aboutsummaryrefslogtreecommitdiff
path: root/test/e2e/run_privileged_test.go
Commit message (Collapse)AuthorAge
* Privileged containers can now restart if the host devices changeJake Correnti2022-06-06
| | | | | | | | | | | | | | | | | | | | | | If a privileged container is running, stops, and the devices on the host change, such as a USB device is unplugged, then a container would no longer start. Previously, the devices from the host were only being added to the container once: when the container was created. Now, this happens every time the container starts. I did this by adding a boolean to the container config that indicates whether to mount all of the devices or not, which can be set via an option. During spec generation, if the `MountAllDevices` option is set in the container config, all host devices are added to the container. Additionally, a couple of functions from `pkg/specgen/generate/config_linux.go` were moved into `pkg/util/utils_linux.go` as they were needed in multiple packages. Closes #13899 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* enable errcheck linterPaul Holzinger2022-04-29
| | | | | | | | The errcheck linter makes sure that errors are always check and not ignored by accident. It spotted a lot of unchecked errors, mostly in the tests but also some real problem in the code. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* bump go module to version 4Valentin Rothberg2022-01-18
| | | | | | | | | | | | | Automated for .go files via gomove [1]: `gomove github.com/containers/podman/v3 github.com/containers/podman/v4` Remaining files via vgrep [2]: `vgrep github.com/containers/podman/v3` [1] https://github.com/KSubedi/gomove [2] https://github.com/vrothberg/vgrep Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Use HaveLen(x) instead of Expect(len(y)).To(Equal(x))Ed Santiago2021-12-02
| | | | | | sed -i -e 's/Expect(len(\(.*\)))\.To(Equal(\(.*\)))/Expect(\1).To(HaveLen(\2))/' test/e2e/*.go Signed-off-by: Ed Santiago <santiago@redhat.com>
* e2e: yet more cleanup of BeTrue/BeFalseEd Santiago2021-11-30
| | | | | | Thanks to Paul for teaching me about HaveKey() Signed-off-by: Ed Santiago <santiago@redhat.com>
* e2e tests: enable golintEd Santiago2021-11-29
| | | | | | ...and fix problems found therewith. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Semiperiodic cleanup of obsolete Skip()sEd Santiago2021-11-19
| | | | | | | | | | | | | | Found by my find-obsolete-skips script. Let's see which, if any, of these skipped tests can be reenabled. Some Skips are "this will never work", not "this is expected to work one day". Update the message on those to reflect that. Some were real bugs in the test framework. Fix those. And, joy of joys, some work today. Remove those skips. Signed-off-by: Ed Santiago <santiago@redhat.com>
* e2e tests: use Should(Exit()) and ExitWithError()Ed Santiago2021-07-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e2e test failures are rife with messages like: Expected 1 to equal 0 These make me cry. They're anti-helpful, requiring the reader to dive into the source code to figure out what those numbers mean. Solution: Go tests have a '.Should(Exit(NNN))' mechanism. I don't know if it spits out a better diagnostic (I have no way to run e2e tests on my laptop), but I have to fantasize that it will, and given the state of our flakes I assume that at least one test will fail and give me the opportunity to see what the error message looks like. THIS IS NOT REVIEWABLE CODE. There is no way for a human to review it. Don't bother. Maybe look at a few random ones for sanity. If you want to really review, here is a reproducer of what I did: cd test/e2e ! positive assertions. The second is the same as the first, ! with the addition of (unnecessary) parentheses because ! some invocations were written that way. The third is BeZero(). perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Equal\((\d+)\)\)/Expect($1).Should(Exit($2))/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(\(Equal\((\d+)\)\)\)/Expect($1).Should(Exit($2))/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(BeZero\(\)\)/Expect($1).Should(Exit(0))/' *_test.go ! Same as above, but handles three non-numeric exit codes ! in run_exit_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Equal\((\S+)\)\)/Expect($1).Should(Exit($2))/' *_test.go ! negative assertions. Difference is the spelling of 'To(Not)', ! 'ToNot', and 'NotTo'. I assume those are all the same. perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Not\(Equal\((0)\)\)\)/Expect($1).To(ExitWithError())/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.ToNot\(Equal\((0)\)\)/Expect($1).To(ExitWithError())/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.NotTo\(Equal\((0)\)\)/Expect($1).To(ExitWithError())/' *_test.go ! negative, old use of BeZero() perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.ToNot\(BeZero\(\)\)/Expect($1).Should(ExitWithError())/' *_test.go Run those on a clean copy of main branch (at the same branch point as my PR, of course), then diff against a checked-out copy of my PR. There should be no differences. Then all you have to review is that my replacements above are sane. UPDATE: nope, that's not enough, you also need to add gomega/gexec to the files that don't have it: perl -pi -e '$_ .= "$1/gexec\"\n" if m!^(.*/onsi/gomega)"!' $(grep -L gomega/gexec $(git log -1 --stat | awk '$1 ~ /test\/e2e\// { print $1}')) UPDATE 2: hand-edit run_volume_test.go UPDATE 3: sigh, add WaitWithDefaultTimeout() to a couple of places UPDATE 4: skip a test due to bug #10935 (race condition) Signed-off-by: Ed Santiago <santiago@redhat.com>
* Fix podman build --pull-neverDaniel J Walsh2021-03-27
| | | | | | | | | | | Currently pull policy is set incorrectly when users set --pull-never. Also pull-policy is not being translated correctly when using podman-remote. Fixes: #9573 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* bump go module to v3Valentin Rothberg2021-02-22
| | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8863 from mgoltzsche/fix_seccomp_when_privilegedOpenShift Merge Robot2021-01-04
|\ | | | | Disable seccomp by default when creating a privileged container.
