summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* System tests: add :Z to volume mountsEd Santiago2021-06-01
| | | | | | | | | | | | | | | | | | | | | | | selinux-policy-34.9-1.fc34 breaks a behavior we've relied on since (at least) January 2020: - Revert "Add permission open to files_read_inherited_tmp_files() interface" That's probably the correct thing to do, but it breaks our existing tests. Solution: add ':Z' where needed. Tested on Ed's laptop, which has the offending selinux-policy as of 2021-05-31. Tests pass root and rootless. (I mention this because tests will obviously pass in CI, which has a much older selinux-policy). Also: add a 'podman rmi' for cleanup in one test, to avoid noise in test logs. Fixes: #10522 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #10383 from rhatdan/kubeOpenShift Merge Robot2021-05-27
|\ | | | | Handle image user and exposed ports in podman play kube
| * Handle image user and exposed ports in podman play kubeDaniel J Walsh2021-05-26
| | | | | | | | | | | | | | | | | | Currently if a user runs an image with a user specified or exposed ports with podman play kube, the fields are ignored. Fixed: https://github.com/containers/podman/issues/9609 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10447 from mheon/rootlesscni_defaultOpenShift Merge Robot2021-05-26
|\ \ | |/ |/| Add the option of Rootless CNI networking by default
| * Add the option of Rootless CNI networking by defaultMatthew Heon2021-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the containers.conf field "NetNS" is set to "Bridge" and the "RootlessNetworking" field is set to "cni", Podman will now handle rootless in the same way it does root - all containers will be joined to a default CNI network, instead of exclusively using slirp4netns. If no CNI default network config is present for the user, one will be auto-generated (this also works for root, but it won't be nearly as common there since the package should already ship a config). I eventually hope to remove the "NetNS=Bridge" bit from containers.conf, but let's get something in for Brent to work with. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | journald logger: fix race conditionValentin Rothberg2021-05-26
|/ | | | | | | | | | | | | | | | | | | | | | | Fix a race in journald driver. Following the logs implies streaming until the container is dead. Streaming happened in one goroutine, waiting for the container to exit/die and signaling that event happened in another goroutine. The nature of having two goroutines running simultaneously is pretty much the core of the race condition. When the streaming goroutines received the signal that the container has exitted, the routine may not have read and written all of the container's logs. Fix this race by reading both, the logs and the events, of the container and stop streaming when the died/exited event has been read. The died event is guaranteed to be after all logs in the journal which guarantees not only consistencty but also a deterministic behavior. Note that the journald log driver now requires the journald event backend to be set. Fixes: #10323 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10430 from sjug/noop_gpu_flagOpenShift Merge Robot2021-05-26
|\ | | | | Add podman run --gpus flag for compatibility
| * Add podman run --gpus flag for compatibilitySebastian Jug2021-05-25
| | | | | | | | | | | | | | - Add log message for --gpus flag - Add test Signed-off-by: Sebastian Jug <seb@stianj.ug>
* | Merge pull request #10408 from Luap99/fix-10283OpenShift Merge Robot2021-05-25
|\ \ | | | | | | Fix network create macvlan with subnet option
| * | Fix network create macvlan with subnet optionPaul Holzinger2021-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Creating a macvlan network with the subnet or ipRange option should set the ipam plugin type to `host-local`. We also have to insert the default route. Fixes #10283 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #10456 from rhatdan/flake1OpenShift Merge Robot2021-05-25
|\ \ \ | | | | | | | | Fix race on podman start --all
| * | | Fix race on podman start --allDaniel J Walsh2021-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure all containers exit after start There is a race condition in that container could still be running when we attempt to remove them. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Fix race condition in running ls container in a podDaniel J Walsh2021-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All of the tests has an assumption that RunLsContainer and RunLsContainerInPod completes the container before returning. But since the container is running in back ground mode, the container could be still running before tools attempt to remove it. Removing the "-d" from the command fixes the container to match the assumption. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10446 from rhatdan/buildOpenShift Merge Robot2021-05-25
|\ \ \ \ | |/ / / |/| | | Handle hard links in different directories
| * | | Handle hard links in different directoriesDaniel J Walsh2021-05-24
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10444 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10436 from rhatdan/errorsOpenShift Merge Robot2021-05-24
