summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* Make restart parallel and add --allbaude2018-11-01
| | | | | | | | | | When attempting to restart many containers, we can benefit from making the restarts parallel. For convenience, two new options are added: --all attempts to restart all containers --run-only when used with --all will attempt to restart only running containers Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1585 from rhatdan/labelsOpenShift Merge Robot2018-10-26
|\ | | | | Add tests for selinux labels
| * Add tests for selinux labelsDaniel J Walsh2018-10-25
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | runlabel: run any commandValentin Rothberg2018-10-24
|/ | | | | | | | | | | | | | | | As discussed [1], the runlabel command should execute any command specified in a label. The reasoning behind is that we cannot restrict which options are passed to Podman which thereby has full access to the host (runlabels must be used with care). With the updated semantics, runlabel will substitute the commands with a basepath equal to "docker" or "podman" with "/proc/self/exe", and otherwise leave the command unchanged to execute any other command on the host. [1] https://github.com/containers/libpod/pull/1607#issuecomment-428321382 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* Merge pull request #1638 from baude/fastpsOpenShift Merge Robot2018-10-23
|\ | | | | Make podman ps fast
| * Make podman ps fastbaude2018-10-23
| | | | | | | | | | | | Like Ricky Bobby, we want to go fast. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1627 from adrianreber/criuOpenShift Merge Robot2018-10-23
|\ \ | | | | | | Add CRIU version check for checkpoint and restore
| * | tests: use existing CRIU version checkAdrian Reber2018-10-23
| |/ | | | | | | | | | | | | Do not re-implement the CRIU version check in the test suite, use it from libpod/pkg/criu. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #1697 from baude/statserrOpenShift Merge Robot2018-10-23
|\ \ | | | | | | correct stats err with non-running containers
| * | correct stats err with non-running containersbaude2018-10-22
| |/ | | | | | | | | | | | | when doing stats -a|--all, if you have non-running containers, we should not error on not being able to get information like PID, etc on them. Signed-off-by: baude <bbaude@redhat.com>
* / Use restoreArtifacts to save time in integration testsbaude2018-10-22
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* fix NOTIFY_SOCKET in e2e testfix NOTIFY_SOCKET in e2e testsbaude2018-10-18
| | | | Signed-off-by: baude <bbaude@redhat.com>
* tests: do not make assumptions on the mount outputGiuseppe Scrivano2018-10-14
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Generate a passwd file for users not in containerDaniel J Walsh2018-10-12
| | | | | | | If someone runs podman as a user (uid) that is not defined in the container we want generate a passwd file so that getpwuid() will work inside of container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add tests for --ip flagMatthew Heon2018-10-11
| | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* tests: add checkpoint/restore testAdrian Reber2018-10-03
| | | | Signed-off-by: Adrian Reber <areber@redhat.com>
* Add ability for ubuntu to be testedbaude2018-10-03
| | | | | | | | unfortunately the papr CI system cannot test ubuntu as a VM; therefore, this PR still keeps travis. but it does include fixes that will be required for running on modern versions of ubuntu. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1528 from baude/runlabelOpenShift Merge Robot2018-10-02
|\ | | | | Add container runlabel command
| * Add container runlabel commandbaude2018-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | Execute the command as described by a container image. The value of the label is processed into a command by: 1. Ensuring the first argument of the command is podman. 2. Substituting any variables with those defined by the environment or otherwise. If no label exists in the container image, nothing is done. podman container runlabel LABEL IMAGE extra_args Signed-off-by: baude <bbaude@redhat.com>
* | Disable SELinux labeling if --privilegedDaniel J Walsh2018-10-02
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Vendor in the latest containers/storage, image and buildahDaniel J Walsh2018-09-29
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* run complex image names with short namesbaude2018-09-28
| | | | | | | | | | | | | In cases where the image name is more complex like: quay/baude/alpine_nginx:latest and is not from the docker registry, we need to be able to run the image by its shortname such as baude/alpine_nginx. The same goes when the image is not from a registry but instead has the localhost repository. This resolves buildah issue #1034 Signed-off-by: baude <bbaude@redhat.com>
* podman runs disabled containers and privileged containers as spc_tDaniel J Walsh2018-09-27
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rework CI tests to test on VMsbaude2018-09-26
| | | | | | | | | | | | | | | | | | | | | This PR makes several key changes to our CI testing. Firstly, we now test podman on fedora 28, fedora 29, and centos VMS (rather than containers). Any of these that having failing tests are not marked as required yet. We still preserve the podman in podman and podman in docker tests as well and they are marked as required. The lint and validate work is now done on a openshift container. We also removed the rpm verification on papr and perform this test under the "images" test on the openshift ci. This PR exposes integration test fails on some of our OSs. My expectation is we will fix those in additional PRs and as they are fixed, we should be flipping the boolean bit to required. Signed-off-by: baude <bbaude@redhat.com> Closes: #1492 Approved by: mheon
* Add --mount option for `create` & `run` commandDaniel J Walsh2018-09-21
| | | | | | | | Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1524 Approved by: mheon