| * fix: disable seccomp by default when privileged.Max Goltzsche2021-01-02
| | | | | | | | | | | | | | | | | | When running a privileged container and `SeccompProfilePath` is empty no seccomp profile should be applied. (Previously this was the case only if `SeccompProfilePath` was set to a non-empty default path.) Closes #8849 Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
* | test: fix variables nameGiuseppe Scrivano2020-12-24
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Properly handle --cap-add all when running with a --user flagDaniel J Walsh2020-12-09
| | | | | | | | | | Handle the ALL Flag when running with an account as a user. Currently we throw an error when the user specifies podman run --user bin --cap-add all fedora echo hello Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Make all Skips specify a reasonDaniel J Walsh2020-09-29
| | | | | | Always use CGROUPV2 rather then reading from system all the time. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Remove SkipIfRootless if possible, document other callsDaniel J Walsh2020-09-27
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* WIP: update VM imagesEd Santiago2020-09-03
| | | | | | | | | | | | | | | | (This is an adoption of #7533 because Brent is on PTO). Pick up new crun and crio-runc. Also: renames from useful fedora-32 and -31 to less-useful names; presumably this is needed by something-something in the new VM setup. Also: tweak two e2e tests to more properly handle a kernel (5.8.4) with a greater set of capabilities than what we or crun can yet handle. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Enable a bunch of remote testsDaniel J Walsh2020-07-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Change buildtag for remoteclient to remote for testingDaniel J Walsh2020-07-06
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* move go module to v2Valentin Rothberg2020-07-06
| | | | | | | | | | | | | | | With the advent of Podman 2.0.0 we crossed the magical barrier of go modules. While we were able to continue importing all packages inside of the project, the project could not be vendored anymore from the outside. Move the go module to new major version and change all imports to `github.com/containers/libpod/v2`. The renaming of the imports was done via `gomove` [1]. [1] https://github.com/KSubedi/gomove Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* use imagecaches for local testsbaude2019-05-29
| | | | | | | | | when doing localized tests (not varlink), we can use secondary image stores as read-only image caches. this cuts down on test time significantly because each test does not need to restore the images from a tarball anymore. Signed-off-by: baude <bbaude@redhat.com>
* Enable rootless integration testsbaude2019-03-19
| | | | Signed-off-by: baude <bbaude@redhat.com>
* ginkgo status improvementsbaude2019-03-08
| | | | | | | a series of improvements to our ginkgo test framework so we can get better ideas of whats going on when run in CI Signed-off-by: baude <bbaude@redhat.com>
* Fix SystemExec completion raceChris Evich2019-03-01
| | | | | | | | | | | | | Some callers assume when SystemExec returns, the command has completed. Other callers explicitly wait for completion (as required). However, forgetting to do that is an incredibly easy mistake to make. Fix this by adding an explicit parameter to the function. This requires every caller to deliberately state whether or not a completion-check is required. Also address **many** resource naming / cleanup completion-races. Signed-off-by: Chris Evich <cevich@redhat.com>
* Run integrations test with remote-clientbaude2019-01-14
| | | | | | | | | | | | Add the ability to run the integration (ginkgo) suite using the remote client. Only the images_test.go file is run right now; all the rest are isolated with a // +build !remotelinux. As more content is developed for the remote client, we can unblock the files and just block single tests as needed. Signed-off-by: baude <bbaude@redhat.com>
* Fix no-new-privileges testYiqiao Pu2018-11-16
| | | | | | Update the test to compare the output from different containers. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* Separate common used test functions and structs to test/utilsYiqiao Pu2018-11-16
| | | | | | | Put common used test functions and structs to a separated package. So we can use them for more testsuites. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* Make podman ps fastbaude2018-10-23
| | | | | | Like Ricky Bobby, we want to go fast. Signed-off-by: baude <bbaude@redhat.com>
* Show duration for each ginkgo test and test speed improvementsbaude2018-07-28
| | | | | | | | | | | | | | Because our tests are getting so long, we want to be able to audit which tests are taking the longest to complete. This may indicate a bad test, bad CI, bad code, etc and therefore should be auditable. Also, make speed improvements to tests by making sure we only unpack caches images that actually get used. Signed-off-by: baude <bbaude@redhat.com> Closes: #1178 Approved by: mheon
* Only allocate tty when -tbaude2018-04-03
| | | | | | | | | | | In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it. Resolves: #573 Signed-off-by: baude <bbaude@redhat.com> Closes: #574 Approved by: rhatdan
* Address review commentsbaude2018-02-24
| | | | | | | | | Review comments to delete WithNoNew function and its append. Signed-off-by: baude <bbaude@redhat.com> Closes: #369 Approved by: rhatdan
* Add support for --no-new-privsDaniel J Walsh2018-02-24
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #369 Approved by: rhatdan
* Run podman inside a podman containerbaude2018-02-16
| | | | | | | | | | | | | | | | | We should be able to run nested podman containers in particular for our testing environment. i.e. eat our own dog food. Some privileges had to be corrected in order for this to work correctly. Added a third papr target that runs podman tests inside podman. I marked the test as not required right now as we get more confident in the results Signed-off-by: baude <bbaude@redhat.com> Closes: #340 Approved by: rhatdan
* Privileged containers should inherit host devicesbaude2018-02-15
When running a privileged container, it should inherit the same devices the host has. Signed-off-by: baude <bbaude@redhat.com> Closes: #330 Approved by: mheon