|\ \ \ \ | |/ / / |/| | | Improve OCI Runtime error
| * | | Improve OCI Runtime errorDaniel J Walsh2021-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ErrOCIRuntimeNotFound error is misleading. Try to make it more understandable to the user that the OCI Runtime IE crun or runc is not missing, but the command they attempted to run within the container is missing. [NO TESTS NEEDED] Regular tests should handle this. Fixes: https://github.com/containers/podman/issues/10432 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10387 from flouthoc/cgroupv1-v2-infoOpenShift Merge Robot2021-05-24
|\ \ \ \ | | | | | | | | | | Podman info add support for status of standard available cgroup controllers
| * | | | Podman info add support for status of cgroup controllersflouthoc2021-05-24
| |/ / / | | | | | | | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* / / / Handle hard links in remote buildsDaniel J Walsh2021-05-22
|/ / / | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9893 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Match swagger to "as built" outputJhon Honce2021-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove all Types no longer referenced, they were never used A future API breaking version of Podman API, may restore these Types and push formatting into presentation layer vs. server. Fixes #9578 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #10400 from rhatdan/rootOpenShift Merge Robot2021-05-21
|\ \ \ | |_|/ |/| | Clear the storage-options from the graphdriver if users specifies --root
| * | Clear the storage-options from the graphdriver if users specifies --rootDaniel J Walsh2021-05-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10393 Currently if a user specifies a --root flag to override the location of the container storage, we still enforce the storage-opts from storage.conf. This causes issues with people trying to intereact with the additional stores feature, and then forces them to use the obscure --storage-opt="" option. I belive this should be the default and we already do this when the user specifies the --storage-driver option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | add libimage eventsValentin Rothberg2021-05-20
| | | | | | | | | | | | | | | | | | | | | libimage now supports events which `libpod.Runtime` now uses for image events. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10377 from vrothberg/test-commonOpenShift Merge Robot2021-05-20
|\ \ \ | | | | | | | | update c/common
| * | | update c/commonValentin Rothberg2021-05-20
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update containers common to the latest HEAD. Some bug fixes in libimage forced us to have a clearer separation between ordinary images and manifest lists. Hence, when looking up manifest lists without recursing into any of their instances, we need to use `LookupManifestList()`. Also account for some other changes in c/common (e.g., the changed order in the security labels). Further vendor the latest HEAD from Buildah which is required to get the bud tests to pass. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / / Add support for podman manifest rm commandDaniel J Walsh2021-05-19
|/ / | | | | | | | | | | This is mainly to match command line of Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix problem copying files when container is in host pid namespaceDaniel J Walsh2021-05-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When attempting to copy files into and out of running containers within the host pidnamespace, the code was attempting to join the host pidns again, and getting an error. This was causing the podman cp command to fail. Since we are already in the host pid namespace, we should not be attempting to join. This PR adds a check to see if the container is in NOT host pid namespace, and only then attempts to join. Fixes: https://github.com/containers/podman/issues/9985 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | fix: response body of containers wait endpointMatej Vasek2021-05-18
|/ | | | | | | The `Error` part of response must be nil (or omitted) if no error occurred. Before this commit a zero value for the struct was returned. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* Merge pull request #10372 from jwhonce/issues/9238OpenShift Merge Robot2021-05-18
|\ | | | | Break up python APIv2 tests
| * Break up python APIv2 testsJhon Honce2021-05-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Tests broken up into areas of concern * Introduced fixtures to reduce duplicated code * Introduced new assert methods with APITestCase * General cleanup of code while visiting * Tests now targeting quay.io Known issues: * is-official against quay.io not working Fixes: #9238 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #10334 from mheon/add_relabel_vol_pluginOpenShift Merge Robot2021-05-17
|\ \ | | | | | | Ensure that :Z/:z/:U can be used with named volumes
