From c6b205be77fb2a50772cd31267e09503ecd8b6bc Mon Sep 17 00:00:00 2001 From: baude Date: Thu, 14 Mar 2019 12:03:42 -0500 Subject: Enable rootless integration tests Signed-off-by: baude --- .cirrus.yml | 6 +++--- contrib/cirrus/lib.sh | 22 ++++++++++++++-------- contrib/cirrus/rootless_test.sh | 3 +++ contrib/cirrus/setup_environment.sh | 4 ++++ hack/get_ci_vm.sh | 4 ++++ test/e2e/common_test.go | 5 +++++ test/e2e/create_staticip_test.go | 1 + test/e2e/e2e.coverprofile | 18 +++++++++--------- test/e2e/generate_kube_test.go | 4 ++++ test/e2e/healthcheck_run_test.go | 1 + test/e2e/libpod_suite_remoteclient_test.go | 2 ++ test/e2e/libpod_suite_test.go | 5 +++++ test/e2e/pause_test.go | 1 + test/e2e/pod_create_test.go | 1 + test/e2e/pod_infra_container_test.go | 3 +++ test/e2e/pod_kill_test.go | 5 +++++ test/e2e/pod_pause_test.go | 1 + test/e2e/pod_pod_namespaces.go | 1 + test/e2e/pod_stats_test.go | 1 + test/e2e/ps_test.go | 1 + test/e2e/push_test.go | 1 + test/e2e/restart_test.go | 2 ++ test/e2e/rm_test.go | 1 + test/e2e/rootless_test.go | 1 + test/e2e/run_cgroup_parent_test.go | 1 + test/e2e/run_cpu_test.go | 6 ++++++ test/e2e/run_device_test.go | 5 +++++ test/e2e/run_dns_test.go | 1 + test/e2e/run_memory_test.go | 1 + test/e2e/run_networking_test.go | 5 +++++ test/e2e/run_ns_test.go | 2 ++ test/e2e/run_privileged_test.go | 3 +++ test/e2e/run_selinux_test.go | 2 ++ test/e2e/run_staticip_test.go | 1 + test/e2e/run_test.go | 15 +++++++++++++++ test/e2e/run_userns_test.go | 1 + test/e2e/stats_test.go | 1 + test/e2e/systemd_test.go | 1 + 38 files changed, 119 insertions(+), 20 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 8ac87c1d7..01689971a 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -69,9 +69,9 @@ env: #### #### Default to NOT running in rootless-testing mode #### - ROOTLESS_USER: - ROOTLESS_UID: - ROOTLESS_GID: + ROOTLESS_USER: "" + ROOTLESS_UID: "" + ROOTLESS_GID: "" #### #### Credentials and other secret-sauces, decrypted at runtime when authorized. diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 773f4f484..fe5fe7238 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -170,30 +170,36 @@ record_timestamp() { setup_rootless() { req_env_var " ROOTLESS_USER $ROOTLESS_USER - ROOTLESS_UID $ROOTLESS_UID - ROOTLESS_GID $ROOTLESS_GID + #ROOTLESS_UID $ROOTLESS_UID + #ROOTLESS_GID $ROOTLESS_GID GOSRC $GOSRC ENVLIB $ENVLIB " echo "creating $ROOTLESS_UID:$ROOTLESS_GID $ROOTLESS_USER user" - groupadd -g $ROOTLESS_GID $ROOTLESS_USER - useradd -g $ROOTLESS_GID -u $ROOTLESS_UID --no-user-group --create-home $ROOTLESS_USER - chown -R $ROOTLESS_UID:$ROOTLESS_GID "$GOSRC" + #groupadd -g $ROOTLESS_GID $ROOTLESS_USER + #useradd -g $ROOTLESS_GID -u $ROOTLESS_UID --no-user-group --create-home $ROOTLESS_USER + useradd --create-home $ROOTLESS_USER + chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOSRC" echo "creating ssh keypair for $USER" ssh-keygen -P "" -f $HOME/.ssh/id_rsa echo "Allowing ssh key for $ROOTLESS_USER" (umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh") - chown -R $ROOTLESS_UID:$ROOTLESS_GID "/home/$ROOTLESS_USER/.ssh" - install -o $ROOTLESS_UID -g $ROOTLESS_GID -m 0600 \ + chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh" + install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \ "$HOME/.ssh/id_rsa.pub" "/home/$ROOTLESS_USER/.ssh/authorized_keys" + # Makes debugging easier + cat /root/.ssh/authorized_keys >> "/home/$ROOTLESS_USER/.ssh/authorized_keys" + + echo "Configuring subuid and subgid" + echo "${ROOTLESS_USER}:$[ROOTLESS_UID * 100]:65536" | tee -a /etc/subuid >> /etc/subgid echo "Setting permissions on automation files" chmod 666 "$TIMESTAMPS_FILEPATH" echo "Copying $HOME/$ENVLIB" - install -o $ROOTLESS_UID -g $ROOTLESS_GID -m 0700 \ + install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0700 \ "$HOME/$ENVLIB" "/home/$ROOTLESS_USER/$ENVLIB" echo "Configuring user's go environment variables" diff --git a/contrib/cirrus/rootless_test.sh b/contrib/cirrus/rootless_test.sh index 811b7cf2e..d0e2ceb95 100755 --- a/contrib/cirrus/rootless_test.sh +++ b/contrib/cirrus/rootless_test.sh @@ -29,6 +29,9 @@ case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in fedora-29) ;& fedora-28) make + make varlink_generate + make test-binaries + make ginkgo ;; *) bad_os_id_ver ;; esac diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 04c19b3af..7ba6965ba 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -79,6 +79,10 @@ then if run_rootless then setup_rootless + make install.catatonit + go get github.com/onsi/ginkgo/ginkgo + go get github.com/onsi/gomega/... + dnf -y update runc else # Includes some $HOME relative details go env | while read envline diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh index 3c2d193af..70fe93eb5 100755 --- a/hack/get_ci_vm.sh +++ b/hack/get_ci_vm.sh @@ -104,6 +104,10 @@ parse_args(){ then DEPS="PACKAGE_DEPS=false SOURCE_DEPS=true" IMAGE_NAME="$2" + elif [[ "$1" == "-r" ]] + then + DEPS="ROOTLESS_USER=madcowdog ROOTLESS_UID=3210 ROOTLESS_GID=3210" + IMAGE_NAME="$2" else # no -s or -p DEPS="$(get_env_vars)" IMAGE_NAME="$1" diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index afd6d3cf3..54b2cbec2 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -3,6 +3,7 @@ package integration import ( "encoding/json" "fmt" + "github.com/containers/libpod/pkg/rootless" "io/ioutil" "os" "os/exec" @@ -213,7 +214,11 @@ func PodmanTestCreateUtil(tempDir