summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Disable SELinux labeling if --privilegedDaniel J Walsh2018-10-02
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Vendor in the latest containers/storage, image and buildahDaniel J Walsh2018-09-29
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* run complex image names with short namesbaude2018-09-28
| | | | | | | | | | | | | In cases where the image name is more complex like: quay/baude/alpine_nginx:latest and is not from the docker registry, we need to be able to run the image by its shortname such as baude/alpine_nginx. The same goes when the image is not from a registry but instead has the localhost repository. This resolves buildah issue #1034 Signed-off-by: baude <bbaude@redhat.com>
* podman runs disabled containers and privileged containers as spc_tDaniel J Walsh2018-09-27
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rework CI tests to test on VMsbaude2018-09-26
| | | | | | | | | | | | | | | | | | | | | This PR makes several key changes to our CI testing. Firstly, we now test podman on fedora 28, fedora 29, and centos VMS (rather than containers). Any of these that having failing tests are not marked as required yet. We still preserve the podman in podman and podman in docker tests as well and they are marked as required. The lint and validate work is now done on a openshift container. We also removed the rpm verification on papr and perform this test under the "images" test on the openshift ci. This PR exposes integration test fails on some of our OSs. My expectation is we will fix those in additional PRs and as they are fixed, we should be flipping the boolean bit to required. Signed-off-by: baude <bbaude@redhat.com> Closes: #1492 Approved by: mheon
* Put openshift dockerfiles in test/installbaude2018-09-25
| | | | | | | | | Move the location of the openshift dockerfiles and delete the old one. Signed-off-by: baude <bbaude@redhat.com> Closes: #1542 Approved by: mheon
* Add --mount option for `create` & `run` commandDaniel J Walsh2018-09-21
| | | | | | | | Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1524 Approved by: mheon
* test, rootless: enforce cgroupfs managerGiuseppe Scrivano2018-09-20
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1515 Approved by: baude
* Add new tests for ipc namespace sharingDaniel J Walsh2018-09-17
| | | | | | | | | | We seem to be having a few flakes on namespace sharing. Adding this test to make sure sharing with the host is working correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1485 Approved by: mheon
* change search test to look for fedora and not fedora-minimalbaude2018-09-14
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Search registries with an empty queryUrvashi Mohnani2018-09-13
| | | | | | | | | | | | | | Adds functionality to search registries implementing the v2 endpoint with an empty query, that is the results will be all the available images on the registries. If this is tried with a v1 registry an error will occur. To search a whole registry, there needs to be a trailing slash at the end, i.e `podman search registry.fedoraproject.org/`. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com> Closes: #1444 Approved by: rhatdan
* run different cgroup tests depending on conditionsbaude2018-09-12
| | | | | | | | | | | | | | when running podman's integration tests, we need to be able to understand our environment because the podman command will differ as will the results. there is no 100% way to know if we are in a container, but using a combination of container= and checking /proc seemed reasonable for our test suite. non of this code is run in podman proper. Signed-off-by: baude <bbaude@redhat.com> Closes: #1441 Approved by: mheon
* Pass on securityOpts from podInfraContainer to container added to pod.Daniel J Walsh2018-09-11
| | | | | | | | | | This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way. Signed-off-by: haircommander <pehunt@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1347 Approved by: mheon
* Fix pod sharing for utsmodeDaniel J Walsh2018-09-07
| | | | | | | | | | | | | We should be sharing cgroups namespace by default in pods uts namespace sharing was broken in pods. Create a new libpod/pkg/namespaces for handling of namespace fields in containers Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1418 Approved by: mheon
* Add first pass for baseline pod testsbaude2018-09-07
| | | | | | | | | | | This bash script is meant to compliment the podman baseline test script. It primarily focuses on exercising the common actions of pods. Signed-off-by: baude <bbaude@redhat.com> Closes: #1421 Approved by: rhatdan
* Change shm test to be less flaky.Daniel J Walsh2018-09-07
| | | | | | | | | | | This tests fails a lot, I think because of a race condition. Changing to just make sure the inode of the /dev/shm on the host is the same as inside the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1420 Approved by: mheon
* Update WaitForTimeOut to output OutputString to help with debugging.Daniel J Walsh2018-09-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1416 Approved by: baude
* Fixups for baseline test scriptbaude2018-09-06
| | | | | | | | | | | Small amount of clean up on the baseline script to handle failing on error. I also added an option to not use docker at all for platoforms where docker cannot be installed. Signed-off-by: baude <bbaude@redhat.com> Closes: #1411 Approved by: rhatdan
* rmi remove all not error when no images are presentbaude2018-09-05
| | | | | | | | | | When running podman rm -a on a storage where no images exist, the exit code should NOT be non-zero. Signed-off-by: baude <bbaude@redhat.com> Closes: #1402 Approved by: rhatdan
* rootless: check uid with Geteuid() instead of Getuid()Giuseppe Scrivano2018-09-04
| | | | | | | | | | | | change the tests to use chroot to set a numeric UID/GID. Go syscall.Credential doesn't change the effective UID/GID of the process. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless, tests: add tests for the pod commandGiuseppe Scrivano2018-09-04
| | | | | | | | | | also refactor the rootless_test.go to facilitate running a test in a rootless context. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1372 Approved by: mheon
* rootless: fix topGiuseppe Scrivano2018-08-29
