summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Add support for RunAsUser and RunAsGroupDaniel J Walsh2019-11-06
| | | | | | | | | | Currently podman generate kube does not generate the correct RunAsUser and RunAsGroup options in the yaml file. This patch fixes this. This patch also make `podman play kube` use the RunAdUser and RunAsGroup options if they are specified in the yaml file. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4370 from rhatdan/seccompOpenShift Merge Robot2019-11-05
|\ | | | | Set SELinux labels based on the security context in the kube.yaml
| * Set SELinux labels based on the security context in the kube.yamlDaniel J Walsh2019-11-05
| | | | | | | | | | | | | | If the kube.yaml specifieds the SELinux type or Level, we need the container to be launched with the correct label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | namespaces: by default create cgroupns on cgroups v2Giuseppe Scrivano2019-11-05
|/ | | | | | | | | | | | | | | | change the default on cgroups v2 and create a new cgroup namespace. When a cgroup namespace is used, processes inside the namespace are only able to see cgroup paths relative to the cgroup namespace root and not have full visibility on all the cgroups present on the system. The previous behaviour is maintained on a cgroups v1 host, where a cgroup namespace is not created by default. Closes: https://github.com/containers/libpod/issues/4363 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* logs: support --tail 0Giuseppe Scrivano2019-10-31
| | | | | | | | | change the default to -1, so that we can change the semantic of "--tail 0" to not print any existing log line. Closes: https://github.com/containers/libpod/issues/4396 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #4394 from vrothberg/fix-startOpenShift Merge Robot2019-10-31
|\ | | | | container start: fix regression when using name
| * container start: fix regression when using nameValentin Rothberg2019-10-31
| | | | | | | | | | | | | | | | | | | | | | | | | | When starting a container by using its name as a reference, we should print the name instead of the ID. We regressed on this behaviour with commit b4124485ae7e which made it into Podman v1.6.2. Kudos to openSUSE testing for catching it. To prevent future regressions, extend the e2e tests to check the printed container name/ID. Reported-by: @sysrich Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Fix selinux test for execDaniel J Walsh2019-10-31
|/ | | | | | We want to make sure that the process label of pid 1 is the same as the process label of a process execed into the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4305 from mheon/fix_volume_mountOpenShift Merge Robot2019-10-30
|\ | | | | Wait for `mount` command to finish when mounting volume
| * Wait for `mount` command to finish when mounting volumeMatthew Heon2019-10-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | command.Start() just starts the command. That catches some errors, but the nasty ones - bad options and similar - happen when the command runs. Use CombinedOutput() instead - it waits for the command to exit, and thus catches non-0 exit of the `mount` command (invalid options, for example). STDERR from the `mount` command is directly used, which isn't necessarily the best, but we can't really get much more info on what went wrong. Fixes #4303 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4376 from giuseppe/drop-ostreeOpenShift Merge Robot2019-10-30
|\ \ | | | | | | build: drop support for ostree
| * | build: drop support for ostreeGiuseppe Scrivano2019-10-30
| | | | | | | | | | | | | | | | | | | | | it is going to be removed from containers/image as well, so no longer depend on it. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4372 from rhatdan/execOpenShift Merge Robot2019-10-30
|\ \ \ | | | | | | | | Processes execed into container should match container label
| * | | Processes execed into container should match container labelDaniel J Walsh2019-10-29
| | | | | | | | | | | | | | | | | | | | | | | | Processes execed into a container were not being run with the correct label. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #4369 from baude/golandautocodecorrectionsOpenShift Merge Robot2019-10-30
|\ \ \ \ | |_|/ / |/| | | goland autocorrections
| * | | goland autocorrectionsbaude2019-10-29
| |/ / | | | | | | | | | | | | | | | | | | just ran the autocorrect code corrections from goland and it found a few nits. Signed-off-by: baude <bbaude@redhat.com>
* / / Add e2e tests for manifest list supportNalin Dahyabhai2019-10-29
|/ / | | | | | | | | | | | | | | | | | | Test that when we pull using tag or digest references from locations that are manifest lists, that we can inspect using the references that we used for pulling, that the tags show up in the RepoTag list when we inspect an image that was pulled using a tag, and that the list and instance digests always both show up in the RepoDigest list. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #4110 from mheon/fix_sigproxy_testsOpenShift Merge Robot2019-10-29