string, remote bool) *PodmanTestIntegration { if os.Getenv("STORAGE_OPTIONS") != "" { storageOptions = os.Getenv("STORAGE_OPTIONS") } + cgroupManager := CGROUP_MANAGER + if rootless.IsRootless() { + cgroupManager = "cgroupfs" + } if os.Getenv("CGROUP_MANAGER") != "" { cgroupManager = os.Getenv("CGROUP_MANAGER") } diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index a67c1a5a8..6c4ca1cb8 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -18,6 +18,7 @@ var _ = Describe("Podman create with --ip flag", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/e2e.coverprofile b/test/e2e/e2e.coverprofile index b5382604f..d413679ea 100644 --- a/test/e2e/e2e.coverprofile +++ b/test/e2e/e2e.coverprofile @@ -1,11 +1,11 @@ mode: atomic -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:14.46,21.20 2 1 -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:31.2,31.19 1 1 -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:38.2,38.53 1 1 -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:65.2,65.52 1 1 -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:21.20,23.17 2 2 -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:26.3,28.36 3 2 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:14.46,21.20 2 3 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:32.2,32.19 1 3 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:39.2,39.53 1 3 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:66.2,66.52 1 3 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:21.20,23.17 2 6 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:26.3,29.36 4 6 github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:23.17,25.4 1 0 -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:31.19,36.3 4 2 -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:38.53,63.3 20 1 -github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:65.52,90.3 20 1 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:32.19,37.3 3 6 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:39.53,64.3 20 3 +github.com/containers/libpod/test/e2e/pod_pod_namespaces.go:66.52,91.3 20 3 \ No newline at end of file diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index 2f0af7e5f..5bcf3b347 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -48,6 +48,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman generate kube on container", func() { + SkipIfRootless() session := podmanTest.RunTopContainer("top") session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -61,6 +62,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman generate service kube on container", func() { + SkipIfRootless() session := podmanTest.RunTopContainer("top") session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -74,6 +76,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman generate kube on pod", func() { + SkipIfRootless() _, rc, _ := podmanTest.CreatePod("toppod") Expect(rc).To(Equal(0)) @@ -90,6 +93,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman generate service kube on pod", func() { + SkipIfRootless() _, rc, _ := podmanTest.CreatePod("toppod") Expect(rc).To(Equal(0)) diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go index 921d325c3..f178e8ad5 100644 --- a/test/e2e/healthcheck_run_test.go +++ b/test/e2e/healthcheck_run_test.go @@ -42,6 +42,7 @@ var _ = Describe("Podman healthcheck run", func() { }) It("podman healthcheck on valid container", func() { + SkipIfRootless() podmanTest.RestoreArtifact(healthcheck) session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", healthcheck}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/libpod_suite_remoteclient_test.go b/test/e2e/libpod_suite_remoteclient_test.go index e6bc00397..a964986a2 100644 --- a/test/e2e/libpod_suite_remoteclient_test.go +++ b/test/e2e/libpod_suite_remoteclient_test.go @@ -18,6 +18,8 @@ func SkipIfRemote() { ginkgo.Skip("This function is not enabled for remote podman") } +func SkipIfRootless() {} + // Cleanup cleans up the temporary store func (p *PodmanTestIntegration) Cleanup() { p.StopVarlink() diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 1a3f37e23..3d8eb7a38 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -14,6 +14,7 @@ import ( "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/inspect" . "github.com/containers/libpod/test/utils" + "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/onsi/gomega/gexec" @@ -21,6 +22,10 @@ import ( func SkipIfRemote() {} +func SkipIfRootless() { + ginkgo.Skip("This function is not enabled for rootless podman") +} + // Podman is the exec call to podman on the filesystem func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration { podmanSession := p.PodmanBase(args) diff --git a/test/e2e/pause_test.go b/test/e2e/pause_test.go index 2d4c1d303..e28c31c3a 100644 --- a/test/e2e/pause_test.go +++ b/test/e2e/pause_test.go @@ -22,6 +22,7 @@ var _ = Describe("Podman pause", func() { createdState := "Created" BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 5ffc0f779..033bfbe76 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -99,6 +99,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman create pod with network portbindings", func() { + SkipIfRootless() name := "test" session := podmanTest.Podman([]string{"pod", "create", "--name", name, "-p", "80:80"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index 82f35999c..3b9543566 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -227,6 +227,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod pid NS", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"pod", "create", "--share", "pid"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -252,6 +253,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod not sharing pid", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"pod", "create", "--share", "net"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -277,6 +279,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod ipc NS", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"pod", "create", "--share", "ipc"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_kill_test.go b/test/e2e/pod_kill_test.go index c1f7503e3..6bf1c5dff 100644 --- a/test/e2e/pod_kill_test.go +++ b/test/e2e/pod_kill_test.go @@ -42,6 +42,7 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill a pod by id", func() { + SkipIfRootless() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) @@ -60,6 +61,7 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill a pod by id with TERM", func() { + SkipIfRootless() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) @@ -74,6 +76,7 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill a pod by name", func() { + SkipIfRootless() _, ec, podid := podmanTest.CreatePod("test1") Expect(ec).To(Equal(0)) @@ -102,6 +105,7 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill latest pod", func() { + SkipIfRootless() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) @@ -127,6 +131,7 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill all", func() { + SkipIfRootless() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) diff --git a/test/e2e/pod_pause_test.go b/test/e2e/pod_pause_test.go index 62dc919b6..59a4da176 100644 --- a/test/e2e/pod_pause_test.go +++ b/test/e2e/pod_pause_test.go @@ -20,6 +20,7 @@ var _ = Describe("Podman pod pause", func() { pausedState := "Paused" BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go index 9d6321c0e..ef9980aa9 100644 --- a/test/e2e/pod_pod_namespaces.go +++ b/test/e2e/pod_pod_namespaces.go @@ -64,6 +64,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container dontshare PIDNS", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"pod", "create"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index ceabb9dc1..6018b4494 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -18,6 +18,7 @@ var _ = Describe("Podman pod stats", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 92ca538f0..dc29a8f20 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -305,6 +305,7 @@ var _ = Describe("Podman ps", func() { }) It("podman ps test with port range", func() { + SkipIfRootless() session := podmanTest.RunTopContainer("") session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go index 89df62d42..009067482 100644 --- a/test/e2e/push_test.go +++ b/test/e2e/push_test.go @@ -80,6 +80,7 @@ var _ = Describe("Podman push", func() { }) It("podman push to local registry with authorization", func() { + SkipIfRootless() if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } diff --git a/test/e2e/restart_test.go b/test/e2e/restart_test.go index 1daf63a0e..935907cb0 100644 --- a/test/e2e/restart_test.go +++ b/test/e2e/restart_test.go @@ -156,6 +156,7 @@ var _ = Describe("Podman restart", func() { }) It("Podman restart --all", func() { + SkipIfRootless() _, exitCode, _ := podmanTest.RunLsContainer("test1") Expect(exitCode).To(Equal(0)) @@ -176,6 +177,7 @@ var _ = Describe("Podman restart", func() { }) It("Podman restart --all --running", func() { + SkipIfRootless() _, exitCode, _ := podmanTest.RunLsContainer("test1") Expect(exitCode).To(Equal(0)) diff --git a/test/e2e/rm_test.go b/test/e2e/rm_test.go index 9bf742a63..7e0199a17 100644 --- a/test/e2e/rm_test.go +++ b/test/e2e/rm_test.go @@ -141,6 +141,7 @@ var _ = Describe("Podman rm", func() { }) It("podman rm bogus container", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"rm", "bogus"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(1)) diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go index 57146bca0..51544ff8b 100644 --- a/test/e2e/rootless_test.go +++ b/test/e2e/rootless_test.go @@ -38,6 +38,7 @@ var _ = Describe("Podman rootless", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index a6955591f..0d04c5f03 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -18,6 +18,7 @@ var _ = Describe("Podman run with --cgroup-parent", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go index a2dd5b9b8..42a66865c 100644 --- a/test/e2e/run_cpu_test.go +++ b/test/e2e/run_cpu_test.go @@ -35,6 +35,7 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpu-period", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"run", "--rm", "--cpu-period=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_period_us"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -42,6 +43,7 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpu-quota", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"run", "--rm", "--cpu-quota=5000", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_quota_us"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -49,6 +51,7 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpus", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"run", "--rm", "--cpus=0.5", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.cfs_period_us"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -61,6 +64,7 