summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* do not set the inheritable capabilitiesGiuseppe Scrivano2022-03-23
| | | | | | | | | The kernel never sets the inheritable capabilities for a process, they are only set by userspace. Emulate the same behavior. Closes: CVE-2022-27649 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #13314 from flouthoc/container-commit-squashOpenShift Merge Robot2022-02-23
|\ | | | | container-commit: support `--squash` to squash layers into one if users want.
| * container-commit: support --squash to squash layers into oneAditya R2022-02-23
| | | | | | | | | | | | | | | | | | | | | | Allow users to commit containers into a single layer. Usage ```bash podman container commit --squash <name> ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13232 from rhatdan/volumesOpenShift Merge Robot2022-02-23
|\ \ | | | | | | Don't log errors on removing volumes inuse, if container --volumes-from
| * | Don't log errors on removing volumes inuse, if container --volumes-fromDaniel J Walsh2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When removing a container created with a --volumes-from a container created with a built in volume, we complain if the original container still exists. Since this is an expected state, we should not complain about it. Fixes: https://github.com/containers/podman/issues/12808 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Cleanup display of trust with transportsDaniel J Walsh2022-02-22
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #13059 from cdoern/cloneOpenShift Merge Robot2022-02-22
|\ \ \ | |_|/ |/| | Implement Podman Container Clone
| * | Implement Podman Container Clonecdoern2022-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman container clone takes the id of an existing continer and creates a specgen from the given container's config recreating all proper namespaces and overriding spec options like resource limits and the container name if given in the cli options this command utilizes the common function DefineCreateFlags meaning that we can funnel as many create options as we want into clone over time allowing the user to clone with as much or as little of the original config as they want. container clone takes a second argument which is a new name and a third argument which is an image name to use instead of the original container's the current supported flags are: --destroy (remove the original container) --name (new ctr name) --cpus (sets cpu period and quota) --cpuset-cpus --cpu-period --cpu-rt-period --cpu-rt-runtime --cpu-shares --cpuset-mems --memory --run resolves #10875 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | system tests: cleanup networks on teardownPaul Holzinger2022-02-21
| |/ |/| | | | | | | | | | | | | When a test which creates a network fail it will not remove the network. The teardown logic should remove the networks. Since there is no --all option for network rm we use network prune --force. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13286 from flouthoc/kube-build-false-defaultOpenShift Merge Robot2022-02-21
|\ \ | | | | | | kube: honor `--build=false` if specified.
| * | kube: honor --build=false and make --build=true by defaultAditya R2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | `podman play kube` tries to build images even if `--build` is set to false so lets honor that and make `--build` , `true` by default so it matches the original behviour. Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #13296 from ↵OpenShift Merge Robot2022-02-21
|\ \ \ | | | | | | | | | | | | | | | | Romain-Geissler-1A/url-and-connection-implies-remote Option --url and --connection should imply --remote.
| * | | Option --url and --connection should imply --remote.Romain Geissler2022-02-19
| |/ / | | | | | | | | | | | | | | | Closes #13242 Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
* | | Merge pull request #13306 from Luap99/flag-errorOpenShift Merge Robot2022-02-21
|\ \ \ | | | | | | | | provide better error on invalid flag
| * | | provide better error on invalid flagPaul Holzinger2022-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a extra `See 'podman command --help'` to the error output. With this patch you now get: ``` $ podman run -h Error: flag needs an argument: 'h' in -h See 'podman run --help' ``` Fixes #13082 Fixes #13002 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | System tests: show one-line config overviewEd Santiago2022-02-21
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We're running into problems that are impossible to diagnose because we have no idea if the SUT is using netavark or CNI. We've previously run into similar problems with runc/crun, or cgroups 1/2. This adds a one-line 'echo' with important system info. Now, when viewing a full test log, it will be possible to view system settings in one glance. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Propagate $CONTAINERS_CONF to conmonDavid Gibson2022-02-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The CONTAINERS_CONF environment variable can be used to override the configuration file, which is useful for testing. However, at the moment this variable is not propagated to conmon. That means in particular, that conmon can't propagate it back to podman when invoking its --exit-command. The mismatch in configuration between the starting and cleaning up podman instances can cause a variety of errors. This patch also adds two related test cases. One checks explicitly that the correct CONTAINERS_CONF value appears in conmon's environment. The other checks for a possible specific impact of this bug: if we use a nonstandard name for the runtime (even if its path is just a regular crun), then the podman container cleanup invoked at container exit will fail. That has the effect of meaning that a container started with -d --rm won't be correctly removed once complete. Fixes #12917 Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | | tests: Remove inaccurate commentDavid Gibson2022-02-18
