aboutsummaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/e2e/network_connect_disconnect_test.go4
-rw-r--r--test/e2e/prune_test.go47
-rw-r--r--test/e2e/run_test.go48
-rw-r--r--test/system/030-run.bats14
-rw-r--r--test/system/500-networking.bats65
-rw-r--r--test/system/700-play.bats26
6 files changed, 186 insertions, 18 deletions
diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go
index 6974c7614..c82aacbe4 100644
--- a/test/e2e/network_connect_disconnect_test.go
+++ b/test/e2e/network_connect_disconnect_test.go
@@ -66,7 +66,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
con := podmanTest.Podman([]string{"network", "disconnect", netName, "test"})
con.WaitWithDefaultTimeout()
Expect(con.ExitCode()).ToNot(BeZero())
- Expect(con.ErrorToString()).To(ContainSubstring(`network mode "slirp4netns" is not supported`))
+ Expect(con.ErrorToString()).To(ContainSubstring(`"slirp4netns" is not supported: invalid network mode`))
})
It("podman network disconnect", func() {
@@ -132,7 +132,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
con := podmanTest.Podman([]string{"network", "connect", netName, "test"})
con.WaitWithDefaultTimeout()
Expect(con.ExitCode()).ToNot(BeZero())
- Expect(con.ErrorToString()).To(ContainSubstring(`network mode "slirp4netns" is not supported`))
+ Expect(con.ErrorToString()).To(ContainSubstring(`"slirp4netns" is not supported: invalid network mode`))
})
It("podman connect on a container that already is connected to the network should error", func() {
diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go
index 38f893a43..419748adb 100644
--- a/test/e2e/prune_test.go
+++ b/test/e2e/prune_test.go
@@ -88,6 +88,53 @@ var _ = Describe("Podman prune", func() {
Expect(podmanTest.NumberOfContainers()).To(Equal(0))
})
+ It("podman image prune - remove only dangling images", func() {
+ session := podmanTest.Podman([]string{"images", "-a"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ hasNone, _ := session.GrepString("<none>")
+ Expect(hasNone).To(BeFalse())
+ numImages := len(session.OutputToStringArray())
+
+ // Since there's no dangling image, none should be removed.
+ session = podmanTest.Podman([]string{"image", "prune", "-f"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(0))
+
+ // Let's be extra sure that the same number of images is
+ // reported.
+ session = podmanTest.Podman([]string{"images", "-a"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(numImages))
+
+ // Now build a new image with dangling intermediate images.
+ podmanTest.BuildImage(pruneImage, "alpine_bash:latest", "true")
+
+ session = podmanTest.Podman([]string{"images", "-a"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ hasNone, _ = session.GrepString("<none>")
+ Expect(hasNone).To(BeTrue()) // ! we have dangling ones
+ numImages = len(session.OutputToStringArray())
+
+ // Since there's at least one dangling image, prune should
+ // remove them.
+ session = podmanTest.Podman([]string{"image", "prune", "-f"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ numPrunedImages := len(session.OutputToStringArray())
+ Expect(numPrunedImages >= 1).To(BeTrue())
+
+ // Now make sure that exactly the number of pruned images has
+ // been removed.
