| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Disable seccomp by default when creating a privileged container.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running a privileged container and `SeccompProfilePath` is empty no seccomp profile should be applied.
(Previously this was the case only if `SeccompProfilePath` was set to a non-empty default path.)
Closes #8849
Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
|
|/
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Handle the ALL Flag when running with an account as a user.
Currently we throw an error when the user specifies
podman run --user bin --cap-add all fedora echo hello
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
Always use CGROUPV2 rather then reading from system all the time.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(This is an adoption of #7533 because Brent is on PTO).
Pick up new crun and crio-runc.
Also: renames from useful fedora-32 and -31 to less-useful
names; presumably this is needed by something-something in
the new VM setup.
Also: tweak two e2e tests to more properly handle a kernel
(5.8.4) with a greater set of capabilities than what we
or crun can yet handle.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the advent of Podman 2.0.0 we crossed the magical barrier of go
modules. While we were able to continue importing all packages inside
of the project, the project could not be vendored anymore from the
outside.
Move the go module to new major version and change all imports to
`github.com/containers/libpod/v2`. The renaming of the imports
was done via `gomove` [1].
[1] https://github.com/KSubedi/gomove
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
|
| |
when doing localized tests (not varlink), we can use secondary image
stores as read-only image caches. this cuts down on test time
significantly because each test does not need to restore the images from
a tarball anymore.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
| |
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
a series of improvements to our ginkgo test framework so we can
get better ideas of whats going on when run in CI
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some callers assume when SystemExec returns, the command has completed.
Other callers explicitly wait for completion (as required). However,
forgetting to do that is an incredibly easy mistake to make. Fix this
by adding an explicit parameter to the function. This requires
every caller to deliberately state whether or not a completion-check
is required.
Also address **many** resource naming / cleanup completion-races.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the ability to run the integration (ginkgo) suite using
the remote client.
Only the images_test.go file is run right now; all the rest are
isolated with a // +build !remotelinux. As more content is
developed for the remote client, we can unblock the files and
just block single tests as needed.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
Update the test to compare the output from different containers.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|
|
|
|
|
|
| |
Put common used test functions and structs to a separated package.
So we can use them for more testsuites.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|
|
|
|
|
| |
Like Ricky Bobby, we want to go fast.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because our tests are getting so long, we want to be able to audit which tests are taking
the longest to complete. This may indicate a bad test, bad CI, bad code, etc and therefore
should be auditable.
Also, make speed improvements to tests by making sure we only unpack caches images that
actually get used.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1178
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it.
Resolves: #573
Signed-off-by: baude <bbaude@redhat.com>
Closes: #574
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
Review comments to delete WithNoNew function and its append.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #369
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #369
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should be able to run nested podman containers in particular
for our testing environment. i.e. eat our own dog food.
Some privileges had to be corrected in order for this to work
correctly.
Added a third papr target that runs podman tests inside podman. I
marked the test as not required right now as we get more confident
in the results
Signed-off-by: baude <bbaude@redhat.com>
Closes: #340
Approved by: rhatdan
|
|
When running a privileged container, it should inherit the same
devices the host has.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #330
Approved by: mheon
|