From d4446501f3245a87a605bea403710954f0400fb5 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 17 Nov 2020 21:12:45 +0100 Subject: Rename e2e test files to include _test.go suffix The test were working fine. Just my IDE doesn't like the files without the suffix and I don't like red errors. Signed-off-by: Paul Holzinger --- test/e2e/pod_pod_namespaces.go | 109 ------------------------- test/e2e/pod_pod_namespaces_test.go | 109 +++++++++++++++++++++++++ test/e2e/run_seccomp.go | 68 ---------------- test/e2e/run_seccomp_test.go | 68 ++++++++++++++++ test/e2e/run_security_labels.go | 151 ----------------------------------- test/e2e/run_security_labels_test.go | 151 +++++++++++++++++++++++++++++++++++ test/e2e/run_working_dir.go | 68 ---------------- test/e2e/run_working_dir_test.go | 68 ++++++++++++++++ 8 files changed, 396 insertions(+), 396 deletions(-) delete mode 100644 test/e2e/pod_pod_namespaces.go create mode 100644 test/e2e/pod_pod_namespaces_test.go delete mode 100644 test/e2e/run_seccomp.go create mode 100644 test/e2e/run_seccomp_test.go delete mode 100644 test/e2e/run_security_labels.go create mode 100644 test/e2e/run_security_labels_test.go delete mode 100644 test/e2e/run_working_dir.go create mode 100644 test/e2e/run_working_dir_test.go (limited to 'test') diff --git a/test/e2e/pod_pod_namespaces.go b/test/e2e/pod_pod_namespaces.go deleted file mode 100644 index 20b8bdb39..000000000 --- a/test/e2e/pod_pod_namespaces.go +++ /dev/null @@ -1,109 +0,0 @@ -package integration - -import ( - "fmt" - "os" - - . "github.com/containers/podman/v2/test/utils" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Podman pod create", func() { - var ( - tempdir string - err error - podmanTest *PodmanTestIntegration - ) - - BeforeEach(func() { - tempdir, err = CreateTempDirInTempDir() - if err != nil { - os.Exit(1) - } - podmanTest = PodmanTestCreate(tempdir) - podmanTest.Setup() - podmanTest.SeedImages() - }) - - AfterEach(func() { - podmanTest.Cleanup() - f := CurrentGinkgoTestDescription() - processTestResult(f) - - }) - - It("podman pod container share Namespaces", func() { - session := podmanTest.Podman([]string{"pod", "create"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - podID := session.OutputToString() - - session = podmanTest.Podman([]string{"pod", "start", podID}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - - session = podmanTest.Podman([]string{"run", "--pod", podID, "-d", ALPINE, "top"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - - check := podmanTest.Podman([]string{"ps", "-a", "--ns", "--format", "{{.Namespaces.IPC}} {{.Namespaces.UTS}} {{.Namespaces.NET}}"}) - check.WaitWithDefaultTimeout() - Expect(check.ExitCode()).To(Equal(0)) - outputArray := check.OutputToStringArray() - Expect(len(outputArray)).To(Equal(2)) - - NAMESPACE1 := outputArray[0] - fmt.Println("NAMESPACE1:", NAMESPACE1) - NAMESPACE2 := outputArray[1] - fmt.Println("NAMESPACE2:", NAMESPACE2) - Expect(NAMESPACE1).To(Equal(NAMESPACE2)) - }) - - It("podman pod container share ipc && /dev/shm ", func() { - session := podmanTest.Podman([]string{"pod", "create"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - podID := session.OutputToString() - - session = podmanTest.Podman([]string{"pod", "start", podID}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - - session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "touch", "/dev/shm/test"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - - session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "ls", "/dev/shm/test"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - }) - - It("podman pod container dontshare PIDNS", func() { - session := podmanTest.Podman([]string{"pod", "create"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - podID := session.OutputToString() - - session = podmanTest.Podman([]string{"pod", "start", podID}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - - session = podmanTest.Podman([]string{"run", "--pod", podID, "-d", ALPINE, "top"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - - check := podmanTest.Podman([]string{"ps", "-a", "--ns", "--format", "{{.Namespaces.PIDNS}}"}) - check.WaitWithDefaultTimeout() - Expect(check.ExitCode()).To(Equal(0)) - outputArray := check.OutputToStringArray() - Expect(len(outputArray)).To(Equal(2)) - - NAMESPACE1 := outputArray[0] - fmt.Println("NAMESPACE1:", NAMESPACE1) - NAMESPACE2 := outputArray[1] - fmt.Println("NAMESPACE2:", NAMESPACE2) - Expect(NAMESPACE1).To(Not(Equal(NAMESPACE2))) - }) - -}) diff --git a/test/e2e/pod_pod_namespaces_test.go b/test/e2e/pod_pod_namespaces_test.go new file mode 100644 index 000000000..20b8bdb39 --- /dev/null +++ b/test/e2e/pod_pod_namespaces_test.go @@ -0,0 +1,109 @@ +package integration + +import ( + "fmt" + "os" + + . "github.com/containers/podman/v2/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman pod create", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman pod container share Namespaces", func() { + session := podmanTest.Podman([]string{"pod", "create"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + podID := session.OutputToString() + + session = podmanTest.Podman([]string{"pod", "start", podID}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--pod", podID, "-d", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + check := podmanTest.Podman([]string{"ps", "-a", "--ns", "--format", "{{.Namespaces.IPC}} {{.Namespaces.UTS}} {{.Namespaces.NET}}"}) + check.WaitWithDefaultTimeout() + Expect(check.ExitCode()).To(Equal(0)) + outputArray := check.OutputToStringArray() + Expect(len(outputArray)).To(Equal(2)) + + NAMESPACE1 := outputArray[0] + fmt.Println("NAMESPACE1:", NAMESPACE1) + NAMESPACE2 := outputArray[1] + fmt.Println("NAMESPACE2:", NAMESPACE2) + Expect(NAMESPACE1).To(Equal(NAMESPACE2)) + }) + + It("podman pod container share ipc && /dev/shm ", func() { + session := podmanTest.Podman([]string{"pod", "create"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + podID := session.OutputToString() + + session = podmanTest.Podman([]string{"pod", "start", podID}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "touch", "/dev/shm/test"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--rm", "--pod", podID, ALPINE, "ls", "/dev/shm/test"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + + It("podman pod container dontshare PIDNS", func() { + session := podmanTest.Podman([]string{"pod", "create"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + podID := session.OutputToString() + + session = podmanTest.Podman([]string{"pod", "start", podID}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--pod", podID, "-d", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + check := podmanTest.Podman([]string{"ps", "-a", "--ns", "--format", "{{.Namespaces.PIDNS}}"}) + check.WaitWithDefaultTimeout() + Expect(check.ExitCode()).To(Equal(0)) + outputArray := check.OutputToStringArray() + Expect(len(outputArray)).To(Equal(2)) + + NAMESPACE1 := outputArray[0] + fmt.Println("NAMESPACE1:", NAMESPACE1) + NAMESPACE2 := outputArray[1] + fmt.Println("NAMESPACE2:", NAMESPACE2) + Expect(NAMESPACE1).To(Not(Equal(NAMESPACE2))) + }) + +}) diff --git a/test/e2e/run_seccomp.go b/test/e2e/run_seccomp.go deleted file mode 100644 index 7d04cc60a..000000000 --- a/test/e2e/run_seccomp.go +++ /dev/null @@ -1,68 +0,0 @@ -package integration - -import ( - "os" - - . "github.com/containers/podman/v2/test/utils" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Podman run", func() { - var ( - tempdir string - err error - podmanTest *PodmanTestIntegration - ) - - BeforeEach(func() { - tempdir, err = CreateTempDirInTempDir() - if err != nil { - os.Exit(1) - } - podmanTest = PodmanTestCreate(tempdir) - podmanTest.Setup() - podmanTest.SeedImages() - }) - - AfterEach(func() { - podmanTest.Cleanup() - f := CurrentGinkgoTestDescription() - processTestResult(f) - - }) - - It("podman run --seccomp-policy default", func() { - session := podmanTest.Podman([]string{"run", "--seccomp-policy", "default", alpineSeccomp, "ls"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - }) - - It("podman run --seccomp-policy ''", func() { - // Empty string is interpreted as "default". - session := podmanTest.Podman([]string{"run", "--seccomp-policy", "", alpineSeccomp, "ls"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - }) - - It("podman run --seccomp-policy invalid", func() { - session := podmanTest.Podman([]string{"run", "--seccomp-policy", "invalid", alpineSeccomp, "ls"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).ToNot(Equal(0)) - }) - - It("podman run --seccomp-policy image (block all syscalls)", func() { - session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineSeccomp, "ls"}) - session.WaitWithDefaultTimeout() - // TODO: we're getting a "cannot start a container that has - // stopped" error which seems surprising. Investigate - // why that is so. - Expect(session.ExitCode()).ToNot(Equal(0)) - }) - - It("podman run --seccomp-policy image (bogus profile)", func() { - session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineBogusSeccomp, "ls"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(125)) - }) -}) diff --git a/test/e2e/run_seccomp_test.go b/test/e2e/run_seccomp_test.go new file mode 100644 index 000000000..7d04cc60a --- /dev/null +++ b/test/e2e/run_seccomp_test.go @@ -0,0 +1,68 @@ +package integration + +import ( + "os" + + . "github.com/containers/podman/v2/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman run --seccomp-policy default", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "default", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + + It("podman run --seccomp-policy ''", func() { + // Empty string is interpreted as "default". + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + + It("podman run --seccomp-policy invalid", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "invalid", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(Equal(0)) + }) + + It("podman run --seccomp-policy image (block all syscalls)", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + // TODO: we're getting a "cannot start a container that has + // stopped" error which seems surprising. Investigate + // why that is so. + Expect(session.ExitCode()).ToNot(Equal(0)) + }) + + It("podman run --seccomp-policy image (bogus profile)", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineBogusSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + }) +}) diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go deleted file mode 100644 index 0c5621e3f..000000000 --- a/test/e2e/run_security_labels.go +++ /dev/null @@ -1,151 +0,0 @@ -package integration - -import ( - "os" - "strings" - - . "github.com/containers/podman/v2/test/utils" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Podman generate kube", func() { - var ( - tempdir string - err error - podmanTest *PodmanTestIntegration - ) - - BeforeEach(func() { - tempdir, err = CreateTempDirInTempDir() - if err != nil { - os.Exit(1) - } - podmanTest = PodmanTestCreate(tempdir) - podmanTest.Setup() - podmanTest.SeedImages() - - }) - - AfterEach(func() { - podmanTest.Cleanup() - f := CurrentGinkgoTestDescription() - processTestResult(f) - }) - - It("podman security labels", func() { - test1 := podmanTest.Podman([]string{"create", "--label", "io.containers.capabilities=setuid,setgid", "--name", "test1", "alpine", "echo", "test1"}) - test1.WaitWithDefaultTimeout() - Expect(test1.ExitCode()).To(BeZero()) - - inspect := podmanTest.Podman([]string{"inspect", "test1"}) - inspect.WaitWithDefaultTimeout() - Expect(inspect.ExitCode()).To(Equal(0)) - - ctr := inspect.InspectContainerToJSON() - caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("CAP_SETUID,CAP_SETGID")) - }) - - It("podman bad security labels", func() { - test1 := podmanTest.Podman([]string{"create", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) - test1.WaitWithDefaultTimeout() - Expect(test1.ExitCode()).To(BeZero()) - - inspect := podmanTest.Podman([]string{"inspect", "test1"}) - inspect.WaitWithDefaultTimeout() - Expect(inspect.ExitCode()).To(Equal(0)) - - ctr := inspect.InspectContainerToJSON() - caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Not(Equal("CAP_SYS_ADMIN"))) - }) - - It("podman --cap-add sys_admin security labels", func() { - test1 := podmanTest.Podman([]string{"create", "--cap-add", "SYS_ADMIN", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) - test1.WaitWithDefaultTimeout() - Expect(test1.ExitCode()).To(BeZero()) - - inspect := podmanTest.Podman([]string{"inspect", "test1"}) - inspect.WaitWithDefaultTimeout() - Expect(inspect.ExitCode()).To(Equal(0)) - - ctr := inspect.InspectContainerToJSON() - caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("CAP_SYS_ADMIN")) - }) - - It("podman --cap-drop all sys_admin security labels", func() { - test1 := podmanTest.Podman([]string{"create", "--cap-drop", "all", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) - test1.WaitWithDefaultTimeout() - Expect(test1.ExitCode()).To(BeZero()) - - inspect := podmanTest.Podman([]string{"inspect", "test1"}) - inspect.WaitWithDefaultTimeout() - Expect(inspect.ExitCode()).To(Equal(0)) - - ctr := inspect.InspectContainerToJSON() - caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("")) - }) - - It("podman security labels from image", func() { - test1 := podmanTest.Podman([]string{"create", "--name", "test1", "alpine", "echo", "test1"}) - test1.WaitWithDefaultTimeout() - Expect(test1.ExitCode()).To(BeZero()) - - commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,setuid", "test1", "image1"}) - commit.WaitWithDefaultTimeout() - Expect(commit.ExitCode()).To(BeZero()) - - image1 := podmanTest.Podman([]string{"create", "--name", "test2", "image1", "echo", "test1"}) - image1.WaitWithDefaultTimeout() - Expect(image1.ExitCode()).To(BeZero()) - - inspect := podmanTest.Podman([]string{"inspect", "test2"}) - inspect.WaitWithDefaultTimeout() - Expect(inspect.ExitCode()).To(Equal(0)) - - ctr := inspect.InspectContainerToJSON() - caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_SETUID")) - - }) - - It("podman --privileged security labels", func() { - pull := podmanTest.Podman([]string{"create", "--privileged", "--label", "io.containers.capabilities=setuid,setgid", "--name", "test1", "alpine", "echo", "test"}) - pull.WaitWithDefaultTimeout() - Expect(pull.ExitCode()).To(BeZero()) - - inspect := podmanTest.Podman([]string{"inspect", "test1"}) - inspect.WaitWithDefaultTimeout() - Expect(inspect.ExitCode()).To(Equal(0)) - - ctr := inspect.InspectContainerToJSON() - caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Not(Equal("CAP_SETUID,CAP_SETGID"))) - }) - - It("podman container runlabel (podman --version)", func() { - SkipIfRemote("runlabel not supported on podman-remote") - PodmanDockerfile := ` -FROM alpine:latest -LABEL io.containers.capabilities=chown,kill` - - image := "podman-caps:podman" - podmanTest.BuildImage(PodmanDockerfile, image, "false") - - test1 := podmanTest.Podman([]string{"create", "--name", "test1", image, "echo", "test1"}) - test1.WaitWithDefaultTimeout() - Expect(test1.ExitCode()).To(BeZero()) - - inspect := podmanTest.Podman([]string{"inspect", "test1"}) - inspect.WaitWithDefaultTimeout() - Expect(inspect.ExitCode()).To(Equal(0)) - - ctr := inspect.InspectContainerToJSON() - caps := strings.Join(ctr[0].EffectiveCaps, ",") - Expect(caps).To(Equal("CAP_CHOWN,CAP_KILL")) - }) - -}) diff --git a/test/e2e/run_security_labels_test.go b/test/e2e/run_security_labels_test.go new file mode 100644 index 000000000..0c5621e3f --- /dev/null +++ b/test/e2e/run_security_labels_test.go @@ -0,0 +1,151 @@ +package integration + +import ( + "os" + "strings" + + . "github.com/containers/podman/v2/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman generate kube", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + }) + + It("podman security labels", func() { + test1 := podmanTest.Podman([]string{"create", "--label", "io.containers.capabilities=setuid,setgid", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("CAP_SETUID,CAP_SETGID")) + }) + + It("podman bad security labels", func() { + test1 := podmanTest.Podman([]string{"create", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Not(Equal("CAP_SYS_ADMIN"))) + }) + + It("podman --cap-add sys_admin security labels", func() { + test1 := podmanTest.Podman([]string{"create", "--cap-add", "SYS_ADMIN", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("CAP_SYS_ADMIN")) + }) + + It("podman --cap-drop all sys_admin security labels", func() { + test1 := podmanTest.Podman([]string{"create", "--cap-drop", "all", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("")) + }) + + It("podman security labels from image", func() { + test1 := podmanTest.Podman([]string{"create", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,setuid", "test1", "image1"}) + commit.WaitWithDefaultTimeout() + Expect(commit.ExitCode()).To(BeZero()) + + image1 := podmanTest.Podman([]string{"create", "--name", "test2", "image1", "echo", "test1"}) + image1.WaitWithDefaultTimeout() + Expect(image1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test2"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_SETUID")) + + }) + + It("podman --privileged security labels", func() { + pull := podmanTest.Podman([]string{"create", "--privileged", "--label", "io.containers.capabilities=setuid,setgid", "--name", "test1", "alpine", "echo", "test"}) + pull.WaitWithDefaultTimeout() + Expect(pull.