diff options
Diffstat (limited to 'test')
43 files changed, 881 insertions, 235 deletions
diff --git a/test/apiv2/01-basic.at b/test/apiv2/01-basic.at index 564c7bed5..2747ccbd4 100644 --- a/test/apiv2/01-basic.at +++ b/test/apiv2/01-basic.at @@ -82,7 +82,7 @@ else fi # Simple events test (see #7078) -t GET "events?stream=false" 200 -t GET "libpod/events?stream=false" 200 +t GET "events?stream=false&since=30s" 200 +t GET "libpod/events?stream=false&since=30s" 200 # vim: filetype=sh diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at index e67f559f3..36c2fc6aa 100644 --- a/test/apiv2/10-images.at +++ b/test/apiv2/10-images.at @@ -53,8 +53,8 @@ t POST "images/create?fromImage=alpine" 200 .error~null .status~".*Download comp t POST "images/create?fromImage=alpine&tag=latest" 200 # 10977 - handle platform parameter correctly -t POST "images/create?fromImage=alpine&platform=linux/arm64" 200 -t GET "images/alpine/json" 200 \ +t POST "images/create?fromImage=testimage:20210610&platform=linux/arm64" 200 +t GET "images/testimage:20210610/json" 200 \ .Architecture=arm64 # Make sure that new images are pulled @@ -62,7 +62,7 @@ old_iid=$(podman image inspect --format "{{.ID}}" docker.io/library/alpine:lates podman rmi -f docker.io/library/alpine:latest podman tag $IMAGE docker.io/library/alpine:latest t POST "images/create?fromImage=alpine" 200 .error~null .status~".*$old_iid.*" -podman untag $IMAGE docker.io/library/alpine:latest +podman untag docker.io/library/alpine:latest t POST "images/create?fromImage=quay.io/libpod/alpine&tag=sha256:fa93b01658e3a5a1686dc3ae55f170d8de487006fb53a28efcd12ab0710a2e5f" 200 @@ -171,66 +171,32 @@ function cleanBuildTest() { } CONTAINERFILE_TAR="${TMPD}/containerfile.tar" cat > $TMPD/containerfile << EOF -FROM quay.io/libpod/alpine_labels:latest +FROM $IMAGE EOF tar --format=posix -C $TMPD -cvf ${CONTAINERFILE_TAR} containerfile &> /dev/null -curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \ - -H "content-type: application/x-tar" \ - --dump-header "${TMPD}/headers.txt" \ - -o "${TMPD}/response.txt" \ - "http://$HOST:$PORT/v1.40/libpod/build?dockerfile=containerfile" &> /dev/null - -BUILD_TEST_ERROR="" - -if ! grep -q '200 OK' "${TMPD}/headers.txt"; then - echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/x-tar)" - BUILD_TEST_ERROR="1" -fi - -if ! grep -q 'quay.io/libpod/alpine_labels' "${TMPD}/response.txt"; then - echo -e "${red}NOK: Image build from tar failed image name not in response" - BUILD_TEST_ERROR="1" -fi - -curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \ - -H "content-type: application/tar" \ - --dump-header "${TMPD}/headers.txt" \ - -o /dev/null \ - "http://$HOST:$PORT/v1.40/libpod/build?dockerfile=containerfile" &> /dev/null -if ! grep -q '200 OK' "${TMPD}/headers.txt"; then - echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/tar)" - BUILD_TEST_ERROR="1" -fi - -# Yes, this is very un-RESTful re: Content-Type header ignored when compatibility endpoint used -# See https://github.com/containers/podman/issues/11012 -curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \ - -H "content-type: application/json" \ - --dump-header "${TMPD}/headers.txt" \ - -o /dev/null \ - "http://$HOST:$PORT/v1.40/build?dockerfile=containerfile" &> /dev/null -if ! grep -q '200 OK' "${TMPD}/headers.txt"; then - echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/tar)" - BUILD_TEST_ERROR="1" -fi - -curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \ - -H "content-type: application/json" \ - --dump-header "${TMPD}/headers.txt" \ - -o /dev/null \ - "http://$HOST:$PORT/v1.40/libpod/build?dockerfile=containerfile" &> /dev/null -if ! grep -q '400 Bad Request' "${TMPD}/headers.txt"; then - echo -e "${red}NOK: Image build should have failed with 400 (wrong Content-Type)" - BUILD_TEST_ERROR="1" -fi +t POST "libpod/build?dockerfile=containerfile" $CONTAINERFILE_TAR 200 \ + .stream~"STEP 1/1: FROM $IMAGE" + +# With -q, all we should get is image ID. Test both libpod & compat endpoints. +t POST "libpod/build?dockerfile=containerfile&q=true" $CONTAINERFILE_TAR 200 \ + .stream~'^[0-9a-f]\{64\}$' +t POST "build?dockerfile=containerfile&q=true" $CONTAINERFILE_TAR 200 \ + .stream~'^[0-9a-f]\{64\}$' + +# Override content-type and confirm that libpod rejects, but compat accepts +t POST "libpod/build?dockerfile=containerfile" $CONTAINERFILE_TAR application/json 400 \ + .cause='Content-Type: application/json is not supported. Should be "application/x-tar"' +t POST "build?dockerfile=containerfile" $CONTAINERFILE_TAR application/json 200 \ + .stream~"STEP 1/1: FROM $IMAGE" + +# PR #12091: output from compat API must now include {"aux":{"ID":"sha..."}} +t POST "build?dockerfile=containerfile" $CONTAINERFILE_TAR 200 \ + '.aux|select(has("ID")).ID~^sha256:[0-9a-f]\{64\}$' t POST libpod/images/prune 200 t POST libpod/images/prune 200 length=0 [] cleanBuildTest -if [[ "${BUILD_TEST_ERROR}" ]]; then - exit 1 -fi # vim: filetype=sh diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 748a0750f..554a905d4 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -18,7 +18,7 @@ podman rm -a -f &>/dev/null t GET "libpod/containers/json (at start: clean slate)" 200 length=0 -podman run $IMAGE true +podman run -v /tmp:/tmp $IMAGE true t GET libpod/containers/json 200 length=0 @@ -33,6 +33,7 @@ t GET libpod/containers/json?all=true 200 \ .[0].Command[0]="true" \ .[0].State~\\\(exited\\\|stopped\\\) \ .[0].ExitCode=0 \ + .[0].Mounts~.*/tmp \ .[0].IsInfra=false # Test compat API for Network Settings (.Network is N/A when rootless) @@ -44,8 +45,13 @@ t GET /containers/json?all=true 200 \ length=1 \ .[0].Id~[0-9a-f]\\{64\\} \ .[0].Image=$IMAGE \ + .[0].Mounts~.*/tmp \ $network_expect +# compat API imageid with sha256: prefix +t GET containers/json?limit=1 200 \ + .[0].ImageID~sha256:[0-9a-f]\\{64\\} + # Make sure `limit` works. t GET libpod/containers/json?limit=1 200 \ length=1 \ @@ -97,7 +103,7 @@ t GET libpod/containers/${cid}/json 200 \ t DELETE libpod/containers/$cid 204 CNAME=myfoo -podman run --name $CNAME $IMAGE -td top +podman run -d --name $CNAME $IMAGE top t GET libpod/containers/json?all=true 200 \ .[0].Id~[0-9a-f]\\{64\\} cid=$(jq -r '.[0].Id' <<<"$output") @@ -184,7 +190,7 @@ t GET containers/myctr/json 200 \ t DELETE images/localhost/newrepo:latest?force=true 200 t DELETE images/localhost/newrepo:v1?force=true 200 t DELETE images/localhost/newrepo:v2?force=true 200 -t DELETE libpod/containers/$cid 204 +t DELETE libpod/containers/$cid?force=true 204 t DELETE libpod/containers/myctr 204 t DELETE libpod/containers/bogus 404 diff --git a/test/apiv2/27-containersEvents.at b/test/apiv2/27-containersEvents.at new file mode 100644 index 000000000..a86f2e353 --- /dev/null +++ b/test/apiv2/27-containersEvents.at @@ -0,0 +1,27 @@ +# -*- sh -*- +# +# test container-related events +# + +podman pull $IMAGE &>/dev/null + +# Ensure clean slate +podman rm -a -f &>/dev/null + +START=$(date +%s) + +podman run $IMAGE false || true + +# libpod api +t GET "libpod/events?stream=false&since=$START" 200 \ + 'select(.status | contains("start")).Action=start' \ + 'select(.status | contains("died")).Action=died' \ + 'select(.status | contains("died")).Actor.Attributes.containerExitCode=1' + +# compat api, uses status=die (#12643) +t GET "events?stream=false&since=$START" 200 \ + 'select(.status | contains("start")).Action=start' \ + 'select(.status | contains("die")).Action=die' \ + 'select(.status | contains("die")).Actor.Attributes.exitCode=1' + +# vim: filetype=sh diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at index 713f677fa..0e2389bd5 100644 --- a/test/apiv2/35-networks.at +++ b/test/apiv2/35-networks.at @@ -7,7 +7,7 @@ t GET networks/non-existing-network 404 \ .cause='network not found' t POST libpod/networks/create name='"network1"' 200 \ - .name=network1 + .name=network1 \ .created~[0-9]\\{4\\}-[0-9]\\{2\\}-[0-9]\\{2\\}.