From 0d70df119539d818224b0d014602aaad2bd1b95e Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Mon, 28 Sep 2020 15:55:06 -0400 Subject: Ignore containers.conf sysctl when namespaces set to host If user sets namespace to host, then default sysctls need to be ignored that are specific to that namespace. --net=host ignore sysctls that begin with net. --ipc=host ignore fs.mqueue --uts=host ignore kernel.domainname and kernel.hostname Signed-off-by: Daniel J Walsh --- test/e2e/containers_conf_test.go | 6 ++++++ test/e2e/run_test.go | 5 +++++ 2 files changed, 11 insertions(+) (limited to 'test') diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 02c5d1428..ddb62c327 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -179,6 +179,12 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("1000")) + + // Ignore containers.conf setting if --net=host + session = podmanTest.Podman([]string{"run", "--rm", "--net", "host", fedoraMinimal, "cat", "/proc/sys/net/ipv4/ping_group_range"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).ToNot((ContainSubstring("1000"))) }) It("podman run containers.conf search domain", func() { diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 5c28f18f2..5617f50b7 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -373,6 +373,11 @@ USER bin` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("net.core.somaxconn = 65535")) + + // network sysctls should fail if --net=host is set + session = podmanTest.Podman([]string{"run", "--net", "host", "--rm", "--sysctl", "net.core.somaxconn=65535", ALPINE, "sysctl", "net.core.somaxconn"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) }) It("podman run blkio-weight test", func() { -- cgit v1.2.3-54-g00ecf