summaryrefslogtreecommitdiff
path: root/test/system
Commit message (Collapse)AuthorAge
* Merge pull request #9599 from rhatdan/selinuxOpenShift Merge Robot2021-03-05
|\ | | | | Add tests for selinux kvm/init labels
| * Add tests for selinux kvm/init labelsDaniel J Walsh2021-03-04
| | | | | | | | | | | | spc_t tests should be able to run rootless as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9593 from vrothberg/cp-tmpOpenShift Merge Robot2021-03-05
|\ \ | |/ |/| podman cp: support copying on tmpfs mounts
| * podman cp: support copying on tmpfs mountsValentin Rothberg2021-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Traditionally, the path resolution for containers has been resolved on the *host*; relative to the container's mount point or relative to specified bind mounts or volumes. While this works nicely for non-running containers, it poses a problem for running ones. In that case, certain kinds of mounts (e.g., tmpfs) will not resolve correctly. A tmpfs is held in memory and hence cannot be resolved relatively to the container's mount point. A copy operation will succeed but the data will not show up inside the container. To support these kinds of mounts, we need to join the *running* container's mount namespace (and PID namespace) when copying. Note that this change implies moving the copy and stat logic into `libpod` since we need to keep the container locked to avoid race conditions. The immediate benefit is that all logic is now inside `libpod`; the code isn't scattered anymore. Further note that Docker does not support copying to tmpfs mounts. Tests have been extended to cover *both* path resolutions for running and created containers. New tests have been added to exercise the tmpfs-mount case. For the record: Some tests could be improved by using `start -a` instead of a start-exec sequence. Unfortunately, `start -a` is flaky in the CI which forced me to use the more expensive start-exec option. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Check for supportsKVM based on basename of the runtimeDaniel J Walsh2021-03-03
|/ | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9582 This PR also adds tests to make sure SELinux labels match the runtime, or if init is specified works with the correct label. Add tests for selinux kvm/init labels Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8749 from edsantiago/upgrade_testOpenShift Merge Robot2021-02-26
|\ | | | | podman upgrade tests
| * podman upgrade testsEd Santiago2021-02-23
| | | | | | | | | | | | | | | | Initial validation of using podman-in-podman to create an old-podman root, then use new-podman to play with the containers created therein. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | system test image: build it multiarchEd Santiago2021-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | buildah now supports running under emulation[1] as well as creating manifests. Use those features to create a multiarch testimage that can be used to test podman on other arches. [1] on Fedora 33, this requires the qemu-user-static package We also build a new :00000001 image, replacing :00000000, because (sigh) some tests try to run 'true' in the container. Include instructions on building said image. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | container removal: handle already removed containersValentin Rothberg2021-02-23
| | | | | | | | | | | | | | | | | | | | | | | | Since commit d54478d8eaec, a container's lock is released before attempting to stop it via the OCI runtime. This opened the window for various kinds of race conditions. One of them led to #9479 where the removal+cleanup sequences of a `run --rm` session overlapped with `rm -af`. Make both execution paths more robust by handling the case of an already removed container. Fixes: #9479 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9469 from vrothberg/cp-stdoutOpenShift Merge Robot2021-02-22
|\ \ | |/ |/| podman cp: /dev/std{in,out} fixes
| * podman cp: test /dev/stdin correctlyValentin Rothberg2021-02-22
| | | | | | | | | | | | | | /dev/stdin should not be treated as "-" to remain compatible with Docker and to have a more consistent and idiomatic interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * podman cp: treat /dev/stdout correctlyValentin Rothberg2021-02-22
| | | | | | | | | | | | | | | | /dev/stdout should not be treated as "-" to remain compatible with Docker and to have a more consistent and idiomatic interface. Fixes: #9362 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9420 from rhatdan/kubeOpenShift Merge Robot2021-02-22
|\ \ | |/ |/| [NO TESTS NEEDED] Allow podman play kube to read yaml file from stdin
| * Allow podman play kube to read yaml file from stdinDaniel J Walsh2021-02-19
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/8996 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9275 from rhatdan/buildOpenShift Merge Robot2021-02-22
|\ \ | |/ |/| Add missing params for podman-remote build
| * Add missing params for podman-remote buildDaniel J Walsh2021-02-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9290 Currently we still have hard coded --isolation=chroot for podman-remote build. Implement missing arguments for podman build Implements --jobs, --disable-compression, --excludes Fixes: MaxPullPushRetries RetryDuration Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | cp: treat "." and "/." correctlyValentin Rothberg2021-02-18