* \ # --data '{"name":"network2","subnets":[{"subnet":"10.10.254.0/24"}],"Labels":{"abc":"val"}}' diff --git a/test/apiv2/README.md b/test/apiv2/README.md index 19727cec7..63d1f5b13 100644 --- a/test/apiv2/README.md +++ b/test/apiv2/README.md @@ -60,6 +60,12 @@ of POST parameters in the form 'key=value', separated by spaces: t POST myentrypoint name=$name badparam='["foo","bar"]' 500 ! etc... `t` will convert the param list to JSON form for passing to the server. A numeric status code terminates processing of POST parameters. +** As a special case, when one POST argument is a string ending in `.tar`, +`t` will invoke `curl` with `--data-binary @PATH` and +set `Content-type: application/x-tar`. This is useful for `build` endpoints. +(To override `Content-type`, simply pass along an extra string argument +matching `application/*`): + t POST myentrypoint /mytmpdir/myfile.tar application/foo 400 * The final arguments are one or more expected string results. If an argument starts with a dot, `t` will invoke `jq` on the output to diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index c644b9578..391095539 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -48,6 +48,30 @@ TESTS_DIR=$(realpath $(dirname $0)) # Path to podman binary PODMAN_BIN=${PODMAN:-${TESTS_DIR}/../../bin/podman} +# Cleanup handlers +clean_up_server() { + if [ -n "$service_pid" ]; then + # Remove any containers and images; this prevents the following warning: + # 'rm: cannot remove '/.../overlay': Device or resource busy + podman rm -a + podman rmi -af + + stop_registry + stop_service + fi +} + +# Any non-test-related error, be it syntax or podman-command, fails here. +err_handler() { + echo "Fatal error in ${BASH_SOURCE[1]}:${BASH_LINENO[0]}" + echo "Log:" + sed -e 's/^/ >/' <$WORKDIR/output.log + echo "Bailing." + clean_up_server +} + +trap err_handler ERR + # END setup ############################################################################### # BEGIN infrastructure code - the helper functions used in tests themselves @@ -182,6 +206,7 @@ function t() { local method=$1; shift local path=$1; shift local curl_args + local content_type="application/json" local testname="$method $path" # POST requests may be followed by one or more key=value pairs. @@ -190,13 +215,21 @@ function t() { local -a post_args for arg; do case "$arg" in - *=*) post_args+=("$arg"); shift ;; + *=*) post_args+=("$arg"); + shift;; + *.tar) curl_args="--data-binary @$arg" ; + content_type="application/x-tar"; + shift;; + application/*) content_type="$arg"; + shift;; [1-9][0-9][0-9]) break;; *) die "Internal error: invalid POST arg '$arg'" ;; esac done - curl_args="-d $(jsonify ${post_args[@]})" - testname="$testname [$curl_args]" + if [[ -z "$curl_args" ]]; then + curl_args="-d $(jsonify ${post_args[@]})" + testname="$testname [$curl_args]" + fi fi # entrypoint path can include a descriptive comment; strip it off @@ -228,14 +261,15 @@ function t() { echo "\$ $testname" >>$LOG rm -f $WORKDIR/curl.* # -s = silent, but --write-out 'format' gives us important response data - response=$(curl -s -X $method ${curl_args} \ - -H 'Content-type: application/json' \ - --dump-header $WORKDIR/curl.headers.out \ + # The hairy "{ ...;rc=$?; } || :" lets us capture curl's exit code and + # give a helpful diagnostic if it fails. + { response=$(curl -s -X $method ${curl_args} \ + -H "Content-type: $content_type" \ + --dump-header $WORKDIR/curl.headers.out \ --write-out '%{http_code}^%{content_type}^%{time_total}' \ - -o $WORKDIR/curl.result.out "$url") + -o $WORKDIR/curl.result.out "$url"); rc=$?; } || : # Any error from curl is instant bad news, from which we can't recover - rc=$? if [[ $rc -ne 0 ]]; then echo "FATAL: curl failure ($rc) on $url - cannot continue" >&2 exit 1 @@ -328,10 +362,13 @@ function start_service() { fi echo $WORKDIR - $PODMAN_BIN --root $WORKDIR/server_root --syslog=true \ - system service \ - --time 15 \ - tcp:127.0.0.1:$PORT \ + # Some tests use shortnames; force registry override to work around + # docker.io throttling. + env CONTAINERS_REGISTRIES_CONF=$TESTS_DIR/../registries.conf $PODMAN_BIN \ + --root $WORKDIR/server_root --syslog=true \ + system service \ + --time 15 \ + tcp:127.0.0.1:$PORT \ &> $WORKDIR/server.log & service_pid=$! @@ -341,8 +378,8 @@ function start_service() { function stop_service() { # Stop the server if [[ -n $service_pid ]]; then - kill $service_pid - wait $service_pid + kill $service_pid || : + wait $service_pid || : fi } @@ -459,8 +496,9 @@ function wait_for_port() { # podman # Needed by some test scripts to invoke the actual podman binary ############ function podman() { - echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log - $PODMAN_BIN --root $WORKDIR/server_root "$@" >>$WORKDIR/output.log 2>&1 + echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log + env CONTAINERS_REGISTRIES_CONF=$TESTS_DIR/../registries.conf \ + $PODMAN_BIN --root $WORKDIR/server_root "$@" >>$WORKDIR/output.log 2>&1 } #################### @@ -516,23 +554,17 @@ start_service for i in ${tests_to_run[@]}; do TEST_CONTEXT="[$(basename $i .at)]" + + # Clear output from 'podman' helper + >| $WORKDIR/output.log + source $i done # END entry handler ############################################################################### -# Clean up - -if [ -n "$service_pid" ]; then - # Remove any containers and images; this prevents the following warning: - # 'rm: cannot remove '/.../overlay': Device or resource busy - podman rm -a - podman rmi -af - - stop_registry - stop_service -fi +clean_up_server test_count=$(<$testcounter_file) failure_count=$(<$failures_file) diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 9a9dec191..d4f0a2b04 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -238,19 +238,25 @@ var _ = Describe("Podman build", func() { Expect("sha256:" + data[0].ID).To(Equal(string(id))) }) - It("podman Test PATH in built image", func() { + It("podman Test PATH and reserved annotation in built image", func() { path := "/tmp:/bin:/usr/bin:/usr/sbin" session := podmanTest.Podman([]string{ - "build", "--pull-never", "-f", "build/basicalpine/Containerfile.path", "-t", "test-path", + "build", "--annotation", "io.podman.annotations.seccomp=foobar", "--pull-never", "-f", "build/basicalpine/Containerfile.path", "-t", "test-path", }) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - session = podmanTest.Podman([]string{"run", "test-path", "printenv", "PATH"}) + session = podmanTest.Podman([]string{"run", "--name", "foobar", "test-path", "printenv", "PATH"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) stdoutLines := session.OutputToStringArray() Expect(stdoutLines[0]).Should(Equal(path)) + + // Reserved annotation should not be applied from the image to the container. + session = podmanTest.Podman([]string{"inspect", "foobar"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).NotTo(ContainSubstring("io.podman.annotations.seccomp")) }) It("podman build --http_proxy flag", func() { @@ -273,6 +279,23 @@ RUN printenv http_proxy`, ALPINE) os.Unsetenv("http_proxy") }) + It("podman build relay exit code to process", func() { + if IsRemote() { + podmanTest.StopRemoteService() + podmanTest.StartRemoteService() + } + podmanTest.AddImageToRWStore(ALPINE) + dockerfile := fmt.Sprintf(`FROM %s +RUN exit 5`, ALPINE) + + dockerfilePath := filepath.Join(podmanTest.TempDir, "Dockerfile") + err := ioutil.WriteFile(dockerfilePath, []byte(dockerfile), 0755) + Expect(err).To(BeNil()) + session := podmanTest.Podman([]string{"build", "-t", "error-test", "--file", dockerfilePath, podmanTest.TempDir}) + session.Wait(120) + Expect(session).Should(Exit(5)) + }) + It("podman build and check identity", func() { session := podmanTest.Podman([]string{"build", "--pull-never", "-f", "build/basicalpine/Containerfile.path", "--no-cache", "-t", "test", "build/basicalpine"}) session.WaitWithDefaultTimeout() @@ -646,7 +669,7 @@ RUN ls /dev/fuse`, ALPINE) Expect(err).To(BeNil()) session := podmanTest.Podman([]string{"build", "--pull-never", "-t", "test", "--file", containerfilePath, podmanTest.TempDir}) session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(125)) + Expect(session).Should(Exit(1)) session = podmanTest.Podman([]string{"build", "--pull-never", "--device", "/dev/fuse", "-t", "test", "--file", containerfilePath, podmanTest.TempDir}) session.WaitWithDefaultTimeout() @@ -662,7 +685,7 @@ RUN ls /dev/test1`, ALPINE) Expect(err).To(BeNil()) session := podmanTest.Podman([]string{"build", "--pull-never", "-t", "test", "--file", containerfilePath, podmanTest.TempDir}) session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(125)) + Expect(session).Should(Exit(1)) session = podmanTest.Podman([]string{"build", "--pull-never", "--device", "/dev/zero:/dev/test1", "-t", "test", "--file", containerfilePath, podmanTest.TempDir}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 064c82621..4771f8e58 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -91,25 +91,97 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) cid := session.OutputToString() - result := podmanTest.Podman([]string{"container", "checkpoint", cid}) + // Check if none of the checkpoint/restore specific information is displayed + // for newly started containers. + inspect := podmanTest.Podman([]string{"inspect", cid}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + inspectOut := inspect.InspectContainerToJSON() + Expect(inspectOut[0].State.Checkpointed).To(BeFalse(), ".State.Checkpointed") + Expect(inspectOut[0].State.Restored).To(BeFalse(), ".State.Restored") + Expect(inspectOut[0].State.CheckpointPath).To(Equal("")) + Expect(inspectOut[0].State.CheckpointLog).To(Equal("")) + Expect(inspectOut[0].State.RestoreLog).To(Equal("")) + + result := podmanTest.Podman([]string{ + "container", + "checkpoint", + "--keep", + cid, + }) result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) - inspect := podmanTest.Podman([]string{"inspect", cid}) + // For a checkpointed container we expect the checkpoint related information + // to be populated. + inspect = podmanTest.Podman([]string{"inspect", cid}) inspect.WaitWithDefaultTimeout() Expect(inspect).Should(Exit(0)) - inspectOut := inspect.InspectContainerToJSON() + inspectOut = inspect.InspectContainerToJSON() Expect(inspectOut[0].State.Checkpointed).To(BeTrue(), ".State.Checkpointed") + Expect(inspectOut[0].State.Restored).To(BeFalse(), ".State.Restored") + Expect(inspectOut[0].State.CheckpointPath).To(ContainSubstring("userdata/checkpoint")) + Expect(inspectOut[0].State.CheckpointLog).To(ContainSubstring("userdata/dump.log")) + Expect(inspectOut[0].State.RestoreLog).To(Equal("")) - result = podmanTest.Podman([]string{"container", "restore", cid}) + result = podmanTest.Podman([]string{ + "container", + "restore", + "--keep", + cid, + }) result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + inspect = podmanTest.Podman([]string{"inspect", cid}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + inspectOut = inspect.InspectContainerToJSON() + Expect(inspectOut[0].State.Restored).To(BeTrue(), ".State.Restored") + Expect(inspectOut[0].State.Checkpointed).To(BeFalse(), ".State.Checkpointed") + Expect(inspectOut[0].State.CheckpointPath).To(ContainSubstring("userdata/checkpoint")) + Expect(inspectOut[0].State.CheckpointLog).To(ContainSubstring("userdata/dump.log")) + Expect(inspectOut[0].State.RestoreLog).To(ContainSubstring("userdata/restore.log")) + + result = podmanTest.Podman([]string{ + "container", + "stop", + "--timeout", + "0", + cid, + }) + result.WaitWithDefaultTimeout() + + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + + result = podmanTest.Podman([]string{ + "container", + "start", + cid, + }) + result.WaitWithDefaultTimeout() + + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + + // Stopping and starting the container should remove all checkpoint + // related information from inspect again. + inspect = podmanTest.Podman([]string{"inspect", cid}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + inspectOut = inspect.InspectContainerToJSON() + Expect(inspectOut[0].State.Checkpointed).To(BeFalse(), ".State.Checkpointed") + Expect(inspectOut[0].State.Restored).To(BeFalse(), ".State.Restored") + Expect(inspectOut[0].State.CheckpointPath).To(Equal("")) + Expect(inspectOut[0].State.CheckpointLog).To(Equal("")) + Expect(inspectOut[0].State.RestoreLog).To(Equal("")) }) It("podman checkpoint a running container by name", func() { @@ -867,6 +939,9 @@ var _ = Describe("Podman checkpoint", func() { }) It("podman checkpoint container with --pre-checkpoint", func() { + if !criu.MemTrack() { + Skip("system (architecture/kernel/CRIU) does not support memory tracking") + } if !strings.Contains(podmanTest.OCIRuntime, "runc") { Skip("Test only works on runc 1.0-rc3 or higher.") } @@ -900,6 +975,9 @@ var _ = Describe("Podman checkpoint", func() { It("podman checkpoint container with --pre-checkpoint and export (migration)", func() { SkipIfRemote("--import-previous is not yet supported on the remote client") + if !criu.MemTrack() { + Skip("system (architecture/kernel/CRIU) does not support memory tracking") + } if !strings.Contains(podmanTest.OCIRuntime, "runc") { Skip("Test only works on runc 1.0-rc3 or higher.") } @@ -1553,4 +1631,91 @@ var _ = Describe("Podman checkpoint", func() { // Remove exported checkpoint os.Remove(fileName) }) + + It("podman checkpoint and restore dev/shm content with --export and --import", func() { + localRunString := getRunString([]string{"--rm", ALPINE, "top"}) + session := podmanTest.Podman(localRunString) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + cid := session.OutputToString() + + // Add test file in dev/shm + result := podmanTest.Podman([]string{"exec", cid, "/bin/sh", "-c", "echo test" + cid + "test > /dev/shm/test.output"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + + session = podmanTest.Podman([]string{"inspect", "--format", "{{.OCIRuntime}}", cid}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + runtime := session.OutputToString() + + checkpointFileName := "/tmp/checkpoint-" + cid + ".tar.gz" + result = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", checkpointFileName}) + result.WaitWithDefaultTimeout() + + // As the container has been started with '--rm' it will be completely + // cleaned up after checkpointing. + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(0)) + + result = podmanTest.Podman([]string{"container", "restore", "-i", checkpointFileName}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + // The restored container should have the same runtime as the original container + result = podmanTest.Podman([]string{"inspect", "--format", "{{.OCIRuntime}}", cid}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal(runtime)) + + // Verify the test file content in dev/shm + result = podmanTest.Podman([]string{"exec", cid, "cat", "/dev/shm/test.output"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring("test" + cid + "test")) + + // Remove exported checkpoint + os.Remove(checkpointFileName) + }) + + It("podman checkpoint and restore dev/shm content", func() { + localRunString := getRunString([]string{ALPINE, "top"}) + session := podmanTest.Podman(localRunString) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + cid := session.OutputToString() + + // Add test file in dev/shm + result := podmanTest.Podman([]string{"exec", cid, "/bin/sh", "-c", "echo test" + cid + "test > /dev/shm/test.output"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + + result = podmanTest.Podman([]string{"container", "checkpoint", cid}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Exited")) + + result = podmanTest.Podman([]string{"container", "restore", cid}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + // Verify the test file content in dev/shm + result = podmanTest.Podman([]string{"exec", cid, "cat", "/dev/shm/test.output"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring("test" + cid + "test")) + + result = podmanTest.Podman([]string{"rm", "-t", "0", "-fa"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + }) }) diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 6e1a62b99..bd744aa78 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -274,14 +274,32 @@ func PodmanTestCreateUtil(tempDir string, remote bool) *PodmanTestIntegration { } if remote { - uuid := stringid.GenerateNonCryptoID() + var pathPrefix string if !rootless.IsRootless() { - p.RemoteSocket = fmt.Sprintf("unix:/run/podman/podman-%s.sock", uuid) + pathPrefix = "/run/podman/podman" } else { runtimeDir := os.Getenv("XDG_RUNTIME_DIR") - socket := fmt.Sprintf("podman-%s.sock", uuid) - fqpath := filepath.Join(runtimeDir, socket) - p.RemoteSocket = fmt.Sprintf("unix:%s", fqpath) + pathPrefix = filepath.Join(runtimeDir, "podman") + } + // We want to avoid collisions in socket paths, but using the + // socket directly for a collision check doesn’t work; bind(2) on AF_UNIX + // creates the file, and we need to pass a unique path now before the bind(2) + // happens. So, use a podman-%s.sock-lock empty file as a marker. + tries := 0 + for { + uuid := stringid.GenerateNonCryptoID() + lockPath := fmt.Sprintf("%s-%s.sock-lock", pathPrefix, uuid) + lockFile, err := os.OpenFile(lockPath, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0700) + if err == nil { + lockFile.Close() + p.RemoteSocketLock = lockPath + p.RemoteSocket = fmt.Sprintf("unix:%s-%s.sock", pathPrefix, uuid) + break + } + tries++ + if tries >= 1000 { + panic("Too many RemoteSocket collisions") + } } } diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index 205855fd6..ded4c03e0 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -43,12 +43,6 @@ var _ = Describe("Podman create with --ip flag", func() { Expect(result).To(ExitWithError()) }) - It("Podman create --ip with v6 