.txt)" "$rand_content" + is "$(< $srcdir/tmp/empty.txt)" "" + run_podman kill cpcontainer run_podman rm -f cpcontainer } diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 1e7d366a1..d413b0c10 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -168,6 +168,9 @@ EOF CAT_SECRET="cat /run/secrets/$secret_filename" fi + # For --dns-search: a domain that is unlikely to exist + local nosuchdomain=nx$(random_string 10).net + # Command to run on container startup with no args cat >$tmpdir/mycmd <<EOF #!/bin/sh @@ -188,11 +191,17 @@ EOF https_proxy=https-proxy-in-env-file EOF + # Build args: one explicit (foo=bar), one implicit (foo) + local arg_implicit_value=implicit_$(random_string 15) + local arg_explicit_value=explicit_$(random_string 15) + # NOTE: it's important to not create the workdir. # Podman will make sure to create a missing workdir # if needed. See #9040. cat >$tmpdir/Containerfile <<EOF FROM $IMAGE +ARG arg_explicit +ARG arg_implicit LABEL $label_name=$label_value WORKDIR $workdir @@ -217,18 +226,47 @@ RUN chown 2:3 /bin/mydefaultcmd RUN $CAT_SECRET +RUN echo explicit-build-arg=\$arg_explicit +RUN echo implicit-build-arg=\$arg_implicit + CMD ["/bin/mydefaultcmd","$s_echo"] +RUN cat /etc/resolv.conf EOF + # The goal is to test that a missing value will be inherited from + # environment - but that can't work with remote, so for simplicity + # just make it explicit in that case too. + local build_arg_implicit="--build-arg arg_implicit" + if is_remote; then + build_arg_implicit+="=$arg_implicit_value" + fi + # cd to the dir, so we test relative paths (important for podman-remote) cd $PODMAN_TMPDIR + export arg_explicit="THIS SHOULD BE OVERRIDDEN BY COMMAND LINE!" + export arg_implicit=${arg_implicit_value} run_podman ${MOUNTS_CONF} build \ + --build-arg arg_explicit=${arg_explicit_value} \ + $build_arg_implicit \ + --dns-search $nosuchdomain \ -t build_test -f build-test/Containerfile build-test local iid="${lines[-1]}" + if [[ $output =~ missing.*build.argument ]]; then + die "podman did not see the given --build-arg(s)" + fi + # Make sure 'podman build' had the secret mounted is "$output" ".*$secret_contents.*" "podman build has /run/secrets mounted" + # --build-arg should be set, both via 'foo=bar' and via just 'foo' ($foo) + is "$output" ".*explicit-build-arg=${arg_explicit_value}" \ + "--build-arg arg_explicit=explicit-value works" + is "$output" ".*implicit-build-arg=${arg_implicit_value}" \ + "--build-arg arg_implicit works (inheriting from environment)" + is "$output" ".*search $nosuchdomain" \ + "--dns-search added to /etc/resolv.conf" + if is_remote; then ENVHOST="" else @@ -362,6 +400,82 @@ Labels.$label_name | $label_value run_podman rmi -f build_test } +@test "podman build - COPY with ignore" { + local tmpdir=$PODMAN_TMPDIR/build-test-$(random_string 10) + mkdir -p $tmpdir/subdir + + # Create a bunch of files. Declare this as an array to avoid duplication + # because we iterate over that list below, checking for each file. + # A leading "-" indicates that the file SHOULD NOT exist in the built image + local -a files=( + -test1 -test1.txt + test2 test2.txt + subdir/sub1 subdir/sub1.txt + -subdir/sub2 -subdir/sub2.txt + this-file-does-not-match-anything-in-ignore-file + comment + ) + for f in ${files[@]}; do + # The magic '##-' strips off the '-' prefix + echo "$f" > $tmpdir/${f##-} + done + + # Directory that doesn't exist in the image; COPY should create it + local newdir=/newdir-$(random_string 12) + cat >$tmpdir/Containerfile <<EOF +FROM $IMAGE +COPY ./ $newdir/ +EOF + + # Run twice: first with a custom --ignorefile, then with a default one. + # This ordering is deliberate: if we were to run with .dockerignore + # first, and forget to rm it, and then run with --ignorefile, _and_ + # there was a bug in podman where --ignorefile was a NOP (eg #9570), + # the test might pass because of the existence of .dockerfile. + for ignorefile in ignoreme-$(random_string 5) .dockerignore; do + # Patterns to ignore. Mostly copied from buildah/tests/bud/dockerignore + cat >$tmpdir/$ignorefile <<EOF +# comment +test* +!test2* +subdir +!*/sub1* +EOF + + # Build an image. For .dockerignore + local -a ignoreflag + unset ignoreflag + if [[ $ignorefile != ".dockerignore" ]]; then + ignoreflag="--ignorefile $tmpdir/$ignorefile" + fi + run_podman build -t build_test ${ignoreflag} $tmpdir + + # Delete the ignore file! Otherwise, in the next iteration of the loop, + # we could end up with an existing .dockerignore that invisibly + # takes precedence over --ignorefile + rm -f $tmpdir/$ignorefile + + # It would be much more readable, and probably safer, to iterate + # over each file, running 'podman run ... ls -l $f'. But each podman run + # takes a second or so, and we are mindful of each second. + run_podman run --rm build_test find $newdir -type f + for f in ${files[@]}; do + if [[ $f =~ ^- ]]; then + f=${f##-} + if [[ $output =~ $f ]]; then + die "File '$f' found in image; it should have been ignored via $ignorefile" + fi + else + is "$output" ".*$newdir/$f" \ + "File '$f' should exist in container (no match in $ignorefile)" + fi + done + + # Clean up + run_podman rmi -f build_test + done +} + @test "podman build - stdin test" { # Random workdir, and random string to verify build output workdir=/$(random_string 10) diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 215b2832e..49743ff33 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -77,13 +77,14 @@ function check_label() { @test "podman selinux: inspect kvm labels" { skip_if_no_selinux skip_if_remote "runtime flag is not passed over remote" - if [ ! -e /usr/bin/kata-runtime ]; then - skip "kata-runtime not available" - fi - run_podman create --runtime=kata --name myc $IMAGE + tmpdir=$PODMAN_TMPDIR/kata-test + mkdir -p $tmpdir + KATA=${tmpdir}/kata-runtime + ln -s /bin/true ${KATA} + run_podman create --runtime=${KATA} --name myc $IMAGE run_podman inspect --format='{{ .ProcessLabel }}' myc - is "$output" ".*container_kvm_t.*" + is "$output" ".*container_kvm_t" } # pr #6752 |