aboutsummaryrefslogtreecommitdiff
path: root/test/system/075-exec.bats
Commit message (Collapse)AuthorAge
* Cirrus: enable Fedora 36 aarch64 tasks on EC2Lokesh Mandvekar2022-07-27
| | | | | | | | | | | new file: test/e2e/config_arm64.go Tests that fail on aarch64 have been skipped with `skip_if_aarch64`. Co-authored-by: Chris Evich <cevich@redhat.com> Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* Add support for --userns=nomapDaniel J Walsh2022-04-21
| | | | | | | | | | | From a security point of view, it would be nice to be able to map a rootless usernamespace that does not use your own UID within the container. This would add protection against a hostile process escapping the container and reading content in your homedir. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add --time out for podman * rm -f commandsDaniel J Walsh2021-10-04
| | | | | | | | | Add --time flag to podman container rm Add --time flag to podman pod rm Add --time flag to podman volume rm Add --time flag to podman network rm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* System tests: tighten 'is' operatorEd Santiago2021-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix day-one sloppiness: when I first wrote this framework it compared strings using 'expr', not '=', to be more forgiving of extra cruft in output. This was a bad decision. It means that warnings or additional text are ignored: is "all is ok, NOT!" "all is ok" <-- this would pass Solution: tighten up the 'is' check. Use '=' (direct compare) first. If it fails, look for wild cards ('*') or character classes ('[') in the expect string. If so, and only then, use 'expr'. And, thanks to a clever suggestion from Luap99, include '(using expr)' in the error message when we do so; this could make it easier for a developer to understand a string mismatch. This change exposes a lot of instances in which we weren't doing proper comparisons. Fix those. Thankfully, there weren't as many as I'd feared. Also, and completely unrelated, add '-T' flag to bats helper, for showing timing results. (I will open this as a separate PR if requested. I too find it offensive to jumble together unrelated commits.) Signed-off-by: Ed Santiago <santiago@redhat.com>
* Fix conmon attach socket buffer sizePaul Holzinger2021-09-09
| | | | | | | | | | | | | | | The conmon buffer size is 8192, however the attach socket needs two extra bytes. The first byte of each message will be the STREAM type. The last byte is a null byte. So when we want to read 8192 message bytes we need to read 8193 bytes since the first one is special. check https://github.com/containers/conmon/blob/1ef246896b4f6566964ed861b98cd32d0e7bf7a2/src/ctr_stdio.c#L101-L107 This problem can be seen in podman-remote run/exec when it prints output with 8192 or more bytes. The output will miss the 8192 byte. Fixes #11496 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Perform a one-sided close of HTTP attach conn on EOFMatthew Heon2021-07-13
| | | | | | | | | | | On EOF of STDIN, we need to perform a one-sided close of the attach connection on the client side, to ensure that STDIN finishing will also cause the exec session to terminate, instead of hang. Fixes #7360 Signed-off-by: Matthew Heon <mheon@redhat.com>
* remote exec: write conmon error on hijacked connectionValentin Rothberg2021-01-27
| | | | | | | | | | | | | | Make sure to write error from conmon on the hijacked http connection. This fixes issues where errors were not reported on the client side, for instance, when specified command was not found on the container. To future generations: I am sorry. The code is complex, and there are many interdependencies among the concurrent goroutines. I added more complexity on top but I don't have a good idea of how to reduce complexity in the available time. Fixes: #8281 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* BATS: add ping testEd Santiago2020-12-01
| | | | | | | | | | | | | | | | | | | - run test : tweaks to recently-added network-conflict test: * remove "-d" in run * confirm exact warning text, and also that container runs successfully * test multiple --net options (regression #8057) - images, run, build, exec tests: add multiple-flag testing for various flags, confirming as appropriate whether options are overridden or accumulated. - ps test : add --filter and --sort tests - pod test: run 'ping' inside container (confirms that container gets PING capability) Signed-off-by: Ed Santiago <santiago@redhat.com>
* capabilities: always set ambient and inheritableGiuseppe Scrivano2020-09-30
| | | | | | | | | | | | change capabilities handling to reflect what docker does. Bounding: set to caplist Inheritable: set to caplist Effective: if uid != 0 then clear; else set to caplist Permitted: if uid != 0 then clear; else set to caplist Ambient: clear Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Remove test comment for now succeeding testsSascha Grunert2020-08-25
| | | | | | | The related issue seems fixed so the test execution should work as intended. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* system tests: enable more remote tests; cleanupEd Santiago2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | info, images, run, networking tests: remove some skip_if_remote()s that were added in the varlink days. All of these tests now seem to work with APIv2. help test: check that first output line from 'podman --help' is the program description (regression check for #7273). load test: clean up stray images, rewrite test to make it conform to existing convention. In the process, discover and file #7337 exec test (and networking): file #7360, and add FIXME comment to skip()s suggesting evaluating those tests once that is fixed. pod test: now that #6328 is fixed, use 'podman pod inspect --format' instead of relying on jq Various other tests: add an explanation of why test is disabled so we can more easily distinguish "this will never be meaningful under remote" vs "hey, doesn't work for now, but maybe someday". Signed-off-by: Ed Santiago <santiago@redhat.com>
