2017-03-18 06:45:19 +08:00
|
|
|
#!/usr/bin/env bats
|
|
|
|
|
|
|
|
|
|
load helpers
|
|
|
|
|
|
|
|
|
|
@test "run" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2022-04-26 23:09:11 +08:00
|
|
|
createrandom ${TEST_SCRATCH_DIR}/randomfile
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
root=$output
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /tmp $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /root $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/root"
|
2022-04-26 23:09:11 +08:00
|
|
|
cp ${TEST_SCRATCH_DIR}/randomfile $root/tmp/
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah run $cid cp /tmp/randomfile /tmp/other-randomfile
|
2017-03-18 06:45:19 +08:00
|
|
|
test -s $root/tmp/other-randomfile
|
2022-04-26 23:09:11 +08:00
|
|
|
cmp ${TEST_SCRATCH_DIR}/randomfile $root/tmp/other-randomfile
|
2017-07-21 01:41:51 +08:00
|
|
|
|
2019-06-12 18:19:28 +08:00
|
|
|
seq 100000 | buildah run $cid -- sh -c 'while read i; do echo $i; done'
|
2017-07-21 01:41:51 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run--args" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should fail, because buildah run doesn't have a -n flag.
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -n $cid echo test
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --, which is preserved as part of the command.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid echo -- -n test
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- -n test"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --, which is not part of the command.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -n -- test
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- test"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -- -n test --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- -n test --"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -n "test"
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "test"
|
2017-03-18 06:45:19 +08:00
|
|
|
}
|
2017-04-05 05:31:02 +08:00
|
|
|
|
2017-06-23 23:53:51 +08:00
|
|
|
@test "run-cmd" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /tmp $cid
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# Configured entrypoint/cmd shouldn't modify behaviour of run with no arguments
|
|
|
|
|
|
|
|
|
|
# empty entrypoint, configured cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "empty entrypoint, cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# empty entrypoint, configured cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "empty entrypoint, cmd, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint, empty cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, empty cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint, empty cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, empty cmd, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint only, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint only, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2019-11-17 00:31:41 +08:00
|
|
|
# configured cmd only, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "cmd, no args"
|
2018-05-03 07:13:28 +08:00
|
|
|
|
2019-01-22 23:35:52 +08:00
|
|
|
# configured cmd only, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "cmd, no args, --"
|
2018-05-03 13:48:50 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint, configured cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "pwd" $cid
|
|
|
|
|
run_buildah config --cmd "whoami" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint, configured cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "pwd" $cid
|
|
|
|
|
run_buildah config --cmd "whoami" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, cmd, no args"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# Configured entrypoint/cmd shouldn't modify behaviour of run with argument
|
|
|
|
|
# Note: entrypoint and cmd can be invalid in below tests as they should never execute
|
|
|
|
|
|
|
|
|
|
# empty entrypoint, configured cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "empty entrypoint, invalid cmd, pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint, empty cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid entrypoint, empty cmd, pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint only, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid entrypoint, no cmd(??), pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
2019-11-17 00:31:41 +08:00
|
|
|
# configured cmd only, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid cmd, no entrypoint(??), pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint, configured cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
|
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid cmd & entrypoint, pwd"
|
2017-06-23 23:53:51 +08:00
|
|
|
}
|
|
|
|
|
|
2021-04-29 23:40:50 +08:00
|
|
|
