summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* Fix problem copying files when container is in host pid namespaceDaniel J Walsh2021-05-19
| | | | | | | | | | | | | | When attempting to copy files into and out of running containers within the host pidnamespace, the code was attempting to join the host pidns again, and getting an error. This was causing the podman cp command to fail. Since we are already in the host pid namespace, we should not be attempting to join. This PR adds a check to see if the container is in NOT host pid namespace, and only then attempts to join. Fixes: https://github.com/containers/podman/issues/9985 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10334 from mheon/add_relabel_vol_pluginOpenShift Merge Robot2021-05-17
|\ | | | | Ensure that :Z/:z/:U can be used with named volumes
| * Ensure that :Z/:z/:U can be used with named volumesMatthew Heon2021-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker allows relabeling of any volume passed in via -v, even including named volumes. This normally isn't an issue at all, given named volumes get the right label for container access automatically, but this becomes an issue when volume plugins are involved - these aren't managed by Podman, and may well be unaware of SELinux labelling. We could automatically relabel these volumes on creation, but I'm still reluctant to do that (feels like it could break things). Instead, let's allow :z and :Z to be used with named volumes, so users can explicitly request relabel of a volume plugin-backed volume. We also get :U at the same time. I don't see any real need for it but it also doesn't seem to hurt, so I didn't bother disabling it. Fixes #10273 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #10366 from ashley-cui/secretoptionsOpenShift Merge Robot2021-05-17
|\ \ | | | | | | Support uid,gid,mode options for secrets
| * | Support uid,gid,mode options for secretsAshley Cui2021-05-17
| |/ | | | | | | | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #10363 from vrothberg/fix-10350OpenShift Merge Robot2021-05-17
|\ \ | | | | | | image prune: remove unused images only with `--all`
| * | image prune: remove unused images only with `--all`Valentin Rothberg2021-05-17
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a regression in `podman image prune` where unused images were accidentally removed even when `--all=false`. Extend and partially rewrite the e2e tests to make sure we're not regressing again in the future. Fixing the aforementioned issue revealed another issue in the default prune filter. While prune should remove all "dangling" images (i.e., those without tag), it removed only "intermediate" ones; dangling images without children. Remove the mistaken comment from the libimage migration. Also clarify the help message and man page. Fixes: #10350 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / podman network reload add rootless supportPaul Holzinger2021-05-17
|/ | | | | | | | | | Allow podman network reload to be run as rootless user. While it is unlikely that the iptable rules are flushed inside the rootless cni namespace, it could still happen. Also fix podman network reload --all to ignore errors when a container does not have the bridge network mode, e.g. slirp4netns. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10254 from jmguzik/prune-filter-cliOpenShift Merge Robot2021-05-14
|\ | | | | Add support for cli network prune --filter flag
| * Add support for cli network prune --filter flagJakub Guzik2021-05-12
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #10300 from jwhonce/issues/10289OpenShift Merge Robot2021-05-12
|\ \ | | | | | | Add host.serviceIsRemote to podman info results
| * | Add host.serviceIsRemote to podman info resultsJhon Honce2021-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Developers asked for a deterministic field to verify if podman is running via API or linked directly to libpod library. $ podman info --format '{{.Host.ServiceIsRemote}}' false $ podman-remote info --format '{{.Host.ServiceIsRemote}}' true $ podman --remote info --format '{{.Host.ServiceIsRemote}}' true * docs/conf.py formatted via black Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | podman image tree: restore previous behaviorValentin Rothberg2021-05-12
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial version of libimage changed the order of layers which has now been restored to remain backwards compatible. Further changes: * Fix a bug in the journald logging which requires to strip trailing new lines from the message. The system tests did not pass due to empty new lines. Triggered by changing the default logger to journald in containers/common. * Fix another bug in the journald logging which embedded the container ID inside the message rather than the specifid field. That surfaced in a preceeding whitespace of each log line which broke the system tests. * Alter the system tests to make sure that the k8s-file and the journald logging drivers are executed. * A number of e2e tests have been changed to force the k8s-file driver to make them pass when running inside a root container. * Increase the timeout in a kill test which seems to take longer now. Reasons are unknown. Tests passed earlier and no signal-related changes happend. It may be CI VM flake since some system tests but other flaked. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Remove obsolete skipsEd Santiago2021-05-10
|/ | | | | | | | | | | | | The following bugs seem to be fixed: * #6510 (e2e tests) - podman rmi gives "layer not known" * #9915 (buildah-bud tests) - podman build --arch * #10248 - spurious warning from first-ever invocation of rootless podman Signed-off-by: Ed Santiago <santiago@redhat.com>
* Kube like pods should share ipc,net,uts by defaultflouthoc2021-05-10
| | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Merge pull request #10202 from EduardoVega/9763-kube-auto-updateOpenShift Merge Robot2021-05-07
