aboutsummaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
...
* | | | --userns=keep-id,nomap are not allowed in rootful modeDaniel J Walsh2022-06-08
| |/ / |/| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14220 from Luap99/resolvconfOpenShift Merge Robot2022-06-07
|\ \ \ | | | | | | | | use resolvconf package from c/common/libnetwork
| * | | test/e2e: network dis-/connect test remove unhelpful assertionsPaul Holzinger2022-06-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | Using `To(BeTrue()/BeFalse())` provides very bas error messages. It is not clear to a log reader what went wrong. Using ContainsSubstring() make the error message much more useful. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14483 from ↵OpenShift Merge Robot2022-06-07
|\ \ \ | | | | | | | | | | | | | | | | jakecorrenti/restart-privelaged-containers-after-host-device-change Privileged containers can now restart if the host devices change
| * | | Privileged containers can now restart if the host devices changeJake Correnti2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a privileged container is running, stops, and the devices on the host change, such as a USB device is unplugged, then a container would no longer start. Previously, the devices from the host were only being added to the container once: when the container was created. Now, this happens every time the container starts. I did this by adding a boolean to the container config that indicates whether to mount all of the devices or not, which can be set via an option. During spec generation, if the `MountAllDevices` option is set in the container config, all host devices are added to the container. Additionally, a couple of functions from `pkg/specgen/generate/config_linux.go` were moved into `pkg/util/utils_linux.go` as they were needed in multiple packages. Closes #13899 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | Infra Inheritance patchcdoern2022-06-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | infra was overriding options that it should be appending rather than resetting. fix this by appending the given container's spec to the compatible options before marshaling/unmarshaling resolves #14454 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | libpod: store network status when userns is usedPaul Holzinger2022-06-07
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container with a userns is created the network setup is special. Normally the netns is setup before the oci runtime container is created, however with a userns the container is created first and then the network is setup. In the second case we never saved the container state afterwards. Because of it, podman inspect would not show the network info and network teardown will not happen. This worked with local podman because there was a save() call later in the code path which then also saved the network status. But in the podman API code path this save never happened thus all containers started via API had this problem. Fixes #14465 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14474 from flouthoc/non-volatile-overlay-volumeOpenShift Merge Robot2022-06-06
|\ \ \ | | | | | | | | overlay-volumes: add support for non-volatile `upperdir`,`workdir` for `overlay` volumes
| * | | overlay-volumes: add support for non-volatile upperdir,workdir for anonymous ↵Aditya R2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volumes Similar feature was added for named overlay volumes here: https://github.com/containers/podman/pull/12712 Following PR just mimics similar feature for anonymous volumes. Often users want their anonymous overlayed volumes to be `non-volatile` in nature that means that same `upper` dir can be re-used by one or more containers but overall of nature of volumes still have to be overlay so work done is still on a overlay not on the actual volume. Following PR adds support for more advanced options i.e custom `workdir` and `upperdir` for overlayed volumes. So that users can re-use `workdir` and `upperdir` across new containers as well. Usage ```console podman run -it -v /some/path:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #14485 from ashley-cui/flakeOpenShift Merge Robot2022-06-06
|\ \ \ \ | |/ / / |/| | | Fix secret-verify-leak flake: set build context to subdir
| * | | Fix secret-verify-leak flake: set build context to subdirAshley Cui2022-06-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Setting the build context to a dedicated subdir makes sure that the test does not flake when running in parallel, as the test is isolated from other tests that may dump secrets in a higher level context dir. This should have been done in https://github.com/containers/podman/pull/13457, as this makes that PR actually work. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #14453 from ↵OpenShift Merge Robot2022-06-06
|\ \ \ | | | | | | | | | | | | | | | | flouthoc/support-additional-build-context-on-remote remote: enable support for additional `--build-context` on macOS and remote
| * | | tests: buildah-bud fix reason for skipAditya R2022-06-03
| | | | | | | | | | | | | | | | Signed-off-by: Aditya R <arajan@redhat.com>
| * | | podman-remote: enable support for additional build-context on macOS, remoteAditya R2022-06-02
