summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Make an entry in /etc/group when we modify /etc/passwdMatthew Heon2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To ensure that the user running in the container ahs a valid entry in /etc/passwd so lookup functions for the current user will not error, Podman previously began adding entries to the passwd file. We did not, however, add entries to the group file, and this created problems - our passwd entries included the group the user is in, but said group might not exist. The solution is to mirror our logic for /etc/passwd modifications to also edit /etc/group in the container. Unfortunately, this is not a catch-all solution. Our logic here is only advanced enough to *add* to the group file - so if the group already exists but we add a user not a part of it, we will not modify that existing entry, and things remain inconsistent. We can look into adding this later if we absolutely need to, but it would involve adding significant complexity to this already massively complicated function. While we're here, address an edge case where Podman could add a user or group whose UID overlapped with an existing user or group. Also, let's make users able to log into users we added. Instead of generating user entries with an 'x' in the password field, indicating they have an entry in /etc/shadow, generate a '*' indicating the user has no password but can be logged into by other means e.g. ssh key, su. Fixes #7503 Fixes #7389 Fixes #7499 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #7426 from Edward5hen/apiv2-containers-testOpenShift Merge Robot2020-09-02
|\ | | | | APIv2 test: add more tests for containers
| * APIv2 test: add more tests for containersEdward Shen2020-09-01
| | | | | | | | Signed-off-by: Edward Shen <weshen@redhat.com>
* | Ensure rootless containers without a passwd can startMatthew Heon2020-08-31
|/ | | | | | | | | | | | | | | | We want to modify /etc/passwd to add an entry for the user in question, but at the same time we don't want to require the container provide a /etc/passwd (a container with a single, statically linked binary and nothing else is perfectly fine and should be allowed, for example). We could create the passwd file if it does not exist, but if the container doesn't provide one, it's probably better not to make one at all. Gate changes to /etc/passwd behind a stat() of the file in the container returning cleanly. Fixes #7515 Signed-off-by: Matthew Heon <mheon@redhat.com>
* handle play kube with pod.spec.hostAliaseszhangguanzhang2020-08-31
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7494 from haircommander/play-kube-socketOpenShift Merge Robot2020-08-31
|\ | | | | play kube: handle Socket HostPath type
| * play kube: handle Socket HostPath typePeter Hunt2020-08-28
| | | | | | | | | | | | as well as add test cases for it and the other HostPath types we currently support Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | Merge pull request #7469 from zhangguanzhang/generate-kube-with-ExtraHostsOpenShift Merge Robot2020-08-28
|\ \ | |/ |/| fix podman generate kube with HostAliases
| * fix podman generate kube with HostAliaseszhangguanzhang2020-08-27
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7464 from edsantiago/batsOpenShift Merge Robot2020-08-28
|\ \ | | | | | | BATS: fix corner case in --userns=keep-id test
| * | BATS: fix corner case in --userns=keep-id testEd Santiago2020-08-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test that does 'adduser' in a keep-id container had a really dumb bug: if the user running the test has UID 1000, then podman itself (via keep-id) will add the "1000" passwd entry, and the in-container "adduser" will allocate 1001, making our test fail. This triggered in f31/f32 podman gating tests, but (?!?) never in rawhide gating tests. Solution: explicitly feed a UID to adduser. Make sure that it's not the same as the UID of the current user. Also (unrelated): fix a ridiculous "run mkdir || die". At the time I wrote that I probably had no idea how BATS works. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Fix log level case regressionSascha Grunert2020-08-28
|/ / | | | | | | | | | | | | | | | | | | With previous versions of Podman (like v1.9.2) it was always possible to specify the log level in any case, for example `INFO`. This behavior has silently changed, where the `--log-level` flag only accepts lower case levels. This commit re-enables the old behavior and adds an e2e test for it. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7438 from openSUSE/commentDaniel J Walsh2020-08-27
|\ \ | |/ |/| Remove test comment for now-succeeding tests
| * Remove test comment for now succeeding testsSascha Grunert2020-08-25
| | | | | | | | | | | | | | The related issue seems fixed so the test execution should work as intended. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | fix apiv2 will create containers with incorrect commandszhangguanzhang2020-08-24
|/ | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7390 from baude/podnetOpenShift Merge Robot2020-08-21
|\ | | | | error when adding container to pod with network information
| * error when adding container to pod with network informationBrent Baude2020-08-21