address", func() { - result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "2001:db8:bad:beef::1", ALPINE, "ls"}) - result.WaitWithDefaultTimeout() - Expect(result).To(ExitWithError()) - }) - It("Podman create --ip with non-allocatable IP", func() { SkipIfRootless("--ip not supported without network in rootless mode") result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"}) diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index cfa264de2..16f2c4272 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -1100,4 +1100,28 @@ USER test1` Expect(pod.GetAnnotations()).To(HaveKeyWithValue("io.containers.autoupdate.authfile/"+ctr, "/some/authfile.json")) } }) + + It("podman generate kube can export env variables correctly", func() { + // Fixes https://github.com/containers/podman/issues/12647 + // PR https://github.com/containers/podman/pull/12648 + + ctrName := "gen-kube-env-ctr" + podName := "gen-kube-env" + session1 := podmanTest.Podman([]string{"run", "-d", "--pod", "new:" + podName, "--name", ctrName, + "-e", "FOO=bar", + "-e", "HELLO=WORLD", + "alpine", "top"}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", podName}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + pod := new(v1.Pod) + err := yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + + Expect(pod.Spec.Containers[0].Env).To(HaveLen(2)) + }) }) diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go index 6e4dc5bbf..c2084a6fd 100644 --- a/test/e2e/healthcheck_run_test.go +++ b/test/e2e/healthcheck_run_test.go @@ -242,4 +242,20 @@ var _ = Describe("Podman healthcheck run", func() { Expect(ps.OutputToStringArray()).To(HaveLen(2)) Expect(ps.OutputToString()).To(ContainSubstring("hc")) }) + + It("stopping and then starting a container with healthcheck cmd", func() { + session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--health-cmd", "[\"ls\", \"/foo\"]", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + stop := podmanTest.Podman([]string{"stop", "-t0", "hc"}) + stop.WaitWithDefaultTimeout() + Expect(stop).Should(Exit(0)) + + startAgain := podmanTest.Podman([]string{"start", "hc"}) + startAgain.WaitWithDefaultTimeout() + Expect(startAgain).Should(Exit(0)) + Expect(startAgain.OutputToString()).To(Equal("hc")) + Expect(startAgain.ErrorToString()).To(Equal("")) + }) }) diff --git a/test/e2e/image_scp_test.go b/test/e2e/image_scp_test.go index 6651a04b5..767b355d9 100644 --- a/test/e2e/image_scp_test.go +++ b/test/e2e/image_scp_test.go @@ -29,7 +29,6 @@ var _ = Describe("podman image scp", func() { panic(err) } os.Setenv("CONTAINERS_CONF", conf.Name()) - tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) @@ -52,38 +51,6 @@ var _ = Describe("podman image scp", func() { }) - It("podman image scp quiet flag", func() { - if IsRemote() { - Skip("this test is only for non-remote") - } - scp := podmanTest.Podman([]string{"image", "scp", "-q", ALPINE}) - scp.WaitWithDefaultTimeout() - Expect(scp).To(Exit(0)) - }) - - It("podman image scp root to rootless transfer", func() { - SkipIfNotRootless("this is a rootless only test, transferring from root to rootless using PodmanAsUser") - if IsRemote() { - Skip("this test is only for non-remote") - } - env := os.Environ() - img := podmanTest.PodmanAsUser([]string{"image", "pull", ALPINE}, 0, 0, "", env) // pull image to root - img.WaitWithDefaultTimeout() - Expect(img).To(Exit(0)) - scp := podmanTest.PodmanAsUser([]string{"image", "scp", "root@localhost::" + ALPINE, "1000:1000@localhost::"}, 0, 0, "", env) //transfer from root to rootless (us) - scp.WaitWithDefaultTimeout() - Expect(scp).To(Exit(0)) - - list := podmanTest.Podman([]string{"image", "list"}) // our image should now contain alpine loaded in from root - list.WaitWithDefaultTimeout() - Expect(list).To(Exit(0)) - Expect(list.OutputToStringArray()).To(ContainElement(HavePrefix("quay.io/libpod/alpine"))) - - scp = podmanTest.PodmanAsUser([]string{"image", "scp", "root@localhost::" + ALPINE}, 0, 0, "", env) //transfer from root to rootless (us) - scp.WaitWithDefaultTimeout() - Expect(scp).To(Exit(0)) - }) - It("podman image scp bogus image", func() { if IsRemote() { Skip("this test is only for non-remote") @@ -119,11 +86,8 @@ var _ = Describe("podman image scp", func() { scp.Wait(45) // exit with error because we cannot make an actual ssh connection // This tests that the input we are given is validated and prepared correctly - // Error: failed to connect: dial tcp: address foo: missing port in address + // The error given should either be a missing image (due to testing suite complications) or a i/o timeout on ssh Expect(scp).To(ExitWithError()) - Expect(scp.ErrorToString()).To(ContainSubstring( - "Error: failed to connect: dial tcp 66.151.147.142:2222: i/o timeout", - )) }) diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go index d60383029..4644e3748 100644 --- a/test/e2e/libpod_suite_remote_test.go +++ b/test/e2e/libpod_suite_remote_test.go @@ -1,3 +1,4 @@ +//go:build remote // +build remote package integration @@ -143,6 +144,11 @@ func (p *PodmanTestIntegration) StopRemoteService() { if err := os.Remove(socket); err != nil { fmt.Println(err) } + if p.RemoteSocketLock != "" { + if err := os.Remove(p.RemoteSocketLock); err != nil { + fmt.Println(err) + } + } } //MakeOptions assembles all the podman main options diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index 2205a1263..23281fe05 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -8,6 +8,7 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" + "github.com/onsi/gomega/types" ) var _ = Describe("Podman network connect and disconnect", func() { @@ -176,12 +177,14 @@ var _ = Describe("Podman network connect and disconnect", func() { // Create a second network newNetName := "aliasTest" + stringid.GenerateNonCryptoID() - session = podmanTest.Podman([]string{"network", "create", newNetName}) + session = podmanTest.Podman([]string{"network", "create", newNetName, "--subnet", "10.11.100.0/24"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) defer podmanTest.removeCNINetwork(newNetName) - connect := podmanTest.Podman([]string{"network", "connect", newNetName, "test"}) + ip := "10.11.100.99" + mac := "44:11:44:11:44:11" + connect := podmanTest.Podman([]string{"network", "connect", "--ip", ip, "--mac-address", mac, newNetName, "test"}) connect.WaitWithDefaultTimeout() Expect(connect).Should(Exit(0)) Expect(connect.ErrorToString()).Should(Equal("")) @@ -200,6 +203,8 @@ var _ = Describe("Podman network connect and disconnect", func() { exec = podmanTest.Podman([]string{"exec", "-it", "test", "ip", "addr", "show", "eth1"}) exec.WaitWithDefaultTimeout() Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring(ip)) + Expect(exec.OutputToString()).Should(ContainSubstring(mac)) // make sure no logrus errors are shown https://github.com/containers/podman/issues/9602 rm := podmanTest.Podman([]string{"rm", "--time=0", "-f", "test"}) @@ -326,11 +331,17 @@ var _ = Describe("Podman network connect and disconnect", func() { exec := podmanTest.Podman([]string{"exec", "-it", "test", "ip", "addr", "show", "eth0"}) exec.WaitWithDefaultTimeout() - Expect(exec).Should(Exit(0)) + + // because the network interface order is not guaranteed to be the same we have to check both eth0 and eth1 + // if eth0 did not exists eth1 has to exists + var exitMatcher types.GomegaMatcher = ExitWithError() + if exec.ExitCode() > 0 { + exitMatcher = Exit(0) + } exec = podmanTest.Podman([]string{"exec", "-it", "test", "ip", "addr", "show", "eth1"}) exec.WaitWithDefaultTimeout() - Expect(exec).Should(ExitWithError()) + Expect(exec).Should(exitMatcher) }) It("podman network disconnect and run with network ID", func() { diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go index 92f962abc..424561943 100644 --- a/test/e2e/network_test.go +++ b/test/e2e/network_test.go @@ -355,13 +355,12 @@ var _ = Describe("Podman network", func() { }) It("podman network remove after disconnect when container initially created with the network", func() { - SkipIfRootless("disconnect works only in non rootless container") - container := "test" - network := "foo" + network := "foo" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", network}) session.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(network) Expect(session).Should(Exit(0)) session = podmanTest.Podman([]string{"run", "--name", container, "--network", network, "-d", ALPINE, "top"}) diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 36010704f..f79710ee6 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -2136,6 +2136,41 @@ spec: } }) + It("podman play kube with multiple networks", func() { + ctr := getCtr(withImage(ALPINE)) + pod := getPod(withCtr(ctr)) + err := generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + net1 := "net1" + stringid.GenerateNonCryptoID() + net2 := "net2" + stringid.GenerateNonCryptoID() + + net := podmanTest.Podman([]string{"network", "create", "--subnet", "10.0.11.0/24", net1}) + net.