| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add following test cases for security-opt:
- Check default selinux value
- Disable security options in container
- Setup selinux type in security-opt
- Disable seccomp protection
- Configure custom seccomp.json
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Closes: #837
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
This function is used to write json format configure files.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Closes: #837
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Use function in opencontainers/selinux/go-selinux to check the
selinux status in our test.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Closes: #837
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Also add annotations from the image the container was created
from.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #886
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we are giving all caps to users when running with podman run --user,
They should get none by default. If the command line includes --cap-add, then
we need to run with those capabilties. Similarly we need to drop caps from
bounding set, if user specifies --cap-drop
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #851
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
| |
The docker-archive tar files can have multiple tags for the same
image stored in it. Load pulls all the tags found in the archive
when loading a tar file. Save can oush multiple tags of the same
image to a tar archive.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #819
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #831
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we're given a numeric --user value, default to GID 0 if the numeric
ID doesn't correspond to a user entry in /etc/passwd that can provide us
with the user's primary group ID.
Make sure that GetAdditionalGroupsForUser() returns wrapped errors.
Also test various user:group forms.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #728
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the user uses the image ID when saving to either docker-archive
or oci-archive, then do not save a reference in the manifest/index.json.
If the user chooses to push without an image reference, i.e <transport>:<path>
it should be valid and succeed.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #782
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Until we get Systemd cgroup manager working, this will
cause a validation error.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #507
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #690
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
If the user does not provide a host port when adding -p to create/run, podman should inject an available random port.
podman run -p 80 .... podman should assign a random port to the host and expose the container port 80 to it
Signed-off-by: baude <bbaude@redhat.com>
Closes: #703
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
when performing a container commit, we should not add the default list of volumes
for a container to the resulting image. it will cause the resulting image to crash
when run subsequently.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #699
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
file names for podman load, save, export, and import cannot
contain ":" in them. It is a reserved character for parsing
filenames.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #694
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
| |
Vendor in buildah and use as much of commit and bug as possible for podman
build and commit.
Resolves #586
Signed-off-by: baude <bbaude@redhat.com>
Closes: #681
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
The hidden flag is used to override the path of the default mounts file
for testing purposes.
Also modified the secrets pkg to allow for this override to happen.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #678
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
| |
If an integer is passed into the --user flag, i.e --user=1234
don't look up the user in /etc/passwd, just assign the integer as the uid.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #652
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Add search test with filter stars, is-automated and is-official.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Closes: #662
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Add --no-trunc to the command line and add output check for the
lines not include "..." with this flag.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Closes: #662
Approved by: rhatdan
|
|\
| |
| | |
Add FIPS mode secret
|
| |
| |
| |
| |
| |
| |
| |
| | |
If the host is in FIPS mode and /etc/system-fips exists
/run/secrets/system-fips is created in the container so that
the container can run in FIPS mode as well.
Signed-off-by: umohnani8 <umohnani@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Test the --timeout flag with a container which can not be stopped with
SIGSTOP. This means the container should can not be stopped and will be
killed then restart with timeout value. Test steps:
Start a container with STOPSIGNAL=SIGKILL
Restart it with --timeout set to 2s
Check the restart command will finished more than 2s and less than
10s(the default timeout)
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove the --latest from the restart running container test, and
add a separated case with following steps:
start two container in order: test1, test2
restart container with --latest
check the start time for test1 and test2
And the results should be test1 is not restarted and test2 is restarted.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|/
|
|
|
|
| |
Check the start time changed after restart the container.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
been meaning to do this for a while. add an environment variable that
disables the caching and restoring of images before integration tests
are run. this is useful for developers only ... when testing specific
integration tests where caching and restoring the images is not worth
the benefit.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #650
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
When STDOUT and STDERR are not attached, we now print a container
ID. Make the tests aware of this.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #638
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test steps are:
1. Start a container and touch a file under /tmp
2. Use diff to check the container
3. commit the change into a new image
4. Use diff to check the image
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Closes: #643
Approved by: mheon
|
|
|
|
|
|
|
|
|
| |
Made necessary changes to functions to include contex.Context wherever needed
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #640
Approved by: baude
|
|
|
|
|
|
|
|
|
| |
Update LineInOuputContains to LineInOutputContains.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Closes: #642
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Nathan Williams <nath.e.will@gmail.com>
Closes: #635
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
- fix host string split to permit IPv6
Signed-off-by: Nathan Williams <nath.e.will@gmail.com>
Closes: #635
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Use this function to check if command exist before execute it
in our test.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Sometime podman push local registry still failed caused by the
docker registry is not start yet after sleep 5s in the test.
So add this function to check the container status by its output
and skip the test when the docker registry can not start normally
instead of failed the case.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add five tests for podman push tests:
- push to docker with authorization
- push to docker-archive
- push to docker-daemon
- push to oci-archive
- push to ostree
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to not allow the use of -a/-i on containers that were not
started with -i or a tty. Given the improvements in our terminal
handling, this should work now.
This also fixes a systemic problem with the autotests.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #617
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
| |
The secrets code was just tarring and copying the contents of the secrets directory on host as is.
This meant it was not accounting for any symlinks inside the directory, leading up to the contents
not being copied over.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #611
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #608
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We leak open files when creating new c/storage stores (locks do
not close themselves, so the open FDs in the test suite increase
every time we use c/storage to load cached images for the tests).
Fix this temporarily by increasing rlimits on open files until we
can create a permanent fix next release.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #615
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #612
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--group-add
--blkio-weight-device
--device-read-bps
--device-write-bps
--device-read-iops
--device-write-iops
--group-add now supports group names as well as the gid associated with them.
All the --device flags work now with moderate changes to the code to support both
bps and iops.
Added tests for all the flags.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #590
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #155
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
| |
In our ezrly development, we always allocated a tty when not -d. Now we should only allocated when the user asks for it.
Resolves: #573
Signed-off-by: baude <bbaude@redhat.com>
Closes: #574
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #576
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Use a socket to coordinate between the test suite and the container and its
script.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #567
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should allow users to pass in image ids with the sha256: prefix
for local images.
Resolves: #493
Signed-off-by: baude <bbaude@redhat.com>
Closes: #560
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
Adds support for mounting secrets especially on RHEL where the container
can use the host subsription to run yum
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #544
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #564
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the user does not specify foo=bar, then the exec code should
look for the foo environment variable in its environment and pass it
in. This is the way podman run works.
Also added tests to make sure this all works.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #552
Approved by: mheon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An image name is really just a tag. When an image has multiple tags, we should be
able to "delete" the one of its tags without harm. In this case, the "delete' is
really a form of Untag (removing the tag from the image).
If an image has multiple tags and the user tries to delete by ID without force, this
should be denied because when you delete by ID there is no distinguishing it like
image tags.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #528
Approved by: mheon
|