# Helper for run-user test. Generates a UID or GID that is not present
|
|
|
|
|
# in the given idfile (mounted /etc/passwd or /etc/group)
|
|
|
|
|
function random_unused_id() {
|
|
|
|
|
local idfile=$1
|
|
|
|
|
|
|
|
|
|
while :;do
|
|
|
|
|
id=$RANDOM
|
|
|
|
|
if ! fgrep -q :$id: $idfile; then
|
|
|
|
|
echo $id
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-02 05:56:29 +08:00
|
|
|
function configure_and_check_user() {
|
|
|
|
|
local setting=$1
|
|
|
|
|
local expect_u=$2
|
|
|
|
|
local expect_g=$3
|
|
|
|
|
|
|
|
|
|
run_buildah config -u "$setting" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -- $cid id -u
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "$expect_u" "id -u ($setting)"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -- $cid id -g
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "$expect_g" "id -g ($setting)"
|
2019-04-02 05:56:29 +08:00
|
|
|
}
|
|
|
|
|
|
2017-04-05 05:31:02 +08:00
|
|
|
@test "run-user" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2017-04-05 05:31:02 +08:00
|
|
|
eval $(go env)
|
|
|
|
|
echo CGO_ENABLED=${CGO_ENABLED}
|
|
|
|
|
if test "$CGO_ENABLED" -ne 1; then
|
2019-04-02 05:56:29 +08:00
|
|
|
skip "CGO_ENABLED = '$CGO_ENABLED'"
|
2017-04-05 05:31:02 +08:00
|
|
|
fi
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
root=$output
|
2017-04-05 05:31:02 +08:00
|
|
|
|
|
|
|
|
testuser=jimbo
|
2017-11-04 01:32:19 +08:00
|
|
|
testbogususer=nosuchuser
|
2017-04-05 05:31:02 +08:00
|
|
|
testgroup=jimbogroup
|
2021-04-29 23:40:50 +08:00
|
|
|
testuid=$(random_unused_id $root/etc/passwd)
|
|
|
|
|
testotheruid=$(random_unused_id $root/etc/passwd)
|
|
|
|
|
testgid=$(random_unused_id $root/etc/group)
|
|
|
|
|
testgroupid=$(random_unused_id $root/etc/group)
|
2017-04-05 05:31:02 +08:00
|
|
|
echo "$testuser:x:$testuid:$testgid:Jimbo Jenkins:/home/$testuser:/bin/sh" >> $root/etc/passwd
|
|
|
|
|
echo "$testgroup:x:$testgroupid:" >> $root/etc/group
|
|
|
|
|
|
2019-04-02 05:56:29 +08:00
|
|
|
configure_and_check_user "" 0 0
|
|
|
|
|
configure_and_check_user "${testuser}" $testuid $testgid
|
|
|
|
|
configure_and_check_user "${testuid}" $testuid $testgid
|
|
|
|
|
configure_and_check_user "${testuser}:${testgroup}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testuid}:${testgroup}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testotheruid}:${testgroup}" $testotheruid $testgroupid
|
|
|
|
|
configure_and_check_user "${testotheruid}" $testotheruid 0
|
|
|
|
|
configure_and_check_user "${testuser}:${testgroupid}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testuid}:${testgroupid}" $testuid $testgroupid
|
|
|
|
|
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config -u ${testbogususer} $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -u
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "id -u (bogus user)"
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -g
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "id -g (bogus user)"
|
2017-11-04 01:32:19 +08:00
|
|
|
|
2017-04-13 01:35:48 +08:00
|
|
|
ln -vsf /etc/passwd $root/etc/passwd
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config -u ${testuser}:${testgroup} $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -u
|
2017-04-13 01:35:48 +08:00
|
|
|
echo "$output"
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "run as unknown user"
|
2017-04-05 05:31:02 +08:00
|
|
|
}
|
2017-09-21 19:39:39 +08:00
|
|
|
|
2021-06-23 04:45:09 +08:00
|
|
|
@test "run --env" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-06-23 04:45:09 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah config --env foo=foo $cid
|
2023-04-02 03:07:00 +08:00
|
|
|
|
2021-06-23 04:45:09 +08:00
|
|
|
# Ensure foo=foo from `buildah config`
|
|
|
|
|
run_buildah run $cid -- /bin/sh -c 'echo $foo'
|
|
|
|
|
expect_output "foo"
|
2023-04-02 03:07:00 +08:00
|
|
|
|
2021-06-23 04:45:09 +08:00
|
|
|
# Ensure foo=bar from --env override
|
|
|
|
|
run_buildah run --env foo=bar $cid -- /bin/sh -c 'echo $foo'
|
|
|
|
|
expect_output "bar"
|
2023-04-02 03:07:00 +08:00
|
|
|
|
|
|
|
|
# Reference foo=baz from process environment
|
|
|
|
|
foo=baz run_buildah run --env foo $cid -- /bin/sh -c 'echo $foo'
|
|
|
|
|
expect_output "baz"
|
|
|
|
|
|
2021-06-23 04:45:09 +08:00
|
|
|
# Ensure that the --env override did not persist
|
|
|
|
|
run_buildah run $cid -- /bin/sh -c 'echo $foo'
|
|
|
|
|
expect_output "foo"
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-22 03:51:59 +08:00
|
|
|
@test "run --group-add" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
id=$RANDOM
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --group-add $id --quiet --pull=false $WITH_POLICY_JSON alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run $cid id -G
|
|
|
|
|
expect_output --substring "$id"
|
|
|
|
|
|
|
|
|
|
if is_rootless && has_supplemental_groups; then
|
|
|
|