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(net1) + Expect(net).Should(Exit(0)) + + net = podmanTest.Podman([]string{"network", "create", "--subnet", "10.0.12.0/24", net2}) + net.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(net2) + Expect(net).Should(Exit(0)) + + ip1 := "10.0.11.5" + ip2 := "10.0.12.10" + + kube := podmanTest.Podman([]string{"play", "kube", "--network", net1 + ":ip=" + ip1, "--network", net2 + ":ip=" + ip2, kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + inspect := podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "ip", "addr"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(ip1)) + Expect(inspect.OutputToString()).To(ContainSubstring(ip2)) + Expect(inspect.OutputToString()).To(ContainSubstring("eth0")) + Expect(inspect.OutputToString()).To(ContainSubstring("eth1")) + }) + It("podman play kube test with network portbindings", func() { ip := "127.0.0.100" port := "5000" diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 41a017a52..fab107af8 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -9,6 +9,8 @@ import ( "strconv" "strings" + "github.com/containers/common/pkg/apparmor" + "github.com/containers/common/pkg/seccomp" "github.com/containers/common/pkg/sysinfo" "github.com/containers/podman/v3/pkg/rootless" "github.com/containers/podman/v3/pkg/util" @@ -16,6 +18,7 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" + "github.com/opencontainers/selinux/go-selinux" ) var _ = Describe("Podman pod create", func() { @@ -967,4 +970,63 @@ ENTRYPOINT ["sleep","99999"] Expect(inspect).Should(Exit(0)) Expect(inspect.OutputToString()).Should(Equal("host")) }) + + It("podman pod create --security-opt", func() { + if !selinux.GetEnabled() { + Skip("SELinux not enabled") + } + podCreate := podmanTest.Podman([]string{"pod", "create", "--security-opt", "label=type:spc_t", "--security-opt", "seccomp=unconfined"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate).Should(Exit(0)) + + ctrCreate := podmanTest.Podman([]string{"container", "create", "--pod", podCreate.OutputToString(), ALPINE}) + ctrCreate.WaitWithDefaultTimeout() + Expect(ctrCreate).Should(Exit(0)) + + ctrInspect := podmanTest.InspectContainer(ctrCreate.OutputToString()) + Expect(ctrInspect[0].HostConfig.SecurityOpt).To(Equal([]string{"label=type:spc_t", "seccomp=unconfined"})) + + podCreate = podmanTest.Podman([]string{"pod", "create", "--security-opt", "label=disable"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate).Should(Exit(0)) + + ctrCreate = podmanTest.Podman([]string{"container", "run", "-it", "--pod", podCreate.OutputToString(), ALPINE, "cat", "/proc/self/attr/current"}) + ctrCreate.WaitWithDefaultTimeout() + Expect(ctrCreate).Should(Exit(0)) + match, _ := ctrCreate.GrepString("spc_t") + Expect(match).Should(BeTrue()) + }) + + It("podman pod create --security-opt seccomp", func() { + if !seccomp.IsEnabled() { + Skip("seccomp is not enabled") + } + podCreate := podmanTest.Podman([]string{"pod", "create", "--security-opt", "seccomp=unconfined"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate).Should(Exit(0)) + + ctrCreate := podmanTest.Podman([]string{"container", "create", "--pod", podCreate.OutputToString(), ALPINE}) + ctrCreate.WaitWithDefaultTimeout() + Expect(ctrCreate).Should(Exit(0)) + + ctrInspect := podmanTest.InspectContainer(ctrCreate.OutputToString()) + Expect(ctrInspect[0].HostConfig.SecurityOpt).To(Equal([]string{"seccomp=unconfined"})) + }) + + It("podman pod create --security-opt apparmor test", func() { + if !apparmor.IsEnabled() { + Skip("Apparmor is not enabled") + } + podCreate := podmanTest.Podman([]string{"pod", "create", "--security-opt", fmt.Sprintf("apparmor=%s", apparmor.Profile)}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate).Should(Exit(0)) + + ctrCreate := podmanTest.Podman([]string{"container", "create", "--pod", podCreate.OutputToString(), ALPINE}) + ctrCreate.WaitWithDefaultTimeout() + Expect(ctrCreate).Should(Exit(0)) + + inspect := podmanTest.InspectContainer(ctrCreate.OutputToString()) + Expect(inspect[0].AppArmorProfile).To(Equal(apparmor.Profile)) + + }) }) diff --git a/test/e2e/pod_initcontainers_test.go b/test/e2e/pod_initcontainers_test.go index 11e7ca400..e73f28a7a 100644 --- a/test/e2e/pod_initcontainers_test.go +++ b/test/e2e/pod_initcontainers_test.go @@ -135,7 +135,7 @@ var _ = Describe("Podman init containers", func() { filename := filepath.Join("/dev/shm", RandomString(12)) // Write the date to a file - session := podmanTest.Podman([]string{"create", "--init-ctr", "always", "--pod", "new:foobar", ALPINE, "bin/sh", "-c", fmt.Sprintf("date > %s", filename)}) + session := podmanTest.Podman([]string{"create", "--init-ctr", "always", "--pod", "new:foobar", fedoraMinimal, "bin/sh", "-c", "date +%T.%N > " + filename}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) verify := podmanTest.Podman([]string{"create", "--pod", "foobar", "-t", ALPINE, "top"}) diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index 08905aed2..fbf1eb791 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -119,4 +119,11 @@ var _ = Describe("Podman run device", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }) + + It("podman run cannot access non default devices", func() { + session := podmanTest.Podman([]string{"run", "-v /dev:/dev-host", ALPINE, "head", "-1", "/dev-host/kmsg"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Not(Exit(0))) + }) + }) diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index 04952bb03..04fac6bfb 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -3,7 +3,6 @@ package integration import ( "fmt" "os" - "strconv" . "github.com/containers/podman/v3/test/utils" . "github.com/onsi/ginkgo" @@ -79,45 +78,4 @@ var _ = Describe("Podman run memory", func() { Expect(session.OutputToString()).To(Equal(limit)) }) } - - It("podman run kernel-memory test", func() { - if podmanTest.Host.Distribution == "ubuntu" { - Skip("Unable to perform test on Ubuntu distributions due to memory management") - } - - var session *PodmanSessionIntegration - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--net=none", "--memory-reservation=40m", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/memory.low"}) - } else { - session = podmanTest.Podman([]string{"run", "--memory-reservation=40m", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.soft_limit_in_bytes"}) - } - - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - Expect(session.OutputToString()).To(Equal("41943040")) - }) - - It("podman run kernel-memory test", func() { - if podmanTest.Host.Distribution == "ubuntu" { - Skip("Unable to perform test on Ubuntu distributions due to memory management") - } - var session *PodmanSessionIntegration - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--memory", "256m", "--memory-swap", "-1", ALPINE, "cat", "/sys/fs/cgroup/memory.swap.max"}) - } else { - session = podmanTest.Podman([]string{"run", "--cgroupns=private", ALPINE, "cat", "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes"}) - } - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - output := session.OutputToString() - Expect(err).To(BeNil()) - if CGROUPSV2 { - Expect(output).To(Equal("max")) - } else { - crazyHighNumber, err := strconv.ParseInt(output, 10, 64) - Expect(err).To(BeZero()) - Expect(crazyHighNumber).To(BeNumerically(">", 936854771712)) - } - }) }) diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 6d1d26914..2207a50a8 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -125,4 +125,16 @@ USER 1000`, ALPINE) Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) }) + + It("podman run --no-manage-passwd flag", func() { + run := podmanTest.Podman([]string{"run", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + Expect(run.OutputToString()).To(ContainSubstring("1234:1234")) + + run = podmanTest.Podman([]string{"run", "--passwd=false", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + Expect(run.OutputToString()).NotTo((ContainSubstring("1234:1234"))) + }) }) diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index 6dd7a14d0..2f3c3025a 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -7,6 +7,7 @@ import ( "time" . "github.com/containers/podman/v3/test/utils" + "github.com/containers/storage/pkg/stringid" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" @@ -65,6 +66,40 @@ var _ = Describe("Podman run with --ip flag", func() { Expect(result.OutputToString()).To(ContainSubstring(ip + "/16")) }) + It("Podman run with specified static IPv6 has correct IP", func() { + netName := "ipv6-" + stringid.GenerateNonCryptoID() + ipv6 := "fd46:db93:aa76:ac37::10" + net := podmanTest.Podman([]string{"network", "create", "--subnet", "fd46:db93:aa76:ac37::/64", netName}) + net.