|/ / | | | | | | | | | | | | | | This comment refers to overiding $PODMAN although the code below does nothing of the sort. Presumbly the comment has been outdated by altering the containers.conf / $CONTAINERS_CONF instead. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* / Fix a potential flake in volume plugins testsMatthew Heon2022-02-17
|/ | | | | | | | | We could remove the container running the volume plugins, before the containers using the volume plugins; this could cause unmounting the volumes to fail because the plugin could not be contacted. Signed-off-by: Matthew Heon <mheon@redhat.com>
* e2e: merge after/since image-filter testsValentin Rothberg2022-02-16
| | | | | | | Merge the two tests to speed up testing. Both built the exact same images. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Changes of docker descriptionsBrent Baude2022-02-15
| | | | | | | | | It looks like some descriptions have changed on the docker registry where we had been searching for images that include 'alpine'. We are now seeing an image in the initial list that has 'alpine' in its description. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fix images since/after testsBrent Baude2022-02-15
| | | | | | | | For the since and after imagve filter tests, instead of using the read-only cache of images, we just use the empty r/w store. We then build three images that are strictly predictable. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #13144 from lsm5/e2e-netavarkOpenShift Merge Robot2022-02-11
|\ | | | | enable netavark specific tests
| * enable netavark specific testsLokesh Mandvekar2022-02-11
| | | | | | | | | | | | | | These are copies of the CNI tests with modifications wherever neccessary. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | Merge pull request #13214 from adrianreber/2022-02-11-fix-testsOpenShift Merge Robot2022-02-11
|\ \ | |/ |/| Fix checkpoint/restore pod tests
| * Fix checkpoint/restore pod testsAdrian Reber2022-02-11
| | | | | | | | | | | | | | | | | | Checkpoint/restore pod tests are not running with an older runc and now that runc 1.1.0 appears in the repositories it was detected that the tests were failing. This was not detected in CI as CI was not using runc 1.1.0 yet. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Make sure building with relative paths work correctly.Daniel J Walsh2022-02-10
|/ | | | | | Fixes: https://github.com/containers/podman/issues/12763 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #13191 from mheon/resolvconf_fixesOpenShift Merge Robot2022-02-10
|\ | | | | Modify /etc/resolv.conf when connecting/disconnecting
| * Modify /etc/resolv.conf when connecting/disconnectingMatthew Heon2022-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `podman network connect` and `podman network disconnect` commands give containers access to different networks than the ones they were created with; these networks can also have DNS servers associated with them. Until now, however, we did not modify resolv.conf as network membership changed. With this PR, `podman network connect` will add any new nameservers supported by the new network to the container's /etc/resolv.conf, and `podman network disconnect` command will do the opposite, removing the network's nameservers from `/etc/resolv.conf`. Fixes #9603 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Add version guard to libpod API endpointsJhon Honce2022-02-09
|/ | | | | | | | | * Ensure meaningful behaviour when called with /v3.x.x semantics * Change return code to 409 from 500 when client attempts to use an existing network name * Update API bats test runner to support /v4.0.0 endpoints by default Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #13159 from Luap99/slirp4-scopeOpenShift Merge Robot2022-02-08
|\ | | | | move rootless netns slirp4netns process to systemd user.slice
| * move rootless netns slirp4netns process to systemd user.slicePaul Holzinger2022-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | When running podman inside systemd user units, it is possible that systemd kills the rootless netns slirp4netns process because it was started in the default unit cgroup. When the unit is stopped all processes in that cgroup are killed. Since the slirp4netns process is run once for all containers it should not be killed. To make sure systemd will not kill the process we move it to the user.slice. Fixes #13153 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #13156 from flouthoc/fix-compat-build-response-headerOpenShift Merge Robot2022-02-07
|\ \ | | | | | | compat: endpoint `/build` must set header `content type` as `application/json` in response header.
