summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Publish IP from YAML (podman play kube)Ashley Cui2020-07-22
| | | | | | podman play kube didn't set host ip correctly from YAML Signed-off-by: Ashley Cui <acui@redhat.com>
* Merge pull request #6992 from rhatdan/apparmorOpenShift Merge Robot2020-07-22
|\ | | | | Support default profile for apparmor
| * Support default profile for apparmorDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can not apply an ApparmorProfile if you specify --privileged. This patch will allow both to be specified simultaniosly. By default Apparmor should be disabled if the user specifies --privileged, but if the user specifies --security apparmor:PROFILE, with --privileged, we should do both. Added e2e run_apparmor_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7044 from rhatdan/remotetestOpenShift Merge Robot2020-07-22
|\ \ | |/ |/| Enable a bunch of remote tests
| * Enable a bunch of remote testsDaniel J Walsh2020-07-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7006 from ashley-cui/umaskOpenShift Merge Robot2020-07-22
|\ \ | | | | | | Add --umask flag for create, run
| * | Add --umask flag for create, runAshley Cui2020-07-21
| | | | | | | | | | | | | | | | | | | | | | | | --umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Ashley Cui <acui@redhat.com>
* | | fix play kube doesn't override dockerfile ENTRYPOINTzhangguanzhang2020-07-22
| |/ |/| | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7037 from edsantiago/batsOpenShift Merge Robot2020-07-21
|\ \ | | | | | | BATS help-message test: improve diagnostics
| * | BATS help-message test: improve diagnosticsEd Santiago2020-07-21
| |/ | | | | | | | | | | | | | | | | | | | | The error messages from the 'podman xxx --help' cross-check test are unhelpful, and cause much wasted time when they trigger. Solution: instead of using the built-in exit-status check in run_podman, do an explicit check outside of run_podman. This lets us die() with a custom, hopefully useful, message. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6902 from vrothberg/events-endpointOpenShift Merge Robot2020-07-21
|\ \ | |/ |/| events endpoint: fix panic and race condition
| * events endpoint: fix panic and race conditionValentin Rothberg2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a potential panic in the events endpoint when parsing the filters parameter. Values of the filters map might be empty, so we need to account for that instead of uncondtitionally accessing the first item. Also apply a similar for race conditions as done in commit f4a2d25c0fca: Fix a race that could cause read errors to be masked. Masking such errors is likely to report red herrings since users don't see that reading failed for some reasons but that a given event could not be found. Another race was the handler closing event channel, which could lead to two kinds of panics: double close, send to close channel. The backend takes care of that. However, make sure that the backend stops working in case the context has been cancelled. Fixes: #6899 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7026 from edsantiago/bats_majorminor_warning_fixOpenShift Merge Robot2020-07-21
|\ \ | | | | | | BATS tests: more resilient remove_same_dev_warning
| * | BATS tests: more resilient remove_same_dev_warningEd Santiago2020-07-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some CI tests are flaking in the SELinux test, possibly because there's a new variation of the "multiple devices" warning I hadn't seen before: WARNING: Creating device "/dev/null" with same type, major and minor as existing "/dev/foodevdir/null". Solution: in remove_same_dev_warning(), remove "multiple" from the match string. Also: fix a Go test that wasn't cleaning up after itself. And add an actual test to it, not just check-exit-status. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6895 from QiWang19/pr-3457OpenShift Merge Robot2020-07-20
|\ \ \ | | | | | | | | Add support for overlay volume mounts in podman.
