summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* Make an entry in /etc/group when we modify /etc/passwdMatthew Heon2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To ensure that the user running in the container ahs a valid entry in /etc/passwd so lookup functions for the current user will not error, Podman previously began adding entries to the passwd file. We did not, however, add entries to the group file, and this created problems - our passwd entries included the group the user is in, but said group might not exist. The solution is to mirror our logic for /etc/passwd modifications to also edit /etc/group in the container. Unfortunately, this is not a catch-all solution. Our logic here is only advanced enough to *add* to the group file - so if the group already exists but we add a user not a part of it, we will not modify that existing entry, and things remain inconsistent. We can look into adding this later if we absolutely need to, but it would involve adding significant complexity to this already massively complicated function. While we're here, address an edge case where Podman could add a user or group whose UID overlapped with an existing user or group. Also, let's make users able to log into users we added. Instead of generating user entries with an 'x' in the password field, indicating they have an entry in /etc/shadow, generate a '*' indicating the user has no password but can be logged into by other means e.g. ssh key, su. Fixes #7503 Fixes #7389 Fixes #7499 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Ensure rootless containers without a passwd can startMatthew Heon2020-08-31
| | | | | | | | | | | | | | | | We want to modify /etc/passwd to add an entry for the user in question, but at the same time we don't want to require the container provide a /etc/passwd (a container with a single, statically linked binary and nothing else is perfectly fine and should be allowed, for example). We could create the passwd file if it does not exist, but if the container doesn't provide one, it's probably better not to make one at all. Gate changes to /etc/passwd behind a stat() of the file in the container returning cleanly. Fixes #7515 Signed-off-by: Matthew Heon <mheon@redhat.com>
* handle play kube with pod.spec.hostAliaseszhangguanzhang2020-08-31
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7494 from haircommander/play-kube-socketOpenShift Merge Robot2020-08-31
|\ | | | | play kube: handle Socket HostPath type
| * play kube: handle Socket HostPath typePeter Hunt2020-08-28
| | | | | | | | | | | | as well as add test cases for it and the other HostPath types we currently support Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #7469 from zhangguanzhang/generate-kube-with-ExtraHostsOpenShift Merge Robot2020-08-28
|\ \ | |/ |/| fix podman generate kube with HostAliases
| * fix podman generate kube with HostAliaseszhangguanzhang2020-08-27
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Fix log level case regressionSascha Grunert2020-08-28
|/ | | | | | | | | | With previous versions of Podman (like v1.9.2) it was always possible to specify the log level in any case, for example `INFO`. This behavior has silently changed, where the `--log-level` flag only accepts lower case levels. This commit re-enables the old behavior and adds an e2e test for it. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Merge pull request #7390 from baude/podnetOpenShift Merge Robot2020-08-21
|\ | | | | error when adding container to pod with network information
| * error when adding container to pod with network informationBrent Baude2020-08-21
| | | | | | | | | | | | | | | | | | | | | | | | because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes: * static IP (v4 and v6) * static mac * ports -p (i.e. -p 8080:80) * exposed ports (i.e. 222-225) * publish ports from image -P Signed-off-by: Brent Baude <bbaude@redhat.com>
* | fix pod creation with "new:" syntax followup + allow hostnamePaul Holzinger2020-08-20
|/ | | | | | | | | | | | | | | | | | | | | Fixes: 4c75fe3f70ed ("fix pod creation with "new:" syntax") Commit 4c75fe3f70ed passes all net options to the pod but forgot to unset the options for the container creation. This leads to erros when using flags like `--ip` since we tried setting the ip on the pod and container which obviously fails. I didn't notice the bug because we don't throw an error when specifing port bindings on a container which joins the pods network namespace. (#7373) Also allow the use of `--hostname` and pass that option to the pod and unset it for the container. The container has to use the pods hostname anyway. This would error otherwise. Added tests to prevent regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7341 from edsantiago/e2e_use_tmpdirsOpenShift Merge Robot2020-08-18
|\ | | | | e2e tests: use actual temp dirs, not "/tmp/dir"