|\ \ | |/ |/| Fix sig-proxy=false test and use image cache
| * Fix sig-proxy=false test and use image cacheMatthew Heon2019-10-22
| | | | | | | | | | | | | | | | | | | | | | Pulling fedora-minimal was potentially causing timeouts, which is bad. Using the cache avoids that. Sig-proxy=false test was entirely nonfunctional - I think we didn't update it when we fixed sig-proxy=true to be less racy. It was still passing, which is concerning. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #4329 from mheon/no_noexec_image_volumeOpenShift Merge Robot2019-10-24
|\ \ | | | | | | Image volumes should not be mounted noexec
| * | Image volumes should not be mounted noexecMatthew Heon2019-10-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker more closely, but retains the more important protections of nosuid/nodev. Fixes #4318 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4298 from mheon/uid_gid_optionsOpenShift Merge Robot2019-10-24
|\ \ \ | |/ / |/| | Add parsing for UID, GID in volume "o" option
| * | Add parsing for UID, GID in volume "o" optionMatthew Heon2019-10-22
| | | | | | | | | | | | | | | | | | | | | Everything else is a flag to mount, but "uid" and "gid" are not. We need to parse them out of "o" and handle them separately. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | stats: list all running containers unless specified otherwiseValentin Rothberg2019-10-23
|/ / | | | | | | | | | | | | | | | | | | Unless specified otherwise by --all, --latest or via arguments, list all running containers. This matches the behaviour of Docker and is also illustrated in the man pages where containers and options are marked to be optional. Fixes: #4274 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #4287 from mheon/anonymous_volumesOpenShift Merge Robot2019-10-22
|\ \ | | | | | | Add support for anonymous volumes to `podman run -v`
| * | Add support for anonymous volumes to `podman run -v`Matthew Heon2019-10-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, when `podman run` encountered a volume mount without separate source and destination (e.g. `-v /run`) we would assume that both were the same - a bind mount of `/run` on the host to `/run` in the container. However, this does not match Docker's behavior - in Docker, this makes an anonymous named volume that will be mounted at `/run`. We already have (more limited) support for these anonymous volumes in the form of image volumes. Extend this support to allow it to be used with user-created volumes coming in from the `-v` flag. This change also affects how named volumes created by the container but given names are treated by `podman run --rm` and `podman rm -v`. Previously, they would be removed with the container in these cases, but this did not match Docker's behaviour. Docker only removed anonymous volumes. With this patch we move to that model as well; `podman run -v testvol:/test` will not have `testvol` survive the container being removed by `podman rm -v`. The sum total of these changes let us turn on volume removal in `--rm` by default. Fixes: #4276 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #4284 from mheon/fix_vol_inspectOpenShift Merge Robot2019-10-21
|\ \ \ | | | | | | | | Show volume options in 'volume inspect'
| * | | Show volume options in 'volume inspect'Matthew Heon2019-10-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | We initialized the map to show them, but didn't actually copy them in, so they weren't being displayed. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Merge pull request #4241 from haircommander/kube-test-refactorOpenShift Merge Robot2019-10-18
|\ \ \ \ | | | | | | | | | | play kube: refactor test suite
| * | | | play kube: Container->CtrPeter Hunt2019-10-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for berevity Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | | | play kube: refactor test suitePeter Hunt2019-10-11
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The play kube test suite has many different cases to cover, and should only grow in coverage over time The old design was difficult to extend, and there was lots of duplicated code. The largest pain point was the Container struct needed to be changed often, and doing so caused changes every test case Instead, adopt the `withOption` idiom. Now, adding a new option for customizing just involves adding a new withOption function, and changing the struct definition and initialization in one place. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | | System tests: make sure exec pid hash w/o leakingAlex Jia2019-10-18
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | podman exec leaks an exec_pid_<hash> file for every exec in tmpfs, it's known rhbz#1731117, this case makes sure leakage issue has been fixed. rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1731117 Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
* | | Refactor tests when checking for error exit codesJhon Honce2019-10-16
