diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/20-containers.at | 3 | ||||
| -rw-r--r-- | test/apiv2/35-networks.at | 12 | ||||
| -rwxr-xr-x | test/compose/test-compose | 1 | ||||
| -rw-r--r-- | test/e2e/build_test.go | 4 | ||||
| -rw-r--r-- | test/e2e/checkpoint_image_test.go | 7 | ||||
| -rw-r--r-- | test/e2e/checkpoint_test.go | 5 | ||||
| -rw-r--r-- | test/e2e/info_test.go | 15 | ||||
| -rw-r--r-- | test/e2e/kill_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/manifest_test.go | 3 | ||||
| -rw-r--r-- | test/e2e/network_connect_disconnect_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/pause_test.go | 177 | ||||
| -rw-r--r-- | test/e2e/play_kube_test.go | 142 | ||||
| -rw-r--r-- | test/e2e/pod_create_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 7 | ||||
| -rw-r--r-- | test/system/005-info.bats | 17 | ||||
| -rw-r--r-- | test/system/030-run.bats | 2 | ||||
| -rw-r--r-- | test/system/160-volumes.bats | 8 | ||||
| -rw-r--r-- | test/system/170-run-userns.bats | 2 | ||||
| -rw-r--r-- | test/system/200-pod.bats | 5 | ||||
| -rw-r--r-- | test/system/251-system-service.bats | 4 | ||||
| -rw-r--r-- | test/system/400-unprivileged-access.bats | 1 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 2 | ||||
| -rw-r--r-- | test/utils/utils.go | 4 |
23 files changed, 409 insertions, 16 deletions
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 6ef4ef917..a8d9baef3 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -123,7 +123,8 @@ t GET libpod/containers/${cid}/json 200 \ .Id=$cid \ .State.Status~\\\(exited\\\|stopped\\\) \ .State.Running=false \ - .State.ExitCode=0 + .State.ExitCode=0 \ + .Config.Umask=0022 # regression check for #15036 t DELETE libpod/containers/$cid 200 .[0].Id=$cid CNAME=myfoo diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at index fcff26521..07ba45efb 100644 --- a/test/apiv2/35-networks.at +++ b/test/apiv2/35-networks.at @@ -84,12 +84,24 @@ t GET networks?filters='{"dangling":["true","0"]}' 500 \ t GET networks?filters='{"name":["doesnotexists"]}' 200 \ "[]" +# check default name in list endpoint +t GET networks 200 \ + .[].Name~.*bridge.* + # network inspect docker t GET networks/$network1_id 200 \ .Name=network1 \ .Id=$network1_id \ .Scope=local +# inspect default bridge network +t GET networks/bridge 200 \ + .Name=bridge + +# inspect default bridge network with real podman name should return real name +t GET networks/podman 200 \ + .Name=podman + # network create docker t POST networks/create Name=net3\ IPAM='{"Config":[]}' 201 # network delete docker diff --git a/test/compose/test-compose b/test/compose/test-compose index 7c4bf2e91..99d063c25 100755 --- a/test/compose/test-compose +++ b/test/compose/test-compose @@ -212,7 +212,6 @@ function start_service() { rm -f $DOCKER_SOCK mkdir --mode 0755 $WORKDIR/{root,runroot,cni} chcon --reference=/var/lib/containers $WORKDIR/root - cp /etc/cni/net.d/*podman*conflist $WORKDIR/cni/ $PODMAN_BIN \ --log-level debug \ diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 9ecc2f8c6..424c7244e 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -524,6 +524,8 @@ subdir**` // See https://github.com/containers/podman/issues/13535 It("Remote build .containerignore filtering embedded directory (#13535)", func() { SkipIfNotRemote("Testing remote .containerignore file filtering") + Skip("FIXME: #15014: test times out in 'dd' on f36.") + podmanTest.RestartRemoteService() // Switch to temp dir and restore it afterwards @@ -552,7 +554,7 @@ subdir**` Expect(ioutil.WriteFile(filepath.Join(subdirPath, "extra"), contents.Bytes(), 0644)). ToNot(HaveOccurred()) randomFile := filepath.Join(subdirPath, "randomFile") - dd := exec.Command("dd", "if=/dev/random", "of="+randomFile, "bs=1G", "count=1") + dd := exec.Command("dd", "if=/dev/urandom", "of="+randomFile, "bs=1G", "count=1") ddSession, err := Start(dd, GinkgoWriter, GinkgoWriter) Expect(err).ToNot(HaveOccurred()) Eventually(ddSession, "10s", "1s").Should(Exit(0)) diff --git a/test/e2e/checkpoint_image_test.go b/test/e2e/checkpoint_image_test.go index 94320a70e..5700802e8 100644 --- a/test/e2e/checkpoint_image_test.go +++ b/test/e2e/checkpoint_image_test.go @@ -58,6 +58,7 @@ var _ = Describe("Podman checkpoint", func() { }) It("podman checkpoint --create-image with running container", func() { + SkipIfContainerized("FIXME: #15015. All checkpoint tests hang when containerized.") // Container image must be lowercase checkpointImage := "alpine-checkpoint-" + strings.ToLower(RandomString(6)) containerName := "alpine-container-" + RandomString(6) @@ -163,7 +164,8 @@ var _ = Describe("Podman checkpoint", func() { Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) }) - It("podman restore multiple containers from single checkpint image", func() { + It("podman restore multiple containers from single checkpoint image", func() { + SkipIfContainerized("FIXME: #15015. All checkpoint tests hang when containerized.") // Container image must be lowercase checkpointImage := "alpine-checkpoint-" + strings.ToLower(RandomString(6)) containerName := "alpine-container-" + RandomString(6) @@ -225,7 +227,8 @@ var _ = Describe("Podman checkpoint", func() { Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) }) - It("podman restore multiple containers from multiple checkpint images", func() { + It("podman restore multiple containers from multiple checkpoint images", func() { + SkipIfContainerized("FIXME: #15015. All checkpoint tests hang when containerized.") // Container image must be lowercase checkpointImage1 := "alpine-checkpoint-" + strings.ToLower(RandomString(6)) checkpointImage2 := "alpine-checkpoint-" + strings.ToLower(RandomString(6)) diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 5ccafeb37..a4646b6d1 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -57,6 +57,7 @@ var _ = Describe("Podman checkpoint", func() { BeforeEach(func() { SkipIfRootless("checkpoint not supported in rootless mode") + SkipIfContainerized("FIXME: #15015. All checkpoint tests hang when containerized.") tempdir, err = CreateTempDirInTempDir() Expect(err).To(BeNil()) @@ -1128,6 +1129,10 @@ var _ = Describe("Podman checkpoint", func() { share := share // copy into local scope, for use inside function It(testName, func() { + if podmanTest.Host.Distribution == "ubuntu" && IsRemote() { + Skip("FIXME: #15018. Cannot restore --pod under cgroupsV1 and remote") + } + if !criu.CheckForCriu(criu.PodCriuVersion) { Skip("CRIU is missing or too old.") } diff --git a/test/e2e/info_test.go b/test/e2e/info_test.go index 2c2c82cb6..9d31deb55 100644 --- a/test/e2e/info_test.go +++ b/test/e2e/info_test.go @@ -152,4 +152,19 @@ var _ = Describe("Podman Info", func() { Expect(session.OutputToString()).To(ContainSubstring("memory")) Expect(session.OutputToString()).To(ContainSubstring("pids")) }) + + It("Podman info: check desired runtime", func() { + // defined in .cirrus.yml + want := os.Getenv("CI_DESIRED_RUNTIME") + if want == "" { + if os.Getenv("CIRRUS_CI") == "" { + Skip("CI_DESIRED_RUNTIME is not set--this is OK because we're not running under Cirrus") + } + Fail("CIRRUS_CI is set, but CI_DESIRED_RUNTIME is not! See #14912") + } + session := podmanTest.Podman([]string{"info", "--format", "{{.Host.OCIRuntime.Name}}"}) + session.WaitWithDefaultTimeout() + Expect(session).To(Exit(0)) + Expect(session.OutputToString()).To(Equal(want)) + }) }) diff --git a/test/e2e/kill_test.go b/test/e2e/kill_test.go index 2a9a86729..9b33e2f0d 100644 --- a/test/e2e/kill_test.go +++ b/test/e2e/kill_test.go @@ -129,6 +129,7 @@ var _ = Describe("Podman kill", func() { }) It("podman kill paused container", func() { + SkipIfRootlessCgroupsV1("pause is not supported for cgroupv1 