|
run_buildah from --group-add keep-groups --quiet --pull=false $WITH_POLICY_JSON alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run $cid id -G
|
|
|
|
|
expect_output --substring "65534"
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-21 19:39:39 +08:00
|
|
|
@test "run --hostname" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid hostname
|
2017-09-21 19:39:39 +08:00
|
|
|
[ "$output" != "foobar" ]
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --hostname foobar $cid hostname
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "foobar"
|
2017-09-21 19:39:39 +08:00
|
|
|
}
|
2018-05-31 22:56:40 +08:00
|
|
|
|
2022-04-21 15:35:56 +08:00
|
|
|
@test "run should also override /etc/hostname" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
${OCI} --version
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2022-04-21 15:35:56 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --hostname foobar $cid hostname
|
|
|
|
|
expect_output "foobar"
|
|
|
|
|
hostname=$output
|
|
|
|
|
run_buildah run --hostname foobar $cid cat /etc/hostname
|
|
|
|
|
expect_output $hostname
|
2023-10-25 07:43:56 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah inspect --format "{{ .ContainerID }}" $cid
|
|
|
|
|
id=$output
|
|
|
|
|
run_buildah run $cid cat /etc/hostname
|
|
|
|
|
expect_output "${id:0:12}"
|
|
|
|
|
run_buildah run --no-hostname $cid cat /etc/hostname
|
|
|
|
|
expect_output 'localhost'
|
2022-04-21 15:35:56 +08:00
|
|
|
}
|
|
|
|
|
|
2018-05-31 22:56:40 +08:00
|
|
|
@test "run --volume" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2018-07-21 05:58:48 +08:00
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
zflag=z
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2022-04-26 23:09:11 +08:00
|
|
|
mkdir -p ${TEST_SCRATCH_DIR}/was-empty
|
2018-05-31 22:56:40 +08:00
|
|
|
# As a baseline, this should succeed.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty${zflag:+:${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:59:24 +08:00
|
|
|
# Parsing options that with comma, this should succeed.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty:rw,rshared${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2018-05-31 22:56:40 +08:00
|
|
|
# If we're parsing the options at all, this should be read-only, so it should fail.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah 1 run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty:ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2018-09-11 02:23:26 +08:00
|
|
|
# Even if the parent directory doesn't exist yet, this should succeed.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/multi-level/subdirectory $cid touch /var/multi-level/subdirectory/testfile
|
2018-09-11 02:23:26 +08:00
|
|
|
# And check the same for file volumes.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty/testfile:/var/different-multi-level/subdirectory/testfile $cid touch /var/different-multi-level/subdirectory/testfile
|
2021-03-31 18:57:18 +08:00
|
|
|
# And check the same for file volumes.
|
|
|
|
|
# Make sure directories show up inside of container on builtin mounts
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/run/secrets/testdir $cid ls -ld /run/secrets/testdir
|
2018-05-31 22:56:40 +08:00
|
|
|
}
|
2018-06-02 02:54:45 +08:00
|
|
|
|
2022-01-20 17:15:48 +08:00
|
|
|
@test "run overlay --volume with custom upper and workdir" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
zflag=z
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
${OCI} --version
|
|
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2022-01-20 17:15:48 +08:00
|
|
|
cid=$output
|
2022-04-26 23:09:11 +08:00
|
|
|
mkdir -p ${TEST_SCRATCH_DIR}/upperdir
|
|
|
|
|
mkdir -p ${TEST_SCRATCH_DIR}/workdir
|
|
|
|
|
mkdir -p ${TEST_SCRATCH_DIR}/lower
|
2022-01-20 17:15:48 +08:00
|
|
|
|
2022-04-26 23:09:11 +08:00
|
|
|
echo 'hello' >> ${TEST_SCRATCH_DIR}/lower/hello
|
2022-01-20 17:15:48 +08:00
|
|
|
|
|
|
|
|
# As a baseline, this should succeed.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run -v ${TEST_SCRATCH_DIR}/lower:/test:O,upperdir=${TEST_SCRATCH_DIR}/upperdir,workdir=${TEST_SCRATCH_DIR}/workdir${zflag:+:${zflag}} $cid cat /test/hello
|
2022-01-20 17:15:48 +08:00
|
|
|
expect_output "hello"
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run -v ${TEST_SCRATCH_DIR}/lower:/test:O,upperdir=${TEST_SCRATCH_DIR}/upperdir,workdir=${TEST_SCRATCH_DIR}/workdir${zflag:+:${zflag}} $cid sh -c 'echo "world" > /test/world'
|
2022-01-20 17:15:48 +08:00
|
|
|
|
|
|
|
|
#upper dir should persist content
|
2022-04-26 23:09:11 +08:00
|
|
|
result="$(cat ${TEST_SCRATCH_DIR}/upperdir/world)"
|
2022-01-20 17:15:48 +08:00
|
|
|
test "$result" == "world"
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-18 22:50:53 +08:00
|
|
|
@test "run --volume with U flag" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