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName) + Expect(net).To(Exit(0)) + + result := podmanTest.Podman([]string{"run", "-ti", "--network", netName, "--ip6", ipv6, ALPINE, "ip", "addr"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(ipv6 + "/64")) + }) + + It("Podman run with --network bridge:ip=", func() { + ip := GetRandomIPAddress() + result := podmanTest.Podman([]string{"run", "-ti", "--network", "bridge:ip=" + ip, ALPINE, "ip", "addr"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(ip + "/16")) + }) + + It("Podman run with --network net:ip=,mac=,interface_name=", func() { + ip := GetRandomIPAddress() + mac := "44:33:22:11:00:99" + intName := "myeth" + result := podmanTest.Podman([]string{"run", "-ti", "--network", "bridge:ip=" + ip + ",mac=" + mac + ",interface_name=" + intName, ALPINE, "ip", "addr"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(result.OutputToString()).To(ContainSubstring(ip + "/16")) + Expect(result.OutputToString()).To(ContainSubstring(mac)) + Expect(result.OutputToString()).To(ContainSubstring(intName)) + }) + It("Podman run two containers with the same IP", func() { ip := GetRandomIPAddress() result := podmanTest.Podman([]string{"run", "-dt", "--ip", ip, nginx}) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 8db23080e..e98f2c999 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1315,7 +1315,7 @@ USER mail`, BB) Expect(err).To(BeNil()) file.Close() - session := podmanTest.Podman([]string{"run", "-dt", "--restart", "always", "-v", fmt.Sprintf("%s:/tmp/runroot:Z", testDir), ALPINE, "sh", "-c", "date +%N > /tmp/runroot/ran && while test -r /tmp/runroot/running; do sleep 0.1s; done"}) + session := podmanTest.Podman([]string{"run", "-dt", "--restart", "always", "-v", fmt.Sprintf("%s:/tmp/runroot:Z", testDir), ALPINE, "sh", "-c", "touch /tmp/runroot/ran && while test -r /tmp/runroot/running; do sleep 0.1s; done"}) found := false testFile := filepath.Join(testDir, "ran") diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index 5c8e7c064..24272aae5 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -459,12 +459,8 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search with wildcards", func() { - search := podmanTest.Podman([]string{"search", "--limit", "30", "registry.redhat.io/*"}) - search.WaitWithDefaultTimeout() - Expect(search).Should(Exit(0)) - Expect(search.OutputToStringArray()).To(HaveLen(31)) - - search = podmanTest.Podman([]string{"search", "registry.redhat.io/*openshift*"}) + Skip("FIXME: search on registry.redhat.io is broken (Dec 16 '21)") + search := podmanTest.Podman([]string{"search", "registry.redhat.io/*openshift*"}) search.WaitWithDefaultTimeout() Expect(search).Should(Exit(0)) Expect(len(search.OutputToStringArray())).To(BeNumerically(">", 1)) @@ -491,9 +487,9 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search with limit over 100", func() { - search := podmanTest.Podman([]string{"search", "--limit", "130", "registry.redhat.io/rhel"}) + search := podmanTest.Podman([]string{"search", "--limit", "100", "quay.io/podman"}) search.WaitWithDefaultTimeout() Expect(search).Should(Exit(0)) - Expect(len(search.OutputToStringArray())).To(BeNumerically("<=", 131)) + Expect(len(search.OutputToStringArray())).To(BeNumerically("<=", 101)) }) }) diff --git a/test/e2e/secret_test.go b/test/e2e/secret_test.go index 661ebbdc0..f08638b1b 100644 --- a/test/e2e/secret_test.go +++ b/test/e2e/secret_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "io/ioutil" "os" "path/filepath" @@ -145,6 +146,54 @@ var _ = Describe("Podman secret", func() { }) + It("podman secret ls with filters", func() { + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755) + Expect(err).To(BeNil()) + + secret1 := "Secret1" + secret2 := "Secret2" + + session := podmanTest.Podman([]string{"secret", "create", secret1, secretFilePath}) + session.WaitWithDefaultTimeout() + secrID1 := session.OutputToString() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"secret", "create", secret2, secretFilePath}) + session.WaitWithDefaultTimeout() + secrID2 := session.OutputToString() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"secret", "create", "Secret3", secretFilePath}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + list := podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret1)}) + list.WaitWithDefaultTimeout() + Expect(list).Should(Exit(0)) + Expect(list.OutputToStringArray()).To(HaveLen(2), ContainSubstring(secret1)) + + list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret2)}) + list.WaitWithDefaultTimeout() + Expect(list).Should(Exit(0)) + Expect(list.OutputToStringArray()).To(HaveLen(2), ContainSubstring(secret2)) + + list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID1)}) + list.WaitWithDefaultTimeout() + Expect(list).Should(Exit(0)) + Expect(list.OutputToStringArray()).To(HaveLen(2), ContainSubstring(secrID1)) + + list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID2)}) + list.WaitWithDefaultTimeout() + Expect(list).Should(Exit(0)) + Expect(list.OutputToStringArray()).To(HaveLen(2), ContainSubstring(secrID2)) + + list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s,name=%s", secret1, secret2)}) + list.WaitWithDefaultTimeout() + Expect(list).Should(Exit(0)) + Expect(list.OutputToStringArray()).To(HaveLen(3), ContainSubstring(secret1), ContainSubstring(secret2)) + }) + It("podman secret ls with Go template", func() { secretFilePath := filepath.Join(podmanTest.TempDir, "secret") err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755) diff --git a/test/e2e/system_service_test.go b/test/e2e/system_service_test.go index 4299146f5..a9ed0b11f 100644 --- a/test/e2e/system_service_test.go +++ b/test/e2e/system_service_test.go @@ -20,7 +20,7 @@ var _ = Describe("podman system service", func() { // The timeout used to for the service to respond. As shown in #12167, // this may take some time on machines under high load. - var timeout = 5 + var timeout = 20 BeforeEach(func() { tempdir, err := CreateTempDirInTempDir() diff --git a/test/python/docker/compat/test_images.py b/test/python/docker/compat/test_images.py index 1e2b531b7..485a0e419 100644 --- a/test/python/docker/compat/test_images.py +++ b/test/python/docker/compat/test_images.py @@ -79,6 +79,7 @@ class TestImages(unittest.TestCase): # Add more images self.client.images.pull(constant.BB) self.assertEqual(len(self.client.images.list()), 2) + self.assertEqual(len(self.client.images.list(all=True)), 2) # List images with filter self.assertEqual(len(self.client.images.list(filters={"reference": "alpine"})), 1) diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 9de31f96c..201418620 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -240,4 +240,64 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z run_podman rmi test:1.0 } + +@test "podman images - rmi -af removes all containers and pods" { + pname=$(random_string) + run_podman create --pod new:$pname $IMAGE + + run_podman inspect --format '{{.ID}}' $IMAGE + imageID=$output + + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + pauseImage=localhost/podman-pause:$output + run_podman inspect --format '{{.ID}}' $pauseImage + pauseID=$output + + run_podman 2 rmi -a + is "$output" "Error: 2 errors occurred: +.** Image used by .*: image is in use by a container +.** Image used by .*: image is in use by a container" + + run_podman rmi -af + is "$output" "Untagged: $IMAGE +Untagged: $pauseImage +Deleted: $imageID +Deleted: $pauseID" "infra images gets removed as well" + + run_podman images --noheading + is "$output" "" + run_podman ps --all --noheading + is "$output" "" + run_podman pod ps --noheading + is "$output" "" + + run_podman create --pod new:$pname $IMAGE +} + +@test "podman images - rmi -f can remove infra images" { + pname=$(random_string) + run_podman create --pod new:$pname $IMAGE + + run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" + pauseImage=localhost/podman-pause:$output + run_podman inspect --format '{{.ID}}' $pauseImage + pauseID=$output + + run_podman 2 rmi $pauseImage + is "$output" "Error: Image used by .