+ session = podmanTest.Podman([]string{"images", "-a"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(numImages - numPrunedImages))
+ })
+
It("podman image prune skip cache images", func() {
podmanTest.BuildImage(pruneImage, "alpine_bash:latest", "true")
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index f27ded5d2..58538b689 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -1669,6 +1669,49 @@ WORKDIR /madethis`, BB)
Expect(session.OutputToString()).To(Equal(secretsString))
})
+ It("podman run --secret mount with uid, gid, mode options", func() {
+ secretsString := "somesecretdata"
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ // check default permissions
+ session = podmanTest.Podman([]string{"run", "--secret", "mysecret", "--name", "secr", ALPINE, "ls", "-l", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ output := session.OutputToString()
+ Expect(output).To(ContainSubstring("-r--r--r--"))
+ Expect(output).To(ContainSubstring("root"))
+
+ session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=mount,uid=1000,gid=1001,mode=777", "--name", "secr2", ALPINE, "ls", "-ln", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ output = session.OutputToString()
+ Expect(output).To(ContainSubstring("-rwxrwxrwx"))
+ Expect(output).To(ContainSubstring("1000"))
+ Expect(output).To(ContainSubstring("1001"))
+ })
+
+ It("podman run --secret with --user", func() {
+ secretsString := "somesecretdata"
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "--secret", "mysecret", "--name", "nonroot", "--user", "200:200", ALPINE, "cat", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal(secretsString))
+ })
+
It("podman run invalid secret option", func() {
secretsString := "somesecretdata"
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
@@ -1694,6 +1737,11 @@ WORKDIR /madethis`, BB)
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Not(Equal(0)))
+ // mount option with env type
+ session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=env,uid=1000", "--name", "secr", ALPINE, "printenv", "mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+
// No source given
session = podmanTest.Podman([]string{"run", "--secret", "type=env", "--name", "secr", ALPINE, "printenv", "mysecret"})
session.WaitWithDefaultTimeout()
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 9a136ff13..e12c32ef5 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -690,4 +690,18 @@ json-file | f
run_podman rm $cid
}
+@test "podman run no /etc/mtab " {
+ tmpdir=$PODMAN_TMPDIR/build-test
+ mkdir -p $tmpdir
+
+ cat >$tmpdir/Dockerfile <<EOF
+FROM $IMAGE
+RUN rm /etc/mtab
+EOF
+ expected="'/etc/mtab' -> '/proc/mounts'"
+ run_podman build -t nomtab $tmpdir
+ run_podman run --rm nomtab stat -c %N /etc/mtab
+ is "$output" "$expected" "/etc/mtab should be created"
+}
+
# vim: filetype=sh
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 34220829a..1cec50827 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -162,6 +162,27 @@ load helpers
done
}
+@test "podman run with slirp4ns assigns correct gateway address to host.containers.internal" {
+ CIDR="$(random_rfc1918_subnet)"
+ run_podman run --network slirp4netns:cidr="${CIDR}.0/24" \
+ $IMAGE grep 'host.containers.internal' /etc/hosts
+ is "$output" "${CIDR}.2 host.containers.internal" "host.containers.internal should be the cidr+2 address"
+}
+
+@test "podman run with slirp4ns adds correct dns address to resolv.conf" {
+ CIDR="$(random_rfc1918_subnet)"
+ run_podman run --network slirp4netns:cidr="${CIDR}.0/24" \
+ $IMAGE grep "${CIDR}" /etc/resolv.conf
+ is "$output" "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as a nameserver"
+}
+
+@test "podman run with slirp4ns assigns correct ip address container" {
+ CIDR="$(random_rfc1918_subnet)"
+ run_podman run --network slirp4netns:cidr="${CIDR}.0/24" \
+ $IMAGE sh -c "ip address | grep ${CIDR}"
+ is "$output" ".*inet ${CIDR}.100/24 \+" "container should have slirp4netns cidr+100 assigned to interface"
+}
+
# "network create" now works rootless, with the help of a special container
@test "podman network create" {
myport=54322
@@ -215,7 +236,6 @@ load helpers
@test "podman network reload" {