# Create source volume.
|
2022-04-26 23:09:11 +08:00
|
|
|
mkdir ${TEST_SCRATCH_DIR}/testdata
|
2020-11-18 22:50:53 +08:00
|
|
|
|
|
|
|
|
# Create the container.
|
|
|
|
|
_prefetch alpine
|
2023-11-28 23:57:20 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2020-11-18 22:50:53 +08:00
|
|
|
ctr="$output"
|
|
|
|
|
|
|
|
|
|
# Test user can create file in the mounted volume.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run --user 888:888 --volume ${TEST_SCRATCH_DIR}/testdata:/mnt:z,U "$ctr" touch /mnt/testfile1.txt
|
2020-11-18 22:50:53 +08:00
|
|
|
|
|
|
|
|
# Test created file has correct UID and GID ownership.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run --user 888:888 --volume ${TEST_SCRATCH_DIR}/testdata:/mnt:z,U "$ctr" stat -c "%u:%g" /mnt/testfile1.txt
|
2020-11-18 22:50:53 +08:00
|
|
|
expect_output "888:888"
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-24 11:12:23 +08:00
|
|
|
@test "run --user and verify gid in supplemental groups" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
# Create the container.
|
|
|
|
|
_prefetch alpine
|
2023-11-28 23:57:20 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2022-08-24 11:12:23 +08:00
|
|
|
ctr="$output"
|
|
|
|
|
|
|
|
|
|
# Run with uid:gid 1000:1000 and verify if gid is present in additional groups
|
|
|
|
|
run_buildah run --user 1000:1000 "$ctr" cat /proc/self/status
|
|
|
|
|
# gid 1000 must be in additional/supplemental groups
|
|
|
|
|
expect_output --substring "Groups: 1000 "
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 04:45:09 +08:00
|
|
|
@test "run --workingdir" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-06-23 04:45:09 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run $cid pwd
|
|
|
|
|
expect_output "/"
|
|
|
|
|
run_buildah run --workingdir /bin $cid pwd
|
|
|
|
|
expect_output "/bin"
|
|
|
|
|
# Ensure the /bin workingdir override did not persist
|
|
|
|
|
run_buildah run $cid pwd
|
|
|
|
|
expect_output "/"
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-20 02:17:11 +08:00
|
|
|
@test "run --mount" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-06-20 02:17:11 +08:00
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
zflag=z
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2022-04-26 23:09:11 +08:00
|
|
|
mkdir -p ${TEST_SCRATCH_DIR}/was:empty
|
2019-06-20 02:17:11 +08:00
|
|
|
# As a baseline, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --mount type=tmpfs,dst=/var/tmpfs-not-empty $cid touch /var/tmpfs-not-empty/testfile
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/not-empty,rw${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# If we're parsing the options at all, this should be read-only, so it should fail.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah 1 run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/not-empty,ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# Even if the parent directory doesn't exist yet, this should succeed.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/multi-level/subdirectory,rw $cid touch /var/multi-level/subdirectory/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# And check the same for file volumes.
