summaryrefslogtreecommitdiff
path: root/test/e2e/run_volume_test.go
Commit message (Collapse)AuthorAge
...
* Turn off 'noexec' option by default for named volumesMatthew Heon2020-05-20
| | | | | | | | | We previously enforced this for security reasons, but as Dan has explained on several occasions, it's not very valuable there (it's trivially easy to bypass) and it does seriously annoy folks trying to use named volumes. Flip the default from 'on' to 'off'. Signed-off-by: Matthew Heon <mheon@redhat.com>
* enable volume integration testsBrent Baude2020-04-27
| | | | | | | | enabled integration tests for volumes. there are two exceptions that still need work because of something not yet implemented. also, add code to deal with the fact that containers conf appears to set a local volume driver where it used to be simply blank. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Add support for volumes-from, image volumes, initMatthew Heon2020-04-27
| | | | | | | | | | | This should complete Podmanv2's support for volume-related flags. Most code was sourced from the old pkg/spec implementation with modifications to account for the split between frontend flags (volume, mount, tmpfs) and the backend flags implemented here. Also enables tests for podman run with volumes Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Force integration tests to passBrent Baude2020-04-21
| | | | | | Failing tests are now skipped and we should work from this. Signed-off-by: Brent Baude <bbaude@redhat.com>
* test/e2e/run_volume_test: use unique mount pointKir Kolyshkin2020-04-02
| | | | | | | | | | | | For volume and bind mount tests, use the in-container mount point path that has no common ancestor with any host path (except for root). This might help to uncover bugs like [1]. Even if not, it seems lile a good cleanup regardless. [1] https://github.com/containers/libpod/pull/5676 Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* test/e2e/run_volume_test.go: mv dockerfile declKir Kolyshkin2020-04-02
| | | | | | | | Move declaration of a dockerfile closer to its use. Since it is used only once, there's no sense in having it declared globally. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* test/e2e/run_volume_test: only create dir onceKir Kolyshkin2020-04-02
| | | | | | | | | | | | | Remove repeated mountPath directory creation. * For the first two hunks it is the same dir ("secrets") that was already created before. * For the last hunk ("scratchpad") it is not used at all. Add an empty line after Mkdir for cases where dir is used more than once. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Switch to using --time as opposed to --timeout to better match Docker.Daniel J Walsh2020-03-31
| | | | | | | We need to consistently use --time rather then --timeout throughout the code. Fix locations where timeout defaults are not set correctly as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Use cleaned destination path for indexing image volumesMatthew Heon2020-02-17
| | | | | | | | | | | | | | We use filepath.Clean() to remove trailing slashes to ensure that when we supercede image mounts with mounts from --volume and --mount, paths are consistent when we compare. Unfortunately, while we used the cleaned path for the destination in the mount, it was accidentally not used to index the maps that we use to identify what to supercede, so our comparisons might be thrown off by trailing slashes and similar. Fixes #5219 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Do not copy up when volume is not emptyMatthew Heon2020-02-12
| | | | | | | | | | | | | | | | | When Docker performs a copy up, it first verifies that the volume being copied into is empty; thus, for volumes that have been modified elsewhere (e.g. manually copying into then), the copy up will not be performed at all. Duplicate this behavior in Podman by checking if the volume is empty before copying. Furthermore, move setting copyup to false further up. This will prevent a potential race where copy up could happen more than once if Podman was killed after some files had been copied but before the DB was updated. This resolves CVE-2020-1726. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* mount: add new options nocopyup|copyup for tmpfsGiuseppe Scrivano2019-11-07
| | | | | | add a way to disable tmpcopyup for tmpfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Wait for `mount` command to finish when mounting volumeMatthew Heon2019-10-30
| | | | | | | | | | | | | | | | command.Start() just starts the command. That catches some errors, but the nasty ones - bad options and similar - happen when the command runs. Use CombinedOutput() instead - it waits for the command to exit, and thus catches non-0 exit of the `mount` command (invalid options, for example). STDERR from the `mount` command is directly used, which isn't necessarily the best, but we can't really get much more info on what went wrong. Fixes #4303 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Image volumes should not be mounted noexecMatthew Heon2019-10-23