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpu-shares", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"run", "--rm", "--cpu-shares=2", ALPINE, "cat", "/sys/fs/cgroup/cpu/cpu.shares"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -68,6 +72,7 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpuset-cpus", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"run", "--rm", "--cpuset-cpus=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.cpus"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) @@ -75,6 +80,7 @@ var _ = Describe("Podman run cpu", func() { }) It("podman run cpuset-mems", func() { + SkipIfRootless() result := podmanTest.Podman([]string{"run", "--rm", "--cpuset-mems=0", ALPINE, "cat", "/sys/fs/cgroup/cpuset/cpuset.mems"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index 5f59fbe37..fac09b78d 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -41,6 +41,7 @@ var _ = Describe("Podman run device", func() { }) It("podman run device test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -48,6 +49,7 @@ var _ = Describe("Podman run device", func() { }) It("podman run device rename test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -55,6 +57,7 @@ var _ = Describe("Podman run device", func() { }) It("podman run device permission test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -62,6 +65,7 @@ var _ = Describe("Podman run device", func() { }) It("podman run device rename and permission test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -74,6 +78,7 @@ var _ = Describe("Podman run device", func() { }) It("podman run device host device and container device parameter are directories", func() { + SkipIfRootless() SystemExec("mkdir", []string{"/dev/foodevdir"}) SystemExec("mknod", []string{"/dev/foodevdir/null", "c", "1", "3"}) session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/foodevdir:/dev/bar", ALPINE, "ls", "/dev/bar/null"}) diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go index 875c90d73..0f4dd6742 100644 --- a/test/e2e/run_dns_test.go +++ b/test/e2e/run_dns_test.go @@ -88,6 +88,7 @@ var _ = Describe("Podman run dns", func() { }) It("podman run add hostname sets /etc/hosts", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "-t", "-i", "--hostname=foobar", ALPINE, "cat", "/etc/hosts"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index 790cdf743..05d0b7a18 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -18,6 +18,7 @@ var _ = Describe("Podman run memory", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 80378dc7b..93919925c 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -54,6 +54,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose port 222", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", "-P", ALPINE, "/bin/sh"}) session.Wait(30) Expect(session.ExitCode()).To(Equal(0)) @@ -64,6 +65,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network expose host port 80 to container port 8000", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"}) session.Wait(30) Expect(session.ExitCode()).To(Equal(0)) @@ -146,6 +148,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run --net container: copies hosts and resolv", func() { + SkipIfRootless() ctrName := "ctr1" ctr1 := podmanTest.RunTopContainer(ctrName) ctr1.WaitWithDefaultTimeout() @@ -177,6 +180,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run network in user created network namespace", func() { + SkipIfRootless() if Containerized() { Skip("Can not be run within a container.") } @@ -193,6 +197,7 @@ var _ = Describe("Podman run networking", func() { }) It("podman run n user created network namespace with resolv.conf", func() { + SkipIfRootless() if Containerized() { Skip("Can not be run within a container.") } diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go index 51f921bce..5236e6584 100644 --- a/test/e2e/run_ns_test.go +++ b/test/e2e/run_ns_test.go @@ -63,6 +63,7 @@ var _ = Describe("Podman run ns", func() { }) It("podman run ipcns ipcmk host test", func() { + SkipIfRootless() setup := SystemExec("ipcmk", []string{"-M", "1024"}) Expect(setup.ExitCode()).To(Equal(0)) output := strings.Split(setup.OutputToString(), " ") @@ -76,6 +77,7 @@ var _ = Describe("Podman run ns", func() { }) It("podman run ipcns ipcmk container test", func() { + SkipIfRootless() setup := podmanTest.Podman([]string{"run", "-d", "--name", "test1", fedoraMinimal, "sleep", "999"}) setup.WaitWithDefaultTimeout() Expect(setup.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index a4500e421..16011b2fd 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -45,6 +45,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman privileged CapEff", func() { + SkipIfRootless() cap := SystemExec("grep", []string{"CapEff", "/proc/self/status"}) Expect(cap.ExitCode()).To(Equal(0)) @@ -55,6 +56,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman cap-add CapEff", func() { + SkipIfRootless() cap := SystemExec("grep", []string{"CapEff", "/proc/self/status"}) Expect(cap.ExitCode()).To(Equal(0)) @@ -80,6 +82,7 @@ var _ = Describe("Podman privileged container tests", func() { }) It("podman privileged should inherit host devices", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "ls", "-l", "/dev"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 282806562..4d2bad49c 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -112,6 +112,7 @@ var _ = Describe("Podman run", func() { }) It("podman test selinux label /run/secrets", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", fedoraMinimal, "ls", "-dZ", "/run/secrets"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -144,6 +145,7 @@ var _ = Describe("Podman run", func() { }) It("podman test selinux --privileged label /run/secrets", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--privileged", fedoraMinimal, "ls", "-dZ", "/run/secrets"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index 464f9513a..318a7a62d 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -18,6 +18,7 @@ var _ = Describe("Podman run with --ip flag", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index e0d2e21b7..9ab4ae563 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -47,6 +47,7 @@ var _ = Describe("Podman run", func() { }) It("podman run a container based on a complex local image name", func() { + SkipIfRootless() imageName := strings.TrimPrefix(nginx, "quay.io/") podmanTest.RestoreArtifact(nginx) session := podmanTest.Podman([]string{"run", imageName, "ls"}) @@ -185,6 +186,7 @@ var _ = Describe("Podman run", func() { }) It("podman run limits test", func() { + SkipIfRootless() podmanTest.RestoreArtifact(fedoraMinimal) session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"}) session.WaitWithDefaultTimeout() @@ -211,6 +213,7 @@ var _ = Describe("Podman run", func() { }) It("podman run with volume flag", func() { + SkipIfRootless() Skip("Skip until we diagnose the regression of volume mounts") mountPath := filepath.Join(podmanTest.TempDir, "secrets") os.Mkdir(mountPath, 0755) @@ -275,6 +278,7 @@ var _ = Describe("Podman run", func() { }) It("podman run sysctl test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--sysctl", "net.core.somaxconn=65535", ALPINE, "sysctl", "net.core.somaxconn"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -282,6 +286,7 @@ var _ = Describe("Podman run", func() { }) It("podman run blkio-weight test", func() { + SkipIfRootless() if _, err := os.Stat("/sys/fs/cgroup/blkio/blkio.weight"); os.IsNotExist(err) { Skip("Kernel does not support blkio.weight") } @@ -292,6 +297,7 @@ var _ = Describe("Podman run", func() { }) It("podman run device-read-bps test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/zero:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_bps_device"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -299,6 +305,7 @@ var _ = Describe("Podman run", func() { }) It("podman run device-write-bps test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/zero:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_bps_device"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -306,6 +313,7 @@ var _ = Describe("Podman run", func() { }) It("podman run device-read-iops test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/zero:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_iops_device"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -313,6 +321,7 @@ var _ = Describe("Podman run", func() { }) It("podman run device-write-iops test", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/zero:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_iops_device"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -416,6 +425,7 @@ var _ = Describe("Podman run", func() { }) It("podman run with FIPS mode secrets", func() { + SkipIfRootless() fipsFile := "/etc/system-fips" err = ioutil.WriteFile(fipsFile, []byte{}, 0755) Expect(err).To(BeNil()) @@ -430,6 +440,7 @@ var _ = Describe("Podman run", func() { }) It("podman run without group-add", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -437,6 +448,7 @@ var _ = Describe("Podman run", func() { }) It("podman run with group-add", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--group-add=audio", "--group-add=nogroup", "--group-add=777", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -444,6 +456,7 @@ var _ = Describe("Podman run", func() { }) It("podman run with user (default)", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -458,6 +471,7 @@ var _ = Describe("Podman run", func() { }) It("podman run with user (integer, in /etc/passwd)", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--user=8", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -465,6 +479,7 @@ var _ = Describe("Podman run", func() { }) It("podman run with user (username)", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--user=mail", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index b67b694b0..c6c94d2f6 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -18,6 +18,7 @@ var _ = Describe("Podman UserNS support", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go index e95265617..05f24539f 100644 --- a/test/e2e/stats_test.go +++ b/test/e2e/stats_test.go @@ -19,6 +19,7 @@ var _ = Describe("Podman stats", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index 558635d70..52efc9fca 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -20,6 +20,7 @@ var _ = Describe("Podman systemd", func() { ) BeforeEach(func() { + SkipIfRootless() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) -- cgit v1.2.3-54-g00ecf From 69593923e08dcae27a7f56657f637cb79292a450 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 18 Mar 2019 22:42:21 +0100 Subject: rootless: fix pod kill we don't need to access the storage Signed-off-by: Giuseppe Scrivano --- cmd/podman/pod_kill.