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty/testfile,dst=/var/different-multi-level/subdirectory/testfile,rw $cid touch /var/different-multi-level/subdirectory/testfile
|
2021-10-18 13:51:51 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run --mount=type=bind with from like buildkit" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
skip "skip if selinux enabled, since stages have different selinux label"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2022-04-26 21:56:21 +08:00
|
|
|
run_buildah build -t buildkitbase $WITH_POLICY_JSON -f $BUDFILES/buildkit-mount-from/Dockerfilebuildkitbase $BUDFILES/buildkit-mount-from/
|
2021-10-18 13:51:51 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-10-18 13:51:51 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --mount type=bind,source=.,from=buildkitbase,target=/test,z $cid cat /test/hello
|
|
|
|
|
expect_output --substring "hello"
|
|
|
|
|
run_buildah rmi -f buildkitbase
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run --mount=type=cache like buildkit" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
skip "skip if selinux enabled, since stages have different selinux label"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-10-18 13:51:51 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --mount type=cache,target=/test,z $cid sh -c 'echo "hello" > /test/hello && cat /test/hello'
|
|
|
|
|
run_buildah run --mount type=cache,target=/test,z $cid cat /test/hello
|
|
|
|
|
expect_output --substring "hello"
|
2019-06-20 02:17:11 +08:00
|
|
|
}
|
|
|
|
|
|
2018-06-02 02:54:45 +08:00
|
|
|
@test "run symlinks" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2022-04-26 23:09:11 +08:00
|
|
|
mkdir -p ${TEST_SCRATCH_DIR}/tmp
|
|
|
|
|
ln -s tmp ${TEST_SCRATCH_DIR}/tmp2
|
|
|
|
|
export TMPDIR=${TEST_SCRATCH_DIR}/tmp2
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid id
|
2018-06-02 02:54:45 +08:00
|
|
|
}
|
2018-06-05 05:36:26 +08:00
|
|
|
|
|
|
|
|
@test "run --cap-add/--cap-drop" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2018-06-05 05:36:26 +08:00
|
|
|
# Try with default caps.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
defaultcaps="$output"
|
|
|
|
|
# Try adding DAC_OVERRIDE.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --cap-add CAP_DAC_OVERRIDE $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
addedcaps="$output"
|
|
|
|
|
# Try dropping DAC_OVERRIDE.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --cap-drop CAP_DAC_OVERRIDE $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
droppedcaps="$output"
|
|
|
|
|
# Okay, now the "dropped" and "added" should be different.
|
|
|
|
|
test "$addedcaps" != "$droppedcaps"
|
|
|
|
|
# And one or the other should be different from the default, with the other being the same.
|
|
|
|
|
if test "$defaultcaps" == "$addedcaps" ; then
|
|
|
|
|
test "$defaultcaps" != "$droppedcaps"
|
|
|
|
|
fi
|
|
|
|
|
if test "$defaultcaps" == "$droppedcaps" ; then
|
|
|
|
|
test "$defaultcaps" != "$addedcaps"
|
|
|
|
|
fi
|
|
|
|
|
}
|
2018-07-30 23:54:15 +08:00
|
|
|
|
|
|
|
|
@test "Check if containers run with correct open files/processes limits" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
2021-05-12 00:21:09 +08:00
|
|
|
|
|
|
|
|
# we need to not use the list of limits that are set in our default
|
2022-04-26 22:03:44 +08:00
|
|
|
# ${TEST_SOURCES}/containers.conf for the sake of other tests, and override
|
2021-05-12 00:21:09 +08:00
|
|
|
# any that might be picked up from system-wide configuration
|
2022-04-26 23:09:11 +08:00
|
|
|
echo '[containers]' > ${TEST_SCRATCH_DIR}/containers.conf
|
|
|
|
|
echo 'default_ulimits = []' >> ${TEST_SCRATCH_DIR}/containers.conf
|
|
|
|
|
export CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf
|
2021-05-12 00:21:09 +08:00
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2024-01-18 00:03:06 +08:00
|
|
|
|
|
|
|
|
run podman run --rm alpine sh -c "awk '/open files/{print \$4 \"/\" \$5}' /proc/self/limits"
|
|
|
|
|
podman_files=$output
|
|
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2024-01-18 00:03:06 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4 "/" $5}' /proc/self/limits
|
|
|
|
|
expect_output "${podman_files}" "limits: podman and buildah should agree on open files"
|
|
|
|
|
|
|
|
|
|
run podman run --rm alpine sh -c "awk '/processes/{print \$3 \"/\" \$4}' /proc/self/limits"
|
|
|
|
|
podman_processes=$output
|
|
|
|
|
run_buildah run $cid awk '/processes/{print $3 "/" $4}' /proc/self/limits
|
|
|
|
|
expect_output ${podman_processes} "processes should match podman"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah rm $cid
|
2018-07-30 23:54:15 +08:00
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --ulimit nofile=300:400 --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "300" "limits: open files (w/file limit)"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah rm $cid
|
2018-07-30 23:54:15 +08:00
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --ulimit nproc=100:200 --ulimit nofile=300:400 --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "300" "limits: open files (w/file & proc limits)"
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/processes/{print $3}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "100" "limits: processes (w/file & proc limits)"
