From eb2496a77efc1d47a93a1b24548e3761ffe99770 Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Mon, 15 Aug 2022 09:38:57 -0600 Subject: Skip / update some tests under runc Two fixes done in #14972 (the "oops test under runc again" PR which was not backported into 4.2): - "survive service stop" - skip. Test is only applicable under crun. - "volume exec/noexec" - update the expected error message One hail-mary fix for a test failure seen in RHEL87 gating: - "nonexistent labels" - slight tweak to expected error message None of these fixes will actually be tested in CI, because v4.2 does not run any runc tests. We'll have to wait and see what happens on the next RHEL build. Signed-off-by: Ed Santiago --- test/system/160-volumes.bats | 8 ++++---- test/system/251-system-service.bats | 4 ++++ test/system/410-selinux.bats | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index dfc1a8413..6829c6a78 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -149,16 +149,16 @@ EOF # By default, volumes are mounted exec, but we have manually added the # noexec option. This should fail. - # ARGH. Unfortunately, runc (used for cgroups v1) produces a different error + # ARGH. Unfortunately, runc (used for cgroups v1) has different exit status local expect_rc=126 - local expect_msg='.* OCI permission denied.*' if [[ $(podman_runtime) = "runc" ]]; then expect_rc=1 - expect_msg='.* exec user process caused.*permission denied' fi run_podman ${expect_rc} run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript - is "$output" "$expect_msg" "run on volume, noexec" + # crun and runc emit different messages, and even runc is inconsistent + # with itself (output changed some time in 2022?). Deal with all. + assert "$output" =~ 'exec.* permission denied' "run on volume, noexec" # With the default, it should pass run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript diff --git a/test/system/251-system-service.bats b/test/system/251-system-service.bats index edee4a28c..197d1cb18 100644 --- a/test/system/251-system-service.bats +++ b/test/system/251-system-service.bats @@ -17,6 +17,10 @@ function teardown() { @test "podman-system-service containers survive service stop" { skip_if_remote "podman system service unavailable over remote" + local runtime=$(podman_runtime) + if [[ "$runtime" != "crun" ]]; then + skip "survival code only implemented in crun; you're using $runtime" + fi port=$(random_free_port) URL=tcp://127.0.0.1:$port diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index d437465a4..52c428884 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -209,7 +209,7 @@ function check_label() { # https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e # from failed to set /proc/self/attr/keycreate on procfs # to write /proc/self/attr/keycreate: invalid argument - runc) expect="OCI runtime error: .*: \(failed to set|write\) /proc/self/attr/keycreate" ;; + runc) expect="OCI runtime error: .*: \(failed to set\|write\) /proc/self/attr/keycreate.*" ;; *) skip "Unknown runtime '$runtime'";; esac -- cgit v1.2.3-54-g00ecf