| | | | | | | | | | | | | | | | | | | | | | | | Make sure to treat "." and "/." correctly. Both cases imply to copy the contents of a directory in contrast to the directory. This implies to unset the KeepDirectoryNames options of the copiah package. Previously, the code was performing a simple string suffix check which is not enough since it would match files and directories ending with ".". Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9399 from vrothberg/home-sweet-homeOpenShift Merge Robot2021-02-16
|\ \ | | | | | | do not set empty $HOME
| * | do not set empty $HOMEValentin Rothberg2021-02-16
| |/ | | | | | | | | | | | | | | | | | | | | Make sure to not set an empty $HOME for containers and let it default to "/". https://github.com/containers/crun/pull/599 is required to fully address #9378. Partially-Fixes: #9378 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / podman build: pass runtime to buildahValentin Rothberg2021-02-16
|/ | | | | | | | | | Make sure that Podman's default OCI runtime is passed to Buildah in `podman build`. In theory, Podman and Buildah should use the same defaults but the projects move at different speeds and it turns out we caused a regression in v3.0. Fixes: #9365 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add shell completion tests for secretsPaul Holzinger2021-02-10
| | | | | | | | Add the SECRET keyword to the shell completion test. Also update the use line for podman secret create to use `NAME` instead of `SECRET`. This matches the other commands such as network/volume create. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* fix logic when not creating a workdirValentin Rothberg2021-02-05
| | | | | | | | | | | When resolving the workdir of a container, we may need to create unless the user set it explicitly on the command line. Otherwise, we just do a presence check. Unfortunately, there was a missing return that lead us to fall through into attempting to create and chown the workdir. That caused a regression when running on a read-only root fs. Fixes: #9230 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #9208 from edsantiago/batsOpenShift Merge Robot2021-02-03
|\ | | | | System test for #9096 (truncated stdout)
| * System test for #9096 (truncated stdout)Ed Santiago2021-02-02
| | | | | | | | | | | | | | | | | | | | | | This actually tests conmon, not podman; but that's the whole point of system tests in the first place: if a problem exists, we want to fail loudly, no matter whose fault it is. (I can't get this to fail on my f33 laptop; OP on #9096 claims it only fails on Ubuntu. We'll see what happens in CI). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Gating tests: diff test: workaround for RHEL8 failureEd Santiago2021-02-02
|/ | | | | | | | | | | | | | | | | | | | | RHEL8 rootless gating tests are inconsistently failing with: $ podman diff --format json -l # {"changed":["/etc"],"added":["/sys/fs","/sys/fs/cgroup","/pMOm1Q0fnN"],"deleted":["/etc/services"]} # #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv # #| FAIL: added # #| expected: '/pMOm1Q0fnN' # #| actual: '/sys/fs' # #| > '/sys/fs/cgroup' # #| > '/pMOm1Q0fnN' # #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Reason: PR #8561, I think (something to do with /sys on RHEL). Workaround: ignore '/sys/fs' in diffs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9116 from iwita/ls-volumes-before-pruningOpenShift Merge Robot2021-02-02
|\ | | | | List volumes before pruning
| * list volumes before pruningAchilleas Tzenetopoulos2021-01-31
| | | | | | | | Signed-off-by: Achilleas Tzenetopoulos <atzenetopoulos@gmail.com>
* | Merge pull request #9144 from vrothberg/fix-9134OpenShift Merge Robot2021-01-29
|\ \ | | | | | | Revert "podman build --pull: use correct policy"
| * | Revert "podman build --pull: use correct policy"Valentin Rothberg2021-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 15caebfe561952eaadd4896b7efb56f26724cce5. The previous behaviour of `--pull` to *always* attempt to pull the image and error out if the pull failed aligns with Docker. Since Podman aims at feature parity with Docker, the `--pull` behaviour must match. Fixes: #9134 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9115 from rhatdan/pullOpenShift Merge Robot2021-01-28
|\ \ \ | |/ / |/| | Switch podman image push handlers to use abi
| * | Switch podman image push handlers to use abiDaniel J Walsh2021-01-27
| |/ | | | | | | | | | | | | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: Cleanup and pass proper bindings. Remove cli options from podman-remote push. Cleanup manifest push. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9127 from vrothberg/fix-9111OpenShift Merge Robot2021-01-27
|\ \ | | | | | | podman build --pull: use correct policy
| * | podman build --pull: use correct policyValentin Rothberg2021-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `--pull` flag should be using the "pull if newer" pull policy rather than "pull always". This aligns with what the help message states, what Buildah does and, according to #9111, what was done before, Also add a test to prevent future regressions. Fixes: #9111 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9105 from vrothberg/fix-8281OpenShift Merge Robot2021-01-27
|\ \ \ | |/ / |/| | remote exec: write conmon error on hijacked connection
| * | remote exec: write conmon error on hijacked connectionValentin Rothberg2021-01-27
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to write error from conmon on the hijacked http connection. This fixes issues where errors were not reported on the client side, for instance, when specified command was not found on the container. To future generations: I am sorry. The code is complex, and there are many interdependencies among the concurrent goroutines. I added more complexity on top but I don't have a good idea of how to reduce complexity in the available time. Fixes: #8281 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / podman-remote ps --external --pod --sort do not work.Daniel J Walsh2021-01-27