| | | | | | | | | This matches Docker more closely, but retains the more important protections of nosuid/nodev. Fixes #4318 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add support for anonymous volumes to `podman run -v`Matthew Heon2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when `podman run` encountered a volume mount without separate source and destination (e.g. `-v /run`) we would assume that both were the same - a bind mount of `/run` on the host to `/run` in the container. However, this does not match Docker's behavior - in Docker, this makes an anonymous named volume that will be mounted at `/run`. We already have (more limited) support for these anonymous volumes in the form of image volumes. Extend this support to allow it to be used with user-created volumes coming in from the `-v` flag. This change also affects how named volumes created by the container but given names are treated by `podman run --rm` and `podman rm -v`. Previously, they would be removed with the container in these cases, but this did not match Docker's behaviour. Docker only removed anonymous volumes. With this patch we move to that model as well; `podman run -v testvol:/test` will not have `testvol` survive the container being removed by `podman rm -v`. The sum total of these changes let us turn on volume removal in `--rm` by default. Fixes: #4276 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Refactor tests when checking for error exit codesJhon Honce2019-10-16
| | | | | | | Rather than checking for non-zero, we need to check for >0 to distinguish between timeouts and error exit codes. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Handle conflict between volumes and --read-only-tmpfsMatthew Heon2019-09-24
| | | | | | | | | | When a named volume is mounted on any of the tmpfs filesystems created by read-only tmpfs, it caused a conflict that was not resolved prior to this. Fixes BZ1755119 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* When first mounting any named volume, copy upMatthew Heon2019-09-09
| | | | | | | | | | | Previously, we only did this for volumes created at the same time as the container. However, this is not correct behavior - Docker does so for all named volumes, even those made with 'podman volume create' and mounted into a container later. Fixes #3945 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add ability for volumes with options to mount/umountMatthew Heon2019-09-05
| | | | | | | | | | | | | When volume options and the local volume driver are specified, the volume is intended to be mounted using the 'mount' command. Supported options will be used to volume the volume before the first container using it starts, and unmount the volume after the last container using it dies. This should work for any local filesystem, though at present I've only tested with tmpfs and btrfs. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add test to verify noexec works with volume mountsMatthew Heon2019-09-04
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add a test for the new suid/exec/dev optionsMatthew Heon2019-08-28
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Re-add locks to volumes.Matthew Heon2019-08-28
| | | | | | | | | | This will require a 'podman system renumber' after being applied to get lock numbers for existing volumes. Add the DB backend code for rewriting volume configs and use it for updating lock numbers as part of 'system renumber'. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Allow --ro=[true|false] with mount flagMatthew Heon2019-08-07
| | | | | | | | | | | The 'podman run --mount' flag previously allowed the 'ro' option to be specified, but was missing the ability to set it to a bool (as is allowed by docker). Add that. While we're at it, allow setting 'rw' explicitly as well. Fixes #2980 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add tests for cached and delegated mountsMatthew Heon2019-06-19
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* use imagecaches for local testsbaude2019-05-29
| | | | | | | | | when doing localized tests (not varlink), we can use secondary image stores as read-only image caches. this cuts down on test time significantly because each test does not need to restore the images from a tarball anymore. Signed-off-by: baude <bbaude@redhat.com>
* Add test for image volume conflict with user volumeMatthew Heon2019-05-21
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix podman-in-podman volume testMatthew Heon2019-05-02
| | | | | | | | | | When running inside Podman, we get an extra `nodev` mount option. It doesn't seem to be a bug, more an artifact of running in a somewhat locked-down container. So instead of checking explicitly for a set of mount options, just verify the ones we set are present. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Begin adding volume testsMatthew Heon2019-05-01
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-06 13:22:11 +0000