| * | Ensure that :Z/:z/:U can be used with named volumesMatthew Heon2021-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker allows relabeling of any volume passed in via -v, even including named volumes. This normally isn't an issue at all, given named volumes get the right label for container access automatically, but this becomes an issue when volume plugins are involved - these aren't managed by Podman, and may well be unaware of SELinux labelling. We could automatically relabel these volumes on creation, but I'm still reluctant to do that (feels like it could break things). Instead, let's allow :z and :Z to be used with named volumes, so users can explicitly request relabel of a volume plugin-backed volume. We also get :U at the same time. I don't see any real need for it but it also doesn't seem to hurt, so I didn't bother disabling it. Fixes #10273 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #10339 from rhatdan/selinuxOpenShift Merge Robot2021-05-17
|\ \ \ | | | | | | | | Support automatic labeling of kube volumes
| * | | Support automatic labeling of kube volumesDaniel J Walsh2021-05-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow users to specify options on the volume mount path. This will trigger relabels of user specifies :z,:Z Also will handle User Relabels if the user specifies :U Fixes: https://github.com/containers/podman/issues/9371 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10366 from ashley-cui/secretoptionsOpenShift Merge Robot2021-05-17
|\ \ \ | | | | | | | | Support uid,gid,mode options for secrets
| * | | Support uid,gid,mode options for secretsAshley Cui2021-05-17
| |/ / | | | | | | | | | | | | | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #10270 from rhatdan/mtabOpenShift Merge Robot2021-05-17
|\ \ \ | |_|/ |/| | Create the /etc/mtab file if does not exists
| * | Create the /etc/mtab file if does not existsDaniel J Walsh2021-05-15
| |/ | | | | | | | | | | | | | | | | | | | | We should create the /etc/mtab->/proc/mountinfo link so that mount command will work within the container. Docker does this by default. Fixes: https://github.com/containers/podman/issues/10263 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10363 from vrothberg/fix-10350OpenShift Merge Robot2021-05-17
|\ \ | | | | | | image prune: remove unused images only with `--all`
| * | image prune: remove unused images only with `--all`Valentin Rothberg2021-05-17
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a regression in `podman image prune` where unused images were accidentally removed even when `--all=false`. Extend and partially rewrite the e2e tests to make sure we're not regressing again in the future. Fixing the aforementioned issue revealed another issue in the default prune filter. While prune should remove all "dangling" images (i.e., those without tag), it removed only "intermediate" ones; dangling images without children. Remove the mistaken comment from the libimage migration. Also clarify the help message and man page. Fixes: #10350 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9972 from bblenard/issue-5651-hostname-for-container-gatewayOpenShift Merge Robot2021-05-17
|\ \ | | | | | | Add host.containers.internal entry into container's etc/hosts
| * | Add host.containers.internal entry into container's etc/hostsBaron Lenardson2021-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds the entry `host.containers.internal` to the `/etc/hosts` file within a new containers filesystem. The ip address is determined by the containers networking configuration and points to the gateway address for the containers networking namespace. Closes #5651 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | | podman network reload add rootless supportPaul Holzinger2021-05-17
| |/ |/| | | | | | | | | | | | | | | | | Allow podman network reload to be run as rootless user. While it is unlikely that the iptable rules are flushed inside the rootless cni namespace, it could still happen. Also fix podman network reload --all to ignore errors when a container does not have the bridge network mode, e.g. slirp4netns. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #10254 from jmguzik/prune-filter-cliOpenShift Merge Robot2021-05-14
|\ \ | | | | | | Add support for cli network prune --filter flag
| * | Add support for cli network prune --filter flagJakub Guzik2021-05-12
| | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #10294 from Luap99/system-upgrade-testsOpenShift Merge Robot2021-05-12
|\ \ \ | | | | | | | | fix system upgrade tests
| * | | fix system upgrade testsPaul Holzinger2021-05-12
| |/ / | | | | | | | | | | | | | | | Fix many FIXMEs in the upgrade tests. Also add a basic test for pods. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #10300 from jwhonce/issues/10289OpenShift Merge Robot2021-05-12
|\ \ \ | | | | | | | | Add host.serviceIsRemote to podman info results
| * | | Add host.serviceIsRemote to podman info resultsJhon Honce2021-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Developers asked for a deterministic field to verify if podman is running via API or linked directly to libpod library. $ podman info --format '{{.Host.ServiceIsRemote}}' false $ podman-remote info --format '{{.Host.ServiceIsRemote}}' true $ podman --remote info --format '{{.Host.ServiceIsRemote}}' true * docs/conf.py formatted via black Signed-off-by: Jhon Honce <jhonce@redhat.com>