* system tests: podman-remote, image treeEd Santiago2020-08-10
| | | | | | | | | | | | | | | | | | | | | - new sanity checks for podman-remote: - first, confirm that when PODMAN is "-remote", we actually talk to a server (validated by presence of "Server:" string in "podman version"). - second, add test for #7212, in which we run "podman --remote" (podman with --remote flag, not podman-remote command) and make sure --remote is allowed both as the first option and also with other flag options preceding. - new test for "podman image tree" (piggybacking on top of a "podman build" test, because that gives us lots of layers). - skip "podman exec - basic test" when remote. It is consistently causing CI failures, breaking all of CI, due to #7241. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Ensure that exec errors write exit codes to the DBMatthew Heon2020-08-05
| | | | | | | | | | | | | | | | | | | In local Podman, the frontend interprets the error and exit code given by the Exec API to determine the appropriate exit code to set for Podman itself; special cases like a missing executable receive special exit codes. Exec for the remote API, however, has to do this inside Libpod itself, as Libpod will be directly queried (via the Inspect API for exec sessions) to get the exit code. This was done correctly when the exec session started properly, but we did not properly handle cases where the OCI runtime fails before the exec session can properly start. Making two error returns that would otherwise not set exit code actually do so should resolve the issue. Fixes #6893 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* System tests: new system-df and passwd testsEd Santiago2020-07-30
| | | | | | | | | | | | | | | | | | | | | | - New test for #6991 - passwd file is writable even when run with --userns=keep-id - Enable another keep-id test, commented out due to #6593 - New test for podman system df Also, independently, removed this line: apt-get -y upgrade conmon ...because it's causing CI failures, probably because of the boothole CVE, probably because the Ubuntu grub update was rushed out. I believe it is safe to remove this, because both Ubuntu 19 and 20 report: conmon is already the newest version (2.0.18~1). Signed-off-by: Ed Santiago <santiago@redhat.com>
* system tests: new tests for run, execEd Santiago2020-07-14
| | | | | | | | | | | | | | | | | | | | | | - Issue #6735 : problem with multiple namespaces; confirms combinations of --userns=keep-id, --privileged, --user=XX - Issue #6829 : --userns=keep-id will add a /etc/passwd entry - Issue #6593 : podman exec, with --userns=keep-id, errors (test is currently skipped because issue remains live) ...and, addendum: add new helper function, remove_same_dev_warning. Some CI systems issue a warning on podman run --privileged: WARNING: The same type, major and minor should not be used for multiple devices. We already had special-case code to ignore than in the SELinux test, but now we're seeing it in the new run tests I added, so I've refactored the "ignore this warning" code and written tests for the removal code. Signed-off-by: Ed Santiago <santiago@redhat.com>
* system tests : more testsEd Santiago2020-06-01
| | | | | | | | | | | | | | - exec: add test for #5046, in which conmon swallowed chars on a large byte transfer - pod: add 'pod exists' tests, both positive and negative; consolidate tests; add '--label', and check in 'pod inspect' add 'pod ps' tests - networking: add test for #5466, in which detached run with --userns=keep-id would not forward a port Signed-off-by: Ed Santiago <santiago@redhat.com>
* more BATS testsEd Santiago2020-01-13
| | | | | | | | | | | | | | | | | - run: --name (includes 'podman container exists' tests) - run: --pull (always, never, missing) - build: new test for ADD URL (#4420) - exec: new test for issue #4785 (pipe getting lost) - diff: new test - selinux (mostly copied from docker-autotest) Plus a bug fix: the wait_for_output() helper would continue checking, eventually timing out, even if the container had already exited (probably because of an error). Fix: as part of the loop, run 'podman inspect' and bail out if container is not running. Include exit code and logs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* System tests: make sure exec pid hash w/o leakingAlex Jia2019-10-18
| | | | | | | | | | podman exec leaks an exec_pid_<hash> file for every exec in tmpfs, it's known rhbz#1731117, this case makes sure leakage issue has been fixed. rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1731117 Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* BATS tests: start supporting podman-remoteEd Santiago2019-04-10
| | | | | | | | | | | | | | podman-remote now supports rm! That's what we needed to start running BATS tests. Although most tests don't actually work, some do, and maybe the rest will start working over time. For now, disable them. The only significant difference found is that podman-remote strips fractional seconds from timestamps in JSON output. Probably not something worth caring about. Signed-off-by: Ed Santiago <santiago@redhat.com>
* BATS: new tests, and improvements to existing onesEd Santiago2019-03-18
New: - podman exec - podman load (requires #2674) - CLI parsing (regression test for #2574) Improved: - help: test "podman NoSuchCommand", and subcommands - help: test "podman cmd" without required args - pod: start with --infra=false; this allows running rootless - log: also run 'logs' after container is run - log: test -f with two containers Also, use helpful descriptions for skip_if_rootless Tested on f29, root and rootless. As soon as podman-remote supports rm, I'll start testing that too. Signed-off-by: Ed Santiago <santiago@redhat.com>