From e5d6b6b0a2cfdbb21506b8f5e741cf719c149cb4 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Thu, 28 Apr 2022 11:39:12 +0200 Subject: volume: add new option -o o=noquota add a new option to completely disable xfs quota usage for a volume. xfs quota set on a volume, even just for tracking disk usage, can cause weird errors if the volume is later re-used by a container with a different quota projid. More specifically, link(2) and rename(2) might fail with EXDEV if the source file has a projid that is different from the parent directory. To prevent such kind of issues, the volume should be created beforehand with `podman volume create -o o=noquota $ID` Closes: https://github.com/containers/podman/issues/14049 Signed-off-by: Giuseppe Scrivano --- libpod/options.go | 13 +++++++++++++ libpod/runtime_volume_linux.go | 39 ++++++++++++++++++++++----------------- libpod/volume.go | 3 +++ libpod/volume_internal.go | 3 +++ 4 files changed, 41 insertions(+), 17 deletions(-) (limited to 'libpod') diff --git a/libpod/options.go b/libpod/options.go index 57e2d7cf6..98eb45e76 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -1634,6 +1634,19 @@ func WithVolumeNoChown() VolumeCreateOption { } } +// WithVolumeDisableQuota prevents the volume from being assigned a quota. +func WithVolumeDisableQuota() VolumeCreateOption { + return func(volume *Volume) error { + if volume.valid { + return define.ErrVolumeFinalized + } + + volume.config.DisableQuota = true + + return nil + } +} + // withSetAnon sets a bool notifying libpod that this volume is anonymous and // should be removed when containers using it are removed and volumes are // specified for removal. diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go index 241f6e2f2..f8788e183 100644 --- a/libpod/runtime_volume_linux.go +++ b/libpod/runtime_volume_linux.go @@ -73,7 +73,7 @@ func (r *Runtime) newVolume(options ...VolumeCreateOption) (_ *Volume, deferredE return nil, errors.Wrapf(err, "invalid volume option %s for driver 'local'", key) } } - case "o", "type", "uid", "gid", "size", "inodes": + case "o", "type", "uid", "gid", "size", "inodes", "noquota": // Do nothing, valid keys default: return nil, errors.Wrapf(define.ErrInvalidArg, "invalid mount option %s for driver 'local'", key) @@ -111,23 +111,28 @@ func (r *Runtime) newVolume(options ...VolumeCreateOption) (_ *Volume, deferredE if err := LabelVolumePath(fullVolPath); err != nil { return nil, err } - projectQuotaSupported := false - - q, err := quota.NewControl(r.config.Engine.VolumePath) - if err == nil { - projectQuotaSupported = true - } - quota := quota.Quota{} - if volume.config.Size > 0 || volume.config.Inodes > 0 { - if !projectQuotaSupported { - return nil, errors.New("Volume options size and inodes not supported. Filesystem does not support Project Quota") + if volume.config.DisableQuota { + if volume.config.Size > 0 || volume.config.Inodes > 0 { + return nil, errors.New("volume options size and inodes cannot be used without quota") } - quota.Size = volume.config.Size - quota.Inodes = volume.config.Inodes - } - if projectQuotaSupported { - if err := q.SetQuota(fullVolPath, quota); err != nil { - return nil, errors.Wrapf(err, "failed to set size quota size=%d inodes=%d for volume directory %q", volume.config.Size, volume.config.Inodes, fullVolPath) + } else { + projectQuotaSupported := false + q, err := quota.NewControl(r.config.Engine.VolumePath) + if err == nil { + projectQuotaSupported = true + } + quota := quota.Quota{} + if volume.config.Size > 0 || volume.config.Inodes > 0 { + if !projectQuotaSupported { + return nil, errors.New("volume options size and inodes not supported. Filesystem does not support Project Quota") + } + quota.Size = volume.config.Size + quota.Inodes = volume.config.Inodes + } + if projectQuotaSupported { + if err := q.SetQuota(fullVolPath, quota); err != nil { + return nil, errors.Wrapf(err, "failed to set size quota size=%d inodes=%d for volume directory %q", volume.config.Size, volume.config.Inodes, fullVolPath) + } } } diff --git a/libpod/volume.go b/libpod/volume.go index bffafdc15..ab461a37f 100644 --- a/libpod/volume.go +++ b/libpod/volume.go @@ -52,6 +52,9 @@ type VolumeConfig struct { Size uint64 `json:"size"` // Inodes maximum of the volume. Inodes uint64 `json:"inodes"` + // DisableQuota indicates that the volume should completely disable using any + // quota tracking. + DisableQuota bool `json:"disableQuota,omitempty"` } // VolumeState holds the volume's mutable state. diff --git a/libpod/volume_internal.go b/libpod/volume_internal.go index 9850c2ea1..e0ebb729d 100644 --- a/libpod/volume_internal.go +++ b/libpod/volume_internal.go @@ -52,6 +52,9 @@ func (v *Volume) needsMount() bool { if _, ok := v.config.Options["SIZE"]; ok { index++ } + if _, ok := v.config.Options["NOQUOTA"]; ok { + index++ + } // when uid or gid is set there is also the "o" option // set so we have to ignore this one as well if index > 0 { -- cgit v1.2.3-54-g00ecf From 66500b82a645428e1a59ce25fda1b76965df21cf Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 27 Apr 2022 17:06:30 -0400 Subject: Report properly whether pod shares host network Fixes: https://github.com/containers/podman/issues/14028 Signed-off-by: Daniel J Walsh --- libpod/pod.go | 9 +++++++++ libpod/pod_api.go | 2 +- test/system/200-pod.bats | 28 ++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) (limited to 'libpod') diff --git a/libpod/pod.go b/libpod/pod.go index ed2d97b37..6cfe76a18 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -159,6 +159,15 @@ func (p *Pod) CPUQuota() int64 { return 0 } +// NetworkMode returns the Network mode given by the user ex: pod, private... +func (p *Pod) NetworkMode() string { + infra, err := p.runtime.GetContainer(p.state.InfraContainerID) + if err != nil { + return "" + } + return infra.NetworkMode() +} + // PidMode returns the PID mode given by the user ex: pod, private... func (p *Pod) PidMode() string { infra, err := p.runtime.GetContainer(p.state.InfraContainerID) diff --git a/libpod/pod_api.go b/libpod/pod_api.go index 48049798b..ba30d878e 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -593,7 +593,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { return nil, err } infraConfig = new(define.InspectPodInfraConfig) - infraConfig.HostNetwork = !infra.config.ContainerNetworkConfig.UseImageHosts + infraConfig.HostNetwork = p.NetworkMode() == "host" infraConfig.StaticIP = infra.config.ContainerNetworkConfig.StaticIP infraConfig.NoManageResolvConf = infra.config.UseImageResolvConf infraConfig.NoManageHosts = infra.config.UseImageHosts diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index ef4bf1a6c..64f95f723 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -381,4 +381,32 @@ EOF is "$output" ".*$container_3_ID.*" } +@test "podman pod create share net" { + run_podman pod create --name test + run_podman pod inspect test --format {{.InfraConfig.HostNetwork}} + is "$output" "false" "Default network sharing should be false" + run_podman pod rm test + + run_podman pod create --name test --share ipc --network private + run_podman pod inspect test --format {{.InfraConfig.HostNetwork}} + is "$output" "false" "Private network sharing with only ipc should be false" + run_podman pod rm test + + run_podman pod create --name test --share net --network private + run_podman pod inspect test --format {{.InfraConfig.HostNetwork}} + is "$output" "false" "Private network sharing with only net should be false" + run_podman pod rm test + + run_podman pod create --name test --share net --network host + run_podman pod inspect test --format {{.InfraConfig.HostNetwork}} + is "$output" "true" "Host network sharing with only net should be true" + run_podman pod rm test + + run_podman pod create --name test --share ipc --network host + run_podman pod inspect test --format {{.InfraConfig.HostNetwork}} + is "$output" "true" "Host network sharing with only ipc should be true" + run_podman pod rm test + +} + # vim: filetype=sh -- cgit v1.2.3-54-g00ecf From 159d597cdc301adaf7e125f0870e9fbe0291fcb8 Mon Sep 17 00:00:00 2001 From: cdoern Date: Wed, 27 Apr 2022 20:54:24 -0400 Subject: remove unused codepath for creating/running ctr in a pod `pod.CgroupPath()` currently includes a codepath that is never accessed, which is supposed to start the infra ctr and obtain the cgroup path from there that is never necessary/safe because p.state.CgroupPath is never empty [NO NEW TESTS NEEDED] Signed-off-by: cdoern --- libpod/pod.go | 27 --------------------------- 1 file changed, 27 deletions(-) (limited to 'libpod') diff --git a/libpod/pod.go b/libpod/pod.go index 6cfe76a18..237c42901 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -1,7 +1,6 @@ package libpod import ( - "context" "fmt" "sort" "strings" @@ -305,35 +304,9 @@ func (p *Pod) CgroupPath() (string, error) { if err := p.updatePod(); err != nil { return "", err } - if p.state.CgroupPath != "" { - return p.state.CgroupPath, nil - } if p.state.InfraContainerID == "" { return "", errors.Wrap(define.ErrNoSuchCtr, "pod has no infra container") } - - id, err := p.infraContainerID() - if err != nil { - return "", err - } - - if id != "" { - ctr, err := p.infraContainer() - if err != nil { - return "", errors.Wrapf(err, "could not get infra") - } - if ctr != nil { - ctr.Start(context.Background(), true) - cgroupPath, err := ctr.CgroupPath() - fmt.Println(cgroupPath) - if err != nil { - return "", errors.Wrapf(err, "could not get container cgroup") - } - p.state.CgroupPath = cgroupPath - p.save() - return cgroupPath, nil - } - } return p.state.CgroupPath, nil } -- cgit v1.2.3-54-g00ecf From 7249651329c380f21a9e5f7bef870950b6086eab Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 29 Apr 2022 12:02:00 +0200 Subject: libpod: unlock containers when removing pod It solves a race where a container cleanup process launched because of the container process exiting normally would hang. It also solves a problem when running as rootless on cgroup v1 since it is not possible to force pids.max = 1 on conmon to limit spawning the cleanup process. Partially copied from https://github.com/containers/podman/pull/13403 Related to: https://github.com/containers/podman/issues/14057 [NO NEW TESTS NEEDED] it doesn't add any new functionality Signed-off-by: Giuseppe Scrivano --- libpod/runtime_pod_linux.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'libpod') diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 2bbccfdf6..62ec7df60 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -199,10 +199,15 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, // Go through and lock all containers so we can operate on them all at // once. // First loop also checks that we are ready to go ahead and remove. + containersLocked := true for _, ctr := range ctrs { ctrLock := ctr.lock ctrLock.Lock() - defer ctrLock.Unlock() + defer func() { + if containersLocked { + ctrLock.Unlock() + } + }() // If we're force-removing, no need to check status. if force { @@ -304,6 +309,12 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, } } + // let's unlock the containers so if there is any cleanup process, it can terminate its execution + for _, ctr := range ctrs { + ctr.lock.Unlock() + } + containersLocked = false + // Remove pod cgroup, if present if p.state.CgroupPath != "" { logrus.Debugf("Removing pod cgroup %s", p.state.CgroupPath) @@ -332,7 +343,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, } } if err == nil { - if err := conmonCgroup.Delete(); err != nil { + if err = conmonCgroup.Delete(); err != nil { if removalErr == nil { removalErr = errors.Wrapf(err, "error removing pod %s conmon cgroup", p.ID()) } else { -- cgit v1.2.3-54-g00ecf From fb14171cba46f331fd9b25efed36c25b6b7ebcea Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Wed, 27 Apr 2022 14:28:38 +0200 Subject: enable errcheck linter The errcheck linter makes sure that errors are always check and not ignored by accident. It spotted a lot of unchecked errors, mostly in the tests but also some real problem in the code. Signed-off-by: Paul Holzinger --- .golangci.yml | 3 +-- cmd/podman/pods/create.go | 2 +- cmd/podman/root.go | 4 +++- cmd/podman/secrets/inspect.go | 4 +++- cmd/podman/system/reset.go | 5 +++- libpod/container_copy_linux.go | 12 ++++++++-- libpod/container_internal_linux.go | 16 ++++++++++--- libpod/kube.go | 6 ++++- libpod/networking_linux.go | 2 +- libpod/oci_attach_linux.go | 8 +++++-- libpod/runtime_ctr.go | 4 +++- libpod/util.go | 7 ++++-- pkg/domain/infra/abi/containers.go | 6 ++++- pkg/machine/qemu/config_test.go | 23 +++++++++++------- pkg/machine/qemu/machine.go | 5 ++-- test/e2e/attach_test.go | 2 -- test/e2e/benchmarks_test.go | 1 - test/e2e/build_test.go | 5 +++- test/e2e/checkpoint_image_test.go | 1 - test/e2e/checkpoint_test.go | 2 -- test/e2e/commit_test.go | 2 -- test/e2e/container_clone_test.go | 1 - test/e2e/container_create_volume_test.go | 1 - test/e2e/container_inspect_test.go | 1 - test/e2e/containers_conf_test.go | 1 - test/e2e/cp_test.go | 1 - test/e2e/create_staticip_test.go | 1 - test/e2e/create_staticmac_test.go | 1 - test/e2e/create_test.go | 8 +++---- test/e2e/diff_test.go | 1 - test/e2e/events_test.go | 1 - test/e2e/exec_test.go | 1 - test/e2e/export_test.go | 1 - test/e2e/generate_kube_test.go | 1 - test/e2e/generate_systemd_test.go | 2 +- test/e2e/healthcheck_run_test.go | 3 +-- test/e2e/history_test.go | 1 - test/e2e/image_sign_test.go | 2 -- test/e2e/images_test.go | 1 - test/e2e/import_test.go | 1 - test/e2e/init_test.go | 1 - test/e2e/inspect_test.go | 1 - test/e2e/libpod_suite_remote_test.go | 23 ++++++++++-------- test/e2e/libpod_suite_test.go | 12 ++++------ test/e2e/login_logout_test.go | 21 ++++++++++------ test/e2e/logs_test.go | 3 --- test/e2e/manifest_test.go | 1 - test/e2e/mount_rootless_test.go | 1 - test/e2e/namespace_test.go | 1 - test/e2e/network_create_test.go | 1 - test/e2e/pause_test.go | 1 - test/e2e/play_build_test.go | 1 - test/e2e/play_kube_test.go | 3 +-- test/e2e/pod_create_test.go | 1 - test/e2e/pod_infra_container_test.go | 1 - test/e2e/pod_initcontainers_test.go | 1 - test/e2e/pod_inspect_test.go | 1 - test/e2e/pod_kill_test.go | 1 - test/e2e/pod_pause_test.go | 1 - test/e2e/pod_pod_namespaces_test.go | 1 - test/e2e/pod_prune_test.go | 1 - test/e2e/pod_ps_test.go | 1 - test/e2e/pod_restart_test.go | 1 - test/e2e/pod_rm_test.go | 1 - test/e2e/pod_start_test.go | 1 - test/e2e/pod_stats_test.go | 1 - test/e2e/pod_stop_test.go | 1 - test/e2e/pod_top_test.go | 1 - test/e2e/port_test.go | 1 - test/e2e/prune_test.go | 1 - test/e2e/ps_test.go | 1 - test/e2e/pull_test.go | 15 ++++++++---- test/e2e/push_test.go | 18 +++++++++----- test/e2e/rename_test.go | 1 - test/e2e/restart_test.go | 1 - test/e2e/rm_test.go | 1 - test/e2e/run_aardvark_test.go | 1 - test/e2e/run_apparmor_test.go | 1 - test/e2e/run_cgroup_parent_test.go | 1 - test/e2e/run_cleanup_test.go | 3 ++- test/e2e/run_cpu_test.go | 1 - test/e2e/run_device_test.go | 1 - test/e2e/run_dns_test.go | 1 - test/e2e/run_entrypoint_test.go | 1 - test/e2e/run_env_test.go | 1 - test/e2e/run_exit_test.go | 1 - test/e2e/run_memory_test.go | 1 - test/e2e/run_networking_test.go | 6 ++--- test/e2e/run_ns_test.go | 1 - test/e2e/run_passwd_test.go | 1 - test/e2e/run_privileged_test.go | 1 - test/e2e/run_restart_test.go | 1 - test/e2e/run_seccomp_test.go | 1 - test/e2e/run_security_labels_test.go | 2 -- test/e2e/run_selinux_test.go | 1 - test/e2e/run_signal_test.go | 13 ++++++---- test/e2e/run_staticip_test.go | 1 - test/e2e/run_test.go | 7 +++--- test/e2e/run_userns_test.go | 1 - test/e2e/run_volume_test.go | 34 ++++++++++++++++---------- test/e2e/run_working_dir_test.go | 1 - test/e2e/runlabel_test.go | 1 - test/e2e/save_test.go | 3 ++- test/e2e/search_test.go | 41 ++++++++++++++++++++------------ test/e2e/secret_test.go | 1 - test/e2e/start_test.go | 1 - test/e2e/stats_test.go | 1 - test/e2e/stop_test.go | 1 - test/e2e/system_connection_test.go | 2 +- test/e2e/system_df_test.go | 3 +-- test/e2e/system_dial_stdio_test.go | 3 +-- test/e2e/system_reset_test.go | 3 +-- test/e2e/systemd_activate_test.go | 1 - test/e2e/systemd_test.go | 1 - test/e2e/toolbox_test.go | 1 - test/e2e/top_test.go | 1 - test/e2e/tree_test.go | 2 +- test/e2e/trust_test.go | 4 ++-- test/e2e/unshare_test.go | 1 - test/e2e/version_test.go | 2 +- test/e2e/volume_create_test.go | 1 - test/e2e/volume_exists_test.go | 1 - test/e2e/volume_inspect_test.go | 1 - test/e2e/volume_ls_test.go | 1 - test/e2e/volume_plugin_test.go | 16 ++++++++----- test/e2e/volume_prune_test.go | 1 - test/e2e/volume_rm_test.go | 1 - test/e2e/wait_test.go | 1 - test/utils/common_function_test.go | 6 +++-- test/utils/utils.go | 4 +++- 130 files changed, 234 insertions(+), 230 deletions(-) (limited to 'libpod') diff --git a/.golangci.yml b/.golangci.yml index 1ce18c0c3..7eb6ea57e 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -45,7 +45,6 @@ linters: - gocyclo - lll - unconvert - - errcheck - gosec - maligned - gomoddirectives @@ -65,4 +64,4 @@ linters: linters-settings: errcheck: check-blank: false - ignore: encoding/json:^Unmarshal,fmt:.* + ignore: fmt:.* diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index 891ff2e3c..4623ade63 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -214,7 +214,7 @@ func create(cmd *cobra.Command, args []string) error { ret, err := parsers.ParseUintList(copy) copy = "" if err != nil { - errors.Wrapf(err, "could not parse list") + return errors.Wrapf(err, "could not parse list") } var vals []int for ind, val := range ret { diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 9b1aa778b..2bd4fa723 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -153,7 +153,9 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { *runtime, ) } - runtimeFlag.Value.Set(*runtime) + if err := runtimeFlag.Value.Set(*runtime); err != nil { + return err + } runtimeFlag.Changed = true logrus.Debugf("Checkpoint was created using '%s'. Restore will use the same runtime", *runtime) } else if cfg.RuntimePath != *runtime { diff --git a/cmd/podman/secrets/inspect.go b/cmd/podman/secrets/inspect.go index e8947e441..473d5620c 100644 --- a/cmd/podman/secrets/inspect.go +++ b/cmd/podman/secrets/inspect.go @@ -61,7 +61,9 @@ func inspect(cmd *cobra.Command, args []string) error { return err } defer w.Flush() - tmpl.Execute(w, inspected) + if err := tmpl.Execute(w, inspected); err != nil { + return err + } } else { buf, err := json.MarshalIndent(inspected, "", " ") if err != nil { diff --git a/cmd/podman/system/reset.go b/cmd/podman/system/reset.go index 03783170f..8f2e73375 100644 --- a/cmd/podman/system/reset.go +++ b/cmd/podman/system/reset.go @@ -81,7 +81,10 @@ func reset(cmd *cobra.Command, args []string) { } // Purge all the external containers with storage - registry.ContainerEngine().ContainerRm(registry.Context(), listCtnIds, entities.RmOptions{Force: true, All: true, Ignore: true, Volumes: true}) + _, err := registry.ContainerEngine().ContainerRm(registry.Context(), listCtnIds, entities.RmOptions{Force: true, All: true, Ignore: true, Volumes: true}) + if err != nil { + logrus.Error(err) + } // Shutdown all running engines, `reset` will hijack repository registry.ContainerEngine().Shutdown(registry.Context()) registry.ImageEngine().Shutdown(registry.Context()) diff --git a/libpod/container_copy_linux.go b/libpod/container_copy_linux.go index 91e712c74..7566fbb12 100644 --- a/libpod/container_copy_linux.go +++ b/libpod/container_copy_linux.go @@ -48,7 +48,11 @@ func (c *Container) copyFromArchive(path string, chown bool, rename map[string]s if err != nil { return nil, err } - unmount = func() { c.unmount(false) } + unmount = func() { + if err := c.unmount(false); err != nil { + logrus.Errorf("Failed to unmount container: %v", err) + } + } } if c.state.State == define.ContainerStateRunning { @@ -117,7 +121,11 @@ func (c *Container) copyToArchive(path string, writer io.Writer) (func() error, if err != nil { return nil, err } - unmount = func() { c.unmount(false) } + unmount = func() { + if err := c.unmount(false); err != nil { + logrus.Errorf("Failed to unmount container: %v", err) + } + } } statInfo, resolvedRoot, resolvedPath, err := c.stat(mountPoint, path) diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 31edff762..3c88cc75f 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1180,7 +1180,11 @@ func (c *Container) createCheckpointImage(ctx context.Context, options Container return err } // Clean-up buildah working container - defer importBuilder.Delete() + defer func() { + if err := importBuilder.Delete(); err != nil { + logrus.Errorf("Image builder delete failed: %v", err) + } + }() if err := c.prepareCheckpointExport(); err != nil { return err @@ -1201,7 +1205,9 @@ func (c *Container) createCheckpointImage(ctx context.Context, options Container // Copy checkpoint from temporary tar file in the image addAndCopyOptions := buildah.AddAndCopyOptions{} - importBuilder.Add("", true, addAndCopyOptions, options.TargetFile) + if err := importBuilder.Add("", true, addAndCopyOptions, options.TargetFile); err != nil { + return err + } if err := c.addCheckpointImageMetadata(importBuilder); err != nil { return err @@ -1543,7 +1549,11 @@ func (c *Container) importCheckpointImage(ctx context.Context, imageID string) e } mountPoint, err := img.Mount(ctx, nil, "") - defer img.Unmount(true) + defer func() { + if err := c.unmount(true); err != nil { + logrus.Errorf("Failed to unmount container: %v", err) + } + }() if err != nil { return err } diff --git a/libpod/kube.go b/libpod/kube.go index 8b75a0c44..5a5fe9d35 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -1034,7 +1034,11 @@ func generateKubeSecurityContext(c *Container) (*v1.SecurityContext, error) { if err != nil { return nil, errors.Wrapf(err, "failed to mount %s mountpoint", c.ID()) } - defer c.unmount(false) + defer func() { + if err := c.unmount(false); err != nil { + logrus.Errorf("Failed to unmount container: %v", err) + } + }() } logrus.Debugf("Looking in container for user: %s", c.User()) diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 2770b040e..0c124cf0b 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -488,7 +488,7 @@ func (r *Runtime) GetRootlessNetNs(new bool) (*RootlessNetNS, error) { pid := strconv.Itoa(cmd.Process.Pid) err = ioutil.WriteFile(filepath.Join(rootlessNetNsDir, rootlessNetNsSilrp4netnsPidFile), []byte(pid), 0700) if err != nil { - errors.Wrap(err, "unable to write rootless-netns slirp4netns pid file") + return nil, errors.Wrap(err, "unable to write rootless-netns slirp4netns pid file") } defer func() { diff --git a/libpod/oci_attach_linux.go b/libpod/oci_attach_linux.go index b5eabec1f..c6af294d5 100644 --- a/libpod/oci_attach_linux.go +++ b/libpod/oci_attach_linux.go @@ -274,11 +274,15 @@ func readStdio(conn *net.UnixConn, streams *define.AttachStreams, receiveStdoutE var err error select { case err = <-receiveStdoutError: - conn.CloseWrite() + if err := conn.CloseWrite(); err != nil { + logrus.Errorf("Failed to close stdin: %v", err) + } return err case err = <-stdinDone: if err == define.ErrDetach { - conn.CloseWrite() + if err := conn.CloseWrite(); err != nil { + logrus.Errorf("Failed to close stdin: %v", err) + } return err } if err == nil { diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index fd3ffd199..df7174ac6 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -513,7 +513,9 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai case define.NoLogging, define.PassthroughLogging: break case define.JournaldLogging: - ctr.initializeJournal(ctx) + if err := ctr.initializeJournal(ctx); err != nil { + return nil, fmt.Errorf("failed to initialize journal: %w", err) + } default: if ctr.config.LogPath == "" { ctr.config.LogPath = filepath.Join(ctr.config.StaticDir, "ctr.log") diff --git a/libpod/util.go b/libpod/util.go index 51fe60427..1753b4f34 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -55,8 +55,11 @@ func WaitForFile(path string, chWait chan error, timeout time.Duration) (bool, e if err := watcher.Add(filepath.Dir(path)); err == nil { inotifyEvents = watcher.Events } - defer watcher.Close() - defer watcher.Remove(filepath.Dir(path)) + defer func() { + if err := watcher.Close(); err != nil { + logrus.Errorf("Failed to close fsnotify watcher: %v", err) + } + }() } var timeoutChan <-chan time.Time diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index b56c36015..89b09bb1d 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -641,7 +641,11 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st } restoreOptions.CheckpointImageID = img.ID() mountPoint, err := img.Mount(ctx, nil, "") - defer img.Unmount(true) + defer func() { + if err := img.Unmount(true); err != nil { + logrus.Errorf("Failed to unmount image: %v", err) + } + }() if err != nil { return nil, err } diff --git a/pkg/machine/qemu/config_test.go b/pkg/machine/qemu/config_test.go index 0fbb5b3bf..3f92881fa 100644 --- a/pkg/machine/qemu/config_test.go +++ b/pkg/machine/qemu/config_test.go @@ -68,9 +68,15 @@ func TestNewMachineFile(t *testing.T) { p := "/var/tmp/podman/my.sock" longp := filepath.Join(longTemp, utils.RandomString(100), "my.sock") - os.MkdirAll(filepath.Dir(longp), 0755) - f, _ := os.Create(longp) - f.Close() + err = os.MkdirAll(filepath.Dir(longp), 0755) + if err != nil { + panic(err) + } + f, err := os.Create(longp) + if err != nil { + panic(err) + } + _ = f.Close() sym := "my.sock" longSym := filepath.Join(homedir, ".podman", sym) @@ -120,14 +126,15 @@ func TestNewMachineFile(t *testing.T) { }, } for _, tt := range tests { + tt := tt