* image is in use by a container" + + run_podman rmi -f $pauseImage + is "$output" "Untagged: $pauseImage +Deleted: $pauseID" + + # Force-removing the infra container removes the pod and all its containers. + run_podman ps --all --noheading + is "$output" "" + run_podman pod ps --noheading + is "$output" "" + + # Other images are still present. + run_podman image exists $IMAGE +} + # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 5937d38f8..d81a0758c 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -586,9 +586,7 @@ json-file | f @test "podman run with --net=host and --port prints warning" { rand=$(random_string 10) - # Please keep the duplicate "--net" options; this tests against #8507, - # a regression in which subsequent --net options did not override earlier. - run_podman run --rm -p 8080 --net=none --net=host $IMAGE echo $rand + run_podman run --rm -p 8080 --net=host $IMAGE echo $rand is "${lines[0]}" \ "Port mappings have been discarded as one of the Host, Container, Pod, and None network modes are in use" \ "Warning is emitted before container output" @@ -713,6 +711,18 @@ EOF run_podman rmi nomtab } +@test "podman run --hostuser tests" { + skip_if_not_rootless "test whether hostuser is successfully added" + user=$(id -un) + run_podman 1 run --rm $IMAGE grep $user /etc/passwd + run_podman run --hostuser=$user --rm $IMAGE grep $user /etc/passwd + user=$(id -u) + run_podman run --hostuser=$user --rm $IMAGE grep $user /etc/passwd + run_podman run --hostuser=$user --user $user --rm $IMAGE grep $user /etc/passwd + user=bogus + run_podman 126 run --hostuser=$user --rm $IMAGE grep $user /etc/passwd +} + @test "podman run --device-cgroup-rule tests" { skip_if_rootless "cannot add devices in rootless mode" @@ -758,4 +768,39 @@ EOF is "$output" ".*TERM=abc" "missing TERM environment variable despite TERM being set on commandline" } +@test "podman run - no /etc/hosts" { + skip_if_rootless "cannot move /etc/hosts file as a rootless user" + tmpfile=$PODMAN_TMPDIR/hosts + mv /etc/hosts $tmpfile + run_podman '?' run --rm --add-host "foo.com:1.2.3.4" $IMAGE cat "/etc/hosts" + mv $tmpfile /etc/hosts + is "$status" 0 "podman run without /etc/hosts file should work" + is "$output" "1.2.3.4 foo.com.*" "users can add hosts even without /etc/hosts" +} + +# rhbz#1854566 : $IMAGE has incorrect permission 555 on the root '/' filesystem +@test "podman run image with filesystem permission" { + # make sure the IMAGE image have permissiong of 555 like filesystem RPM expects + run_podman run --rm $IMAGE stat -c %a / + is "$output" "555" "directory permissions on /" +} + +# rhbz#1763007 : the --log-opt for podman run does not work as expected +@test "podman run with log-opt option" { + # Pseudorandom size of the form N.NNN. The '| 1' handles '0.NNN' or 'N.NN0', + # which podman displays as 'NNN kB' or 'N.NN MB' respectively. + size=$(printf "%d.%03d" $(($RANDOM % 10 | 1)) $(($RANDOM % 100 | 1))) + run_podman run -d --rm --log-opt max-size=${size}m $IMAGE sleep 5 + cid=$output + run_podman inspect --format "{{ .HostConfig.LogConfig.Size }}" $cid + is "$output" "${size}MB" + run_podman rm -t 0 -f $cid +} + +@test "podman run --kernel-memory warning" { + # Not sure what situations this fails in, but want to make sure warning shows. + run_podman '?' run --rm --kernel-memory 100 $IMAGE false + is "$output" ".*The --kernel-memory flag is no longer supported. This flag is a noop." "warn on use of --kernel-memory" + +} # vim: filetype=sh diff --git a/test/system/040-ps.bats b/test/system/040-ps.bats index 09a0f8de1..61b290415 100644 --- a/test/system/040-ps.bats +++ b/test/system/040-ps.bats @@ -83,10 +83,10 @@ load helpers run_podman rm -a } -@test "podman ps -a --external" { +@test "podman ps --external" { # Setup: ensure that we have no hidden storage containers - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "1" "setup check: no storage containers at start of test" # Force a buildah timeout; this leaves a buildah container behind @@ -107,7 +107,7 @@ EOF run_podman ps -a is "${#lines[@]}" "1" "podman ps -a does not see buildah containers" - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "3" "podman ps -a --external sees buildah containers" is "${lines[1]}" \ "[0-9a-f]\{12\} \+$IMAGE *buildah .* seconds ago .* storage .* ${PODMAN_TEST_IMAGE_NAME}-working-container" \ @@ -115,7 +115,7 @@ EOF # 'rm -a' should be a NOP run_podman rm -a - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "3" "podman ps -a --external sees buildah containers" # Cannot prune intermediate image as it's being used by a buildah @@ -128,7 +128,7 @@ EOF is "${#lines[@]}" "1" "Image used by build container is pruned" # One buildah container has been removed. - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "2" "podman ps -a --external sees buildah containers" cid="${lines[1]:0:12}" @@ -140,7 +140,7 @@ EOF # With -f, we can remove it. run_podman rm -t 0 -f "$cid" - run_podman ps --external -a + run_podman ps --external is "${#lines[@]}" "1" "storage container has been removed" } diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 3c47b1f5b..5e920506d 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -115,7 +115,7 @@ FROM $IMAGE RUN echo $rand_content EOF - run_podman 125 --runtime-flag invalidflag build -t build_test $tmpdir + run_podman 1 --runtime-flag invalidflag build -t build_test $tmpdir is "$output" ".*invalidflag" "failed when passing undefined flags to the runtime" } diff --git a/test/system/120-load.bats b/test/system/120-load.bats index a5508b2f4..541095764 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -78,6 +78,35 @@ verify_iid_and_name() { run_podman rmi $fqin } +@test "podman image scp transfer" { + skip_if_root_ubuntu "cannot create a new user successfully on ubuntu" + get_iid_and_name + if ! is_remote; then + if is_rootless; then + whoami=$(id -un) + run_podman image scp $whoami@localhost::$iid root@localhost:: + if [ "$status" -ne 0 ]; then + die "Command failed: podman image scp transfer" + fi + whoami=$(id -un) + run_podman image scp -q $whoami@localhost::$iid root@localhost:: + if [ "$status" -ne 0 ]; then + die "Command failed: podman image scp quiet transfer failed" + fi + fi + if ! is_rootless; then + id -u 1000 &>/dev/null || useradd -u 1000 -g 1000 testingUsr + if [ "$status" -ne 0 ]; then + die "Command failed: useradd 1000" + fi + run_podman image scp root@localhost::$iid 1000:1000@localhost:: + if [ "$status" -ne 0 ]; then + die "Command failed: podman image scp transfer" + fi + fi + fi +} + @test "podman load - by image ID" { # FIXME: how to build a simple archive instead? diff --git a/test/system/130-kill.bats b/test/system/130-kill.bats index 1ff3a7b61..a9456e03c 100644 --- a/test/system/130-kill.bats +++ b/test/system/130-kill.bats @@ -116,4 +116,18 @@ load helpers is "$output" "Error: valid signals are 1 through 64" "podman create" } +@test "podman kill - print IDs or raw input" { + # kill -a must print the IDs + run_podman run --rm -d $IMAGE top + ctrID="$output" + run_podman kill -a + is "$output" "$ctrID" + + # kill $input must print $input + cname=$(random_string) + run_podman run --rm -d --name $cname $IMAGE top + run_podman kill $cname + is "$output" $cname +} + # vim: filetype=sh diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index 43462de36..1271b7c0b 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -319,5 +319,30 @@ EOF is "$output" "" "no more volumes to prune" } +@test "podman volume type=bind" { + myvoldir=${PODMAN_TMPDIR}/volume_$(random_string) + mkdir $myvoldir + touch $myvoldir/myfile + + myvolume=myvol$(random_string) + run_podman 125 volume create -o type=bind -o device=/bogus $myvolume + is "$output" "Error: invalid volume option device for driver 'local': stat /bogus: no such file or directory" "should fail with bogus directory not existing" + + run_podman volume create -o type=bind -o device=/$myvoldir $myvolume + is "$output" "$myvolume" "should successfully create myvolume" + + run_podman run --rm -v $myvolume:/vol:z $IMAGE \ + stat -c "%u:%s" /vol/myfile + is "$output" "0:0" "w/o keep-id: stat(file in container) == root" +} + +@test "podman volume type=tmpfs" { + myvolume=myvol$(random_string) + run_podman volume create -o type=tmpfs -o device=tmpfs $myvolume + is "$output" "$myvolume" "should successfully create myvolume" + + run_podman run --rm -v $myvolume:/vol $IMAGE stat -f -c "%T" /vol + is "$output" "tmpfs" "volume should be tmpfs" +} # vim: filetype=sh diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index eb6c4e259..a5be591ef 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -17,7 +17,7 @@ function _require_crun() { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" _require_crun - run chroot --groups 1234 / ${PODMAN} run --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id + run chroot --groups 1234 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id is "$output" ".