|
2021-05-12 00:21:09 +08:00
|
|
|
|
|
|
|
|
unset CONTAINERS_CONF
|
2018-07-30 23:54:15 +08:00
|
|
|
}
|
2018-10-25 03:15:40 +08:00
|
|
|
|
|
|
|
|
@test "run-builtin-volume-omitted" {
|
|
|
|
|
# This image is known to include a volume, but not include the mountpoint
|
|
|
|
|
# in the image.
|
2024-02-22 18:08:24 +08:00
|
|
|
run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON quay.io/libpod/registry:volume_omitted
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
mnt=$output
|
2018-10-25 03:15:40 +08:00
|
|
|
# By default, the mountpoint should not be there.
|
|
|
|
|
run test -d "$mnt"/var/lib/registry
|
|
|
|
|
echo "$output"
|
|
|
|
|
[ "$status" -ne 0 ]
|
|
|
|
|
# We'll create the mountpoint for "run".
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid ls -1 /var/lib
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "registry"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-10-25 03:15:40 +08:00
|
|
|
# Double-check that the mountpoint is there.
|
2019-04-02 05:56:29 +08:00
|
|
|
test -d "$mnt"/var/lib/registry
|
2018-10-25 03:15:40 +08:00
|
|
|
}
|
2019-08-23 00:45:36 +08:00
|
|
|
|
|
|
|
|
@test "run-exit-status" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-08-23 00:45:36 +08:00
|
|
|
run_buildah 42 run ${cid} sh -c 'exit 42'
|
|
|
|
|
}
|
2019-09-06 04:54:40 +08:00
|
|
|
|
2020-04-16 21:48:43 +08:00
|
|
|
@test "run-exit-status on non executable" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2020-04-16 21:48:43 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah 1 run ${cid} /etc
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-06 04:54:40 +08:00
|
|
|
@test "Verify /run/.containerenv exist" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-09-06 04:54:40 +08:00
|
|
|
# test a standard mount to /run/.containerenv
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid ls -1 /run/.containerenv
|
2019-09-06 04:54:40 +08:00
|
|
|
expect_output --substring "/run/.containerenv"
|
2020-11-24 08:07:50 +08:00
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $engine'
|
|
|
|
|
expect_output --substring "buildah"
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $name'
|
|
|
|
|
expect_output "alpine-working-container"
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $image'
|
|
|
|
|
expect_output --substring "alpine:latest"
|
|
|
|
|
|
|
|
|
|
rootless=0
|
|
|
|
|
if ["$(id -u)" -ne 0 ]; then
|
|
|
|
|
rootless=1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $rootless'
|
|
|
|
|
expect_output ${rootless}
|
2019-09-06 04:54:40 +08:00
|
|
|
}
|
2019-09-07 03:07:18 +08:00
|
|
|
|
|
|
|
|
@test "run-device" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse:rm $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse:rwm $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run-device-Rename" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
skip_if_chroot
|
|
|
|
|
skip_if_rootless
|
2019-09-07 03:07:18 +08:00
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse1 $WITH_POLICY_JSON alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse1
|
|
|
|
|
}
|
2020-07-23 05:06:01 +08:00
|
|
|
|
|
|
|
|
@test "run check /etc/hosts" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2020-07-23 05:06:01 +08:00
|
|
|
skip_if_no_runtime
|
2022-01-19 23:43:02 +08:00
|
|
|
skip_if_in_container
|
2020-07-23 05:06:01 +08:00
|
|
|
|
|
|
|
|
${OCI} --version
|
|
|
|
|
_prefetch debian
|
|
|
|
|
|
2022-04-19 16:55:16 +08:00
|
|
|
local hostname=h-$(random_string)
|
|
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON debian
|
2020-07-23 05:06:01 +08:00
|
|
|
cid=$output
|
2021-10-13 03:33:07 +08:00
|
|
|
run_buildah 125 run --network=bogus $cid cat /etc/hosts
|
2022-03-08 04:44:14 +08:00
|
|
|
expect_output --substring "unable to find network with name or ID bogus: network not found"