t.Run(tt.name, func(t *testing.T) { - got, err := machine.NewMachineFile(tt.args.path, tt.args.symlink) //nolint: scopelint - if (err != nil) != tt.wantErr { //nolint: scopelint - t.Errorf("NewMachineFile() error = %v, wantErr %v", err, tt.wantErr) //nolint: scopelint + got, err := machine.NewMachineFile(tt.args.path, tt.args.symlink) + if (err != nil) != tt.wantErr { + t.Errorf("NewMachineFile() error = %v, wantErr %v", err, tt.wantErr) return } - if !reflect.DeepEqual(got, tt.want) { //nolint: scopelint - t.Errorf("NewMachineFile() got = %v, want %v", got, tt.want) //nolint: scopelint + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("NewMachineFile() got = %v, want %v", got, tt.want) } }) } diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 35eea5fb4..91e15c2af 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -484,12 +484,11 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error { if err := v.writeConfig(); err != nil { return fmt.Errorf("writing JSON file: %w", err) } - defer func() error { + defer func() { v.Starting = false if err := v.writeConfig(); err != nil { - return fmt.Errorf("writing JSON file: %w", err) + logrus.Errorf("Writing JSON file: %v", err) } - return nil }() if v.isIncompatible() { logrus.Errorf("machine %q is incompatible with this release of podman and needs to be recreated, starting for recovery only", v.Name) diff --git a/test/e2e/attach_test.go b/test/e2e/attach_test.go index 74e3a619a..b110f7c5b 100644 --- a/test/e2e/attach_test.go +++ b/test/e2e/attach_test.go @@ -22,8 +22,6 @@ var _ = Describe("Podman attach", func() { Expect(err).To(BeNil()) podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - err = podmanTest.SeedImages() - Expect(err).To(BeNil()) }) AfterEach(func() { diff --git a/test/e2e/benchmarks_test.go b/test/e2e/benchmarks_test.go index 9653cee3b..746dec0a6 100644 --- a/test/e2e/benchmarks_test.go +++ b/test/e2e/benchmarks_test.go @@ -66,7 +66,6 @@ var _ = Describe("Podman Benchmark Suite", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - timedir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index b8aad1084..b5cec5fff 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -533,7 +533,10 @@ subdir**` // make cwd as context root path Expect(os.Chdir(contextDir)).ToNot(HaveOccurred()) - defer os.Chdir(cwd) + defer func() { + err := os.Chdir(cwd) + Expect(err).ToNot(HaveOccurred()) + }() By("Test .containerignore filtering subdirectory") err = ioutil.WriteFile(filepath.Join(contextDir, ".containerignore"), []byte(`subdir/`), 0644) diff --git a/test/e2e/checkpoint_image_test.go b/test/e2e/checkpoint_image_test.go index 6c2a000e8..94320a70e 100644 --- a/test/e2e/checkpoint_image_test.go +++ b/test/e2e/checkpoint_image_test.go @@ -28,7 +28,6 @@ var _ = Describe("Podman checkpoint", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() // Check if the runtime implements checkpointing. Currently only // runc's checkpoint/restore implementation is supported. cmd := exec.Command(podmanTest.OCIRuntime, "checkpoint", "--help") diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index ac1677539..787178cd3 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -41,8 +41,6 @@ var _ = Describe("Podman checkpoint", func() { podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - err = podmanTest.SeedImages() - Expect(err).To(BeNil()) // Check if the runtime implements checkpointing. Currently only // runc's checkpoint/restore implementation is supported. cmd := exec.Command(podmanTest.OCIRuntime, "checkpoint", "--help") diff --git a/test/e2e/commit_test.go b/test/e2e/commit_test.go index 1de30e423..c82e5e471 100644 --- a/test/e2e/commit_test.go +++ b/test/e2e/commit_test.go @@ -24,8 +24,6 @@ var _ = Describe("Podman commit", func() { Expect(err).To(BeNil()) podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - err = podmanTest.SeedImages() - Expect(err).To(BeNil()) }) AfterEach(func() { diff --git a/test/e2e/container_clone_test.go b/test/e2e/container_clone_test.go index c47a89332..da9b511e0 100644 --- a/test/e2e/container_clone_test.go +++ b/test/e2e/container_clone_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman container clone", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/container_create_volume_test.go b/test/e2e/container_create_volume_test.go index 015b1742a..6d9f13694 100644 --- a/test/e2e/container_create_volume_test.go +++ b/test/e2e/container_create_volume_test.go @@ -83,7 +83,6 @@ var _ = Describe("Podman create data volume", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/container_inspect_test.go b/test/e2e/container_inspect_test.go index f58f2de29..5aed943da 100644 --- a/test/e2e/container_inspect_test.go +++ b/test/e2e/container_inspect_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman container inspect", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 09cd68042..b48e1ed62 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -29,7 +29,6 @@ var _ = Describe("Verify podman containers.conf usage", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() os.Setenv("CONTAINERS_CONF", "config/containers.conf") if IsRemote() { podmanTest.RestartRemoteService() diff --git a/test/e2e/cp_test.go b/test/e2e/cp_test.go index ede6036b9..8a65b85d3 100644 --- a/test/e2e/cp_test.go +++ b/test/e2e/cp_test.go @@ -31,7 +31,6 @@ var _ = Describe("Podman cp", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index 4a1d926e0..6fd88753b 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman create with --ip flag", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() // Cleanup the CNI networks used by the tests os.RemoveAll("/var/lib/cni/networks/podman") }) diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go index 5fd8e3bd6..f02d9c88b 100644 --- a/test/e2e/create_staticmac_test.go +++ b/test/e2e/create_staticmac_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman run with --mac-address flag", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() // Cleanup the CNI networks used by the tests os.RemoveAll("/var/lib/cni/networks/podman") }) diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index d0813459d..63544d579 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -27,8 +27,6 @@ var _ = Describe("Podman create", func() { Expect(err).To(BeNil()) podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - err = podmanTest.SeedImages() - Expect(err).To(BeNil()) }) AfterEach(func() { @@ -176,7 +174,8 @@ var _ = Describe("Podman create", func() { // tests are passing inside a container. mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err := os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) session := podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--mount", fmt.Sprintf("type=bind,src=%s,target=/create/test", mountPath), ALPINE, "grep", "/create/test", "/proc/self/mountinfo"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) @@ -212,7 +211,8 @@ var _ = Describe("Podman create", func() { Expect(session.OutputToString()).To(ContainSubstring("shared")) mountPath = filepath.Join(podmanTest.TempDir, "scratchpad") - os.Mkdir(mountPath, 0755) + err = os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test_tmpfs", "--mount", "type=tmpfs,target=/create/test", ALPINE, "grep", "/create/test", "/proc/self/mountinfo"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) diff --git a/test/e2e/diff_test.go b/test/e2e/diff_test.go index fb6df8f45..a1f57f41b 100644 --- a/test/e2e/diff_test.go +++ b/test/e2e/diff_test.go @@ -26,7 +26,6 @@ var _ = Describe("Podman diff", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/events_test.go b/test/e2e/events_test.go index 1d4560e8e..725118ab0 100644 --- a/test/e2e/events_test.go +++ b/test/e2e/events_test.go @@ -29,7 +29,6 @@ var _ = Describe("Podman events", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 3987746d0..f4ee688b7 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -27,7 +27,6 @@ var _ = Describe("Podman exec", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/export_test.go b/test/e2e/export_test.go index 78811f1b5..59cbe06ef 100644 --- a/test/e2e/export_test.go +++ b/test/e2e/export_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman export", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index c92c1519f..2ca774a03 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -32,7 +32,6 @@ var _ = Describe("Podman generate kube", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go index e4b854332..08e8fbc8c 100644 --- a/test/e2e/generate_systemd_test.go +++ b/test/e2e/generate_systemd_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman generate systemd", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { @@ -581,6 +580,7 @@ var _ = Describe("Podman generate systemd", func() { }) It("podman generate systemd --new create command with double curly braces", func() { + SkipIfInContainer("journald inside a container doesn't work") // Regression test for #9034 session := podmanTest.Podman([]string{"create", "--name", "foo", "--log-driver=journald", "--log-opt=tag={{.Name}}", ALPINE}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go index a41c10162..add739988 100644 --- a/test/e2e/healthcheck_run_test.go +++ b/test/e2e/healthcheck_run_test.go @@ -28,14 +28,13 @@ var _ = Describe("Podman healthcheck run", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { podmanTest.Cleanup() f := CurrentGinkgoTestDescription() timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) - GinkgoWriter.Write([]byte(timedResult)) + _, _ = GinkgoWriter.Write([]byte(timedResult)) }) diff --git a/test/e2e/history_test.go b/test/e2e/history_test.go index 92e0e1b08..d637fd9af 100644 --- a/test/e2e/history_test.go +++ b/test/e2e/history_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman history", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/image_sign_test.go b/test/e2e/image_sign_test.go index dbf697bb0..3c819a7d2 100644 --- a/test/e2e/image_sign_test.go +++ b/test/e2e/image_sign_test.go @@ -28,8 +28,6 @@ var _ = Describe("Podman image sign", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() - tempGNUPGHOME := filepath.Join(podmanTest.TempDir, "tmpGPG") err := os.Mkdir(tempGNUPGHOME, os.ModePerm) Expect(err).To(BeNil()) diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go index fc1c48c15..2473ec59e 100644 --- a/test/e2e/images_test.go +++ b/test/e2e/images_test.go @@ -27,7 +27,6 @@ var _ = Describe("Podman images", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/import_test.go b/test/e2e/import_test.go index f62df23d9..e6995f0e6 100644 --- a/test/e2e/import_test.go +++ b/test/e2e/import_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman import", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/init_test.go b/test/e2e/init_test.go index fdb2b41a1..ccc102fa3 100644 --- a/test/e2e/init_test.go +++ b/test/e2e/init_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman init", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index 25b938d07..6fe850f0b 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman inspect", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go index 9ad2bf7b9..8357246a5 100644 --- a/test/e2e/libpod_suite_remote_test.go +++ b/test/e2e/libpod_suite_remote_test.go @@ -16,6 +16,7 @@ import ( "time" "github.com/containers/podman/v4/pkg/rootless" + . "github.com/onsi/gomega" ) func IsRemote() bool { @@ -57,7 +58,8 @@ func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() { func (p *PodmanTestIntegration) setRegistriesConfigEnv(b []byte) { outfile := filepath.Join(p.TempDir, "registries.conf") os.Setenv("CONTAINERS_REGISTRIES_CONF", outfile) - ioutil.WriteFile(outfile, b, 0644) + err := ioutil.WriteFile(outfile, b, 0644) + Expect(err).ToNot(HaveOccurred()) } func resetRegistriesConfigEnv() { @@ -71,7 +73,8 @@ func PodmanTestCreate(tempDir string) *PodmanTestIntegration { func (p *PodmanTestIntegration) StartRemoteService() { if os.Geteuid() == 0 { - os.MkdirAll("/run/podman", 0755) + err := os.MkdirAll("/run/podman", 0755) + Expect(err).ToNot(HaveOccurred()) } args := []string{} @@ -88,7 +91,8 @@ func (p *PodmanTestIntegration) StartRemoteService() { command.Stdout = os.Stdout command.Stderr = os.Stderr fmt.Printf("Running: %s %s\n", p.PodmanBinary, strings.Join(podmanOptions, " ")) - command.Start() + err := command.Start() + Expect(err).ToNot(HaveOccurred()) command.