| * | compat: endpoint /build must set header content type as application/json in ↵Aditya R2022-02-07
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | reponse Lot of clients are expecting proper `Content-type: application/json` configured in response headers of `/build` compat api. Following commit fixes that. Fixes issues where code is setting header field after writing header which is wrong. We must set `content-type` before we write and flush http header. Signed-off-by: Aditya R <arajan@redhat.com>
* | Cleanup: remove obsolete/misleading bug workaroundEd Santiago2022-02-07
| | | | | | | | | | | | | | Followup to #13129: remove a no-longer-necessary workaround for a healthcheck bug. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #13129 from flouthoc/healthcheck-session-read-from-pipeOpenShift Merge Robot2022-02-07
|\ \ | |/ |/| healthcheck, libpod: Read healthcheck event output from os pipe
| * tests: retrofit healthcheck system testsAditya R2022-02-04
| | | | | | | | | | | | | | | | | | All the healthcheck return output now but systems tests is written to expect empty output which seems wrong. Modify jq output to contain newline character rather than actual newline Signed-off-by: Aditya R <arajan@redhat.com>
| * healthcheck, libpod: Read healthcheck event output from os pipeAditya R2022-02-04
| | | | | | | | | | | | | | | | | | | | It seems we are ignoring output from healthcheck session. Open a valid pipe to healthcheck session in order read its output. Use common pipe for both `stdout/stderr` since that was the previous behviour as well. Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #13143 from Luap99/dnsOpenShift Merge Robot2022-02-04
|\ \ | | | | | | append podman dns search domain
| * | append podman dns search domainPaul Holzinger2022-02-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Append the podman dns seach domain to the host search domains when we use the dnsname/aardvark server. Previously it would only use podman seach domains and discard the host domains. Fixes #13103 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12930 from cdoern/podCgroupOpenShift Merge Robot2022-02-04
|\ \ \ | | | | | | | | Podman pod create --share-parent vs --share=cgroup
| * | | Podman pod create --share-parent vs --share=cgroupcdoern2022-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | separated cgroupNS sharing from setting the pod as the cgroup parent, made a new flag --share-parent which sets the pod as the cgroup parent for all containers entering the pod remove cgroup from the default kernel namespaces since we want the same default behavior as before which is just the cgroup parent. resolves #12765 Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | | System tests: revert emergency skip of checkpoint testsEd Santiago2022-02-03
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Revert #13049. criu-3.16.1-6.fc36 fixes the problem and is now in fc36 stable: https://bodhi.fedoraproject.org/updates/FEDORA-2022-183b337712 (Yes, I confirmed that tests pass on a rawhide vm) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Cirrus: Add netavark/aardvark system test taskChris Evich2022-02-03
| | | | | | | | | | | | | | | | | | | | | Also add a system-test that verifies netavark driver is in use when magic env. var. is set. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #13117 from Luap99/resolvOpenShift Merge Robot2022-02-03
|\ \ \ | | | | | | | | Revert "Move each search dns to its own line"
| * | | Revert "Move each search dns to its own line"Paul Holzinger2022-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit a1bc8cb52cefd49e8cc54ae14d1864b8a1ec216e. Please see resolv.conf(5) search domains must be on the same line. If you use multiple seach key words only the last one is used. I tested this with alpine and it works correctly when they are on the same line so I am not sure what issues Dan had with it but this is not correct. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | system prune: remove all networksPaul Holzinger2022-02-03
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman system prune should also remove all networks. When we want to users to migrate to the new network stack we recommend to run podman system reset. However this did not remove networks and if there were still networks around we would continue to use cni since this was considered an old system. There is one exception for the default network. It should not be removed since this could cause other issues when it no longer exists. The network backend detection logic ignores the default network so this is fine. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12859 from baude/netavarke2eOpenShift Merge Robot2022-02-02
|\ \ \ | |/ / |/| | Enable e2e tests with netavark
| * | netavark e2e testsBrent Baude2022-02-02
| | | | | | | | | | | | | | | | | | enabled e2e tests for netavark Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Move each search dns to its own lineDaniel J Walsh2022-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Alpine does not seem to use search correctly when there are multiple search domains on the same line. It only uses the first with the advent. When podman runs within a separate network we are appending on dns.podman as a search, if you add a search domain, then this causes the local search on network to fail. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>