From d9580ec62b716d7c8e861dd27c4b452f2419eb65 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sat, 8 Sep 2018 06:58:47 -0400 Subject: Pass on securityOpts from podInfraContainer to container added to pod. This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way. Signed-off-by: haircommander Signed-off-by: Daniel J Walsh Closes: #1347 Approved by: mheon --- test/e2e/pod_pod_namespaces.go | 89 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 test/e2e/pod_pod_namespaces.go (limited to 'test/e2e/pod_pod_namespaces.go') diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go new file mode 100644 index 000000000..3e84005c3 --- /dev/null +++ b/test/e2e/pod_pod_namespaces.go @@ -0,0 +1,89 @@ +package integration + +import ( + "fmt" + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman pod create", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + podmanTest.RestoreArtifact(infra) + }) + + AfterEach(func() { + podmanTest.CleanupPod() + f := CurrentGinkgoTestDescription() + timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) + GinkgoWriter.Write([]byte(timedResult)) + }) + + It("podman pod container share Namespaces", func() { + session := podmanTest.Podman([]string{"pod", "create"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + podID := session.OutputToString() + + session = podmanTest.Podman([]string{"pod", "start", podID}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--pod", podID, "-d", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + check := podmanTest.Podman([]string{"ps", "-a", "--ns", "--format", "{{.IPC}} {{.UTS}} {{.NET}}"}) + check.WaitWithDefaultTimeout() + Expect(check.ExitCode()).To(Equal(0)) + outputArray := check.OutputToStringArray() + Expect(len(outputArray)).To(Equal(2)) + + NAMESPACE1 := outputArray[0] + fmt.Println("NAMESPACE1:", NAMESPACE1) + NAMESPACE2 := outputArray[1] + fmt.Println("NAMESPACE2:", NAMESPACE2) + Expect(NAMESPACE1).To(Equal(NAMESPACE2)) + }) + + It("podman pod container dontshare PIDNS", func() { + session := podmanTest.Podman([]string{"pod", "create"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + podID := session.OutputToString() + + session = podmanTest.Podman([]string{"pod", "start", podID}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--pod", podID, "-d", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + check := podmanTest.Podman([]string{"ps", "-a", "--ns", "--format", "{{.PIDNS}}"}) + check.WaitWithDefaultTimeout() + Expect(check.ExitCode()).To(Equal(0)) + outputArray := check.OutputToStringArray() + Expect(len(outputArray)).To(Equal(2)) + + NAMESPACE1 := outputArray[0] + fmt.Println("NAMESPACE1:", NAMESPACE1) + NAMESPACE2 := outputArray[1] + fmt.Println("NAMESPACE2:", NAMESPACE2) + Expect(NAMESPACE1).To(Not(Equal(NAMESPACE2))) + }) + +}) -- cgit v1.2.3-54-g00ecf