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} p.RemoteCommand = command p.RemoteSession = command.Process @@ -145,11 +149,6 @@ func getRemoteOptions(p *PodmanTestIntegration, args []string) []string { return podmanOptions } -// SeedImages restores all the artifacts into the main store for remote tests -func (p *PodmanTestIntegration) SeedImages() error { - return nil -} - // RestoreArtifact puts the cached image into our test store func (p *PodmanTestIntegration) RestoreArtifact(image string) error { tarball := imageTarPath(image) @@ -159,8 +158,12 @@ func (p *PodmanTestIntegration) RestoreArtifact(image string) error { podmanOptions := getRemoteOptions(p, args) command := exec.Command(p.PodmanBinary, podmanOptions...) fmt.Printf("Running: %s %s\n", p.PodmanBinary, strings.Join(podmanOptions, " ")) - command.Start() - command.Wait() + if err := command.Start(); err != nil { + return err + } + if err := command.Wait(); err != nil { + return err + } } return nil } diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index cf81a0348..a633bd3d7 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -10,6 +10,7 @@ import ( "path/filepath" "github.com/containers/podman/v4/pkg/rootless" + . "github.com/onsi/gomega" ) func IsRemote() bool { @@ -40,13 +41,15 @@ func (p *PodmanTestIntegration) PodmanExtraFiles(args []string, extraFiles []*os func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() { defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf") - os.Setenv("CONTAINERS_REGISTRIES_CONF", defaultFile) + err := os.Setenv("CONTAINERS_REGISTRIES_CONF", defaultFile) + Expect(err).ToNot(HaveOccurred()) } func (p *PodmanTestIntegration) setRegistriesConfigEnv(b []byte) { outfile := filepath.Join(p.TempDir, "registries.conf") os.Setenv("CONTAINERS_REGISTRIES_CONF", outfile) - ioutil.WriteFile(outfile, b, 0644) + err := ioutil.WriteFile(outfile, b, 0644) + Expect(err).ToNot(HaveOccurred()) } func resetRegistriesConfigEnv() { @@ -70,11 +73,6 @@ func (p *PodmanTestIntegration) RestoreArtifact(image string) error { func (p *PodmanTestIntegration) StopRemoteService() {} -// SeedImages is a no-op for localized testing -func (p *PodmanTestIntegration) SeedImages() error { - return nil -} - // We don't support running API service when local func (p *PodmanTestIntegration) StartRemoteService() { } diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go index 001779cdf..bce8b78c6 100644 --- a/test/e2e/login_logout_test.go +++ b/test/e2e/login_logout_test.go @@ -36,7 +36,8 @@ var _ = Describe("Podman login and logout", func() { podmanTest = PodmanTestCreate(tempdir) authPath = filepath.Join(podmanTest.TempDir, "auth") - os.Mkdir(authPath, os.ModePerm) + err := os.Mkdir(authPath, os.ModePerm) + Expect(err).ToNot(HaveOccurred()) if IsCommandAvailable("getenforce") { ge := SystemExec("getenforce", []string{}) @@ -55,11 +56,14 @@ var _ = Describe("Podman login and logout", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - f, _ := os.Create(filepath.Join(authPath, "htpasswd")) + f, err := os.Create(filepath.Join(authPath, "htpasswd")) + Expect(err).ToNot(HaveOccurred()) defer f.Close() - f.WriteString(session.OutputToString()) - f.Sync() + _, err = f.WriteString(session.OutputToString()) + Expect(err).ToNot(HaveOccurred()) + err = f.Sync() + Expect(err).ToNot(HaveOccurred()) port := GetPort() server = strings.Join([]string{"localhost", strconv.Itoa(port)}, ":") @@ -68,7 +72,8 @@ var _ = Describe("Podman login and logout", func() { testImg = strings.Join([]string{server, "test-alpine"}, "/") certDirPath = filepath.Join(os.Getenv("HOME"), ".config/containers/certs.d", server) - os.MkdirAll(certDirPath, os.ModePerm) + err = os.MkdirAll(certDirPath, os.ModePerm) + Expect(err).ToNot(HaveOccurred()) cwd, _ := os.Getwd() certPath = filepath.Join(cwd, "../", "certs") @@ -207,7 +212,8 @@ var _ = Describe("Podman login and logout", func() { }) It("podman login and logout with --cert-dir", func() { certDir := filepath.Join(podmanTest.TempDir, "certs") - os.MkdirAll(certDir, os.ModePerm) + err := os.MkdirAll(certDir, os.ModePerm) + Expect(err).ToNot(HaveOccurred()) setup := SystemExec("cp", []string{filepath.Join(certPath, "domain.crt"), filepath.Join(certDir, "ca.crt")}) setup.WaitWithDefaultTimeout() @@ -226,7 +232,8 @@ var _ = Describe("Podman login and logout", func() { }) It("podman login and logout with multi registry", func() { certDir := filepath.Join(os.Getenv("HOME"), ".config/containers/certs.d", "localhost:9001") - os.MkdirAll(certDir, os.ModePerm) + err = os.MkdirAll(certDir, os.ModePerm) + Expect(err).ToNot(HaveOccurred()) cwd, _ := os.Getwd() certPath = filepath.Join(cwd, "../", "certs") diff --git a/test/e2e/logs_test.go b/test/e2e/logs_test.go index 934a306ce..4e6dcb8af 100644 --- a/test/e2e/logs_test.go +++ b/test/e2e/logs_test.go @@ -37,9 +37,6 @@ var _ = Describe("Podman logs", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - if err := podmanTest.SeedImages(); err != nil { - os.Exit(1) - } }) AfterEach(func() { diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index 230864891..92b8bc2e1 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -36,7 +36,6 @@ var _ = Describe("Podman manifest", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/mount_rootless_test.go b/test/e2e/mount_rootless_test.go index 30d7ce8a9..994a5899b 100644 --- a/test/e2e/mount_rootless_test.go +++ b/test/e2e/mount_rootless_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman mount", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/namespace_test.go b/test/e2e/namespace_test.go index bc9db4cd9..0000a2327 100644 --- a/test/e2e/namespace_test.go +++ b/test/e2e/namespace_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman namespaces", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index a6e927ca2..69966b07e 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -32,7 +32,6 @@ var _ = Describe("Podman network create", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pause_test.go b/test/e2e/pause_test.go index 66638d71c..402719de2 100644 --- a/test/e2e/pause_test.go +++ b/test/e2e/pause_test.go @@ -45,7 +45,6 @@ var _ = Describe("Podman pause", func() { podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/play_build_test.go b/test/e2e/play_build_test.go index 96785c569..914144ae6 100644 --- a/test/e2e/play_build_test.go +++ b/test/e2e/play_build_test.go @@ -29,7 +29,6 @@ var _ = Describe("Podman play kube with build", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index aaefa4625..0e91db04c 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -1206,8 +1206,6 @@ var _ = Describe("Podman play kube", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() - kubeYaml = filepath.Join(podmanTest.TempDir, "kube.yaml") }) @@ -2744,6 +2742,7 @@ MemoryReservation: {{ .HostConfig.MemoryReservation }}`}) }) It("podman play kube applies log driver to containers", func() { + SkipIfInContainer("journald inside a container doesn't work") pod := getPod() err := generateKubeYaml("pod", pod, kubeYaml) Expect(err).To(BeNil()) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 0c7886a93..dedb1caeb 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -35,7 +35,6 @@ var _ = Describe("Podman pod create", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index 2b56502b0..ab204992c 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman pod create", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_initcontainers_test.go b/test/e2e/pod_initcontainers_test.go index 3c660c5bf..ec429f568 100644 --- a/test/e2e/pod_initcontainers_test.go +++ b/test/e2e/pod_initcontainers_test.go @@ -26,7 +26,6 @@ var _ = Describe("Podman init containers", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_inspect_test.go b/test/e2e/pod_inspect_test.go index dcc70e4a5..351317cc5 100644 --- a/test/e2e/pod_inspect_test.go +++ b/test/e2e/pod_inspect_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman pod inspect", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_kill_test.go b/test/e2e/pod_kill_test.go index 18f9769a1..0612200d4 100644 --- a/test/e2e/pod_kill_test.go +++ b/test/e2e/pod_kill_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman pod kill", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_pause_test.go b/test/e2e/pod_pause_test.go index 57ae75926..d78890347 100644 --- a/test/e2e/pod_pause_test.go +++ b/test/e2e/pod_pause_test.go @@ -26,7 +26,6 @@ var _ = Describe("Podman pod pause", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_pod_namespaces_test.go b/test/e2e/pod_pod_namespaces_test.go index 667a54861..5b288898f 100644 --- a/test/e2e/pod_pod_namespaces_test.go +++ b/test/e2e/pod_pod_namespaces_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman pod create", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_prune_test.go b/test/e2e/pod_prune_test.go index 55ecc1593..dce3e34e4 100644 --- a/test/e2e/pod_prune_test.go +++ b/test/e2e/pod_prune_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman pod prune", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_ps_test.go b/test/e2e/pod_ps_test.go index a0a1e1438..97ca5ff94 100644 --- a/test/e2e/pod_ps_test.go +++ b/test/e2e/pod_ps_test.go @@ -26,7 +26,6 @@ var _ = Describe("Podman ps", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_restart_test.go b/test/e2e/pod_restart_test.go index 1897104cc..fab448f92 100644 --- a/test/e2e/pod_restart_test.go +++ b/test/e2e/pod_restart_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman pod restart", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_rm_test.go b/test/e2e/pod_rm_test.go index dbb2d6d13..a5eab7eed 100644 --- a/test/e2e/pod_rm_test.go +++ b/test/e2e/pod_rm_test.go @@ -28,7 +28,6 @@ var _ = Describe("Podman pod rm", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_start_test.go b/test/e2e/pod_start_test.go index 2f3ef3a11..084a48636 100644 --- a/test/e2e/pod_start_test.go +++ b/test/e2e/pod_start_test.go @@ -27,7 +27,6 @@ var _ = Describe("Podman pod start", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index 0e94406f8..8f76e6e5a 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -28,7 +28,6 @@ var _ = Describe("Podman pod stats", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_stop_test.go b/test/e2e/pod_stop_test.go index fc78f9ed6..2fe0aa486 100644 --- a/test/e2e/pod_stop_test.go +++ b/test/e2e/pod_stop_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman pod stop", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pod_top_test.go b/test/e2e/pod_top_test.go index 564170412..07028da45 100644 --- a/test/e2e/pod_top_test.go +++ b/test/e2e/pod_top_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman top", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/port_test.go b/test/e2e/port_test.go index d81c03e5b..03263a198 100644 --- a/test/e2e/port_test.go +++ b/test/e2e/port_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman port", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go index 01f987b92..75adf1724 100644 --- a/test/e2e/prune_test.go +++ b/test/e2e/prune_test.go @@ -35,7 +35,6 @@ var _ = Describe("Podman prune", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 021ebc30b..1100a5d90 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -29,7 +29,6 @@ var _ = Describe("Podman ps", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index d13334651..41eb8b449 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -345,7 +345,8 @@ var _ = Describe("Podman pull", func() { podmanTest.AddImageToRWStore(cirros) dirpath := filepath.Join(podmanTest.TempDir, "cirros") - os.MkdirAll(dirpath, os.ModePerm) + err = os.MkdirAll(dirpath, os.ModePerm) + Expect(err).ToNot(HaveOccurred()) imgPath := fmt.Sprintf("dir:%s", dirpath) session := podmanTest.Podman([]string{"push", "cirros", imgPath}) @@ -368,7 +369,8 @@ var _ = Describe("Podman pull", func() { podmanTest.AddImageToRWStore(cirros) dirpath := filepath.Join(podmanTest.TempDir, "cirros") - os.MkdirAll(dirpath, os.ModePerm) + err = os.MkdirAll(dirpath, os.ModePerm) + Expect(err).ToNot(HaveOccurred()) imgPath := fmt.Sprintf("oci:%s", dirpath) session := podmanTest.Podman([]string{"push", "cirros", imgPath}) @@ -387,7 +389,8 @@ var _ = Describe("Podman pull", func() { }) It("podman pull check quiet", func() { - podmanTest.RestoreArtifact(ALPINE) + err := podmanTest.RestoreArtifact(ALPINE) + Expect(err).ToNot(HaveOccurred()) setup := podmanTest.Podman([]string{"images", ALPINE, "-q", "--no-trunc"}) setup.WaitWithDefaultTimeout() Expect(setup).Should(Exit(0)) @@ -428,8 +431,10 @@ var _ = Describe("Podman pull", func() { // We already tested pulling, so we can save some energy and // just restore local artifacts and tag them. - podmanTest.RestoreArtifact(ALPINE) - podmanTest.RestoreArtifact(BB) + err := podmanTest.RestoreArtifact(ALPINE) + Expect(err).ToNot(HaveOccurred()) + err = podmanTest.RestoreArtifact(BB) + Expect(err).ToNot(HaveOccurred()) // What we want is at least two images which have the same name // and are prefixed with two different unqualified-search diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go index 3b571ab20..0288bf915 100644 --- a/test/e2e/push_test.go +++ b/test/e2e/push_test.go @@ -101,7 +101,8 @@ var _ = Describe("Podman push", func() { Skip("No registry image