|\ | | | | Add support to preserve auto-update labels in play / generate kube
| * Adds support to preserve auto update labels in generate and play kubeEduardo Vega2021-05-06
| | | | | | | | | | | | In the case of generate kube the auto-update labels will be converted into kube annotations and for play kube they will be converted back to labels since that's what podman understands Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ \ | | | | | | Add support for environment variable secrets
| * | Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #10238 from bacher09/fix-inf-loopOpenShift Merge Robot2021-05-07
|\ \ \ | | | | | | | | Fix infinite loop in isPathOnVolume
| * | | Fix infinite loop in isPathOnVolumeSlava Bacherikov2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | filepath.Dir in some cases returns `.` symbol and calling this function again returns same result. In such cases this function never returns and causes some operations to stuck forever. Closes #10216 Signed-off-by: Slava Bacherikov <slava@bacher09.org>
* | | | CI: run rootless tests under ubuntuEd Santiago2021-05-06
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reason: to catch errors before they surface in RHEL. One of the Ubuntus is specially crafted to run with cgroups v1 and runc. Although this isn't quite the same as RHEL, it's as close as we can come in our CI environment, and I suspect it would have caught #10234 (a regression). Sorry, team. Also: play kube limits test: skip on all rootless, not just rootless+fedora. There was a complicated and unnecessary check in there for Fedora. Also: workaround for bug #10248, a spurious error message on the first invocation of rootless podman on Ubuntu.Old Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | codespell cleanupDaniel J Walsh2021-05-05
|/ / | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10185 from rhatdan/volumeOpenShift Merge Robot2021-05-05
|\ \ | | | | | | Add filepath glob support to --security-opt unmask
| * | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ \ \ | | | | | | | | add --mac-address to podman play kube
| * | | add --mac-address to podman play kubePaul Holzinger2021-05-04
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --mac-address flag to podman play kube. This is used to specify a static MAC address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #9731 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* / / migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | cgroup: always honor --cgroup-parent with cgroupfsGiuseppe Scrivano2021-05-03
| | | | | | | | | | | | | | | | | | if --cgroup-parent is specified, always honor it without doing any detection whether cgroups are supported or not. Closes: https://github.com/containers/podman/issues/10173 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Use seccomp_profile as default profile if defined in containers.confPablo Correa Gómez2021-04-28
| | | | | | | | | | | | | | Edits `podman info` to provide the default seccomp profile detected in the output Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | | | | | | Add podman run --timeout option
| * | Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Skip blkio-weight test when no kernel BFQ supportChris Evich2021-04-27
| | | | | | | | | | | | | | | | | | | | | Namely the Ubuntu 21.04 Kernel does not support BFQ. Regardless of the distro. skip this test if the required cgroup node doesn't exist. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #10136 from zhangguanzhang/generate-kube-volumeOpenShift Merge Robot2021-04-27
|\ \ \ | | | | | | | | Fixes generate kube incorrect when bind-mounting "/" and "/root"
| * | | Fixes generate kube incorrect when bind-mounting "/" and "/root"zhangguanzhang2021-04-26
| |/ / | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #10074 from flouthoc/ancestor-truncate-bugOpenShift Merge Robot2021-04-26
|\ \ \ | |_|/ |/| | Fix podman ps --filter ancestor to match exact ImageName/ImageID
| * | Fix podman ps --filter ancestor to match exact ImageName/ImageIDflouthoc2021-04-25
| |/ | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #10081 from sjug/cdi_device_libOpenShift Merge Robot2021-04-26
|\ \ | |/ |/| Add support for CDI device configuration
| * Add support for CDI device configurationSebastian Jug2021-04-20
| | | | | | | | | | | | | | | | - Persist CDIDevices in container config - Add e2e test - Log HasDevice error and add additional condition for safety Signed-off-by: Sebastian Jug <seb@stianj.ug>
* | Merge pull request #10080 from rhatdan/remoteOpenShift Merge Robot2021-04-21
|\ \ | | | | | | podman-remote should show podman.sock info
| * | podman-remote should show podman.sock infoDaniel J Walsh2021-04-20
| |/ | | | | | | | | | | | | | | Currently podman-remote info does not show socket information. Fixes: https://github.com/containers/podman/issues/10077 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8979 from haircommander/full-attach-pathOpenShift Merge Robot2021-04-21
|\ \ | |/ |/| Use full attach path, rather than a symlink
| * WIP: drop test requirementPeter Hunt2021-04-16
| | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #10041 from chenk008/add_pidfile_flagOpenShift Merge Robot2021-04-19
|\ \ | | | | | | Add flag "--pidfile" for podman create/run
| * | add it for inspect pidfilechenkang2021-04-18
| | | | | | | | | | | | Signed-off-by: chenkang <kongchen28@gmail.com>
| * | fix start itchenkang2021-04-17
| | | | | | | | | | | | Signed-off-by: chenkang <kongchen28@gmail.com>
| * | skip pidfile test on remotechenkang2021-04-17
| | | | | | | | | | | | Signed-off-by: chenkang <kongchen28@gmail.com>
| * | add pidfile it for container startchenkang2021-04-17
| | | | | | | | | | | | Signed-off-by: chenkang <kongchen28@gmail.com>
| * | skip pidfile it on remotechenkang2021-04-17
| | | | | | | | | | | | Signed-off-by: chenkang <kongchen28@gmail.com>
| * | add utchenkang2021-04-16
| | | | | | | | | | | | Signed-off-by: chenkang <kongchen28@gmail.com>