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Not(Equal("CAP_SETUID,CAP_SETGID"))) + }) + + It("podman container runlabel (podman --version)", func() { + SkipIfRemote("runlabel not supported on podman-remote") + PodmanDockerfile := ` +FROM alpine:latest +LABEL io.containers.capabilities=chown,kill` + + image := "podman-caps:podman" + podmanTest.BuildImage(PodmanDockerfile, image, "false") + + test1 := podmanTest.Podman([]string{"create", "--name", "test1", image, "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("CAP_CHOWN,CAP_KILL")) + }) + +}) diff --git a/test/e2e/run_working_dir.go b/test/e2e/run_working_dir.go deleted file mode 100644 index 7d8db361c..000000000 --- a/test/e2e/run_working_dir.go +++ /dev/null @@ -1,68 +0,0 @@ -package integration - -import ( - "os" - "strings" - - . "github.com/containers/podman/v2/test/utils" - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" -) - -var _ = Describe("Podman run", func() { - var ( - tempdir string - err error - podmanTest *PodmanTestIntegration - ) - - BeforeEach(func() { - tempdir, err = CreateTempDirInTempDir() - if err != nil { - os.Exit(1) - } - podmanTest = PodmanTestCreate(tempdir) - podmanTest.Setup() - podmanTest.SeedImages() - }) - - AfterEach(func() { - podmanTest.Cleanup() - f := CurrentGinkgoTestDescription() - processTestResult(f) - - }) - - It("podman run a container without workdir", func() { - session := podmanTest.Podman([]string{"run", ALPINE, "pwd"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("/")) - }) - - It("podman run a container using non existing --workdir", func() { - if !strings.Contains(podmanTest.OCIRuntime, "crun") { - Skip("Test only works on crun") - } - session := podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", ALPINE, "pwd"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(127)) - }) - - It("podman run a container on an image with a workdir", func() { - dockerfile := `FROM alpine -RUN mkdir -p /home/foobar -WORKDIR /etc/foobar` - podmanTest.BuildImage(dockerfile, "test", "false") - - session := podmanTest.Podman([]string{"run", "test", "pwd"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("/etc/foobar")) - - session = podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", "test", "pwd"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("/home/foobar")) - }) -}) diff --git a/test/e2e/run_working_dir_test.go b/test/e2e/run_working_dir_test.go new file mode 100644 index 000000000..7d8db361c --- /dev/null +++ b/test/e2e/run_working_dir_test.go @@ -0,0 +1,68 @@ +package integration + +import ( + "os" + "strings" + + . "github.com/containers/podman/v2/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman run a container without workdir", func() { + session := podmanTest.Podman([]string{"run", ALPINE, "pwd"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("/")) + }) + + It("podman run a container using non existing --workdir", func() { + if !strings.Contains(podmanTest.OCIRuntime, "crun") { + Skip("Test only works on crun") + } + session := podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", ALPINE, "pwd"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(127)) + }) + + It("podman run a container on an image with a workdir", func() { + dockerfile := `FROM alpine +RUN mkdir -p /home/foobar +WORKDIR /etc/foobar` + podmanTest.BuildImage(dockerfile, "test", "false") + + session := podmanTest.Podman([]string{"run", "test", "pwd"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("/etc/foobar")) + + session = podmanTest.Podman([]string{"run", "--workdir", "/home/foobar", "test", "pwd"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal("/home/foobar")) + }) +}) -- cgit v1.2.3-54-g00ecf