| | |/ | |/| | | | | | | | | | | | | | | | | | | Feature of additional build context added here https://github.com/containers/buildah/pull/3978 already exists on `podman` following PR just enables this feature of `podman-remote` and `podman on macOS` setups. Signed-off-by: Aditya R <arajan@redhat.com>
* | | Cleanup the leftovers used with ginkgo focus optionCosmin Tupangiu2022-06-06
| | | | | | | | | | | | Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
* | | Merge pull request #14477 from Luap99/partial-logsOpenShift Merge Robot2022-06-03
|\ \ \ | |_|/ |/| | podman logs k8s-file: do not reassemble partial log lines
| * | podman logs k8s-file: do not reassemble partial log linesPaul Holzinger2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The backend should not convert partial lines to full log lines. While this works for most cases it cannot work when the last line is partial since it will just be lost. The frontend logic can already display partial lines correctly. The journald driver also works correctly since it does not such conversion. Fixes #14458 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | test/e2e/save_test.go: fix flakeValentin Rothberg2022-06-03
|/ / | | | | | | | | | | | | | | Save at most three images and sort them by size. The test started to flake as _all_ local images were saved which is not neccessary. Fixes: #14468 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14461 from cdoern/infraOpenShift Merge Robot2022-06-02
|\ \ | | | | | | fix pod network handling with a host network
| * | fix pod network handling with a host networkcdoern2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the function `GetDefaultNamespaceMode` for pods checks if we are sharing each namespace and if not, returns the default which in the case of a network is slirp. add a switch case for explicitly checking if the pod's network mode is host and if so, return specgen.Host for the container resolves #13763 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #14460 from cipherboy/align-docker-podman-load-outputOpenShift Merge Robot2022-06-02
|\ \ \ | |/ / |/| | Align docker load and podman load output
| * | Update test output expectationAlexander Scheel2022-06-02
| | | | | | | | | | | | Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* | | Merge pull request #14457 from Luap99/completion4OpenShift Merge Robot2022-06-02
|\ \ \ | | | | | | | | shell completion for paths inside the image/container
| * | | shell completion for paths inside the image/containerPaul Holzinger2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add shell completion for paths inside the container or image. Currently podman run IMAGE [TAB] only uses the default shell completion which suggests paths on the host. This is fine for some cases but often the user wants a path which only exists in the image/container. This commits adds support for that. Both podman create/run can now complete the paths from the image, podman cp ctr:... now completes paths from the actual container. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #14301 from rhatdan/volumeOpenShift Merge Robot2022-06-02
|\ \ \ \ | |/ / / |/| | | Support setting image_volume_mode in containers.conf
| * | | Support setting image_volume_mode in containers.confDaniel J Walsh2022-05-26
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14230 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #14344 from cdoern/podCreateOpenShift Merge Robot2022-06-02
|\ \ \ \ | | | | | | | | | | podman pod create --uidmap patch
| * | | | podman pod create --uidmap patchcdoern2022-06-01
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podmans remote API does not marshal infra's spec due to the fact that if it did, all of those options would be available to the users on the command line. This means we need to manually map "backwards" some container spec items -> pod spec items before calling PodCreate, this was one of them that was forgotten resolves #14233 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #14421 from Luap99/statsOpenShift Merge Robot2022-06-02
|\ \ \ \ | |_|_|/ |/| | | podman stats: work with network connect/disconnect
| * | | podman stats: work with network connect/disconnectPaul Holzinger2022-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardcoding the interface name is a bad idea. We have no control over the actual interface name since the user can change it. The correct thing is to read them from the network status. Since the contianer can have more than one interface we have to add the RX/TX values. The other values are currently not used. For podman 5.0 we should change it so that the API can return the statistics per interface and the client should sum the TX/RX for the command output. This is what docker is doing. Fixes #13824 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | fix "tail 800 lines: journald" flakePaul Holzinger2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test calls podman run -d followed by podman logs. There is no guarantee the the container or conmon has written all its output. Adding an extra podman wait should fix this. Do not remove the -d to not print 1000 unnecessary lines in the logs. Fixes #14362 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | fix podman container restore without CreateNetNSPaul Holzinger2022-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container does not use the default podman netns, for example --network none or --network ns:/path a restore would fail because the specgen check validates that c.config.StaticMAC is nil but the unmarshaller sets it to an empty slice. While we could make the check use len() > 0 I feel like it is more common to check with != nil for ip and mac addresses. Adding omitempty tag makes the json marshal/unmarshal work correctly. This should not cause any issues. Fixes #14389 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #14419 from Luap99/volume-importOpenShift Merge Robot2022-05-31