for ppc64le") } if rootless.IsRootless() { - podmanTest.RestoreArtifact(registry) + err := podmanTest.RestoreArtifact(registry) + Expect(err).ToNot(HaveOccurred()) } lock := GetPortLock("5000") defer lock.Unlock() @@ -132,8 +133,10 @@ var _ = Describe("Podman push", func() { Skip("No registry image for ppc64le") } authPath := filepath.Join(podmanTest.TempDir, "auth") - os.Mkdir(authPath, os.ModePerm) - os.MkdirAll("/etc/containers/certs.d/localhost:5000", os.ModePerm) + err = os.Mkdir(authPath, os.ModePerm) + Expect(err).ToNot(HaveOccurred()) + err = os.MkdirAll("/etc/containers/certs.d/localhost:5000", os.ModePerm) + Expect(err).ToNot(HaveOccurred()) defer os.RemoveAll("/etc/containers/certs.d/localhost:5000") cwd, _ := os.Getwd() @@ -157,11 +160,14 @@ var _ = Describe("Podman push", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - f, _ := os.Create(filepath.Join(authPath, "htpasswd")) + f, err := os.Create(filepath.Join(authPath, "htpasswd")) + Expect(err).ToNot(HaveOccurred()) defer f.Close() - f.WriteString(session.OutputToString()) - f.Sync() + _, err = f.WriteString(session.OutputToString()) + Expect(err).ToNot(HaveOccurred()) + err = f.Sync() + Expect(err).ToNot(HaveOccurred()) session = podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry", "-v", strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e", diff --git a/test/e2e/rename_test.go b/test/e2e/rename_test.go index ef90c3f22..341490d9c 100644 --- a/test/e2e/rename_test.go +++ b/test/e2e/rename_test.go @@ -24,7 +24,6 @@ var _ = Describe("podman rename", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/restart_test.go b/test/e2e/restart_test.go index b8c74d395..b3052623b 100644 --- a/test/e2e/restart_test.go +++ b/test/e2e/restart_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman restart", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/rm_test.go b/test/e2e/rm_test.go index f836540b4..7dbe5fed8 100644 --- a/test/e2e/rm_test.go +++ b/test/e2e/rm_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman rm", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_aardvark_test.go b/test/e2e/run_aardvark_test.go index 7b4598423..25eb8b538 100644 --- a/test/e2e/run_aardvark_test.go +++ b/test/e2e/run_aardvark_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman run networking", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() SkipIfCNI(podmanTest) }) diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go index ed88ab7a0..18d011e6d 100644 --- a/test/e2e/run_apparmor_test.go +++ b/test/e2e/run_apparmor_test.go @@ -42,7 +42,6 @@ var _ = Describe("Podman run", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index 34715be22..24cae43b1 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -30,7 +30,6 @@ var _ = Describe("Podman run with --cgroup-parent", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_cleanup_test.go b/test/e2e/run_cleanup_test.go index 2282ef913..ea2caf907 100644 --- a/test/e2e/run_cleanup_test.go +++ b/test/e2e/run_cleanup_test.go @@ -23,7 +23,8 @@ var _ = Describe("Podman run exit", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.RestoreArtifact(ALPINE) + err = podmanTest.RestoreArtifact(ALPINE) + Expect(err).ToNot(HaveOccurred()) }) AfterEach(func() { diff --git a/test/e2e/run_cpu_test.go b/test/e2e/run_cpu_test.go index fda0a7c24..b21be5729 100644 --- a/test/e2e/run_cpu_test.go +++ b/test/e2e/run_cpu_test.go @@ -33,7 +33,6 @@ var _ = Describe("Podman run cpu", func() { podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index 479837dda..c46afdaca 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman run device", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_dns_test.go b/test/e2e/run_dns_test.go index 7561a2e85..61177b4c7 100644 --- a/test/e2e/run_dns_test.go +++ b/test/e2e/run_dns_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman run dns", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_entrypoint_test.go b/test/e2e/run_entrypoint_test.go index fde43dfec..9f35b9e7e 100644 --- a/test/e2e/run_entrypoint_test.go +++ b/test/e2e/run_entrypoint_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman run entrypoint", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_env_test.go b/test/e2e/run_env_test.go index f4c44c23b..bab52efc5 100644 --- a/test/e2e/run_env_test.go +++ b/test/e2e/run_env_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman run", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_exit_test.go b/test/e2e/run_exit_test.go index aa9a4295c..0663e4d9a 100644 --- a/test/e2e/run_exit_test.go +++ b/test/e2e/run_exit_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman run exit", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index d6a67da57..083020f08 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -26,7 +26,6 @@ var _ = Describe("Podman run memory", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 7527682cb..39c26ec4a 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -32,7 +32,6 @@ var _ = Describe("Podman run networking", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { @@ -747,11 +746,12 @@ EXPOSE 2004-2005/tcp`, ALPINE) routeAdd := func(gateway string) { gw := net.ParseIP(gateway) route := &netlink.Route{Dst: nil, Gw: gw} - netlink.RouteAdd(route) + err = netlink.RouteAdd(route) + Expect(err).ToNot(HaveOccurred()) } setupNetworkNs := func(networkNSName string) { - ns.WithNetNSPath("/run/netns/"+networkNSName, func(_ ns.NetNS) error { + _ = ns.WithNetNSPath("/run/netns/"+networkNSName, func(_ ns.NetNS) error { loopbackup() linkup("eth0", "46:7f:45:6e:4f:c8", []string{"10.25.40.0/24", "fd04:3e42:4a4e:3381::/64"}) linkup("eth1", "56:6e:35:5d:3e:a8", []string{"10.88.0.0/16"}) diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go index 23fd298d7..f99d6cf3f 100644 --- a/test/e2e/run_ns_test.go +++ b/test/e2e/run_ns_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman run ns", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index ce6c6ffda..411e12218 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman run passwd", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index 59223c589..4f0b512c6 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -49,7 +49,6 @@ var _ = Describe("Podman privileged container tests", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_restart_test.go b/test/e2e/run_restart_test.go index ec8fbfe98..b1002ece4 100644 --- a/test/e2e/run_restart_test.go +++ b/test/e2e/run_restart_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman run restart containers", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_seccomp_test.go b/test/e2e/run_seccomp_test.go index 03212b6dc..bd44a3ef1 100644 --- a/test/e2e/run_seccomp_test.go +++ b/test/e2e/run_seccomp_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman run", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_security_labels_test.go b/test/e2e/run_security_labels_test.go index 8aebeaebb..915566a2c 100644 --- a/test/e2e/run_security_labels_test.go +++ b/test/e2e/run_security_labels_test.go @@ -25,8 +25,6 @@ var _ = Describe("Podman generate kube", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() - }) AfterEach(func() { diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index b71c68baf..4a433f308 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman run", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() if !selinux.GetEnabled() { Skip("SELinux not enabled") } diff --git a/test/e2e/run_signal_test.go b/test/e2e/run_signal_test.go index d40a5a1b4..e5d9b6c7b 100644 --- a/test/e2e/run_signal_test.go +++ b/test/e2e/run_signal_test.go @@ -34,7 +34,6 @@ var _ = Describe("Podman run with --sig-proxy", func() { } podmanTest = PodmanTestCreate(tmpdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { @@ -51,11 +50,14 @@ var _ = Describe("Podman run with --sig-proxy", func() { signal := syscall.SIGFPE // Set up a socket for communication udsDir := filepath.Join(tmpdir, "socket") - os.Mkdir(udsDir, 0700) + err := os.Mkdir(udsDir, 0700) + Expect(err).ToNot(HaveOccurred()) udsPath := filepath.Join(udsDir, "fifo") - syscall.Mkfifo(udsPath, 0600) + err = syscall.Mkfifo(udsPath, 0600) + Expect(err).ToNot(HaveOccurred()) if rootless.IsRootless() { - podmanTest.RestoreArtifact(fedoraMinimal) + err = podmanTest.RestoreArtifact(fedoraMinimal) + Expect(err).ToNot(HaveOccurred()) } _, pid := podmanTest.PodmanPID([]string{"run", "-it", "-v", fmt.Sprintf("%s:/h:Z", udsDir), fedoraMinimal, "bash", "-c", sigCatch}) @@ -112,7 +114,8 @@ var _ = Describe("Podman run with --sig-proxy", func() { Specify("signals are not forwarded to container with sig-proxy false", func() { signal := syscall.SIGFPE if rootless.IsRootless() { - podmanTest.RestoreArtifact(fedoraMinimal) + err = podmanTest.RestoreArtifact(fedoraMinimal) + Expect(err).ToNot(HaveOccurred()) } session, pid := podmanTest.PodmanPID([]string{"run", "--name", "test2", "--sig-proxy=false", fedoraMinimal, "bash", "-c", sigCatch2}) diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index 7e61e7c5e..af3f98d4b 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -28,7 +28,6 @@ var _ = Describe("Podman run with --ip flag", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() // Cleanup the CNI networks used by the tests os.RemoveAll("/var/lib/cni/networks/podman") }) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 386a27a2f..afcca6ff0 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -36,7 +36,6 @@ var _ = Describe("Podman run", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { @@ -814,8 +813,10 @@ USER bin`, BB) It("podman test hooks", func() { hcheck := "/run/hookscheck" hooksDir := tempdir + "/hooks" - os.Mkdir(hooksDir, 0755) - fileutils.CopyFile("hooks/hooks.json", hooksDir) + err := os.Mkdir(hooksDir, 0755) + Expect(err).ToNot(HaveOccurred()) + err = fileutils.CopyFile("hooks/hooks.json", hooksDir) + Expect(err).ToNot(HaveOccurred()) os.Setenv("HOOK_OPTION", fmt.Sprintf("--hooks-dir=%s", hooksDir)) os.Remove(hcheck) session := podmanTest.Podman([]string{"run", ALPINE, "ls"}) diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index 092621c27..613727118 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -33,7 +33,6 @@ var _ = Describe("Podman UserNS support", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 4f1013f8d..3bef889b7 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -34,7 +34,6 @@ var _ = Describe("Podman run with volumes", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { @@ -55,7 +54,8 @@ var _ = Describe("Podman run with volumes", func() { It("podman run with volume flag", func() { mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err = os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) vol := mountPath + ":" + dest // [5] is flags @@ -82,7 +82,8 @@ var _ = Describe("Podman run with volumes", func() { Skip("skip failing test on ppc64le") } mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err = os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) mount := "type=bind,src=" + mountPath + ",target=" + dest session := podmanTest.Podman([]string{"run", "--rm", "--mount", mount, ALPINE, "grep", dest, "/proc/self/mountinfo"}) @@ -141,14 +142,16 @@ var _ = Describe("Podman run with volumes", func() { It("podman run with conflicting volumes errors", func() { mountPath := filepath.Join(podmanTest.TmpDir, "secrets") - os.Mkdir(mountPath, 0755) + err := os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) session := podmanTest.Podman([]string{"run", "-v", mountPath + ":" + dest, "-v", "/tmp" + ":" + dest, ALPINE, "ls"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(125)) }) It("podman run with conflict between image volume and user mount succeeds", func() { - podmanTest.RestoreArtifact(redis) + err = podmanTest.RestoreArtifact(redis) + Expect(err).ToNot(HaveOccurred()) mountPath := filepath.Join(podmanTest.TempDir, "secrets") err := os.Mkdir(mountPath, 0755) Expect(err).To(BeNil()) @@ -164,7 +167,8 @@ var _ = Describe("Podman run with volumes", func() { It("podman run with mount flag and boolean options", func() { mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err := os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) mount := "type=bind,src=" + mountPath + ",target=" + dest session := podmanTest.Podman([]string{"run", "--rm", "--mount", mount + ",ro=false", ALPINE, "grep", dest, "/proc/self/mountinfo"}) @@ -193,7 +197,8 @@ var _ = Describe("Podman run with volumes", func() { It("podman run with volumes and suid/dev/exec options", func() { SkipIfRemote("podman-remote does not support --volumes") mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err := os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) session := podmanTest.Podman([]string{"run", "--rm", "-v", mountPath + ":" + dest + ":suid,dev,exec", ALPINE, "grep", dest, "/proc/self/mountinfo"}) session.WaitWithDefaultTimeout() @@ -224,7 +229,8 @@ var _ = Describe("Podman run with volumes", func() { } } mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err := os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) // Container should be able to start with custom overlay volume session := podmanTest.Podman([]string{"run", "--rm", "-v", mountPath + ":/data:O", "--workdir=/data", ALPINE, "echo", "hello"}) @@ -603,7 +609,8 @@ VOLUME /test/`, ALPINE) } } mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err := os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) testFile := filepath.Join(mountPath, "test1") f, err := os.Create(testFile) Expect(err).To(BeNil(), "os.Create "+testFile) @@ -651,7 +658,8 @@ VOLUME /test/`, ALPINE) It("overlay volume conflicts with named volume and mounts", func() { mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err := os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) testFile := filepath.Join(mountPath, "test1") f, err := os.Create(testFile) Expect(err).To(BeNil()) @@ -716,7 +724,8 @@ VOLUME /test/`, ALPINE) } mountPath := filepath.Join(podmanTest.TempDir, "secrets") - os.Mkdir(mountPath, 0755) + err = os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) vol := mountPath + ":" + dest + ":U" session := podmanTest.Podman([]string{"run", "--rm", "--user", "888:888", "-v", vol, ALPINE, "stat", "-c", "%u:%g", dest}) @@ -754,7 +763,8 @@ VOLUME /test/`, ALPINE) } mountPath := filepath.Join(podmanTest.TempDir, "foo") - os.Mkdir(mountPath, 0755) + err = os.Mkdir(mountPath, 0755) + Expect(err).ToNot(HaveOccurred()) // false bind mount vol := "type=bind,src=" + mountPath + ",dst=" + dest + ",U=false" diff --git a/test/e2e/run_working_dir_test.go b/test/e2e/run_working_dir_test.go index 50d0a2194..ff91a420f 100644 --- a/test/e2e/run_working_dir_test.go +++ b/test/e2e/run_working_dir_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman run", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go index d1e11dd9a..018ed37c2 100644 --- a/test/e2e/runlabel_test.go +++ b/test/e2e/runlabel_test.go @@ -37,7 +37,6 @@ var _ = Describe("podman container runlabel", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index 39295608e..536eefda7 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -170,7 +170,8 @@ var _ = Describe("Podman save", func() { } defer func() { cmd = exec.Command("cp", "default.yaml", "/etc/containers/registries.d/default.yaml") - cmd.Run() + err := cmd.Run() + Expect(err).ToNot(HaveOccurred()) }() cmd = exec.Command("cp", "sign/key.gpg", "/tmp/key.gpg") diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index 07198d799..8237f6433 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -64,8 +64,6 @@ registries = ['{{.Host}}:{{.Port}}']` podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() - }) AfterEach(func() { @@ -242,7 +240,8 @@ registries = ['{{.Host}}:{{.Port}}']` Fail("Cannot start docker registry on port %s", port) } ep := endpoint{Port: fmt.Sprintf("%d", port), Host: "localhost"} - podmanTest.RestoreArtifact(ALPINE) + err = podmanTest.RestoreArtifact(ALPINE) + Expect(err).ToNot(HaveOccurred()) image := fmt.Sprintf("%s/my-alpine", ep.Address()) push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image}) push.WaitWithDefaultTimeout() @@ -277,7 +276,8 @@ registries = ['{{.Host}}:{{.Port}}']` Fail("unable to start registry on port %s", port) } - podmanTest.RestoreArtifact(ALPINE) + err = podmanTest.RestoreArtifact(ALPINE) + Expect(err).ToNot(HaveOccurred()) image := fmt.Sprintf("%s/my-alpine", ep.Address()) push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image}) push.WaitWithDefaultTimeout() @@ -285,9 +285,11 @@ registries = ['{{.Host}}:{{.Port}}']` // registries.conf set up var buffer bytes.Buffer - registryFileTmpl.Execute(&buffer, ep) + err = registryFileTmpl.Execute(&buffer, ep) + Expect(err).ToNot(HaveOccurred()) podmanTest.setRegistriesConfigEnv(buffer.Bytes()) - ioutil.WriteFile(fmt.Sprintf("%s/registry4.conf", tempdir), buffer.Bytes(), 0644) + err = ioutil.WriteFile(fmt.Sprintf("%s/registry4.conf", tempdir), buffer.Bytes(), 0644) + Expect(err).ToNot(HaveOccurred()) if IsRemote() { podmanTest.RestartRemoteService() defer podmanTest.RestartRemoteService() @@ -319,16 +321,19 @@ registries = ['{{.Host}}:{{.Port}}']` Fail("Cannot start docker registry on port %s", port) } - podmanTest.RestoreArtifact(ALPINE) + err = podmanTest.RestoreArtifact(ALPINE) + Expect(err).ToNot(HaveOccurred()) image := fmt.Sprintf("%s/my-alpine", ep.Address()) push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image}) push.WaitWithDefaultTimeout() Expect(push).Should(Exit(0)) var buffer bytes.Buffer - registryFileTmpl.Execute(&buffer, ep) + err = registryFileTmpl.Execute(&buffer, ep) + Expect(err).ToNot(HaveOccurred()) podmanTest.setRegistriesConfigEnv(buffer.Bytes()) - ioutil.WriteFile(fmt.Sprintf("%s/registry5.conf", tempdir), buffer.Bytes(), 0644) + err = ioutil.WriteFile(fmt.Sprintf("%s/registry5.conf", tempdir), buffer.Bytes(), 0644) + Expect(err).ToNot(HaveOccurred()) search := podmanTest.Podman([]string{"search", image, "--tls-verify=true"}) search.WaitWithDefaultTimeout() @@ -356,16 +361,19 @@ registries = ['{{.Host}}:{{.Port}}']` Fail("Cannot start docker registry on port %s", port) } - podmanTest.RestoreArtifact(ALPINE) + err = podmanTest.RestoreArtifact(ALPINE) + Expect(err).ToNot(HaveOccurred()) image := fmt.Sprintf("%s/my-alpine", ep.Address()) push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, image}) push.WaitWithDefaultTimeout() Expect(push).Should(Exit(0)) var buffer bytes.Buffer - registryFileBadTmpl.Execute(&buffer, ep) + err = registryFileBadTmpl.Execute(&buffer, ep) + Expect(err).ToNot(HaveOccurred()) podmanTest.setRegistriesConfigEnv(buffer.Bytes()) - ioutil.WriteFile(fmt.Sprintf("%s/registry6.conf", tempdir), buffer.Bytes(), 0644) + err = ioutil.WriteFile(fmt.Sprintf("%s/registry6.conf", tempdir), buffer.Bytes(), 0644) + Expect(err).ToNot(HaveOccurred()) if IsRemote() { podmanTest.RestartRemoteService() @@ -409,16 +417,19 @@ registries = ['{{.Host}}:{{.Port}}']` Fail("Cannot start docker registry on port %s", port2) } - podmanTest.RestoreArtifact(ALPINE) + err = podmanTest.RestoreArtifact(ALPINE) + Expect(err).ToNot(HaveOccurred()) push := podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, fmt.Sprintf("localhost:%d/my-alpine", port2)}) push.WaitWithDefaultTimeout() Expect(push).Should(Exit(0)) // registries.conf set up var buffer bytes.Buffer - registryFileTwoTmpl.Execute(&buffer, ep3) + err = registryFileTwoTmpl.Execute(&buffer, ep3) + Expect(err).ToNot(HaveOccurred()) podmanTest.setRegistriesConfigEnv(buffer.Bytes()) - ioutil.WriteFile(fmt.Sprintf("%s/registry8.conf", tempdir), buffer.Bytes(), 0644) + err = ioutil.WriteFile(fmt.Sprintf("%s/registry8.conf", tempdir), buffer.Bytes(), 0644) + Expect(err).ToNot(HaveOccurred()) if IsRemote() { podmanTest.RestartRemoteService() diff --git a/test/e2e/secret_test.go b/test/e2e/secret_test.go index 90d760c81..ed328d84a 100644 --- a/test/e2e/secret_test.go +++ b/test/e2e/secret_test.go @@ -26,7 +26,6 @@ var _ = Describe("Podman secret", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/start_test.go b/test/e2e/start_test.go index 98943c6fc..73af9d12c 100644 --- a/test/e2e/start_test.go +++ b/test/e2e/start_test.go @@ -26,7 +26,6 @@ var _ = Describe("Podman start", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/stats_test.go b/test/e2e/stats_test.go index 7435a0e3b..b43a81cd3 100644 --- a/test/e2e/stats_test.go +++ b/test/e2e/stats_test.go @@ -32,7 +32,6 @@ var _ = Describe("Podman stats", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/stop_test.go b/test/e2e/stop_test.go index 99d7f278c..8864ba5fd 100644 --- a/test/e2e/stop_test.go +++ b/test/e2e/stop_test.go @@ -25,7 +25,6 @@ var _ = Describe("Podman stop", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/system_connection_test.go b/test/e2e/system_connection_test.go index ac4c5e5ea..95920136e 100644 --- a/test/e2e/system_connection_test.go +++ b/test/e2e/system_connection_test.go @@ -47,7 +47,7 @@ var _ = Describe("podman system connection", func() { } f := CurrentGinkgoTestDescription() - GinkgoWriter.Write( + _, _ = GinkgoWriter.Write( []byte( fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()))) }) diff --git a/test/e2e/system_df_test.go b/test/e2e/system_df_test.go index a9fa5f4ac..ba4a40ab4 100644 --- a/test/e2e/system_df_test.go +++ b/test/e2e/system_df_test.go @@ -26,14 +26,13 @@ var _ = Describe("podman system df", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { podmanTest.Cleanup() f := CurrentGinkgoTestDescription() timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) - GinkgoWriter.Write([]byte(timedResult)) + _, _ = GinkgoWriter.Write([]byte(timedResult)) }) It("podman system df", func() { diff --git a/test/e2e/system_dial_stdio_test.go b/test/e2e/system_dial_stdio_test.go index 5fcb20cb8..4e4c99bfe 100644 --- a/test/e2e/system_dial_stdio_test.go +++ b/test/e2e/system_dial_stdio_test.go @@ -24,14 +24,13 @@ var _ = Describe("podman system dial-stdio", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { podmanTest.Cleanup() f := CurrentGinkgoTestDescription() timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) - GinkgoWriter.Write([]byte(timedResult)) + _, _ = GinkgoWriter.Write([]byte(timedResult)) }) It("podman system dial-stdio help", func() { diff --git a/test/e2e/system_reset_test.go b/test/e2e/system_reset_test.go index f413ce147..ec94bb819 100644 --- a/test/e2e/system_reset_test.go +++ b/test/e2e/system_reset_test.go @@ -24,14 +24,13 @@ var _ = Describe("podman system reset", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { podmanTest.Cleanup() f := CurrentGinkgoTestDescription() timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) - GinkgoWriter.Write([]byte(timedResult)) + _, _ = GinkgoWriter.Write([]byte(timedResult)) }) It("podman system reset", func() { diff --git a/test/e2e/systemd_activate_test.go b/test/e2e/systemd_activate_test.go index 04acafe1b..aeea4f932 100644 --- a/test/e2e/systemd_activate_test.go +++ b/test/e2e/systemd_activate_test.go @@ -31,7 +31,6 @@ var _ = Describe("Systemd activate", func() { podmanTest = PodmanTestCreate(tempDir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index 57fc323ce..a1a080904 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -28,7 +28,6 @@ var _ = Describe("Podman systemd", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() systemdUnitFile = `[Unit] Description=redis container [Service] diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go index 1fc28a06d..1e9a6da1f 100644 --- a/test/e2e/toolbox_test.go +++ b/test/e2e/toolbox_test.go @@ -56,7 +56,6 @@ var _ = Describe("Toolbox-specific testing", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/top_test.go b/test/e2e/top_test.go index 344568da5..66bb887dc 100644 --- a/test/e2e/top_test.go +++ b/test/e2e/top_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman top", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/tree_test.go b/test/e2e/tree_test.go index ab6e49e88..e1282d2b4 100644 --- a/test/e2e/tree_test.go +++ b/test/e2e/tree_test.go @@ -31,7 +31,7 @@ var _ = Describe("Podman image tree", func() { podmanTest.Cleanup() f := CurrentGinkgoTestDescription() timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) - GinkgoWriter.Write([]byte(timedResult)) + _, _ = GinkgoWriter.Write([]byte(timedResult)) }) It("podman image tree", func() { diff --git a/test/e2e/trust_test.go b/test/e2e/trust_test.go index d17e34e9c..eee802e43 100644 --- a/test/e2e/trust_test.go +++ b/test/e2e/trust_test.go @@ -28,7 +28,6 @@ var _ = Describe("Podman trust", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { @@ -75,7 +74,8 @@ var _ = Describe("Podman trust", func() { Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(BeValidJSON()) var teststruct []map[string]string - json.Unmarshal(session.Out.Contents(), &teststruct) + err = json.Unmarshal(session.Out.Contents(), &teststruct) + Expect(err).ToNot(HaveOccurred()) Expect(teststruct).To(HaveLen(3)) // To ease comparison, group the unordered array of repos by repo (and we expect only one entry by repo, so order within groups doesn’t matter) repoMap := map[string][]map[string]string{} diff --git a/test/e2e/unshare_test.go b/test/e2e/unshare_test.go index 8b06dd4f5..520a2f884 100644 --- a/test/e2e/unshare_test.go +++ b/test/e2e/unshare_test.go @@ -32,7 +32,6 @@ var _ = Describe("Podman unshare", func() { podmanTest.CgroupManager = "cgroupfs" podmanTest.StorageOptions = ROOTLESS_STORAGE_OPTIONS podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/version_test.go b/test/e2e/version_test.go index a30db80eb..052b9aa39 100644 --- a/test/e2e/version_test.go +++ b/test/e2e/version_test.go @@ -30,7 +30,7 @@ var _ = Describe("Podman version", func() { podmanTest.Cleanup() f := CurrentGinkgoTestDescription() processTestResult(f) - podmanTest.SeedImages() + }) It("podman version", func() { diff --git a/test/e2e/volume_create_test.go b/test/e2e/volume_create_test.go index 0ac91abd3..09e5da8a0 100644 --- a/test/e2e/volume_create_test.go +++ b/test/e2e/volume_create_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman volume create", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/volume_exists_test.go b/test/e2e/volume_exists_test.go index fdadbda27..0de574968 100644 --- a/test/e2e/volume_exists_test.go +++ b/test/e2e/volume_exists_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman volume exists", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/volume_inspect_test.go b/test/e2e/volume_inspect_test.go index 5e3edfe24..344fe8b05 100644 --- a/test/e2e/volume_inspect_test.go +++ b/test/e2e/volume_inspect_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman volume inspect", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/volume_ls_test.go b/test/e2e/volume_ls_test.go index ce4cfc77d..19f87fb8a 100644 --- a/test/e2e/volume_ls_test.go +++ b/test/e2e/volume_ls_test.go @@ -24,7 +24,6 @@ var _ = Describe("Podman volume ls", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/volume_plugin_test.go b/test/e2e/volume_plugin_test.go index fd205805d..4700afdb5 100644 --- a/test/e2e/volume_plugin_test.go +++ b/test/e2e/volume_plugin_test.go @@ -25,11 +25,11 @@ var _ = Describe("Podman volume plugins", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() os.Setenv("CONTAINERS_CONF", "config/containers.conf") SkipIfRemote("Volume plugins only supported as local") SkipIfRootless("Root is required for volume plugin testing") - os.MkdirAll("/run/docker/plugins", 0755) + err = os.MkdirAll("/run/docker/plugins", 0755) + Expect(err).ToNot(HaveOccurred()) }) AfterEach(func() { @@ -55,7 +55,8 @@ var _ = Describe("Podman volume plugins", func() { podmanTest.AddImageToRWStore(volumeTest) pluginStatePath := filepath.Join(podmanTest.TempDir, "volumes") - os.Mkdir(pluginStatePath, 0755) + err := os.Mkdir(pluginStatePath, 0755) + Expect(err).ToNot(HaveOccurred()) // Keep this distinct within tests to avoid multiple tests using the same plugin. pluginName := "testvol1" @@ -89,7 +90,8 @@ var _ = Describe("Podman volume plugins", func() { podmanTest.AddImageToRWStore(volumeTest) pluginStatePath := filepath.Join(podmanTest.TempDir, "volumes") - os.Mkdir(pluginStatePath, 0755) + err := os.Mkdir(pluginStatePath, 0755) + Expect(err).ToNot(HaveOccurred()) // Keep this distinct within tests to avoid multiple tests using the same plugin. pluginName := "testvol2" @@ -112,7 +114,8 @@ var _ = Describe("Podman volume plugins", func() { podmanTest.AddImageToRWStore(volumeTest) pluginStatePath := filepath.Join(podmanTest.TempDir, "volumes") - os.Mkdir(pluginStatePath, 0755) + err := os.Mkdir(pluginStatePath, 0755) + Expect(err).ToNot(HaveOccurred()) // Keep this distinct within tests to avoid multiple tests using the same plugin. pluginName := "testvol3" @@ -153,7 +156,8 @@ var _ = Describe("Podman volume plugins", func() { podmanTest.AddImageToRWStore(volumeTest) pluginStatePath := filepath.Join(podmanTest.TempDir, "volumes") - os.Mkdir(pluginStatePath, 0755) + err := os.Mkdir(pluginStatePath, 0755) + Expect(err).ToNot(HaveOccurred()) // Keep this distinct within tests to avoid multiple tests using the same plugin. pluginName := "testvol4" diff --git a/test/e2e/volume_prune_test.go b/test/e2e/volume_prune_test.go index 0b4c30a48..600f1b887 100644 --- a/test/e2e/volume_prune_test.go +++ b/test/e2e/volume_prune_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman volume prune", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/volume_rm_test.go b/test/e2e/volume_rm_test.go index 2a2de0920..0180b7a46 100644 --- a/test/e2e/volume_rm_test.go +++ b/test/e2e/volume_rm_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman volume rm", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/e2e/wait_test.go b/test/e2e/wait_test.go index 098780c70..16e876af9 100644 --- a/test/e2e/wait_test.go +++ b/test/e2e/wait_test.go @@ -23,7 +23,6 @@ var _ = Describe("Podman wait", func() { } podmanTest = PodmanTestCreate(tempdir) podmanTest.Setup() - podmanTest.SeedImages() }) AfterEach(func() { diff --git a/test/utils/common_function_test.go b/test/utils/common_function_test.go index a73d75490..7092e40a1 100644 --- a/test/utils/common_function_test.go +++ b/test/utils/common_function_test.go @@ -113,8 +113,10 @@ var _ = Describe("Common functions test", func() { Expect(err).To(BeNil(), "Can not find the JSON file after we write it.") defer read.Close() - bytes, _ := ioutil.ReadAll(read) - json.Unmarshal(bytes, compareData) + bytes, err := ioutil.ReadAll(read) + Expect(err).ToNot(HaveOccurred()) + err = json.Unmarshal(bytes, compareData) + Expect(err).ToNot(HaveOccurred()) Expect(reflect.DeepEqual(testData, compareData)).To(BeTrue(), "Data changed after we store it to file.") }) diff --git a/test/utils/utils.go b/test/utils/utils.go index f3e14c784..36f5a9414 100644 --- a/test/utils/utils.go +++ b/test/utils/utils.go @@ -489,7 +489,9 @@ func IsCommandAvailable(command string) bool { // WriteJSONFile write json format data to a json file func WriteJSONFile(data []byte, filePath string) error { var jsonData map[string]interface{} - json.Unmarshal(data, &jsonData) + if err := json.Unmarshal(data, &jsonData); err != nil { + return err + } formatJSON, err := json.MarshalIndent(jsonData, "", " ") if err != nil { return err -- cgit v1.2.3-54-g00ecf From 1cdf18a86b092caf5d23ddf605b23c9c143f270f Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 29 Apr 2022 14:41:33 +0200 Subject: fix incorrect permissions for /etc/resolv.conf in userns The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always be owned by the root user in the container. This worked correct for /etc/hostname and /etc/hosts but not for /etc/resolv.conf. A container run with --userns keep-id would have the reolv.conf file owned by the current container user which is wrong. Consolidate some common code in a new helper function to make the code more cleaner. Signed-off-by: Paul Holzinger --- libpod/container_internal_linux.go | 49 ++++++++++++++++---------------------- test/system/500-networking.bats | 15 ++++++++++++ 2 files changed, 36 insertions(+), 28 deletions(-) (limited to 'libpod') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 3c88cc75f..2eaf56c0a 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2123,15 +2123,9 @@ func (c *Container) makeBindMounts() error { } } else { if !c.config.UseImageResolvConf { - newResolv, err := c.generateResolvConf() - if err != nil { + if err := c.generateResolvConf(); err != nil { return errors.Wrapf(err, "error creating resolv.conf for container %s", c.ID()) } - err = c.mountIntoRootDirs("/etc/resolv.conf", newResolv) - - if err != nil { - return errors.Wrapf(err, "error assigning mounts to container %s", c.ID()) - } } if !c.config.UseImageHosts { @@ -2288,7 +2282,7 @@ rootless=%d } // generateResolvConf generates a containers resolv.conf -func (c *Container) generateResolvConf() (string, error) { +func (c *Container) generateResolvConf() error { var ( nameservers []string networkNameServers []string @@ -2304,7 +2298,7 @@ func (c *Container) generateResolvConf() (string, error) { if err == nil { resolvConf = definedPath } else if !os.IsNotExist(err) { - return "", err + return err } } break @@ -2314,7 +2308,7 @@ func (c *Container) generateResolvConf() (string, error) { contents, err := ioutil.ReadFile(resolvConf) // resolv.conf doesn't have to exists if err != nil && !os.IsNotExist(err) { - return "", err + return err } ns := resolvconf.GetNameservers(contents) @@ -2324,7 +2318,7 @@ func (c *Container) generateResolvConf() (string, error) { resolvedContents, err := ioutil.ReadFile("/run/systemd/resolve/resolv.conf") if err != nil { if !os.IsNotExist(err) { - return "", errors.Wrapf(err, "detected that systemd-resolved is in use, but could not locate real resolv.conf") + return errors.Wrapf(err, "detected that systemd-resolved is in use, but could not locate real resolv.conf") } } else { contents = resolvedContents @@ -2347,21 +2341,21 @@ func (c *Container) generateResolvConf() (string, error) { ipv6, err := c.checkForIPv6(netStatus) if err != nil { - return "", err + return err } // Ensure that the container's /etc/resolv.conf is compatible with its // network configuration. resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, c.config.CreateNetNS) if err != nil { - return "", errors.Wrapf(err, "error parsing host resolv.conf") + return errors.Wrapf(err, "error parsing host resolv.conf") } dns := make([]net.IP, 0, len(c.runtime.config.Containers.DNSServers)+len(c.config.DNSServer)) for _, i := range c.runtime.config.Containers.DNSServers { result := net.ParseIP(i) if result == nil { - return "", errors.Wrapf(define.ErrInvalidArg, "invalid IP address %s", i) + return errors.Wrapf(define.ErrInvalidArg, "invalid IP address %s", i) } dns = append(dns, result) } @@ -2412,20 +2406,15 @@ func (c *Container) generateResolvConf() (string, error) { destPath := filepath.Join(c.state.RunDir, "resolv.conf") if err := os.Remove(destPath); err != nil && !os.IsNotExist(err) { - return "", errors.Wrapf(err, "container %s", c.ID()) + return errors.Wrapf(err, "container %s", c.ID()) } // Build resolv.conf if _, err = resolvconf.Build(destPath, nameservers, search, options); err != nil { - return "", errors.Wrapf(err, "error building resolv.conf for container %s", c.ID()) + return errors.Wrapf(err, "error building resolv.conf for container %s", c.ID()) } - // Relabel resolv.conf for the container - if err := c.relabel(destPath, c.config.MountLabel, true); err != nil { - return "", err - } - - return destPath, nil + return c.bindMountRootFile(destPath, "/etc/resolv.conf") } // Check if a container uses IPv6. @@ -2600,17 +2589,21 @@ func (c *Container) createHosts() error { return err } - if err := os.Chown(targetFile, c.RootUID(), c.RootGID()); err != nil { + return c.bindMountRootFile(targetFile, config.DefaultHostsFile) +} + +// bindMountRootFile will chown and relabel the source file to make it usable in the container. +// It will also add the path to the container bind mount map. +// source is the path on the host, dest is the path in the container. +func (c *Container) bindMountRootFile(source, dest string) error { + if err := os.Chown(source, c.RootUID(), c.RootGID()); err != nil { return err } - if err := label.Relabel(targetFile, c.MountLabel(), false); err != nil { + if err := label.Relabel(source, c.MountLabel(), false); err != nil { return err } - if err = c.mountIntoRootDirs(config.DefaultHostsFile, targetFile); err != nil { - return err - } - return nil + return c.mountIntoRootDirs(dest, source) } // generateGroupEntry generates an entry or entries into /etc/group as diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 01571d176..c7007741b 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -723,4 +723,19 @@ EOF is "${#lines[@]}" "5" "expect 5 host entries in /etc/hosts" } +@test "podman run /etc/* permissions" { + userns="--userns=keep-id" + if ! is_rootless; then + userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536" + fi + # check with and without userns + for userns in "" "$userns"; do + # check the /etc/hosts /etc/hostname /etc/resolv.conf are owned by root + run_podman run $userns --rm $IMAGE stat -c %u:%g /etc/hosts /etc/resolv.conf /etc/hostname + is "${lines[0]}" "0\:0" "/etc/hosts owned by root" + is "${lines[1]}" "0\:0" "/etc/resolv.conf owned by root" + is "${lines[2]}" "0\:0" "/etc/hosts owned by root" + done +} + # vim: filetype=sh -- cgit v1.2.3-54-g00ecf From 95633146e08aa0bc81aa3d7949c3ef02f38a2308 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 29 Apr 2022 15:01:56 +0200 Subject: libpod: host netns keep same /etc/resolv.conf When a container is run in the host network namespace we have to keep the same resolv.conf content and not use the systemd-resolve detection logic. But also make sure we still allow --dns options. Fixes #14055 Signed-off-by: Paul Holzinger --- libpod/container_internal_linux.go | 6 ++++-- test/system/500-networking.bats | 9 +++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'libpod') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 2eaf56c0a..4742b22ab 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2289,9 +2289,11 @@ func (c *Container) generateResolvConf() error { networkSearchDomains []string ) + hostns := true resolvConf := "/etc/resolv.conf" for _, namespace := range c.config.Spec.Linux.Namespaces { if namespace.Type == spec.NetworkNamespace { + hostns = false if namespace.Path != "" && !strings.HasPrefix(namespace.Path, "/proc/") { definedPath := filepath.Join("/etc/netns", filepath.Base(namespace.Path), "resolv.conf") _, err := os.Stat(definedPath) @@ -2313,7 +2315,7 @@ func (c *Container) generateResolvConf() error { ns := resolvconf.GetNameservers(contents) // check if systemd-resolved is used, assume it is used when 127.0.0.53 is the only nameserver - if len(ns) == 1 && ns[0] == "127.0.0.53" { + if !hostns && len(ns) == 1 && ns[0] == "127.0.0.53" { // read the actual resolv.conf file for systemd-resolved resolvedContents, err := ioutil.ReadFile("/run/systemd/resolve/resolv.conf") if err != nil { @@ -2346,7 +2348,7 @@ func (c *Container) generateResolvConf() error { // Ensure that the container's /etc/resolv.conf is compatible with its // network configuration. - resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, c.config.CreateNetNS) + resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, !hostns) if err != nil { return errors.Wrapf(err, "error parsing host resolv.conf") } diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index c7007741b..3db0804d1 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -656,6 +656,15 @@ EOF run_podman run --network $netname --rm $IMAGE cat /etc/resolv.conf is "$output" "search dns.podman.