summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #8231 from baude/fedorarootlesscpulimitOpenShift Merge Robot2020-11-03
|\ | | | | fedora rootless cpu settings
| * fedora rootless cpu settingsbaude2020-11-03
| | | | | | | | | | | | | | fedora does not have the the ability in rootless to set cpu limits. this requires a simple fix for fedora 33 to pass ci tests. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8226 from ↵OpenShift Merge Robot2020-11-03
|\ \ | |/ |/| | | | | debarshiray/wip/rishi/toolbox_test-userns-keepid-HOME Test $HOME when it's parent is bind mounted with --userns=keep-id
| * Test $HOME when it's parent is bind mounted with --userns=keep-idDebarshi Ray2020-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When --userns=keep-id is used, Podman is supposed to set up the home directory of the user inside the container to match that on the host as long as the home directory or any of its parents are marked as volumes to be bind mounted into the container. Currently, the test only considers the case where the home directory itself is bind mounted into the container. It doesn't cover the Podman code that walks through all the bind mounts looking for ancestors in case the home directory itself wasn't specified as a bind mount. Therefore, this improves the existing test added in commit 6ca8067956128585 ("Setup HOME environment when using --userns=keep-id") Note that this test can't be run as root. The home directory of the root user is /root, and it's parent is /. Bind mounting the entire / from the host into the container prevents it from starting: Error: openat2 ``: No such file or directory: OCI not found Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | specgen: keep capabilities with --userns=keep-idGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | | | if --userns=keep-id is specified and not --user is specified, take the unprivileged capabilities code path so that ambient capabilities are honored in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: fix check for root userGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | if the username is specified in the USER:GROUP form, make sure we only check for USER. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: add support for ambient capabilitiesGiuseppe Scrivano2020-11-02
|/ | | | | | | | | | if the kernel supports ambient capabilities (Linux 4.3+), also set them when running with euid != 0. This is different that what Moby does, as ambient capabilities are never set. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #8203 from Luap99/fix-8194OpenShift Merge Robot2020-10-31
|\ | | | | Fix dnsname when joining a different network namespace in a pod
| * Fix dnsname when joining a different network namespace in a podPaul Holzinger2020-10-30
| | | | | | | | | | | | | | | | | | | | When creating a container in a pod the podname was always set as the dns entry. This is incorrect when the container is not part of the pods network namespace. This happend both rootful and rootless. To fix this check if we are part of the pods network namespace and if not use the container name as dns entry. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8100 from QiWang19/mirror-manifestOpenShift Merge Robot2020-10-31
|\ \ | | | | | | manifest list inspect single image
| * | manifest list inspect single imageQi Wang2020-10-30
| |/ | | | | | | | | | | If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8201 from QiWang19/search-limitOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Remove search limit since pagination support
| * | Remove search limit since pagination supportQi Wang2020-10-30
| |/ | | | | | | | | | | Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8177 from rhatdan/wrapOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Stop excessive wrapping of errors
| * | Stop excessive wrapping of errorsDaniel J Walsh2020-10-30
| |/ | | | | | | | | | | | | | | | | | | | | | | Most of the builtin golang functions like os.Stat and os.Open report errors including the file system object path. We should not wrap these errors and put the file path in a second time, causing stuttering of errors when they get presented to the user. This patch tries to cleanup a bunch of these errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8187 from jwhonce/wip/tableOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Restore --format table header support
| * | Restore --format table header supportJhon Honce2020-10-29
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Pod's that share the IPC Namespace need to share /dev/shmDaniel J Walsh2020-10-30
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8174 from rhatdan/errorsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | Podman often reports OCI Runtime does not exist, even if it does
| * | Podman often reports OCI Runtime does not exist, even if it doesDaniel J Walsh2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the OCI Runtime tries to set certain settings in cgroups it can get the error "no such file or directory", the wrapper ends up reporting a bogus error like: ``` Request Failed(Internal Server Error): open io.max: No such file or directory: OCI runtime command not found error {"cause":"OCI runtime command not found error","message":"open io.max: No such file or directory: OCI runtime command not found error","response":500} ``` On first reading of this, you would think the OCI Runtime (crun or runc) were not found. But the error is actually reporting message":"open io.max: No such file or directory Which is what we want the user to concentrate on. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8146 from vrothberg/image-mountsOpenShift Merge Robot2020-10-29
|\ \ \ | |_|/ |/| | new "image" mount type
| * | new "image" mount typeValentin Rothberg2020-10-29
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new "image" mount type to `--mount`. The source of the mount is the name or ID of an image. The destination is the path inside the container. Image mounts further support an optional `rw,readwrite` parameter which if set to "true" will yield the mount writable inside the container. Note that no changes are propagated to the image mount on the host (which in any case is read only). Mounts are overlay mounts. To support read-only overlay mounts, vendor a non-release version of Buildah. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8165 from edsantiago/move_from_dockerioOpenShift Merge Robot2020-10-29
|\ \ | |/ |/| Move from docker.io