rootless") ctrName := "testctr" session := podmanTest.RunTopContainer(ctrName) session.WaitWithDefaultTimeout() diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index 1f58419a1..ecddf2935 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -293,6 +293,9 @@ var _ = Describe("Podman manifest", func() { }) It("authenticated push", func() { + if podmanTest.Host.Distribution == "ubuntu" && IsRemote() { + Skip("FIXME: #15017. Registry times out.") + } registryOptions := &podmanRegistry.Options{ Image: "docker-archive:" + imageTarPath(REGISTRY_IMAGE), } diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index c9ffe6a8d..ece1b519d 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -71,6 +71,7 @@ var _ = Describe("Podman network connect and disconnect", func() { }) It("podman network disconnect", func() { + SkipIfRootlessCgroupsV1("stats not supported under rootless CgroupsV1") netName := "aliasTest" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() @@ -180,6 +181,7 @@ var _ = Describe("Podman network connect and disconnect", func() { }) It("podman network connect", func() { + SkipIfRootlessCgroupsV1("stats not supported under rootless CgroupsV1") netName := "aliasTest" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/pause_test.go b/test/e2e/pause_test.go index d677eddb0..363df2624 100644 --- a/test/e2e/pause_test.go +++ b/test/e2e/pause_test.go @@ -319,4 +319,181 @@ var _ = Describe("Podman pause", func() { Expect(running.OutputToStringArray()).To(HaveLen(3)) }) + It("podman pause --latest", func() { + SkipIfRemote("--latest flag n/a") + session := podmanTest.RunTopContainer("") + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + result := podmanTest.Podman([]string{"pause", "-l"}) + result.WaitWithDefaultTimeout() + + Expect(session).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(strings.ToLower(podmanTest.GetContainerStatus())).To(ContainSubstring(pausedState)) + + result = podmanTest.Podman([]string{"unpause", "-l"}) + result.WaitWithDefaultTimeout() + }) + + It("podman pause --cidfile", func() { + tmpDir, err := ioutil.TempDir("", "") + Expect(err).To(BeNil()) + tmpFile := tmpDir + "cid" + + defer os.RemoveAll(tmpDir) + + session := podmanTest.Podman([]string{"create", "--cidfile", tmpFile, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + cid := session.OutputToStringArray()[0] + + session = podmanTest.Podman([]string{"start", cid}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + result := podmanTest.Podman([]string{"pause", "--cidfile", tmpFile}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + output := result.OutputToString() + Expect(output).To(ContainSubstring(cid)) + + result = podmanTest.Podman([]string{"unpause", "--cidfile", tmpFile}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + output = result.OutputToString() + Expect(output).To(ContainSubstring(cid)) + }) + + It("podman pause multiple --cidfile", func() { + tmpDir, err := ioutil.TempDir("", "") + Expect(err).To(BeNil()) + tmpFile1 := tmpDir + "cid-1" + tmpFile2 := tmpDir + "cid-2" + + defer os.RemoveAll(tmpDir) + + session := podmanTest.Podman([]string{"run", "--cidfile", tmpFile1, "-d", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + cid1 := session.OutputToStringArray()[0] + Expect(podmanTest.NumberOfContainers()).To(Equal(1)) + + session = podmanTest.Podman([]string{"run", "--cidfile", tmpFile2, "-d", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + cid2 := session.OutputToStringArray()[0] + Expect(podmanTest.NumberOfContainers()).To(Equal(2)) + + result := podmanTest.Podman([]string{"pause", "--cidfile", tmpFile1, "--cidfile", tmpFile2}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + output := result.OutputToString() + Expect(output).To(ContainSubstring(cid1)) + Expect(output).To(ContainSubstring(cid2)) + Expect(podmanTest.NumberOfContainers()).To(Equal(2)) + + result = podmanTest.Podman([]string{"unpause", "--cidfile", tmpFile1, "--cidfile", tmpFile2}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + output = result.OutputToString() + Expect(output).To(ContainSubstring(cid1)) + Expect(output).To(ContainSubstring(cid2)) + Expect(podmanTest.NumberOfContainers()).To(Equal(2)) + }) + + It("podman pause invalid --latest and --cidfile and --all", func() { + SkipIfRemote("--latest flag n/a") + result := podmanTest.Podman([]string{"pause", "--cidfile", "foobar", "--latest"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together")) + result = podmanTest.Podman([]string{"pause", "--cidfile", "foobar", "--all"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together")) + result = podmanTest.Podman([]string{"pause", "--cidfile", "foobar", "--all", "--latest"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together")) + result = podmanTest.Podman([]string{"pause", "--latest", "--all"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together")) + }) + + It("podman unpause invalid --latest and --cidfile and --all", func() { + SkipIfRemote("--latest flag n/a") + result := podmanTest.Podman([]string{"unpause", "--cidfile", "foobar", "--latest"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together")) + result = podmanTest.Podman([]string{"unpause", "--cidfile", "foobar", "--all"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together")) + result = podmanTest.Podman([]string{"unpause", "--cidfile", "foobar", "--all", "--latest"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together")) + result = podmanTest.Podman([]string{"unpause", "--latest", "--all"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(125)) + Expect(result.ErrorToString()).To(ContainSubstring("cannot be used together")) + }) + + It("podman pause --filter", func() { + session1 := podmanTest.RunTopContainer("") + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + cid1 := session1.OutputToString() + + session1 = podmanTest.RunTopContainer("") + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + cid2 := session1.OutputToString() + + session1 = podmanTest.RunTopContainer("") + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + cid3 := session1.OutputToString() + shortCid3 := cid3[0:5] + + session1 = podmanTest.Podman([]string{"pause", cid1, "-f", "status=test"}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(125)) + + session1 = podmanTest.Podman([]string{"unpause", cid1, "-f", "status=paused"}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(125)) + + session1 = podmanTest.Podman([]string{"pause", "-a", "--filter", fmt.Sprintf("id=%swrongid", shortCid3)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(HaveLen(0)) + + session1 = podmanTest.Podman([]string{"pause", "-a", "--filter", fmt.Sprintf("id=%s", shortCid3)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(BeEquivalentTo(cid3)) + + session1 = podmanTest.Podman([]string{"unpause", "-a", "--filter", fmt.Sprintf("id=%swrongid", shortCid3)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(HaveLen(0)) + + session1 = podmanTest.Podman([]string{"unpause", "-a", "--filter", fmt.Sprintf("id=%s", shortCid3)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(BeEquivalentTo(cid3)) + + session1 = podmanTest.Podman([]string{"pause", "-f", fmt.Sprintf("id=%s", cid2)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(BeEquivalentTo(cid2)) + + session1 = podmanTest.Podman([]string{"unpause", "-f", fmt.Sprintf("id=%s", cid2)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(BeEquivalentTo(cid2)) + }) }) diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 9e2d4de19..1b4eefd45 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -29,6 +29,76 @@ import ( "github.com/opencontainers/selinux/go-selinux" ) +var secretYaml = ` +apiVersion: v1 +kind: Secret +metadata: + name: newsecret +type: Opaque +data: + username: dXNlcg== + password: NTRmNDFkMTJlOGZh +` + +var complexSecretYaml = ` +apiVersion: v1 +kind: Secret +metadata: + name: newsecrettwo +type: Opaque +data: + username: Y2RvZXJuCg== + password: dGVzdGluZ3Rlc3RpbmcK + note: a3ViZSBzZWNyZXRzIGFyZSBjb29sIQo= +` + +var secretPodYaml = ` +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + containers: + - name: myctr + image: quay.io/libpod/alpine_nginx:latest + volumeMounts: + - name: foo + mountPath: /etc/foo + readOnly: true + volumes: + - name: foo + secret: + secretName: newsecret + optional: false +` + +var secretPodYamlTwo = ` +apiVersion: v1 +kind: Pod +metadata: + name: mypod2 +spec: + containers: + - name: myctr + image: quay.io/libpod/alpine_nginx:latest + volumeMounts: + - name: foo + mountPath: /etc/foo + readOnly: true + - name: bar + mountPath: /etc/bar + readOnly: true + volumes: + - name: foo + secret: + secretName: newsecret + optional: false + - name: bar + secret: + secretName: newsecrettwo + optional: false +` + var unknownKindYaml = ` apiVersion: v1 kind: UnknownKind @@ -3493,7 +3563,7 @@ ENV OPENJ9_JAVA_OPTIONS=%q SkipIfRemote("cannot run in a remote setup") address := url.URL{ Scheme: "tcp", - Host: net.JoinHostPort("localhost", randomPort()), + Host: net.JoinHostPort("localhost", "8080"), } session := podmanTest.Podman([]string{ @@ -3857,4 +3927,74 @@ ENV OPENJ9_JAVA_OPTIONS=%q Expect(kube).Should(Exit(125)) }) + It("podman play kube secret as volume support", func() { + err := writeYaml(secretYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + secretList := podmanTest.Podman([]string{"secret", "list"}) + secretList.WaitWithDefaultTimeout() + Expect(secretList).Should(Exit(0)) + Expect(secretList.OutputToString()).Should(ContainSubstring("newsecret")) + + err = writeYaml(secretPodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + exec := podmanTest.Podman([]string{"exec", "-it", "mypod-myctr", "cat", "/etc/foo/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("dXNlcg==")) + + secretRm := podmanTest.Podman([]string{"secret", "rm", "newsecret"}) + secretRm.WaitWithDefaultTimeout() + Expect(secretRm).Should(Exit(0)) + + podRm := podmanTest.Podman([]string{"pod", "rm", "-f", "mypod"}) + podRm.WaitWithDefaultTimeout() + Expect(podRm).Should(Exit(0)) + + yamls := []string{secretYaml, secretPodYaml} + err = generateMultiDocKubeYaml(yamls, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + // do not remove newsecret to test that we auto remove on collision + + yamls = []string{secretYaml, complexSecretYaml} + err = generateMultiDocKubeYaml(yamls, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + err = writeYaml(secretPodYamlTwo, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + exec = podmanTest.Podman([]string{"exec", "-it", "mypod2-myctr", "cat", "/etc/foo/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("dXNlcg==")) + + exec = podmanTest.Podman([]string{"exec", "-it", "mypod2-myctr", "cat", "/etc/bar/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("Y2RvZXJuCg==")) + + }) + }) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 3caae2bd5..24d9d6854 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -1051,6 +1051,7 @@ ENTRYPOINT ["sleep","99999"] It("podman pod create --share-parent test", func() { SkipIfRootlessCgroupsV1("rootless cannot use cgroups with cgroupsv1") + SkipIfCgroupV1("FIXME: #15013: CgroupMode shows 'host' instead of CID under Cgroups V1.") podCreate := podmanTest.Podman([]string{"pod", "create", "--share-parent=false"}) podCreate.WaitWithDefaultTimeout() Expect(podCreate).Should(Exit(0)) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 6edb705a1..64b70f1ee 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -91,7 +91,8 @@ var _ = Describe("Podman run", func() { if exitCode == 0 { Expect(session.OutputToString()).To(ContainSubstring("aarch64")) } else { - Expect(session.ErrorToString()).To(ContainSubstring("Exec format error")) + // crun says 'Exec', runc says 'exec'. Handle either. + Expect(session.ErrorToString()).To(ContainSubstring("xec format error")) } }) @@ -714,6 +715,7 @@ USER bin`, BB) }) It("podman run device-read-bps test", func() { + SkipIfCgroupV1("FIXME: #15035 - bps broken") SkipIfRootless("FIXME: requested cgroup controller `io` is not available") SkipIfRootlessCgroupsV1("Setting device-read-bps not supported on cgroupv1 for rootless users") @@ -733,6 +735,7 @@ USER bin`, BB) }) It("podman run device-write-bps test", func() { + SkipIfCgroupV1("FIXME: #15035 - bps broken") SkipIfRootless("FIXME: requested cgroup controller `io` is not available") SkipIfRootlessCgroupsV1("Setting device-write-bps not supported on cgroupv1 for rootless users") @@ -751,6 +754,7 @@ USER bin`, BB) }) It("podman run device-read-iops test", func() { + SkipIfCgroupV1("FIXME: #15035 - bps broken") SkipIfRootless("FIXME: requested cgroup controller `io` is not available") SkipIfRootlessCgroupsV1("Setting device-read-iops not supported on cgroupv1 for rootless users") var session *PodmanSessionIntegration @@ -769,6 +773,7 @@ USER bin`, BB) }) It("podman run device-write-iops test", func() { + SkipIfCgroupV1("FIXME: #15035 - bps broken") SkipIfRootless("FIXME: requested cgroup controller `io` is not available") SkipIfRootlessCgroupsV1("Setting device-write-iops not supported on cgroupv1 for rootless users") var session *PodmanSessionIntegration diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 333553b07..43a345f11 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -55,7 +55,24 @@ host.slirp4netns.executable | $expr_path dprint "# actual=<$actual> expect=<$expect>" is "$actual" "$expect" "jq .$field" done +} + +@test "podman info - confirm desired runtime" { + if [[ -z "$CI_DESIRED_RUNTIME" ]]; then + # When running in Cirrus, CI_DESIRED_RUNTIME *must* be defined + # in .cirrus.yml so we can double-check that all CI VMs are + # using crun/runc as desired. + if [[ -n "$CIRRUS_CI" ]]; then + die "CIRRUS_CI is set, but CI_DESIRED_RUNTIME is not! See #14912" + fi + + # Not running under Cirrus (e.g., gating tests, or dev laptop). + # Totally OK to skip this test. + skip "CI_DESIRED_RUNTIME is unset--OK, because we're not in Cirrus" + fi + run_podman info --format '{{.Host.OCIRuntime.Name}}' + is "$output" "$CI_DESIRED_RUNTIME" "CI_DESIRED_RUNTIME (from .cirrus.yml)" } # 2021-04-06 discussed in watercooler: RHEL must never use crun, even if diff --git a/test/system/030-run.bats b/test/system/030-run.bats index b3e3cef00..e62e7679f 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -70,6 +70,7 @@ echo $rand | 0 | $rand } @test "podman run - uidmapping has no /sys/kernel mounts" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" skip_if_rootless "cannot umount as rootless" skip_if_remote "TODO Fix this for remote case" @@ -805,6 +806,7 @@ EOF # rhbz#1902979 : podman run fails to update /etc/hosts when --uidmap is provided @test "podman run update /etc/hosts" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" HOST=$(random_string 25) run_podman run --uidmap 0:10001:10002 --rm --hostname ${HOST} $IMAGE grep ${HOST} /etc/hosts is "${lines[0]}" ".*${HOST}.*" diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index da60112a0..18e806699 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -149,16 +149,16 @@ EOF # By default, volumes are mounted exec, but we have manually added the # noexec option. This should fail. - # ARGH. Unfortunately, runc (used for cgroups v1) produces a different error + # ARGH. Unfortunately, runc (used for cgroups v1) has different exit status local expect_rc=126 - local expect_msg='.* OCI permission denied.*' if [[ $(podman_runtime) = "runc" ]]; then expect_rc=1 - expect_msg='.