| * e2e tests: use actual temp dirs, not "/tmp/dir"Ed Santiago2020-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the --iidfile tests was flaking: Error: failed to write image ID to file "/tmp/dir/idFile": open /tmp/dir/idFile: no such file or directory Root cause: test was actually not mkdir'ing /tmp/dir. Test was mostly passing because _other_ tests in the suite were mkdir'ing it, but once in a while this test ran before the others. Solution: fixed this test to use CreateTempDirInTempDir(). And, since hardcoded tempdirs are bad practice, grepped for '"dir"' and fixed all other instances too. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | flake fix: podman image trustEd Santiago2020-08-18
|/ | | | | | | | | The output of 'podman image trust' is in random order; but its e2e test was assuming a specific one. This caused flakes. Fixes: #6764 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7314 from aojea/ipv6_default_gwOpenShift Merge Robot2020-08-16
|\ | | | | IPv6 default route
| * podman support for IPv6 networksAntonio Ojea2020-08-15
| | | | | | | | | | | | | | | | | | | | | | podman containers using IPv6 were missing the default route, breaking deployments trying to use them. The problem is that the default route was hardcoded to IPv4, this takes into consideration the podman subnet IP family to generate the corresponding default route. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | run, create: add new security-opt proc-optsGiuseppe Scrivano2020-08-12
|/ | | | | | | it allows to customize the options passed down to the OCI runtime for setting up the /proc mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add support for setting the CIDR when using slirp4netnsAdis Hamzić2020-08-12
| | | | | | | | This adds support for the --cidr parameter that is supported by slirp4netns since v0.3.0. This allows the user to change the ip range that is used for the network inside the container. Signed-off-by: Adis Hamzić <adis@hamzadis.com>
* Merge pull request #7269 from openSUSE/seccompOpenShift Merge Robot2020-08-11
|\ | | | | Allow specifying seccomp profiles for privileged containers
| * Allow specifying seccomp profiles for privileged containersSascha Grunert2020-08-11
| | | | | | | | | | | | | | To sync the behavior between AppArmor and seccomp it is now possible to also specify seccomp profiles for privileged containers. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7239 from rhatdan/workingOpenShift Merge Robot2020-08-11
|\ \ | | | | | | Fix handling of working dir
| * | Fix handling of working dirDaniel J Walsh2020-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Buildah and podman build can create images without a working dir. FROM fedora WORKDIR /test If you build this image with caching twice, the second time the image will not have a working dir. Similarly if you execute podman run --workdir /foobar fedora It blows up since the workingdir is not created automatically. Finally there was duplicated code for getting the workingdir out of an image, that this PR removes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Add the Status field in the ps --format=jsonzhangguanzhang2020-08-11
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #7256 from mheon/fix_cmd_with_entrypointOpenShift Merge Robot2020-08-10
|\ \ \ | |_|/ |/| | Do not use image CMD if user gave ENTRYPOINT
| * | Do not use image CMD if user gave ENTRYPOINTMatthew Heon2020-08-10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker behavior, and seems to make sense - the CMD may have been specific to the original entrypoint and probably does not make sense if it was changed. While we're in here, greatly simplify the logic for populating the SpecGen's Command. We create the full command when making the OCI spec, so the client should not be doing any more than setting it to the Command the user passed in, and completely ignoring ENTRYPOINT. Fixes #7115 Signed-off-by: Matthew Heon <mheon@redhat.com>
* / generate systemd: fix error handlingValentin Rothberg2020-08-10
|/ | | | | | | | | Fix a bug in the error handling which returned nil instead of an error and ultimately lead to nil dereferences in the client. To prevent future regressions, add a test and check for the error message. Fixes: #7271 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #7216 from 5eraph/masterOpenShift Merge Robot2020-08-09
|\ | | | | support outbound-addr
| * changes to support outbound-addr5eraph2020-08-07
| | | | | | | | | | | | Fixes #6064 Signed-off-by: Bohumil Cervenka <5eraph@protonmail.com>
* | Merge pull request #7232 from Luap99/podman-logs-tailOpenShift Merge Robot2020-08-07
|\ \ | | | | | | fix podman logs --tail when log is bigger than pagesize
| * | fix podman logs --tail when log is bigger than pagesizePaul Holzinger2020-08-06
| | | | | | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #7236 from mheon/write_error_to_inspectOpenShift Merge Robot2020-08-05
|\ \ \ | | | | | | | | Ensure that exec errors write exit codes to the DB