*65534(nobody)" "Check group leaked into user namespace" } @@ -25,30 +25,56 @@ function _require_crun() { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" _require_crun - run chroot --groups 1234,5678 / ${PODMAN} run --group-add keep-groups $IMAGE id + run chroot --groups 1234,5678 / ${PODMAN} run --rm --group-add keep-groups $IMAGE id is "$output" ".*1234" "Check group leaked into container" } @test "podman --group-add without keep-groups while in a userns" { skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" - run chroot --groups 1234,5678 / ${PODMAN} run --uidmap 0:200000:5000 --group-add 457 $IMAGE id + run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" } @test "podman --remote --group-add keep-groups " { if is_remote; then - run_podman 125 run --group-add keep-groups $IMAGE id + run_podman 125 run --rm --group-add keep-groups $IMAGE id is "$output" ".*not supported in remote mode" "Remote check --group-add keep-groups" fi } @test "podman --group-add without keep-groups " { - run_podman run --group-add 457 $IMAGE id + run_podman run --rm --group-add 457 $IMAGE id is "$output" ".*457" "Check group leaked into container" } @test "podman --group-add keep-groups plus added groups " { - run_podman 125 run --group-add keep-groups --group-add 457 $IMAGE id + run_podman 125 run --rm --group-add keep-groups --group-add 457 $IMAGE id is "$output" ".*the '--group-add keep-groups' option is not allowed with any other --group-add options" "Check group leaked into container" } + +@test "podman userns=auto in config file" { + skip_if_remote "userns=auto is set on the server" + + if is_rootless; then + egrep -q "^$(id -un):" /etc/subuid || skip "no IDs allocated for current user" + else + egrep -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'" + fi + + cat > $PODMAN_TMPDIR/userns_auto.conf <<EOF +[containers] +userns="auto" +EOF + # First make sure a user namespace is created + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman run -d $IMAGE sleep infinity + cid=$output + + run_podman inspect --format '{{.HostConfig.UsernsMode}}' $cid + is "$output" "private" "Check that a user namespace was created for the container" + + run_podman rm -t 0 -f $cid + + # Then check that the main user is not mapped into the user namespace + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman 0 run --rm $IMAGE awk '{if($2 == "0"){exit 1}}' /proc/self/uid_map /proc/self/gid_map +} diff --git a/test/system/180-blkio.bats b/test/system/180-blkio.bats index 68449681a..7999c9ec5 100644 --- a/test/system/180-blkio.bats +++ b/test/system/180-blkio.bats @@ -8,7 +8,7 @@ load helpers function teardown() { lofile=${PODMAN_TMPDIR}/disk.img if [ -f ${lofile} ]; then - run_podman '?' rm -t 0 --all --force + run_podman '?' rm -t 0 --all --force --ignore while read path dev; do if [[ "$path" == "$lofile" ]]; then diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index deadfa90a..2b5ad44dc 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -16,6 +16,21 @@ load helpers if [[ ${output} = ${heading} ]]; then die "network ls --noheading did not remove heading: $output" fi + + # check deterministic list order + local net1=a-$(random_string 10) + local net2=b-$(random_string 10) + local net3=c-$(random_string 10) + run_podman network create $net1 + run_podman network create $net2 + run_podman network create $net3 + + run_podman network ls --quiet + # just check the the order of the created networks is correct + # we cannot do an exact match since developer and CI systems could contain more networks + is "$output" ".*$net1.*$net2.*$net3.*podman.*" "networks sorted alphabetically" + + run_podman network rm $net1 $net2 $net3 } # Copied from tsweeney's https://github.com/containers/podman/issues/4827 @@ -124,10 +139,11 @@ load helpers @test "podman run with slirp4ns assigns correct addresses to /etc/hosts" { CIDR="$(random_rfc1918_subnet)" + IP=$(hostname -I | cut -f 1 -d " ") local conname=con-$(random_string 10) run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \ --name $conname --hostname $conname $IMAGE cat /etc/hosts - is "$output" ".*${CIDR}.2 host.containers.internal" "host.containers.internal should be the cidr+2 address" + is "$output" ".*${IP} host.containers.internal" "host.containers.internal should be the cidr+2 address" is "$output" ".*${CIDR}.100 $conname $conname" "$conname should be the cidr+100 address" } diff --git a/test/system/520-checkpoint.bats b/test/system/520-checkpoint.bats index 723a20cc4..046dfd126 100644 --- a/test/system/520-checkpoint.bats +++ b/test/system/520-checkpoint.bats @@ -11,7 +11,7 @@ function setup() { # TL;DR they keep fixing it then breaking it again. There's a test we # could run to see if it's fixed, but it's way too complicated. Since # integration tests also skip checkpoint tests on Ubuntu, do the same here. - if grep -qiw ubuntu /etc/os-release; then + if is_ubuntu; then skip "FIXME: checkpointing broken in Ubuntu 2004, 2104, 2110, ..." fi diff --git a/test/system/700-play.bats b/test/system/700-play.bats index b77d41920..88c7cad87 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -104,8 +104,6 @@ RELABEL="system_u:object_r:container_file_t:s0" TESTDIR=$PODMAN_TMPDIR/testdir mkdir -p $TESTDIR echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml - run_podman 125 play kube --network bridge $PODMAN_TMPDIR/test.yaml - is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host" run_podman 125 play kube --network host $PODMAN_TMPDIR/test.yaml is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host" run_podman play kube --network slirp4netns:port_handler=slirp4netns $PODMAN_TMPDIR/test.yaml diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 97b6db05c..36a88fc10 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -56,14 +56,14 @@ fi # Setup helper: establish a test environment with exactly the images needed function basic_setup() { # Clean up all containers - run_podman rm -t 0 --all --force + run_podman rm -t 0 --all --force --ignore # ...including external (buildah) ones run_podman ps --all --external --format '{{.ID}} {{.Names}}' for line in "${lines[@]}"; do set $line echo "# setup(): removing stray external container $1 ($2)" >&3 - run_podman rm $1 + run_podman rm -f $1 done # Clean up all images except those desired @@ -109,8 +109,8 @@ function basic_setup() { # Basic teardown: remove all pods and containers function basic_teardown() { echo "# [teardown]" >&2 - run_podman '?' pod rm -t 0 --all --force - run_podman '?' rm -t 0 --all --force + run_podman '?' pod rm -t 0 --all --force --ignore + run_podman '?' rm -t 0 --all --force --ignore command rm -rf $PODMAN_TMPDIR } @@ -318,6 +318,10 @@ function wait_for_port() { # BEGIN miscellaneous tools # Shortcuts for common needs: +function is_ubuntu() { + grep -qiw ubuntu /etc/os-release +} + function is_rootless() { [ "$(id -u)" -ne 0 ] } @@ -398,6 +402,16 @@ function skip_if_rootless() { fi } +###################### +# skip_if_not_rootless # ...with an optional message +###################### +function skip_if_not_rootless() { + if ! is_rootless; then + local msg=$(_add_label_if_missing "$1" "rootfull") + skip "${msg:-not applicable under rootlfull podman}" + fi +} + #################### # skip_if_remote # ...with an optional message #################### @@ -449,6 +463,16 @@ function skip_if_journald_unavailable { fi } +function skip_if_root_ubuntu { + if is_ubuntu; then + if ! is_remote; then + if ! is_rootless; then + skip "Cannot run this test on rootful ubuntu, usually due to user errors" + fi + fi + fi +} + ######### # die # Abort with helpful message ######### diff --git a/test/utils/utils.go b/test/utils/utils.go index f41024072..1f5067950 100644 --- a/test/utils/utils.go +++ b/test/utils/utils.go @@ -41,6 +41,7 @@ type PodmanTest struct { RemotePodmanBinary string RemoteSession *os.Process RemoteSocket string + RemoteSocketLock string // If not "", should be removed _after_ RemoteSocket is removed RemoteCommand *exec.Cmd ImageCacheDir string ImageCacheFS string @@ -469,10 +470,6 @@ func Containerized() bool { return strings.Contains(string(b), "docker") } -func init() { - rand.Seed(GinkgoRandomSeed()) -} - var randomLetters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") // RandomString returns a string of given length composed of random characters |