| | | | | | | | | | | | | | | | | | | | | | | | because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes: * static IP (v4 and v6) * static mac * ports -p (i.e. -p 8080:80) * exposed ports (i.e. 222-225) * publish ports from image -P Signed-off-by: Brent Baude <bbaude@redhat.com>
* | fix /libpod/pods/json returns null when there are no podszhangguanzhang2020-08-21
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | fix pod creation with "new:" syntax followup + allow hostnamePaul Holzinger2020-08-20
|/ | | | | | | | | | | | | | | | | | | | | Fixes: 4c75fe3f70ed ("fix pod creation with "new:" syntax") Commit 4c75fe3f70ed passes all net options to the pod but forgot to unset the options for the container creation. This leads to erros when using flags like `--ip` since we tried setting the ip on the pod and container which obviously fails. I didn't notice the bug because we don't throw an error when specifing port bindings on a container which joins the pods network namespace. (#7373) Also allow the use of `--hostname` and pass that option to the pod and unset it for the container. The container has to use the pods hostname anyway. This would error otherwise. Added tests to prevent regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* system tests: enable more remote tests; cleanupEd Santiago2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | info, images, run, networking tests: remove some skip_if_remote()s that were added in the varlink days. All of these tests now seem to work with APIv2. help test: check that first output line from 'podman --help' is the program description (regression check for #7273). load test: clean up stray images, rewrite test to make it conform to existing convention. In the process, discover and file #7337 exec test (and networking): file #7360, and add FIXME comment to skip()s suggesting evaluating those tests once that is fixed. pod test: now that #6328 is fixed, use 'podman pod inspect --format' instead of relying on jq Various other tests: add an explanation of why test is disabled so we can more easily distinguish "this will never be meaningful under remote" vs "hey, doesn't work for now, but maybe someday". Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7361 from Luap99/version-builttimeOpenShift Merge Robot2020-08-19
|\ | | | | fix podman version output to include git commit and builttime
| * fix podman version output to include git commit and builttimePaul Holzinger2020-08-18
| | | | | | | | | | | | Add the go module version v2 to the libpod path. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7341 from edsantiago/e2e_use_tmpdirsOpenShift Merge Robot2020-08-18
|\ \ | | | | | | e2e tests: use actual temp dirs, not "/tmp/dir"
| * | e2e tests: use actual temp dirs, not "/tmp/dir"Ed Santiago2020-08-18
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the --iidfile tests was flaking: Error: failed to write image ID to file "/tmp/dir/idFile": open /tmp/dir/idFile: no such file or directory Root cause: test was actually not mkdir'ing /tmp/dir. Test was mostly passing because _other_ tests in the suite were mkdir'ing it, but once in a while this test ran before the others. Solution: fixed this test to use CreateTempDirInTempDir(). And, since hardcoded tempdirs are bad practice, grepped for '"dir"' and fixed all other instances too. Signed-off-by: Ed Santiago <santiago@redhat.com>
* / flake fix: podman image trustEd Santiago2020-08-18
|/ | | | | | | | | The output of 'podman image trust' is in random order; but its e2e test was assuming a specific one. This caused flakes. Fixes: #6764 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Re-disable sdnotify tests to try to fix CIEd Santiago2020-08-18
| | | | | | | | Some CI tests are hanging, timing out in 60 or 120 minutes. I wonder if it's #7316, the bug where all podman commands hang forever if NOTIFY_SOCKET is set? Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7333 from openSUSE/bashifyOpenShift Merge Robot2020-08-17
|\ | | | | Use `bash` binary from env instead of /bin/bash for scripts
| * Use `bash` binary from env instead of /bin/bash for scriptsSascha Grunert2020-08-17
| | | | | | | | | | | | | | | | It's not possible to run any of the scripts on distributions which do have `bash` not in `/bin`. This is being fixed by using `/usr/bin/env bash` instead. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7317 from edsantiago/batsOpenShift Merge Robot2020-08-17
|\ \ | |/ |/| system tests: enable sdnotify tests
| * system tests: enable sdnotify testsEd Santiago2020-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Oops. PR #6693 (sdnotify) added tests, but they were disabled due to broken crun on f31. I tried for three weeks to get a magic CI:IMG PR to update crun on the CI VMs ... but in that time I forgot to actually enable those new tests. This PR removes a 'skip', replacing it with a check that systemd is running plus one more to make sure our runtime is crun. It looks like sdnotify just doesn't work on Ubuntu (it hangs), and my guess is that it's a crun/runc issue. I also changed the test image from fedora:latest to :31, because, sigh, fedora:latest removed the systemd-notify tool. WARNING WARNING WARNING: the symptom of a missing systemd-notify is that podman will hang forever, not even stopped by the timeout command in podman_run! (Filed: #7316). This means that if the sdnotify-in-container test ever fails, the symptom will be that Cirrus itself will time out (2 hours?). This is horrible. I don't know what to do about it other than push for a fix for 7316. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #7314 from aojea/ipv6_default_gwOpenShift Merge Robot2020-08-16