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmd/podman/pod_kill.go b/cmd/podman/pod_kill.go index ebd7db762..c538674a4 100644 --- a/cmd/podman/pod_kill.go +++ b/cmd/podman/pod_kill.go @@ -6,6 +6,7 @@ import ( "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/pkg/adapter" + "github.com/containers/libpod/pkg/rootless" "github.com/docker/docker/pkg/signal" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -48,6 +49,7 @@ func init() { // podKillCmd kills one or more pods with a signal func podKillCmd(c *cliconfig.PodKillValues) error { + rootless.SetSkipStorageSetup(true) runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "could not get runtime") -- cgit v1.2.3-54-g00ecf From 3f96d3617bd41a0fe653892c3c3675777b7aadf3 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 18 Mar 2019 22:51:22 +0100 Subject: rootless: fix ps command Signed-off-by: Giuseppe Scrivano --- cmd/podman/main.go | 1 + cmd/podman/ps.go | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/cmd/podman/main.go b/cmd/podman/main.go index ef300ef75..204344695 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -78,6 +78,7 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{ _podStopCommand: true, _podTopCommand: true, _restartCommand: true, + &_psCommand: true, _rmCommand: true, _runCommand: true, _unpauseCommand: true, diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index de6966c3b..ad942da2e 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -17,6 +17,7 @@ import ( "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/util" "github.com/cri-o/ocicni/pkg/ocicni" "github.com/docker/go-units" @@ -200,6 +201,9 @@ func init() { } func psCmd(c *cliconfig.PsValues) error { + if os.Geteuid() != 0 { + rootless.SetSkipStorageSetup(true) + } if c.Bool("trace") { span, _ := opentracing.StartSpanFromContext(Ctx, "psCmd") defer span.Finish() -- cgit v1.2.3-54-g00ecf From 4ab7462adde0dff905e646cf4def54a2b2bc2804 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Mon, 18 Mar 2019 22:57:36 +0100 Subject: rootless, rm: fix retcode when the container is not found Signed-off-by: Giuseppe Scrivano --- cmd/podman/rm.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cmd/podman/rm.go b/cmd/podman/rm.go index 299420bb6..253771e14 100644 --- a/cmd/podman/rm.go +++ b/cmd/podman/rm.go @@ -108,6 +108,7 @@ func rmCmd(c *cliconfig.RmValues) error { c.Latest = false c.InputArgs = []string{rootless.Argument()} } else { + exitCode = 0 var containers []*libpod.Container if c.All { containers, err = runtime.GetContainers() @@ -121,6 +122,10 @@ func rmCmd(c *cliconfig.RmValues) error { for _, c := range c.InputArgs { container, err = runtime.LookupContainer(c) if err != nil { + if errors.Cause(err) == libpod.ErrNoSuchCtr { + exitCode = 1 + continue + } return err } containers = append(containers, container) @@ -136,7 +141,7 @@ func rmCmd(c *cliconfig.RmValues) error { os.Exit(ret) } } - os.Exit(0) + os.Exit(exitCode) } } -- cgit v1.2.3-54-g00ecf From 66d21901252b2030d50708c89627d4e05a5d10a7 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 19 Mar 2019 09:49:34 +0100 Subject: test: fix SkipIfRootless() helper Signed-off-by: Giuseppe Scrivano --- test/e2e/libpod_suite_remoteclient_test.go | 9 ++++++++- test/e2e/libpod_suite_test.go | 10 ++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/test/e2e/libpod_suite_remoteclient_test.go b/test/e2e/libpod_suite_remoteclient_test.go index a964986a2..44c5edf07 100644 --- a/test/e2e/libpod_suite_remoteclient_test.go +++ b/test/e2e/libpod_suite_remoteclient_test.go @@ -18,7 +18,11 @@ func SkipIfRemote() { ginkgo.Skip("This function is not enabled for remote podman") } -func SkipIfRootless() {} +func SkipIfRootless() { + if os.Geteuid() != 0 { + ginkgo.Skip("This function is not enabled for remote podman") + } +} // Cleanup cleans up the temporary store func (p *PodmanTestIntegration) Cleanup() { @@ -135,6 +139,9 @@ func (p *PodmanTestIntegration) CleanupVolume() { } func PodmanTestCreate(tempDir string) *PodmanTestIntegration { + if os.Geteuid() != 0 { + ginkgo.Skip("This function is not enabled for rootless podman") + } pti := PodmanTestCreateUtil(tempDir, true) pti.StartVarlink() return pti diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 3d8eb7a38..685a08340 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -20,10 +20,16 @@ import ( "github.com/onsi/gomega/gexec" ) -func SkipIfRemote() {} +func SkipIfRemote() { + if os.Geteuid() != 0 { + ginkgo.Skip("This function is not enabled for rootless podman") + } +} func SkipIfRootless() { - ginkgo.Skip("This function is not enabled for rootless podman") + if os.Geteuid() != 0 { + ginkgo.Skip("This function is not enabled for rootless podman") + } } // Podman is the exec call to podman on the filesystem -- cgit v1.2.3-54-g00ecf From ffc08860ce809effa7570e761f97f26267008bfe Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 19 Mar 2019 10:13:21 +0100 Subject: rootless: reimplement restart with rootless.Argument() Signed-off-by: Giuseppe Scrivano --- cmd/podman/restart.go | 83 ++++++++++++++------------------------------------- 1 file changed, 23 insertions(+), 60 deletions(-) diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go index 341cbf978..e6a6d8434 100644 --- a/cmd/podman/restart.go +++ b/cmd/podman/restart.go @@ -1,7 +1,6 @@ package main import ( - "fmt" "os" "github.com/containers/libpod/cmd/podman/cliconfig" @@ -61,6 +60,15 @@ func restartCmd(c *cliconfig.RestartValues) error { if os.Geteuid() != 0 { rootless.SetSkipStorageSetup(true) } + if rootless.IsRootless() { + // If we are in the re-execed