* test, rootless: enforce cgroupfs managerGiuseppe Scrivano2018-09-20
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1515 Approved by: baude
* Add new tests for ipc namespace sharingDaniel J Walsh2018-09-17
| | | | | | | | | | We seem to be having a few flakes on namespace sharing. Adding this test to make sure sharing with the host is working correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1485 Approved by: mheon
* change search test to look for fedora and not fedora-minimalbaude2018-09-14
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Search registries with an empty queryUrvashi Mohnani2018-09-13
| | | | | | | | | | | | | | Adds functionality to search registries implementing the v2 endpoint with an empty query, that is the results will be all the available images on the registries. If this is tried with a v1 registry an error will occur. To search a whole registry, there needs to be a trailing slash at the end, i.e `podman search registry.fedoraproject.org/`. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #1444 Approved by: rhatdan
* run different cgroup tests depending on conditionsbaude2018-09-12
| | | | | | | | | | | | | | when running podman's integration tests, we need to be able to understand our environment because the podman command will differ as will the results. there is no 100% way to know if we are in a container, but using a combination of container= and checking /proc seemed reasonable for our test suite. non of this code is run in podman proper. Signed-off-by: baude <bbaude@redhat.com> Closes: #1441 Approved by: mheon
* Pass on securityOpts from podInfraContainer to container added to pod.Daniel J Walsh2018-09-11
| | | | | | | | | | This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way. Signed-off-by: haircommander <pehunt@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1347 Approved by: mheon
* Fix pod sharing for utsmodeDaniel J Walsh2018-09-07
| | | | | | | | | | | | | We should be sharing cgroups namespace by default in pods uts namespace sharing was broken in pods. Create a new libpod/pkg/namespaces for handling of namespace fields in containers Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1418 Approved by: mheon
* Change shm test to be less flaky.Daniel J Walsh2018-09-07
| | | | | | | | | | | This tests fails a lot, I think because of a race condition. Changing to just make sure the inode of the /dev/shm on the host is the same as inside the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1420 Approved by: mheon
* Update WaitForTimeOut to output OutputString to help with debugging.Daniel J Walsh2018-09-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1416 Approved by: baude
* rmi remove all not error when no images are presentbaude2018-09-05
| | | | | | | | | | When running podman rm -a on a storage where no images exist, the exit code should NOT be non-zero. Signed-off-by: baude <bbaude@redhat.com> Closes: #1402 Approved by: rhatdan
* rootless: check uid with Geteuid() instead of Getuid()Giuseppe Scrivano2018-09-04
| | | | | | | | | | | | change the tests to use chroot to set a numeric UID/GID. Go syscall.Credential doesn't change the effective UID/GID of the process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless, tests: add tests for the pod commandGiuseppe Scrivano2018-09-04
| | | | | | | | | | also refactor the rootless_test.go to facilitate running a test in a rootless context. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless: fix topGiuseppe Scrivano2018-08-29
| | | | | | | | | | join the user namespace used to create the container so that psgo can work in the same way as with root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* allow specification of entrypoint in the form of a sliceDaniel J Walsh2018-08-28
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1352 Approved by: mheon
* rootless, search: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* rootless, kill: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* rootless, stop: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* Fix handling of multiple filters in podman psMatthew Heon2018-08-27
| | | | | | | | | | | | | Docker expects multiple filters to be passed with multiple uses of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d) and not a single comma-separated list of filters as we expected. Convert to the Docker format, and make some small cleanups to our handling of filters along the way. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1345 Approved by: umohnani8
* Fix Mount PropagationGiuseppe Scrivano2018-08-27
| | | | | | | | | Default mount propagation inside of containes should be private Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1305 Approved by: mheon
* rootless: fix --ipc=hostGiuseppe Scrivano2018-08-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* rootless, tests: add test for --uts=hostGiuseppe Scrivano2018-08-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* rootless: don't use kill --allGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | The OCI runtime might use the cgroups to see what PIDs are inside the container, but that doesn't work with rootless containers. Closes: https://github.com/containers/libpod/issues/1337 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* rootless: exec handle processes that create an user namespaceGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | Manage the case where the main process of the container creates and joins a new user namespace. In this case we want to join only the first child in the new hierarchy, which is the user namespace that was used to create the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* rootless: fix execGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | | | | | | | | We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* exposes tcp port only if no proto specified.Kunal Kushwaha2018-08-24
| | | | | | | | | | Also it fix the issue of exposing both tc/udp port even if only one proto specified. Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> Closes: #1325 Approved by: mheon