*" "correct search domain" is "$output" ".*nameserver $subnet.1.*" "integrated dns nameserver is set" + + # host network should keep localhost nameservers + if grep 127.0.0. /etc/resolv.conf >/dev/null; then + run_podman run --network host --rm $IMAGE cat /etc/resolv.conf + is "$output" ".*nameserver 127\.0\.0.*" "resolv.conf contains localhost nameserver" + fi + # host net + dns still works + run_podman run --network host --dns 1.1.1.1 --rm $IMAGE cat /etc/resolv.conf + is "$output" ".*nameserver 1\.1\.1\.1.*" "resolv.conf contains 1.1.1.1 nameserver" } @test "podman run port forward range" { -- cgit v1.2.3-54-g00ecf From 6422048212572356e632e53e7a06b8ef8f7ef46f Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 29 Apr 2022 16:14:23 +0200 Subject: libpod: unset networks before storing container conf Since networks must always be read from the db bucket directly we should unset them in config to avoid caller from accidentally using them. I already tried this but it didn't work because the networks were unset after the config was marshalled. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger --- libpod/boltdb_state_internal.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'libpod') diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go index e43226490..d6f035af9 100644 --- a/libpod/boltdb_state_internal.go +++ b/libpod/boltdb_state_internal.go @@ -542,8 +542,12 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error { ctr.ID(), s.namespace, ctr.config.Namespace) } + // Set the original networks to nil. We can save some space by not storing it in the config + // since we store it in a different mutable bucket anyway. + configNetworks := ctr.config.Networks + ctr.config.Networks = nil + // JSON container structs to insert into DB - // TODO use a higher-performance struct encoding than JSON configJSON, err := json.Marshal(ctr.config) if err != nil { return errors.Wrapf(err, "error marshalling container %s config to JSON", ctr.ID()) @@ -564,8 +568,8 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error { } // make sure to marshal the network options before we get the db lock - networks := make(map[string][]byte, len(ctr.config.Networks)) - for net, opts := range ctr.config.Networks { + networks := make(map[string][]byte, len(configNetworks)) + for net, opts := range configNetworks { // Check that we don't have any empty network names if net == "" { return errors.Wrapf(define.ErrInvalidArg, "network names cannot be an empty string") @@ -581,9 +585,6 @@ func (s *BoltState) addContainer(ctr *Container, pod *Pod) error { } networks[net] = optBytes } - // Set the original value to nil. We can safe some space by not storing it in the config - // since we store it in a different mutable bucket anyway. - ctr.config.Networks = nil db, err := s.getDBCon() if err != nil { -- cgit v1.2.3-54-g00ecf From 8842e9b7abde1135b2b4a7b876aa8897a624b397 Mon Sep 17 00:00:00 2001 From: Brent Baude Date: Thu, 28 Apr 2022 12:31:17 -0500 Subject: Additional stats for podman info In support of podman machine and its counterpart desktop, we have added new stats to podman info. For storage, we have added GraphRootAllocated and GraphRootUsed in bytes. For CPUs, we have added user, system, and idle percents based on /proc/stat. Fixes: #13876 Signed-off-by: Brent Baude --- docs/source/markdown/podman-info.1.md | 6 +++ libpod/define/info.go | 25 +++++++++--- libpod/info.go | 75 ++++++++++++++++++++++++++++++----- libpod/info_test.go | 59 +++++++++++++++++++++++++++ 4 files changed, 149 insertions(+), 16 deletions(-) create mode 100644 libpod/info_test.go (limited to 'libpod') diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 4f09913b8..fc2d0fa60 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -39,6 +39,10 @@ host: package: conmon-2.0.29-2.fc34.x86_64 path: /usr/bin/conmon version: 'conmon version 2.0.29, commit: ' + cpu_utilization: + idle_percent: 96.84 + system_percent: 0.71 + user_percent: 2.45 cpus: 8 distribution: distribution: fedora @@ -124,6 +128,8 @@ store: graphDriverName: overlay graphOptions: {} graphRoot: /home/dwalsh/.local/share/containers/storage + graphRootAllocated: 510389125120 + graphRootUsed: 129170714624 graphStatus: Backing Filesystem: extfs Native Overlay Diff: "true" diff --git a/libpod/define/info.go b/libpod/define/info.go index 713129ada..911fa5c03 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -1,6 +1,8 @@ package define -import "github.com/containers/storage/pkg/idtools" +import ( + "github.com/containers/storage/pkg/idtools" +) // Info is the overall struct that describes the host system // running libpod/podman @@ -31,6 +33,7 @@ type HostInfo struct { CgroupControllers []string `json:"cgroupControllers"` Conmon *ConmonInfo `json:"conmon"` CPUs int `json:"cpus"` + CPUUtilization *CPUUsage `json:"cpuUtilization"` Distribution DistributionInfo `json:"distribution"` EventLogger string `json:"eventLogger"` Hostname string `json:"hostname"` @@ -108,11 +111,15 @@ type StoreInfo struct { GraphDriverName string `json:"graphDriverName"` GraphOptions map[string]interface{} `json:"graphOptions"` GraphRoot string `json:"graphRoot"` - GraphStatus map[string]string `json:"graphStatus"` - ImageCopyTmpDir string `json:"imageCopyTmpDir"` - ImageStore ImageStore `json:"imageStore"` - RunRoot string `json:"runRoot"` - VolumePath string `json:"volumePath"` + // GraphRootAllocated is how much space the graphroot has in bytes + GraphRootAllocated uint64 `json:"graphRootAllocated"` + // GraphRootUsed is how much of graphroot is used in bytes + GraphRootUsed uint64 `json:"graphRootUsed"` + GraphStatus map[string]string `json:"graphStatus"` + ImageCopyTmpDir string `json:"imageCopyTmpDir"` + ImageStore ImageStore `json:"imageStore"` + RunRoot string `json:"runRoot"` + VolumePath string `json:"volumePath"` } // ImageStore describes the image store. Right now only the number @@ -137,3 +144,9 @@ type Plugins struct { // FIXME what should we do with Authorization, docker seems to return nothing by default // Authorization []string `json:"authorization"` } + +type CPUUsage struct { + UserPercent float64 `json:"userPercent"` + SystemPercent float64 `json:"systemPercent"` + IdlePercent float64 `json:"idlePercent"` +} diff --git a/libpod/info.go b/libpod/info.go index e0b490768..321680a81 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -5,11 +5,13 @@ import ( "bytes" "fmt" "io/ioutil" + "math" "os" "os/exec" "runtime" "strconv" "strings" + "syscall" "time" "github.com/containers/buildah" @@ -115,7 +117,10 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) { if err != nil { return nil, errors.Wrapf(err, "error getting available cgroup controllers") } - + cpuUtil, err := getCPUUtilization() + if err != nil { + return nil, err + } info := define.HostInfo{ Arch: runtime.GOARCH, BuildahVersion: buildah.Version, @@ -123,6 +128,7 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) { CgroupControllers: availableControllers, Linkmode: linkmode.Linkmode(), CPUs: runtime.NumCPU(), + CPUUtilization: cpuUtil, Distribution: hostDistributionInfo, LogDriver: r.config.Containers.LogDriver, EventLogger: r.eventer.String(), @@ -285,17 +291,25 @@ func (r *Runtime) storeInfo() (*define.StoreInfo, error) { } imageInfo := define.ImageStore{Number: len(images)} + var grStats syscall.Statfs_t + if err := syscall.Statfs(r.store.GraphRoot(), &grStats); err != nil { + return nil, errors.Wrapf(err, "unable to collect graph root usasge for %q", r.store.GraphRoot()) + } + allocated := uint64(grStats.Bsize) * grStats.Blocks info := define.StoreInfo{ - ImageStore: imageInfo, - ImageCopyTmpDir: os.Getenv("TMPDIR"), - ContainerStore: conInfo, - GraphRoot: r.store.GraphRoot(), - RunRoot: r.store.RunRoot(), - GraphDriverName: r.store.GraphDriverName(), - GraphOptions: nil, - VolumePath: r.config.Engine.VolumePath, - ConfigFile: configFile, + ImageStore: imageInfo, + ImageCopyTmpDir: os.Getenv("TMPDIR"), + ContainerStore: conInfo, + GraphRoot: r.store.GraphRoot(), + GraphRootAllocated: allocated, + GraphRootUsed: allocated - (uint64(grStats.Bsize) * grStats.Bfree), + RunRoot: r.store.RunRoot(), + GraphDriverName: r.store.GraphDriverName(), + GraphOptions: nil, + VolumePath: r.config.Engine.VolumePath, + ConfigFile: configFile, } + graphOptions := map[string]interface{}{} for _, o := range r.store.GraphOptions() { split := strings.SplitN(o, "=", 2) @@ -382,3 +396,44 @@ func (r *Runtime) GetHostDistributionInfo() define.DistributionInfo { } return dist } + +// getCPUUtilization Returns a CPUUsage object that summarizes CPU +// usage for userspace, system, and idle time. +func getCPUUtilization() (*define.CPUUsage, error) { + f, err := os.Open("/proc/stat") + if err != nil { + return nil, err + } + defer f.Close() + scanner := bufio.NewScanner(f) + // Read firt line of /proc/stat + for scanner.Scan() { + break + } + // column 1 is user, column 3 is system, column 4 is idle + stats := strings.Split(scanner.Text(), " ") + return statToPercent(stats) +} + +func statToPercent(stats []string) (*define.CPUUsage, error) { + // There is always an extra space between cpu and the first metric + userTotal, err := strconv.ParseFloat(stats[2], 64) + if err != nil { + return nil, errors.Wrapf(err, "unable to parse user value %q", stats[1]) + } + systemTotal, err := strconv.ParseFloat(stats[4], 64) + if err != nil { + return nil, errors.Wrapf(err, "unable to parse system value %q", stats[3]) + } + idleTotal, err := strconv.ParseFloat(stats[5], 64) + if err != nil { + return nil, errors.Wrapf(err, "unable to parse idle value %q", stats[4]) + } + total := userTotal + systemTotal + idleTotal + s := define.CPUUsage{ + UserPercent: math.Round((userTotal/total*100)*100) / 100, + SystemPercent: math.Round((systemTotal/total*100)*100) / 100, + IdlePercent: math.Round((idleTotal/total*100)*100) / 100, + } + return &s, nil +} diff --git a/libpod/info_test.go b/libpod/info_test.go new file mode 100644 index 000000000..909b573c0 --- /dev/null +++ b/libpod/info_test.go @@ -0,0 +1,59 @@ +package libpod + +import ( + "fmt" + "testing" + + "github.com/containers/podman/v4/libpod/define" + "github.com/stretchr/testify/assert" +) + +func Test_statToPercent(t *testing.T) { + type args struct { + in0 []string + } + tests := []struct { + name string + args args + want *define.CPUUsage + wantErr assert.ErrorAssertionFunc + }{ + { + name: "GoodParse", + args: args{in0: []string{"cpu", " ", "33628064", "27537", "9696996", "1314806705", "588142", "4775073", "2789228", "0", "598711", "0"}}, + want: &define.CPUUsage{ + UserPercent: 2.48, + SystemPercent: 0.71, + IdlePercent: 96.81, + }, + wantErr: assert.NoError, + }, + { + name: "BadUserValue", + args: args{in0: []string{"cpu", " ", "k", "27537", "9696996", "1314806705", "588142", "4775073", "2789228", "0", "598711", "0"}}, + want: nil, + wantErr: assert.Error, + }, + { + name: "BadSystemValue", + args: args{in0: []string{"cpu", " ", "33628064", "27537", "k", "1314806705", "588142", "4775073", "2789228", "0", "598711", "0"}}, + want: nil, + wantErr: assert.Error, + }, + { + name: "BadIdleValue", + args: args{in0: []string{"cpu", " ", "33628064", "27537", "9696996", "k", "588142", "4775073", "2789228", "0", "598711", "0"}}, + want: nil, + wantErr: assert.Error, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := statToPercent(tt.args.in0) + if !tt.wantErr(t, err, fmt.Sprintf("statToPercent(%v)", tt.args.in0)) { + return + } + assert.Equalf(t, tt.want, got, "statToPercent(%v)", tt.args.in0) + }) + } +} -- cgit v1.2.3-54-g00ecf