|/ | | | | | | | | | Fixup the bindings and the handling of the --external --por and --sort flags. The --storage option was renamed --external, make sure we use external up and down the stack. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9054 from vrothberg/fix-9040OpenShift Merge Robot2021-01-26
|\ | | | | make sure the workdir exists on container mount
| * workdir presence checksValentin Rothberg2021-01-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A container's workdir can be specified via the CLI via `--workdir` and via an image config with the CLI having precedence. Since images have a tendency to specify workdirs without necessarily shipping the paths with the root FS, make sure that Podman creates the workdir. When specified via the CLI, do not create the path, but check for its existence and return a human-friendly error. NOTE: `crun` is performing a similar check that would yield exit code 127. With this change, however, Podman performs the check and yields exit code 126. Since this is specific to `crun`, I do not consider it to be a breaking change of Podman. Fixes: #9040 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Pass DefaultMountsFile to podman buildDaniel J Walsh2021-01-25
|/ | | | | | | The --default-mounts-file path was not being handled in podman build. This will enable it to use for testing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* System tests: cover gaps from the last monthEd Santiago2021-01-25
| | | | | | | | | | | | | | | | | | | - stop: test --all and --ignore (#9051) - build: test /run/secrets (#8679, but see below) - sensitive mount points: deal with 'stat' failures - selinux: confirm useful diagnostics on unknown labels (#8946) The 'build' test is intended as a fix for #8679, in which 'podman build' does not mount secrets from mounts.conf. Unfortunately, as of this writing, 'podman build' does not pass the --default-mounts-file option to buildah, so there's no reasonable way to test this path. Still, we can at least confirm /run/secrets on 'podman run'. The /sys thing is related to #8949: RHEL8, rootless, cgroups v1. It's just a workaround to get gating tests to pass on RHEL. Signed-off-by: Ed Santiago <santiago@redhat.com>
* networking: lookup child IP in networksGiuseppe Scrivano2021-01-23
| | | | | | | | | | | | if a CNI network is added to the container, use the IP address in that network instead of hard-coding the slirp4netns default. commit 5e65f0ba30f3fca73f8c207825632afef08378c1 introduced this regression. Closes: https://github.com/containers/podman/issues/9065 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* rootlessport: set source IP to slirp4netns deviceGiuseppe Scrivano2021-01-22
| | | | | | | | | set the source IP to the slirp4netns address instead of 127.0.0.1 when using rootlesskit. Closes: https://github.com/containers/podman/issues/5138 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix handling of container removeDaniel J Walsh2021-01-20
| | | | | | | | | | | | | | | | | | | | I found several problems with container remove podman-remote rm --all Was not handled podman-remote rm --ignore Was not handled Return better errors when attempting to remove an --external container. Currently we return the container does not exists, as opposed to container is an external container that is being used. This patch also consolidates the tunnel code to use the same code for removing the container, as the local API, removing duplication of code and potential problems. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8906 from vrothberg/fix-8501OpenShift Merge Robot2021-01-14
|\ | | | | container stop: release lock before calling the runtime
| * container stop: release lock before calling the runtimeValentin Rothberg2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman defers stopping the container to the runtime, which can take some time. Keeping the lock while waiting for the runtime to complete the stop procedure, prevents other commands from acquiring the lock as shown in #8501. To improve the user experience, release the lock before invoking the runtime, and re-acquire the lock when the runtime is finished. Also introduce an intermediate "stopping" to properly distinguish from "stopped" containers etc. Fixes: #8501 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Remove the ability to use [name:tag] in podman load commandDaniel J Walsh2021-01-12
| | | | | | | | | | | | | | | | | | | | Docker does not support this, and it is confusing what to do if the image has more then one tag. We are dropping support for this in podman 3.0 Fixes: https://github.com/containers/podman/issues/7387 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | image list: ignore bare manifest listValentin Rothberg2021-01-11
|/ | | | | | | Handle empty/bare manifest lists when listing images. Fixes: #8931 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Switch references of /var/run -> /runDaniel J Walsh2021-01-07
| | | | | | | | | | Systemd is now complaining or mentioning /var/run as a legacy directory. It has been many years where /var/run is a symlink to /run on all most distributions, make the change to the default. Partial fix for https://github.com/containers/podman/issues/8369 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8787 from jsoref/spellingOpenShift Merge Robot2020-12-23
|\ | | | | Spelling
| * SpellingJosh Soref2020-12-22
| | | | | | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>