|\ \ | |/ |/| IPv6 default route
| * podman support for IPv6 networksAntonio Ojea2020-08-15
| | | | | | | | | | | | | | | | | | | | | | podman containers using IPv6 were missing the default route, breaking deployments trying to use them. The problem is that the default route was hardcoded to IPv4, this takes into consideration the podman subnet IP family to generate the corresponding default route. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | run, create: add new security-opt proc-optsGiuseppe Scrivano2020-08-12
|/ | | | | | | it allows to customize the options passed down to the OCI runtime for setting up the /proc mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #7073 from QiWang19/save-stdoutOpenShift Merge Robot2020-08-12
|\ | | | | podman save use named pipe
| * podman save use named pipeQi Wang2020-08-12
| | | | | | | | | | | | | | podman save uses named pipe as output path, not directly using /dev/stdout. fix #7017 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7308 from hamzadis/slirp4netns-cidrOpenShift Merge Robot2020-08-12
|\ \ | | | | | | Add support for setting the CIDR when using slirp4netns
| * | Add support for setting the CIDR when using slirp4netnsAdis Hamzić2020-08-12
| |/ | | | | | | | | | | | | | | This adds support for the --cidr parameter that is supported by slirp4netns since v0.3.0. This allows the user to change the ip range that is used for the network inside the container. Signed-off-by: Adis Hamzić <adis@hamzadis.com>
* | Merge pull request #7267 from zhangguanzhang/check-invalid-network-createOpenShift Merge Robot2020-08-12
|\ \ | |/ |/| Add parameter verification for api creation network
| * Add parameter verification for api creation networkzhangguanzhang2020-08-12
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Replace deepcopy on history resultsBrent Baude2020-08-11
|/ | | | | | | | the deepcopy in the remote history code path was throwing an uncaught error on a type mismatch. we now manually do the conversion and fix the type mismatch on the fly. Fixes: #7122 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #7269 from openSUSE/seccompOpenShift Merge Robot2020-08-11
|\ | | | | Allow specifying seccomp profiles for privileged containers
| * Allow specifying seccomp profiles for privileged containersSascha Grunert2020-08-11
| | | | | | | | | | | | | | To sync the behavior between AppArmor and seccomp it is now possible to also specify seccomp profiles for privileged containers. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7239 from rhatdan/workingOpenShift Merge Robot2020-08-11
|\ \ | | | | | | Fix handling of working dir
| * | Fix handling of working dirDaniel J Walsh2020-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Buildah and podman build can create images without a working dir. FROM fedora WORKDIR /test If you build this image with caching twice, the second time the image will not have a working dir. Similarly if you execute podman run --workdir /foobar fedora It blows up since the workingdir is not created automatically. Finally there was duplicated code for getting the workingdir out of an image, that this PR removes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Add the Status field in the ps --format=jsonzhangguanzhang2020-08-11
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #7256 from mheon/fix_cmd_with_entrypointOpenShift Merge Robot2020-08-10
|\ \ \ | | | | | | | | Do not use image CMD if user gave ENTRYPOINT
| * | | Do not use image CMD if user gave ENTRYPOINTMatthew Heon2020-08-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker behavior, and seems to make sense - the CMD may have been specific to the original entrypoint and probably does not make sense if it was changed. While we're in here, greatly simplify the logic for populating the SpecGen's Command. We create the full command when making the OCI spec, so the client should not be doing any more than setting it to the Command the user passed in, and completely ignoring ENTRYPOINT. Fixes #7115 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #7240 from jwhonce/issues/7123OpenShift Merge Robot2020-08-10
|\ \ \ | |_|/ |/| | Default .Repository and .Tag values to <none>
| * | Default .Repository and .Tag values to <none>Jhon Honce2020-08-10
| |/ | | | | | | | | | | | | | | | | | | Refactor the processing of Repository and Tag fields to default to <none> when printing via --format flag. Previously, the default format would print <none> but --format {{.Tag}} would not in some cases. Fixes #7123 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / generate systemd: fix error handlingValentin Rothberg2020-08-10
|/ | | | | | | | | Fix a bug in the error handling which returned nil instead of an error and ultimately lead to nil dereferences in the client. To prevent future regressions, add a test and check for the error message. Fixes: #7271 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>