aboutsummaryrefslogtreecommitdiff
path: root/test/e2e/exec_test.go
Commit message (Collapse)AuthorAge
* Ensure that `--userns=keep-id` sets user in configMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | One of the side-effects of the `--userns=keep-id` command is switching the default user of the container to the UID of the user running Podman (though this can still be overridden by the `--user` flag). However, it did this by setting the UID and GID in the OCI spec, and not by informing Libpod of its intention to switch users via the `WithUser()` option. Because of this, a lot of the code that should have triggered when the container ran with a non-root user was not triggering. In the case of the issue that this fixed, the code to remove capabilities from non-root users was not triggering. Adjust the keep-id code to properly inform Libpod of our intention to use a non-root user to fix this. Also, fix an annoying race around short-running exec sessions where Podman would always print a warning that the exec session had already stopped. Fixes #9919 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix podman build --pull-neverDaniel J Walsh2021-03-27
| | | | | | | | | | | Currently pull policy is set incorrectly when users set --pull-never. Also pull-policy is not being translated correctly when using podman-remote. Fixes: #9573 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* bump go module to v3Valentin Rothberg2021-02-22
| | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Handle podman exec capabilities correctlyDaniel J Walsh2021-01-07
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* exec: honor --privilegedGiuseppe Scrivano2020-12-24
| | | | | | | write the capabilities to the configuration passed to the OCI runtime. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Improve error messages from failing testsDebarshi Ray2020-11-03
| | | | | | | | | | Using a function like ContainSubstring or Equal is better because if the test fails it will log a descriptive error that includes the actual string generated during the test. This is more helpful than a function like BeTrue that will only indicate that an assertion failed without giving further details of the failure. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* Attempt to turn on some more remote testsDaniel J Walsh2020-10-07
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix ubuntu exec_testChris Evich2020-09-30
| | | | | | | | | | Test passes on Fedora because the registry server is one of the defaults. However it is not typically configured on Ubuntu hosts, and therefor this test can fail. While specifying the FQIN in the dockerfile text is not an ideal solution, it cannot negatively affect other tests which utilize `podmanTest.BuildImage`. Signed-off-by: Chris Evich <cevich@redhat.com>
* Remove final v2remotefail failuresDaniel J Walsh2020-09-23
| | | | | | | | | Most have been fixed, others I replaced with SkipIfRemote Fix ContainerStart on tunnel, it needs to wait for the exit status before returning. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* e2e tests: SkipIfRemote(): add a reasonEd Santiago2020-09-23
| | | | | | | | | | | | | | | | | Now that Dan has added helpful comments to each SkipIfRemote, let's take the next step and include those messages in the Skip() output so someone viewing test results can easily see if a remote test is skipped for a real reason or for a FIXME. This commit is the result of a simple: perl -pi -e 's;(SkipIfRemote)\(\)(\s+//\s+(.*))?;$1("$3");' *.go in the test/e2e directory, with a few minor (manual) changes in wording. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Examine all SkipIfRemote functionsDaniel J Walsh2020-09-22
| | | | | | | | Remove ones that are not needed. Document those that should be there. Document those that should be fixed. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Preserve groups in exec sessions in ctrs with --userMatthew Heon2020-09-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman wants to guarantee that exec sessions retain the groups of the container they are started in, unless explicitly overridden by the user. This guarantee was broken for containers where the `--user` flag was specified; this patch resolves that. Somewhere in the Exec rewrite for APIv2, I changed the location where the container's User is passed into the exec session (similar to groups, we also want to preserve user unless overridden). The lower-level Exec APIs already handled setting user and group appropriately if not specified when the exec session was created, but I added duplicate code to handle this higher in the stack - and that code only handled setting user, not supplemental groups, breaking support in that specific case. Two things conspired to make this one hard to track down: first, things were only broken if the container explicitly set a user; otherwise, the container user would still appear to be unset to the lower-level code, which would properly set supplemental groups (this tricked our existing test into passing). Also, the `crun` OCI runtime will add the groups without prompting, which further masked the problem there. I debated making `runc` do the same, but in the end it's better to fix this in Podman - it's better to be explicit about what we want done so we will work with all OCI runtimes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Ensure that exec errors write exit codes to the DBMatthew Heon2020-08-05