| * | | Ensure that exec errors write exit codes to the DBMatthew Heon2020-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In local Podman, the frontend interprets the error and exit code given by the Exec API to determine the appropriate exit code to set for Podman itself; special cases like a missing executable receive special exit codes. Exec for the remote API, however, has to do this inside Libpod itself, as Libpod will be directly queried (via the Inspect API for exec sessions) to get the exit code. This was done correctly when the exec session started properly, but we did not properly handle cases where the OCI runtime fails before the exec session can properly start. Making two error returns that would otherwise not set exit code actually do so should resolve the issue. Fixes #6893 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #7176 from mheon/make_entrypointOpenShift Merge Robot2020-08-05
|\ \ \ \ | |_|/ / |/| | | Ensure WORKDIR from images is created
| * | | HACK HACK try debugging buildMatthew Heon2020-08-04
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Ensure WORKDIR from images is createdMatthew Heon2020-08-03
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used. This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7125 from QiWang19/fd-validateOpenShift Merge Robot2020-08-05
|\ \ \ | | | | | | | | validate fds --preserve-fds
| * | | validate fds --preserve-fdsQi Wang2020-08-04
| | | | | | | | | | | | | | | | | | | | | | | | validate file descriptors passed from podman run and podman exec --preserve-fds. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | fix bug podman sign storage pathQi Wang2020-08-04
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | - fix the bud podman not using specified --directory as signature storage. - use manifest and image referce to set repo@digest. close #6994 close #6993 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #7209 from giuseppe/support-mount-devptsOpenShift Merge Robot2020-08-04
|\ \ \ | | | | | | | | podman: support --mount type=devpts
| * | | podman: support --mount type=devptsGiuseppe Scrivano2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow to create a devpts mount. This is useful for containers that bind mount /dev/ from the host but at the same time want to create a terminal. It can be used as: podman run -v /dev:/dev --mount type=devpts,target=/dev/pts ... Closes: https://github.com/containers/podman/issues/6804 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Do not set host IP on ports when 0.0.0.0 requestedMatthew Heon2020-08-03
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker and CNI have very different ideas of what 0.0.0.0 means. Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4 address on the host. CNI (and, thus, root Podman) take it to mean the literal IP 0.0.0.0. Instead, CNI interprets the empty string ("") as "bind to all IPs". We could ask CNI to change, but given this is established behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and turn it into "" when we parse ports. Fixes #7014 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7182 from zhangguanzhang/fix-exitCode-for-startOpenShift Merge Robot2020-08-03
|\ \ \ | |_|/ |/| | implement the exitcode when start a container with attach
| * | implement the exitcode when start a container with attachzhangguanzhang2020-08-03
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #7191 from openSUSE/printfOpenShift Merge Robot2020-08-03
|\ \ \ | | | | | | | | Remove some unnecessary []byte to string conversions
| * | | Remove some unnecessary []byte to string conversionsSascha Grunert2020-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Some calls to `Sprintf("%s")` can be avoided by using direct string type assertions. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | Merge pull request #7158 from rhatdan/commitOpenShift Merge Robot2020-08-03
|\ \ \ \ | |/ / / |/| | | Handle single character images
| * | | Handle single character imagesDaniel J Walsh2020-07-30
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can only specify multiple character for image names when executing podman-remote commit podman-remote commit a b Will complete, but will save the image without a name. podman-remote commit a bb Works. This PR fixes and now returns an error if the user doees not specify an image name to commit to. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7141 from rhafer/image_descr_testOpenShift Merge Robot2020-08-03
|\ \ \ | | | | | | | | Add test case for description being present in search result
| * | | Add test case for description being present in search resultRalf Haferkamp2020-07-31
| | |/ | |/| | | | | | | | | | | | | | | | Test for a specific static image and match the description to avoid regression like https://github.com/containers/podman/pull/7131 Signed-off-by: Ralf Haferkamp <rhafer@suse.com>
* / | fix pod creation with "new:" syntaxPaul Holzinger2020-07-31
|/ / | | | | | | | | | | | | | | | | | | | | When you execute podman create/run with the --pod new:<name> syntax the pod was created but the namespaces where not shared and therefore containers could not communicate over localhost. Add the default namespaces and pass the network options to the pod create options. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>