* exec user process caused.*permission denied' fi run_podman ${expect_rc} run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript - is "$output" "$expect_msg" "run on volume, noexec" + # crun and runc emit different messages, and even runc is inconsistent + # with itself (output changed some time in 2022?). Deal with all. + assert "$output" =~ 'exec.* permission denied' "run on volume, noexec" # With the default, it should pass run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index 2ad9eb0b8..5ad7473da 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -30,6 +30,7 @@ function _require_crun() { } @test "podman --group-add without keep-groups while in a userns" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id @@ -37,6 +38,7 @@ function _require_crun() { } @test "rootful pod with custom ID mapping" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" skip_if_rootless "does not work rootless - rootful feature" random_pod_name=$(random_string 30) run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index b9c668993..667e2baef 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -479,9 +479,8 @@ spec: @test "pod resource limits" { skip_if_remote "resource limits only implemented on non-remote" - if is_rootless || ! is_cgroupsv2; then - skip "only meaningful for rootful" - fi + skip_if_rootless "resource limits only work with root" + skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2" # create loopback device lofile=${PODMAN_TMPDIR}/disk.img diff --git a/test/system/251-system-service.bats b/test/system/251-system-service.bats index edee4a28c..197d1cb18 100644 --- a/test/system/251-system-service.bats +++ b/test/system/251-system-service.bats @@ -17,6 +17,10 @@ function teardown() { @test "podman-system-service containers survive service stop" { skip_if_remote "podman system service unavailable over remote" + local runtime=$(podman_runtime) + if [[ "$runtime" != "crun" ]]; then + skip "survival code only implemented in crun; you're using $runtime" + fi port=$(random_free_port) URL=tcp://127.0.0.1:$port diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index 710ff066c..0d6be2d60 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -7,6 +7,7 @@ load helpers @test "podman container storage is not accessible by unprivileged users" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" skip_if_rootless "test meaningless without suid" skip_if_remote diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 50eb15216..f45540f5f 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -84,6 +84,7 @@ load helpers # Issue #5466 - port-forwarding doesn't work with this option and -d @test "podman networking: port with --userns=keep-id for rootless or --uidmap=* for rootful" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" for cidr in "" "$(random_rfc1918_subnet).0/24"; do myport=$(random_free_port 52000-52999) if [[ -z $cidr ]]; then @@ -744,6 +745,7 @@ EOF } @test "podman run /etc/* permissions" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" userns="--userns=keep-id" if ! is_rootless; then userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536" diff --git a/test/utils/utils.go b/test/utils/utils.go index 924f66ec8..e84b57cc6 100644 --- a/test/utils/utils.go +++ b/test/utils/utils.go @@ -367,8 +367,8 @@ func (s *PodmanSession) WaitWithDefaultTimeout() { func (s *PodmanSession) WaitWithTimeout(timeout int) { Eventually(s, timeout).Should(Exit(), func() string { // in case of timeouts show output - return fmt.Sprintf("command %v timed out\nSTDOUT: %s\nSTDERR: %s", - s.Command.Args, string(s.Out.Contents()), string(s.Err.Contents())) + return fmt.Sprintf("command timed out after %ds: %v\nSTDOUT: %s\nSTDERR: %s", + timeout, s.Command.Args, string(s.Out.Contents()), string(s.Err.Contents())) }) os.Stdout.Sync() os.Stderr.Sync() |