| * | | Add support for overlay volume mounts in podman.Qi Wang2020-07-20
| |/ / | | | | | | | | | | | | | | | | | | | | | Add support -v for overlay volume mounts in podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Qi Wang <qiwan@redhat.com>
* / / Re-enable a generate kube test that failed on UbuntuMatthew Heon2020-07-20
|/ / | | | | | | | | | | | | | | The fix was a new runc version, which we may have sucked in. Fixes #6506 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / fix: system df error when an image has no namePaul Holzinger2020-07-19
|/ | | | | | | | | | | | | When an image has no name/tag system df will error because it tries to parse an empty name. This commit makes sure we only parse non empty names and set the repository and tag to "<none>" otherwise. Closes #7015 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #6965 from giuseppe/followup-pr6324OpenShift Merge Robot2020-07-17
|\ | | | | allow switching of port-forward approaches in rootless/using slirp4netns
| * network, slirp4netns: add option to allow host loopbackGiuseppe Scrivano2020-07-16
| | | | | | | | | | | | Closes: https://github.com/containers/podman/issues/6912 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * libpod: pass down network optionsGiuseppe Scrivano2020-07-16
| | | | | | | | | | | | do not pass network specific options through the network namespace. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #6975 from baude/rootlessIPMACOpenShift Merge Robot2020-07-15
|\ \ | | | | | | Error on rootless mac and ip addresses
| * | Error on rootless mac and ip addressesBrent Baude2020-07-15
| | | | | | | | | | | | | | | | | | | | | | | | When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125. Fixes: #6972 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #6979 from edsantiago/bats_masked_dirsOpenShift Merge Robot2020-07-15
|\ \ \ | | | | | | | | system tests: check for masked-device leaks
| * | | system tests: check for masked-device leaksEd Santiago2020-07-14
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PR #6957 added a new path (/sys/devs) to an existing list of masked mount points which an unprivileged container should not be able to access. Here we add a test for those: run 'stat' on those devices in the container, and make sure that they are dummies. This is kind of kludgy, and relies on heuristics that may not be 100% accurate. It also adds duplication, a list that must be kept in sync with the original list in pkg/specgen/generate/config_linux.go. I'd love to hear suggestions on how to do it better. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6958 from edsantiago/batsOpenShift Merge Robot2020-07-15
|\ \ \ | |_|/ |/| | system tests: new tests for run, exec
| * | system tests: new tests for run, execEd Santiago2020-07-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Issue #6735 : problem with multiple namespaces; confirms combinations of --userns=keep-id, --privileged, --user=XX - Issue #6829 : --userns=keep-id will add a /etc/passwd entry - Issue #6593 : podman exec, with --userns=keep-id, errors (test is currently skipped because issue remains live) ...and, addendum: add new helper function, remove_same_dev_warning. Some CI systems issue a warning on podman run --privileged: WARNING: The same type, major and minor should not be used for multiple devices. We already had special-case code to ignore than in the SELinux test, but now we're seeing it in the new run tests I added, so I've refactored the "ignore this warning" code and written tests for the removal code. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6949 from AkihiroSuda/fix-6948OpenShift Merge Robot2020-07-15
|\ \ | | | | | | Fix "Error: unrecognized protocol \"TCP\" in port mapping"
| * | Fix "Error: unrecognized protocol \"TCP\" in port mapping"Akihiro Suda2020-07-15
| |/ | | | | | | | | | | | | | | "TCP" in upper characters was not recognized as a valid protocol name. Fix #6948 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | Merge pull request #6978 from edsantiago/apiv2_flake_fixOpenShift Merge Robot2020-07-15
|\ \ | | | | | | APIv2 tests: fix race condition causing CI flake
| * | APIv2 tests: fix race condition causing CI flakeEd Santiago2020-07-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A newly-added test in #6835 was flaking in CI with: not ok 143 [20-containers] DELETE libpod/containers/SHA 500 cannot remove container <sha> as it is running - running or paused containers cannot be removed without force: container state improper Root cause: DELETE being run immediately after container start. Although the container is short-lived, it does take time to run and exit. Solution: wait for container to exit (should be quick) before deleting. This gives us a new test for the /wait endpoint. Also: tweaked some comments for readability, removed unnecessary container ps, added actual container status checks, and added actual message checks to another test that was merely checking exit status. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6956 from mheon/add_ports_to_pod_inspectOpenShift Merge Robot2020-07-15