| |/ |/| | | | | | | | | | | Rather than checking for non-zero, we need to check for >0 to distinguish between timeouts and error exit codes. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Add a MissingRuntime implementationMatthew Heon2019-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container is created with a given OCI runtime, but then it is uninstalled or removed from the configuration file, Libpod presently reacts very poorly. The EvictContainer code can potentially remove these containers, but we still can't see them in `podman ps` (aside from the massive logrus.Errorf messages they create). Providing a minimal OCI runtime implementation for missing runtimes allows us to behave better. We'll be able to retrieve containers from the database, though we still pop up an error for each missing runtime. For containers which are stopped, we can remove them as normal. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | inspect: rename ImageID go field to ImageValentin Rothberg2019-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The json field is called `Image` while the go field is called `ImageID`, tricking users into filtering for `Image` which ultimately results in an error. Hence, rename the field to `Image` to align json and go. To prevent podman users from regressing, rename `Image` to `ImageID` in the specified filters. Add tests to prevent us from regressing. Note that consumers of the go API that are using `ImageID` are regressing; ultimately we consider it to be a bug fix. Fixes: #4193 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | images: empty list is valid json with --format=jsonGiuseppe Scrivano2019-10-11
| | | | | | | | | | | | | | | | | | similar change to f7d55d64e7040cdad149684234ea150b0a90cf0e with images --format=json, be sure the output is valid json also when it is an empty list. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4238 from giuseppe/rootless-enable-ps-size-testsOpenShift Merge Robot2019-10-11
|\ \ | | | | | | tests: enable ps --size tests for rootless
| * | tests: enable ps --size tests for rootlessGiuseppe Scrivano2019-10-11
| | | | | | | | | | | | | | | | | | | | | rootless podman is using a single user namespace for all the containers so it can safely access the storage for all of them. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #4237 from giuseppe/ps-not-nullOpenShift Merge Robot2019-10-11
|\ \ \ | |/ / |/| | container: initialize results list
| * | container: initialize results listGiuseppe Scrivano2019-10-11
| |/ | | | | | | | | | | | | | | | | it solves: $ podman ps --format=json null Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4206 from giuseppe/systemd-mode-look-full-pathOpenShift Merge Robot2019-10-10
|\ \ | | | | | | systemd: expect full path /usr/sbin/init
| * | systemd: expect full path /usr/sbin/initGiuseppe Scrivano2019-10-09
| |/ | | | | | | | | | | | | | | | | | | | | | | "init" is a quite common name for the command executed in a container image and Podman ends up using the systemd mode also when not required. Be stricter on enabling the systemd mode and not enable it automatically when the basename is "init" but expect the full path "/usr/sbin/init". Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4181 from cevich/start_test_slower_pollOpenShift Merge Robot2019-10-10
|\ \ | |/ |/| Raise start_test polling interval
| * Raise start_test polling intervalChris Evich2019-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | According to the documentation https://onsi.github.io/gomega/#eventually > the default value for the polling interval is 10 milliseconds That is excessively fast given the observed failures in issue #4021 are always using podman-remote. Lower the interval to 3-seconds, which should be plenty long enough for container removal. Signed-off-by: Chris Evich <cevich@redhat.com>
* | podman network create: validate user inputMrigank Krishan2019-10-04
| | | | | | | | | | | | | | Disallow invalid/confusing names such as '../bar' or 'foo ' Closes #4184 Signed-off-by: Mrigank Krishan <mrigankkrishan@gmail.com>
* | Merge pull request #4174 from cevich/use_bash_not_shOpenShift Merge Robot2019-10-03
|\ \ | | | | | | System-tests: Use bash explicitly
| * | System-tests: Use bash explicitlyChris Evich2019-10-02
| |/ | | | | | | | | | | | | On Ubuntu, /bin/sh != /bin/bash. Update system-tests to only use bash for testing consistency across platforms. Signed-off-by: Chris Evich <cevich@redhat.com>
* / system tests: info: deal with hyphen in usernameEd Santiago2019-10-03
|/ | | | | | | | ...e.g. cloud-user. 9822f54ac was intended to fix this, but it doesn't. Simple and standard solution is to move the dash to the end of the character class. Signed-off-by: Ed Santiago <santiago@redhat.com>
* system tests: reenable skipped testsEd Santiago2019-10-02
| | | | | | | | | Issue #3829 (cp symlinks) has been fixed: enable tests for it And, it looks like podman-remote is now handling exit status of a force-rm'ed container. Enable that test too. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #4001 from kunalkushwaha/podman-import-fixOpenShift Merge Robot2019-09-30
|\ | | | | podman import syntax fix