skip_if_remote "podman network reload does not have remote support"
- skip_if_rootless "podman network reload does not work rootless"
random_1=$(random_string 30)
HOST_PORT=12345
@@ -225,29 +245,42 @@ load helpers
INDEX1=$PODMAN_TMPDIR/hello.txt
echo $random_1 > $INDEX1
+ # use default network for root
+ local netname=podman
+ # for rootless we have to create a custom network since there is no default network
+ if is_rootless; then
+ netname=testnet-$(random_string 10)
+ run_podman network create $netname
+ is "$output" ".*/cni/net.d/$netname.conflist" "output of 'network create'"
+ fi
+
# Bind-mount this file with a different name to a container running httpd
run_podman run -d --name myweb -p "$HOST_PORT:80" \
- -v $INDEX1:/var/www/index.txt \
- -w /var/www \
- $IMAGE /bin/busybox-extras httpd -f -p 80
+ --network $netname \
+ -v $INDEX1:/var/www/index.txt \
+ -w /var/www \
+ $IMAGE /bin/busybox-extras httpd -f -p 80
cid=$output
- run_podman inspect $cid --format "{{.NetworkSettings.IPAddress}}"
+ run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").IPAddress}}"
ip="$output"
- run_podman inspect $cid --format "{{.NetworkSettings.MacAddress}}"
+ run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").MacAddress}}"
mac="$output"
# Verify http contents: curl from localhost
run curl -s $SERVER/index.txt
is "$output" "$random_1" "curl 127.0.0.1:/index.txt"
- # flush the CNI iptables here
- run iptables -t nat -F CNI-HOSTPORT-DNAT
+ # rootless cannot modify iptables
+ if ! is_rootless; then
+ # flush the CNI iptables here
+ run iptables -t nat -F CNI-HOSTPORT-DNAT
- # check that we cannot curl (timeout after 5 sec)
- run timeout 5 curl -s $SERVER/index.txt
- if [ "$status" -ne 124 ]; then
- die "curl did not timeout, status code: $status"
+ # check that we cannot curl (timeout after 5 sec)
+ run timeout 5 curl -s $SERVER/index.txt
+ if [ "$status" -ne 124 ]; then
+ die "curl did not timeout, status code: $status"
+ fi
fi
# reload the network to recreate the iptables rules
@@ -255,9 +288,9 @@ load helpers
is "$output" "$cid" "Output does not match container ID"
# check that we still have the same mac and ip
- run_podman inspect $cid --format "{{.NetworkSettings.IPAddress}}"
+ run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").IPAddress}}"
is "$output" "$ip" "IP address changed after podman network reload"
- run_podman inspect $cid --format "{{.NetworkSettings.MacAddress}}"
+ run_podman inspect $cid --format "{{(index .NetworkSettings.Networks \"$netname\").MacAddress}}"
is "$output" "$mac" "MAC address changed after podman network reload"
# check that we can still curl
@@ -275,6 +308,10 @@ load helpers
# cleanup the container
run_podman rm -f $cid
+
+ if is_rootless; then
+ run_podman network rm -f $netname
+ fi
}
@test "podman rootless cni adds /usr/sbin to PATH" {
diff --git a/test/system/700-play.bats b/test/system/700-play.bats
index 8fa96741c..bcd8cf939 100644
--- a/test/system/700-play.bats
+++ b/test/system/700-play.bats
@@ -51,18 +51,40 @@ spec:
seLinuxOptions:
level: "s0:c1,c2"
readOnlyRootFilesystem: false
+ volumeMounts:
+ - mountPath: /testdir:z
+ name: home-podman-testdir
workingDir: /
+ volumes:
+ - hostPath:
+ path: TESTDIR
+ type: Directory
+ name: home-podman-testdir
status: {}
"
+RELABEL="system_u:object_r:container_file_t:s0"
+
@test "podman play with stdin" {
- echo "$testYaml" > $PODMAN_TMPDIR/test.yaml
+ TESTDIR=$PODMAN_TMPDIR/testdir
+ mkdir -p $TESTDIR
+ echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
run_podman play kube - < $PODMAN_TMPDIR/test.yaml
+ if [ -e /usr/sbin/selinuxenabled -a /usr/sbin/selinuxenabled ]; then
+ run ls -Zd $TESTDIR
+ is "$output" ${RELABEL} "selinux relabel should have happened"
+ fi
run_podman pod rm -f test_pod
}
@test "podman play" {
- echo "$testYaml" > $PODMAN_TMPDIR/test.yaml
+ TESTDIR=$PODMAN_TMPDIR/testdir
+ mkdir -p $TESTDIR
+ echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
run_podman play kube $PODMAN_TMPDIR/test.yaml
+ if [ -e /usr/sbin/selinuxenabled -a /usr/sbin/selinuxenabled ]; then
+ run ls -Zd $TESTDIR
+ is "$output" ${RELABEL} "selinux relabel should have happened"
+ fi
run_podman pod rm -f test_pod
}