|\ \ | |/ |/| Include infra container information in `pod inspect`
| * Fix lintMatthew Heon2020-07-14
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Include infra container information in `pod inspect`Matthew Heon2020-07-14
| | | | | | | | | | | | | | | | | | | | We had a field for this in the inspect data, but it was never being populated. Because of this, `podman pod inspect` stopped showing port bindings (and other infra container settings). Add code to populate the infra container inspect data, and add a test to ensure we don't regress again. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #6939 from rhatdan/entrypointOpenShift Merge Robot2020-07-14
|\ \ | | | | | | Fix handling of entrypoint
| * | Fix handling of entrypointDaniel J Walsh2020-07-14
| |/ | | | | | | | | | | | | If a user specifies an entrypoint of "" then we should not use the images entrypoint. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Add SystemdMode to inspect for containersMatthew Heon2020-07-14
|/ | | | | | | | | This allows us to determine if the container auto-detected that systemd was in use, and correctly activated systemd integration. Use this to wire up some integration tests to verify that systemd integration is working properly. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6952 from baude/systemdpid1fixOpenShift Merge Robot2020-07-14
|\ | | | | add systemd to fedora image
| * Fix systemd pid 1 testBrent Baude2020-07-13
| | | | | | | | | | | | | | | | | | | | fedora removed the systemd package from its standard container image causing our systemd pid1 test to fail. Replacing usage of fedora to ubi-init. adding ubi images to the cache for local tests. also, remove installation of test/policy.json to the system wide /etc/containers Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6842 from rhatdan/pids-limitOpenShift Merge Robot2020-07-13
|\ \ | |/ |/| Pids-limit should only be set if the user set it
| * Pids-limit should only be set if the user set itDaniel J Walsh2020-07-10
| | | | | | | | | | | | | | | | | | | | Currently we are sending over pids-limits from the user even if they never modified the defaults. The pids limit should be set at the server side unless modified by the user. This issue has led to failures on systems that were running with cgroups V1. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6896 from mheon/fix_remote_createcommandOpenShift Merge Robot2020-07-13
|\ \ | | | | | | Fix container and pod create commands for remote create
| * | Fix container and pod create commands for remote createMatthew Heon2020-07-10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In `podman inspect` output for containers and pods, we include the command that was used to create the container. This is also used by `podman generate systemd --new` to generate unit files. With remote podman, the generated create commands were incorrect since we sourced directly from os.Args on the server side, which was guaranteed to be `podman system service` (or some variant thereof). The solution is to pass the command along in the Specgen or PodSpecgen, where we can source it from the client's os.Args. This will still be VERY iffy for mixed local/remote use (doing a `podman --remote run ...` on a remote client then a `podman generate systemd --new` on the server on the same container will not work, because the `--remote` flag will slip in) but at the very least the output of `podman inspect` will be correct. We can look into properly handling `--remote` (parsing it out would be a little iffy) in a future PR. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6936 from mheon/matt_cant_countOpenShift Merge Robot2020-07-11
|\ \ | | | | | | Correctly print STDOUT on non-terminal remote exec
| * | Correctly print STDOUT on non-terminal remote execMatthew Heon2020-07-10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | I confused STDIN and STDOUT's file descriptors (it's 0 and 1, I thought they were 1 and 0). As such, we were looking at whether we wanted to print STDIN when we looked to print STDOUT. This bool was set when `-i` was set in at the `podman exec` command line, which masked the problem when it was set. Fixes #6890 Fixes #6891 Fixes #6892 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / version/info: format: allow more json variantsValentin Rothberg2020-07-10
|/ | | | | | | | | Allow more variants to yield json output for `podman version` and `podman info`. Instead of comparing strings, use a regex and add unit and e2e tests. Fixes: #6927 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6906 from rhatdan/VENDOROpenShift Merge Robot2020-07-09
|\ | | | | Vendor in new version of Buildah
| * Vendor in new version of BuildahDaniel J Walsh2020-07-09
| | | | | | | | | | | | This also pulls in latest runc and containers/common Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6835 from zhangguanzhang/masterOpenShift Merge Robot2020-07-09
|\ \ | | | | | | fix API: Create container with an invalid configuration
| * | fix API: Create container with an invalid configurationzhangguanzhang2020-07-09
| |/ | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>