| | | | | | | | | | join the user namespace used to create the container so that psgo can work in the same way as with root containers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1371 Approved by: rhatdan
* allow specification of entrypoint in the form of a sliceDaniel J Walsh2018-08-28
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1352 Approved by: mheon
* rootless, search: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* rootless, kill: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* rootless, stop: do not create a new usernsGiuseppe Scrivano2018-08-28
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1360 Approved by: vrothberg
* Fix handling of multiple filters in podman psMatthew Heon2018-08-27
| | | | | | | | | | | | | Docker expects multiple filters to be passed with multiple uses of the --filter flag (e.g. --filter=label=a=b --filter=label=c=d) and not a single comma-separated list of filters as we expected. Convert to the Docker format, and make some small cleanups to our handling of filters along the way. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1345 Approved by: umohnani8
* Fix Mount PropagationGiuseppe Scrivano2018-08-27
| | | | | | | | | Default mount propagation inside of containes should be private Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1305 Approved by: mheon
* rootless: fix --ipc=hostGiuseppe Scrivano2018-08-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* rootless, tests: add test for --uts=hostGiuseppe Scrivano2018-08-27
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1349 Approved by: rhatdan
* rootless: don't use kill --allGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | The OCI runtime might use the cgroups to see what PIDs are inside the container, but that doesn't work with rootless containers. Closes: https://github.com/containers/libpod/issues/1337 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* rootless: exec handle processes that create an user namespaceGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | Manage the case where the main process of the container creates and joins a new user namespace. In this case we want to join only the first child in the new hierarchy, which is the user namespace that was used to create the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* rootless: fix execGiuseppe Scrivano2018-08-26
| | | | | | | | | | | | | | | | | | | | | We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
* Move whale-says test to end of baselineTomSweeneyRedHat2018-08-25
| | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #1346 Approved by: rhatdan
* Do not try to enable AppArmor in rootless modeMarco Vedovati2018-08-24
| | | | | | | | | | | When in rootless mode it's not possible to load profiles or check which profiles are loaded. Added a few baseline tests to check all possible cases. Signed-off-by: Marco Vedovati <mvedovati@suse.com> Closes: #1250 Approved by: mheon
* exposes tcp port only if no proto specified.Kunal Kushwaha2018-08-24
| | | | | | | | | | Also it fix the issue of exposing both tc/udp port even if only one proto specified. Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> Closes: #1325 Approved by: mheon
* Fixing network ns segfaulthaircommander2018-08-23
| | | | | | | | | As well as small style corrections, update pod_top_test to use CreatePod, and move handling of adding a container to the pod's namespace from container_internal_linux to libpod/option. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Change pause container to infra containerhaircommander2018-08-23
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Added option to share kernel namespaces in libpod and podmanhaircommander2018-08-23
| | | | | | | | | A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1187 Approved by: mheon
* Add podman pod tophaircommander2018-08-23
| | | | | | | | | Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests. Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1298 Approved by: mheon
* Swap test image in exec test to fedora for useraddMatthew Heon2018-08-23
| | | | | | | | | | We need a useradd binary in the container for this test, so swap from Alpine to fedora-minimal. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1315 Approved by: vrothberg
* Add tests for exec --userMatthew Heon2018-08-23
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1315 Approved by: vrothberg
* test: ad more tests for rootless containersGiuseppe Scrivano2018-08-22
| | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1323 Approved by: umohnani8
* Fixed segfault in stats where container had netNS none or from containerhaircommander2018-08-21
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1306 Approved by: rhatdan
* Enable pod stats with short ID and namehaircommander2018-08-21
| | | | | | | Signed-off-by: haircommander <pehunt@redhat.com> Closes: #1307 Approved by: rhatdan
* Fix handling of devicesDaniel J Walsh2018-08-20
| | | | | | | | | | | | | | Devices are supposed to be able to be passed in via the form of --device /dev/foo --device /dev/foo:/dev/bar --device /dev/foo:rwm --device /dev/foo:/dev/bar:rwm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1299 Approved by: umohnani8
* podman: fix --uts=hostGiuseppe Scrivano2018-08-17
| | | | | | | | | | | | | | | Do not set any hostname value in the OCI configuration when --uts=host is used and the user didn't specify any value. This prevents an error from the OCI runtime as it cannot set the hostname without a new UTS namespace. Differently, the HOSTNAME environment variable is always set. When --uts=host is used, HOSTNAME gets the value from the host. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1280 Approved by: baude
* podman pod statsbaude2018-08-17
| | | | | | | | | add the ability to monitor container statistics in a pod. Signed-off-by: baude <bbaude@redhat.com> Closes: #1265 Approved by: rhatdan
* switch projectatomic to containersDaniel J Walsh2018-08-16
| | | | | | | | | | Need to get some small changes into libpod to pull back into buildah to complete buildah transition. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1270 Approved by: mheon
* Fix handling of hostname in --net=hostDaniel J Walsh2018-08-15
| | | | | | | | | Hostname should be set to the hosts hostname when network is none. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1274 Approved by: giuseppe