| | | | | | | | | | | | | | | | | | | In local Podman, the frontend interprets the error and exit code given by the Exec API to determine the appropriate exit code to set for Podman itself; special cases like a missing executable receive special exit codes. Exec for the remote API, however, has to do this inside Libpod itself, as Libpod will be directly queried (via the Inspect API for exec sessions) to get the exit code. This was done correctly when the exec session started properly, but we did not properly handle cases where the OCI runtime fails before the exec session can properly start. Making two error returns that would otherwise not set exit code actually do so should resolve the issue. Fixes #6893 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Correctly print STDOUT on non-terminal remote execMatthew Heon2020-07-10
| | | | | | | | | | | | | | I confused STDIN and STDOUT's file descriptors (it's 0 and 1, I thought they were 1 and 0). As such, we were looking at whether we wanted to print STDIN when we looked to print STDOUT. This bool was set when `-i` was set in at the `podman exec` command line, which masked the problem when it was set. Fixes #6890 Fixes #6891 Fixes #6892 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Change buildtag for remoteclient to remote for testingDaniel J Walsh2020-07-06
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Do not share container log driver for execMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | When the container uses journald logging, we don't want to automatically use the same driver for its exec sessions. If we do we will pollute the journal (particularly in the case of healthchecks) with large amounts of undesired logs. Instead, force exec sessions logs to file for now; we can add a log-driver flag later (we'll probably want to add a `podman logs` command that reads exec session logs at the same time). As part of this, add support for the new 'none' logs driver in Conmon. It will be the default log driver for exec sessions, and can be optionally selected for containers. Great thanks to Joe Gooch (mrwizard@dok.org) for adding support to Conmon for a null log driver, and wiring it in here. Fixes #6555 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add a test for detached execMatthew Heon2020-05-20
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* v2 enable remote integration testsBrent Baude2020-05-19
| | | | | | enable remote integration tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* test: enable exec testsGiuseppe Scrivano2020-04-28
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Force integration tests to passBrent Baude2020-04-21
| | | | | | Failing tests are now skipped and we should work from this. Signed-off-by: Brent Baude <bbaude@redhat.com>
* test: enable preserve fds test for crunGiuseppe Scrivano2020-04-09
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: fix exec preserve-fds testGiuseppe Scrivano2020-04-09
| | | | | | | | | | it specifies a fd is passed down but we are not really doing it, and it triggers the wrong fd to be closed by Podman after the OCI runtime invocation. Closes: https://github.com/containers/libpod/issues/5769 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* attach: fix hang if control path is deletedGiuseppe Scrivano2020-04-02
| | | | | | | | if the control path file is deleted, libpod hangs waiting for a reader to open it. Attempt to open it as non blocking until it returns an error different than EINTR or EAGAIN. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Ensure that exec sessions inherit supplemental groupsMatthew Heon2020-02-28
| | | | | | | | This corrects a regression from Podman 1.4.x where container exec sessions inherited supplemental groups from the container, iff the exec session did not specify a user. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Processes execed into container should match container labelDaniel J Walsh2019-10-29
| | | | | | Processes execed into a container were not being run with the correct label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Refactor tests when checking for error exit codesJhon Honce2019-10-16
| | | | | | | Rather than checking for non-zero, we need to check for >0 to distinguish between timeouts and error exit codes. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* exec: fix --preserve-fdsPeter Hunt2019-09-16