| * move from docker.ioEd Santiago2020-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followon to #7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Cirrus: Use google mirror for docker.ioChris Evich2020-10-28
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #8081 from mheon/pod_degradedOpenShift Merge Robot2020-10-28
|\ \ | |/ |/| Add a Degraded state to pods
| * Add a Degraded state to podsMatthew Heon2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | Make a distinction between pods that are completely running (all containers running) and those that have some containers going, but not all, by introducing an intermediate state between Stopped and Running called Degraded. A Degraded pod has at least one, but not all, containers running; a Running pod has all containers running. First step to a solution for #7213. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8157 from rhatdan/volumesOpenShift Merge Robot2020-10-28
|\ \ | | | | | | Add test cases to cover podman volume
| * | Add test cases to cover podman volumeYuhui Jiang2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add test cases to cover below podman volume subcommand: create ls inspect rm prune Signed-off-by: Yuhui Jiang <yujiang@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8102 from ashley-cui/inspectOpenShift Merge Robot2020-10-27
|\ \ \ | | | | | | | | Add pod, volume, network to inspect package
| * | | Add pod, volume, network to inspect packageAshley Cui2020-10-27
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality If the inspect type is not specified using --type, the order of inspection is: containers images volumes networks pods meaning if container that has the same name as an image, podman inspect would return the container inspect. To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple) Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #8145 from ↵OpenShift Merge Robot2020-10-27
|\ \ \ | |/ / |/| | | | | | | | containers/dependabot/go_modules/github.com/containers/common-0.26.2 Bump github.com/containers/common from 0.26.0 to 0.26.3
| * | build(deps): bump github.com/containers/common from 0.26.0 to 0.26.3Daniel J Walsh2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.26.0 to 0.26.3. - [Release notes](https://github.com/containers/common/releases) - [Commits](containers/common@v0.26.0...v0.26.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | System tests: cleanup, make more robustEd Santiago2020-10-26
|/ / | | | | | | | | | | | | | | | | | | | | | | - run test: preserve --runtime test: use a random executable path. And, clean up better. - run test: "look up correct image name" test: use random strings; test both without and with a :tag - events test: use random label strings, add more filter tests Signed-off-by: Ed Santiago <santiago@redhat.com>
* | fix: podman-cp respects "--extract" flagMatej Vasek2020-10-25
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #8096 from ypu/log-driver-testOpenShift Merge Robot2020-10-25
|\ \ | | | | | | Tests: Check different log driver can work with podman logs
| * | Tests: Check different log driver can work with podman logsYiqiao Pu2020-10-22
| | | | | | | | | | | | | | | | | | | | | | | | Add a check step in podman run --log-driver test. Prefer to add it here as it already has a loop to cover all different drivers in this test. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | | filter events by labelsbaude2020-10-23
| | | | | | | | | | | | | | | | | | adding the ability to filter evens by the container labels. this requires that container labels be added to the events data being recorded and subsequently read. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8053 from rhatdan/detachkeysOpenShift Merge Robot2020-10-22
|\ \ \ | | | | | | | | podman create doesn't support creating detached containers
| * | | podman create doesn't support creating detached containersDaniel J Walsh2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Detached containers and detach keys are only created with the podman run, i exec, and start commands. We do not store the detach key sequence or the detach flags in the database, nor does Docker. The current code was ignoreing these fields but documenting that they can be used. Fix podman create man page and --help output to no longer indicate that --detach and --detach-keys works. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8110 from lsm5/cap-net-rawOpenShift Merge Robot2020-10-22
|\ \ \ \ | | | | | | | | | | replace net_raw with setuid
| * | | | replace net_raw with setuidLokesh Mandvekar2020-10-22
| |/ / / | | | | | | | | | | | | | | | | | | | | podman does not allow setting CAP_NET_RAW Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | | Merge pull request #8101 from mheon/net_none_hostnameOpenShift Merge Robot2020-10-22
|\ \ \ \ | | | | | | | | | | Add hostname to /etc/hosts for --net=none
| * | | | Add hostname to /etc/hosts for --net=noneMatthew Heon2020-10-21
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This does not match Docker, which does not add hostname in this case, but it seems harmless enough. Fixes #8095 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #8098 from vrothberg/fix-8082OpenShift Merge Robot2020-10-22
|\ \ \ \ | | | | | | | | | | container create: record correct image name
| * | | | container create: record correct image nameValentin Rothberg2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Record the correct image name when creating a container by using the resolved image name if present. Otherwise, default to using the first available name or an empty string in which case the image must have been referenced by ID. Fixes: #8082 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #7956 from QiWang19/save-rm-sigOpenShift Merge Robot2020-10-22
|\ \ \ \ \ | |_|/ / / |/| | | | Allow save image remove-signatures
| * | | | save image remove signaturesQi Wang2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove signatures to podman save since the image formats do not support signatures Close: #7659 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #8034 from rhatdan/optionsOpenShift Merge Robot2020-10-21
|\ \ \ \ \ | | | | | | | | | | | | Switch help messages from using [flags] to [options]
| * | | | | Switch use of Flags to OptionsDaniel J Walsh2020-10-21
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Want to have man pages match commands, since we have lots of printed man pages with using Options, we will change the command line to use Options in --help. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>