rootless environment, + // override the arg to deal only with one container. + if os.Geteuid() == 0 { + c.All = false + c.Latest = false + c.InputArgs = []string{rootless.Argument()} + } + } args := c.InputArgs runOnly := c.Running @@ -107,6 +115,20 @@ func restartCmd(c *cliconfig.RestartValues) error { } } + if os.Geteuid() != 0 { + // In rootless mode we can deal with one container at at time. + for _, c := range restartContainers { + _, ret, err := joinContainerOrCreateRootlessUserNS(runtime, c) + if err != nil { + return err + } + if ret != 0 { + os.Exit(ret) + } + } + os.Exit(0) + } + maxWorkers := shared.Parallelize("restart") if c.GlobalIsSet("max-workers") { maxWorkers = c.GlobalFlags.MaxWorks @@ -114,22 +136,6 @@ func restartCmd(c *cliconfig.RestartValues) error { logrus.Debugf("Setting maximum workers to %d", maxWorkers) - if rootless.IsRootless() { - // With rootless containers we cannot really restart an existing container - // as we would need to join the mount namespace as well to be able to reuse - // the storage. - if err := stopRootlessContainers(restartContainers, timeout, useTimeout, maxWorkers); err != nil { - return err - } - became, ret, err := rootless.BecomeRootInUserNS() - if err != nil { - return err - } - if became { - os.Exit(ret) - } - } - // We now have a slice of all the containers to be restarted. Iterate them to // create restart Funcs with a timeout as needed for _, ctr := range restartContainers { @@ -152,46 +158,3 @@ func restartCmd(c *cliconfig.RestartValues) error { restartErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, restartFuncs) return printParallelOutput(restartErrors, errCount) } - -func stopRootlessContainers(stopContainers []*libpod.Container, timeout uint, useTimeout bool, maxWorkers int) error { - var stopFuncs []shared.ParallelWorkerInput - for _, ctr := range stopContainers { - state, err := ctr.State() - if err != nil { - return err - } - if state != libpod.ContainerStateRunning { - continue - } - - ctrTimeout := ctr.StopTimeout() - if useTimeout { - ctrTimeout = timeout - } - - c := ctr - f := func() error { - return c.StopWithTimeout(ctrTimeout) - } - - stopFuncs = append(stopFuncs, shared.ParallelWorkerInput{ - ContainerID: c.ID(), - ParallelFunc: f, - }) - - restartErrors, errCount := shared.ParallelExecuteWorkerPool(maxWorkers, stopFuncs) - var lastError error - for _, result := range restartErrors { - if result != nil { - if errCount > 1 { - fmt.Println(result.Error()) - } - lastError = result - } - } - if lastError != nil { - return lastError - } - } - return nil -} -- cgit v1.2.3-54-g00ecf From ab576e8577b6cc95aebf4afb84d104cb74ea8717 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 19 Mar 2019 10:24:06 +0100 Subject: rootless: implement pod restart Signed-off-by: Giuseppe Scrivano --- cmd/podman/main.go | 39 ++++++++++++++++++++------------------- cmd/podman/pod_restart.go | 14 ++++++++++++++ 2 files changed, 34 insertions(+), 19 deletions(-) diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 204344695..dd8b61408 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -67,25 +67,26 @@ var cmdsNotRequiringRootless = map[*cobra.Command]bool{ _exportCommand: true, //// `info` must be executed in an user namespace. //// If this change, please also update libpod.refreshRootless() - _loginCommand: true, - _logoutCommand: true, - _mountCommand: true, - _killCommand: true, - _pauseCommand: true, - _podRmCommand: true, - _podKillCommand: true, - _podStatsCommand: true, - _podStopCommand: true, - _podTopCommand: true, - _restartCommand: true, - &_psCommand: true, - _rmCommand: true, - _runCommand: true, - _unpauseCommand: true, - _searchCommand: true, - _statsCommand: true, - _stopCommand: true, - _topCommand: true, + _loginCommand: true, + _logoutCommand: true, + _mountCommand: true, + _killCommand: true, + _pauseCommand: true, + _podRmCommand: true, + _podKillCommand: true, + _podRestartCommand: true, + _podStatsCommand: true, + _podStopCommand: true, + _podTopCommand: true, + _restartCommand: true, + &_psCommand: true, + _rmCommand: true, + _runCommand: true, + _unpauseCommand: true, + _searchCommand: true, + _statsCommand: true, + _stopCommand: true, + _topCommand: true, } var rootCmd = &cobra.Command{ diff --git a/cmd/podman/pod_restart.go b/cmd/podman/pod_restart.go index 0765b98db..9c8d28424 100644 --- a/cmd/podman/pod_restart.go +++ b/cmd/podman/pod_restart.go @@ -2,9 +2,11 @@ package main import ( "fmt" + "os" "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/pkg/adapter" + "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -46,12 +48,24 @@ func init() { func podRestartCmd(c *cliconfig.PodRestartValues) error { var lastError error + if os.Geteuid() != 0 { + rootless.SetSkipStorageSetup(true) + } runtime, err := adapter.GetRuntime(&c.PodmanCommand) if err != nil { return errors.Wrapf(err, "could not get runtime") } defer runtime.Shutdown(false) + if rootless.IsRootless() { + var err error + + c.InputArgs, c.All, c.Latest, err = joinPodNS(runtime, c.All, c.Latest, c.InputArgs) + if err != nil { + return err + } + } + restartIDs, conErrors, restartErrors := runtime.RestartPods(getContext(), c) for _, p := range restartIDs { -- cgit v1.2.3-54-g00ecf From b581fa1510f00864386859dd30f5392c6a521c0c Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 19 Mar 2019 09:55:21 +0100 Subject: tests: re-enable some tests for rootless mode Signed-off-by: Giuseppe Scrivano --- test/e2e/pod_create_test.go | 5 ++--- test/e2e/pod_infra_container_test.go | 3 --- test/e2e/pod_kill_test.go | 5 ----- test/e2e/pod_pod_namespaces.go | 1 - test/e2e/restart_test.go | 2 -- test/e2e/rm_test.go | 1 - 6 files changed, 2 insertions(+), 15 deletions(-) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 033bfbe76..de0734e9f 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -99,9 +99,8 @@ var _ = Describe("Podman pod create", func() { }) It("podman create pod with network portbindings", func() { - SkipIfRootless() name := "test" - session := podmanTest.Podman([]string{"pod", "create", "--name", name, "-p", "80:80"}) + session := podmanTest.Podman([]string{"pod", "create", "--name", name, "-p", "8080:80"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) pod := session.OutputToString() @@ -110,7 +109,7 @@ var _ = Describe("Podman pod create", func() { webserver.WaitWithDefaultTimeout() Expect(webserver.ExitCode()).To(Equal(0)) - check := SystemExec("nc", []string{"-z", "localhost", "80"}) + check := SystemExec("nc", []string{"-z", "localhost", "8080"}) Expect(check.ExitCode()).To(Equal(0)) }) diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index 3b9543566..82f35999c 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -227,7 +227,6 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod pid NS", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"pod", "create", "--share", "pid"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -253,7 +252,6 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod not sharing pid", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"pod", "create", "--share", "net"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -279,7 +277,6 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod ipc NS", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"pod", "create", "--share", "ipc"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_kill_test.go b/test/e2e/pod_kill_test.go index 6bf1c5dff..c1f7503e3 100644 --- a/test/e2e/pod_kill_test.go +++ b/test/e2e/pod_kill_test.go @@ -42,7 +42,6 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill a pod by id", func() { - SkipIfRootless() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) @@ -61,7 +60,6 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill a pod by id with TERM", func() { - SkipIfRootless() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) @@ -76,7 +74,6 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill a pod by name", func() { - SkipIfRootless() _, ec, podid := podmanTest.CreatePod("test1") Expect(ec).To(Equal(0)) @@ -105,7 +102,6 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill latest pod", func() { - SkipIfRootless() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) @@ -131,7 +127,6 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill all", func() { - SkipIfRootless() _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go index ef9980aa9..9d6321c0e 100644 --- a/test/e2e/pod_pod_namespaces.go +++ b/test/e2e/pod_pod_namespaces.go @@ -64,7 +64,6 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container dontshare PIDNS", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"pod", "create"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/restart_test.go b/test/e2e/restart_test.go index 935907cb0..1daf63a0e 100644 --- a/test/e2e/restart_test.go +++ b/test/e2e/restart_test.go @@ -156,7 +156,6 @@ var _ = Describe("Podman restart", func() { }) It("Podman restart --all", func() { - SkipIfRootless() _, exitCode, _ := podmanTest.RunLsContainer("test1") Expect(exitCode).To(Equal(0)) @@ -177,7 +176,6 @@ var _ = Describe("Podman restart", func() { }) It("Podman restart --all --running", func() { - SkipIfRootless() _, exitCode, _ := podmanTest.RunLsContainer("test1") Expect(exitCode).To(Equal(0)) diff --git a/test/e2e/rm_test.go b/test/e2e/rm_test.go index 7e0199a17..9bf742a63 100644 --- a/test/e2e/rm_test.go +++ b/test/e2e/rm_test.go @@ -141,7 +141,6 @@ var _ = Describe("Podman rm", func() { }) It("podman rm bogus container", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"rm", "bogus"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(1)) -- cgit v1.2.3-54-g00ecf From 4ac08d3aa1882851d4a03aa1e53c47c6fb173958 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 19 Mar 2019 10:38:56 +0100 Subject: ps: fix segfault if the store is not initialized Signed-off-by: Giuseppe Scrivano --- libpod/container_internal.go | 3 +++ test/e2e/ps_test.go | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index ac2d65342..13e660dc3 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -51,6 +51,9 @@ func (c *Container) rootFsSize() (int64, error) { if c.config.Rootfs != "" { return 0, nil } + if c.runtime.store == nil { + return 0, nil + } container, err := c.runtime.store.Container(c.ID()) if err != nil { diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index dc29a8f20..957c69aa8 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -82,6 +82,8 @@ var _ = Describe("Podman ps", func() { }) It("podman ps size flag", func() { + SkipIfRootless() + _, ec, _ := podmanTest.RunLsContainer("") Expect(ec).To(Equal(0)) @@ -233,6 +235,8 @@ var _ = Describe("Podman ps", func() { }) It("podman --sort by size", func() { + SkipIfRootless() + session := podmanTest.Podman([]string{"create", "busybox", "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) -- cgit v1.2.3-54-g00ecf