| | | | | | | | | | | | There were two problems with preserve fds. libpod didn't open the fds before passing _OCI*PIPE to conmon. This caused libpod to talk on the preserved fds, rather than the pipes, with conmon talking on the pipes. This caused a hang. Libpod also didn't convert an int to string correctly, so it would further fail. Fix these and add a unit test to make sure we don't regress in the future Note: this test will not pass on crun until crun supports --preserve-fds Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Test that PTYs created by 'podman exec --tty' have the ONLCR flagDebarshi Ray2019-09-12
| | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* exec: run with user specified on container startPeter Hunt2019-08-20
| | | | | | | Before, if the container was run with a specified user that wasn't root, exec would fail because it always set to root unless respecified by user. instead, inherit the user from the container start. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* test: enable all tests for crunGiuseppe Scrivano2019-08-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: fix return code check for missing workdirGiuseppe Scrivano2019-08-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* tests: disable some tests currently failing when not using runcGiuseppe Scrivano2019-08-12
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* add detach keys support for remotePeter Hunt2019-07-23
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Update e2e tests for remote execPeter Hunt2019-07-23
| | | | | | | including changing -l to the container id and separating a case of setting the env that remote can't handle Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Finish up remote exec implementationPeter Hunt2019-07-23
| | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Implement conmon execPeter Hunt2019-07-22
| | | | | | | | | | | | | | | | | | | | | | This includes: Implement exec -i and fix some typos in description of -i docs pass failed runtime status to caller Add resize handling for a terminal connection Customize exec systemd-cgroup slice fix healthcheck fix top add --detach-keys Implement podman-remote exec (jhonce) * Cleanup some orphaned code (jhonce) adapt remote exec for conmon exec (pehunt) Fix healthcheck and exec to match docs Introduce two new OCIRuntime errors to more comprehensively describe situations in which the runtime can error Use these different errors in branching for exit code in healthcheck and exec Set conmon to use new api version Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Peter Hunt <pehunt@redhat.com>
* use imagecaches for local testsbaude2019-05-29
| | | | | | | | | when doing localized tests (not varlink), we can use secondary image stores as read-only image caches. this cuts down on test time significantly because each test does not need to restore the images from a tarball anymore. Signed-off-by: baude <bbaude@redhat.com>
* ginkgo status improvementsbaude2019-03-08
| | | | | | | a series of improvements to our ginkgo test framework so we can get better ideas of whats going on when run in CI Signed-off-by: baude <bbaude@redhat.com>
* Add tests to make sure podman container and podman image commands workDaniel J Walsh2019-03-02
| | | | | | | | | We have little to no testing to make sure we don't break podman image and podman container commands that wrap traditional commands. This PR adds tests for each of the commands. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Run integrations test with remote-clientbaude2019-01-14
| | | | | | | | | | | | Add the ability to run the integration (ginkgo) suite using the remote client. Only the images_test.go file is run right now; all the rest are isolated with a // +build !remotelinux. As more content is developed for the remote client, we can unblock the files and just block single tests as needed. Signed-off-by: baude <bbaude@redhat.com>
* Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* Separate common used test functions and structs to test/utilsYiqiao Pu2018-11-16
| | | | | | | Put common used test functions and structs to a separated package. So we can use them for more testsuites. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* Use restoreArtifacts to save time in integration testsbaude2018-10-22
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Swap test image in exec test to fedora for useraddMatthew Heon2018-08-23
| | | | | | | | | | We need a useradd binary in the container for this test, so swap from Alpine to fedora-minimal. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1315 Approved by: vrothberg
* Add tests for exec --userMatthew Heon2018-08-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1315 Approved by: vrothberg
* Show duration for each ginkgo test and test speed improvementsbaude2018-07-28
| | | | | | | | | | | | | | Because our tests are getting so long, we want to be able to audit which tests are taking the longest to complete. This may indicate a bad test, bad CI, bad code, etc and therefore should be auditable. Also, make speed improvements to tests by making sure we only unpack caches images that actually get used. Signed-off-by: baude <bbaude@redhat.com> Closes: #1178 Approved by: mheon