|\ \ \ \ | | | | | | | | | | podman volume export/import: give better error
| * | | | podman volume export/import: give better errorPaul Holzinger2022-05-30
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the volume does not exist we should output an error stating so and not some generic one. Fixes #14411 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / / / Podman no-new-privileges formatNiall Crowe2022-05-30
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes #14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | | vendor: bump buildah to v1.26.1-0.20220524184833-5500333c2e06Aditya R2022-05-26
| | | | | | | | | | | | | | | | | | Bump buildah to v1.26.1-0.20220524184833-5500333c2e06 Signed-off-by: Aditya R <arajan@redhat.com>
* | | build: allow using cache explicitly with --squash-all using --layersAditya R2022-05-26
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | Buildah already supports using `--layers` with `--squash` after https://github.com/containers/buildah/pull/3674 if user wants to do so hence podman must honor similar configuration in `--squash-all` behaviour if user wants to using cache. PS: We cannot alter behaviour of `podman build --squash` for docker-compat reasons hence this feature can be easily supported by `--squash-all`. Closes: https://github.com/containers/buildah/issues/4011 Signed-off-by: Aditya R <arajan@redhat.com>
* | First batch of resolutions to FIXMEsMatthew Heon2022-05-25
| | | | | | | | | | | | | | | | | | Most of these are no longer relevant, just drop the comments. Most notable change: allow `podman kill` on paused containers. Works just fine when I test it. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #14361 from Luap99/netflakeOpenShift Merge Robot2022-05-25
|\ \ | | | | | | fix f35 integration test network flake
| * | fix f35 integration test network flakePaul Holzinger2022-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I am not 100% sure if this is actually causing the problem but I was able to reproduce locally and this change fixed it there. Without the `-n` option iptables tries to reverse lookup the ips to domain names. This is extremely slow for unknown reasons. Given the large amount of iptables entries due parallel test runs it will not succeed in the default 90 sec timeout. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14358 from vrothberg/todo-part-2OpenShift Merge Robot2022-05-25
|\ \ \ | | | | | | | | Todo part 2
| * | | test/system/250-systemd.bats: clean up outdated TODOValentin Rothberg2022-05-25
| |/ / | | | | | | | | | | | | | | | | | | `podman auto-update` is now properly exercised in the system tests, so we can safely remove the outdated TODO. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14333 from rhatdan/podOpenShift Merge Robot2022-05-25
|\ \ \ | |/ / |/| | Allow podman pod create --share +pid
| * | Allow podman pod create --share +pidDaniel J Walsh2022-05-24
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13422 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14334 from rhatdan/pod1OpenShift Merge Robot2022-05-24
|\ \ \ | | | | | | | | Allow podman pod create to accept name argument
| * | | Allow podman pod create to accept name argumentDaniel J Walsh2022-05-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I am constantly attempting to add the podname to the last argument to podman pod create. Allowing this makes it match podman volume create and podman network create. It does not match podman container create, since podman container create arguments specify the arguments to run with the container. Still need to support the --name option for backwards compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #14346 from edsantiago/helpmsg_testsOpenShift Merge Robot2022-05-24
|\ \ \ \ | |_|/ / |/| | | help-message system test: catch more cases
| * | | help-message system test: catch more casesEd Santiago2022-05-24
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Look for and prevent lower-case arg descriptions: podman cmd [arg] - Look for and prevent optional-mandatory misordering: podman cmd [ARG] ARG - Tighter whitespace checks (and fix podman pod ps) - simplify a no-longer-necessary mess! #8635 fixed the horrible "CONTAINER | IMAGE" strings (with spaces), so there's no longer a need to special-case those. The one-extra-arg check is now much cleaner. Minor refactoring. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #14319 from flouthoc/suppress-aux-on-quietOpenShift Merge Robot2022-05-24
|\ \ \ | |_|/ |/| | compat, build: suppress `step` errors when `quiet=1` is set
| * | compat, build: suppress step errors when quiet is setAditya R2022-05-24
| | | | | | | | | | | | | | | | | | | | | | | | Match with docker API and suppress step errors when field quiet is set. Closes: https://github.com/containers/podman/issues/14315 Signed-off-by: Aditya R <arajan@redhat.com>