|
2022-04-19 16:55:16 +08:00
|
|
|
run_buildah run --hostname $hostname $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$hostname $cid"
|
2021-10-13 03:33:07 +08:00
|
|
|
ip=$(hostname -I | cut -f 1 -d " ")
|
|
|
|
|
expect_output --substring "$ip.*host.containers.internal"
|
|
|
|
|
|
2022-04-19 16:55:16 +08:00
|
|
|
hosts="127.0.0.5 host1
|
|
|
|
|
127.0.0.6 host2"
|
2022-04-26 23:09:11 +08:00
|
|
|
base_hosts_file="$TEST_SCRATCH_DIR/base_hosts"
|
2022-04-19 16:55:16 +08:00
|
|
|
echo "$hosts" > "$base_hosts_file"
|
2022-04-26 23:09:11 +08:00
|
|
|
containers_conf_file="$TEST_SCRATCH_DIR/containers.conf"
|
2022-04-19 16:55:16 +08:00
|
|
|
echo -e "[containers]\nbase_hosts_file = \"$base_hosts_file\"" > "$containers_conf_file"
|
|
|
|
|
CONTAINERS_CONF="$containers_conf_file" run_buildah run --hostname $hostname $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "127.0.0.5[[:blank:]]host1"
|
|
|
|
|
expect_output --substring "127.0.0.6[[:blank:]]host2"
|
|
|
|
|
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$hostname $cid"
|
|
|
|
|
|
|
|
|
|
# now check that hostname from base file is not overwritten
|
|
|
|
|
CONTAINERS_CONF="$containers_conf_file" run_buildah run --hostname host1 $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "127.0.0.5[[:blank:]]host1"
|
|
|
|
|
expect_output --substring "127.0.0.6[[:blank:]]host2"
|
|
|
|
|
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$cid"
|
|
|
|
|
assert "$output" !~ "(10.88.*|10.0.2.100)[[:blank:]]host1 $cid" "Container IP should not contain host1"
|
|
|
|
|
|
2023-06-22 21:31:32 +08:00
|
|
|
# check slirp4netns sets correct hostname with another cidr
|
|
|
|
|
run_buildah run --network slirp4netns:cidr=192.168.2.0/24 --hostname $hostname $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "192.168.2.100[[:blank:]]$hostname $cid"
|
|
|
|
|
|
2021-10-13 03:33:07 +08:00
|
|
|
run_buildah run --network=container $cid cat /etc/hosts
|
2020-07-23 05:06:01 +08:00
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring ""
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON debian
|
2020-07-23 05:06:01 +08:00
|
|
|
cid=$output
|
2023-06-15 18:27:28 +08:00
|
|
|
run_buildah run --network=host --hostname $hostname $cid cat /etc/hosts
|
|
|
|
|
assert "$output" =~ "$ip[[:blank:]]$hostname"
|
2022-03-08 04:44:14 +08:00
|
|
|
hostOutput=$output
|
2020-07-23 05:06:01 +08:00
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring ""
|
2022-03-08 04:44:14 +08:00
|
|
|
run_buildah run --network=host --no-hosts $cid cat /etc/hosts
|
|
|
|
|
[ "$output" != "$hostOutput" ]
|
2023-06-15 18:27:28 +08:00
|
|
|
# --isolation chroot implies host networking so check for the correct hosts entry
|
|
|
|
|
run_buildah run --isolation chroot --hostname $hostname $cid cat /etc/hosts
|
|
|
|
|
assert "$output" =~ "$ip[[:blank:]]$hostname"
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah rm -a
|
|
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON debian
|
2020-07-23 05:06:01 +08:00
|
|
|
cid=$output
|
2021-10-13 03:33:07 +08:00
|
|
|
run_buildah run --network=none $cid sh -c 'echo "110.110.110.0 fake_host" >> /etc/hosts; cat /etc/hosts'
|
2020-07-23 05:06:01 +08:00
|
|
|
expect_output "110.110.110.0 fake_host"
|
|
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output "110.110.110.0 fake_host"
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-23 00:14:50 +08:00
|
|
|
@test "run check /etc/hosts with --network pasta" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
skip_if_chroot
|
|
|
|
|
skip_if_root_environment "pasta only works rootless"
|
|
|
|
|
|
|
|
|
|
# FIXME: unskip when we have a new pasta version with:
|
|
|
|
|
# https://archives.passt.top/passt-dev/20230623082531.25947-2-pholzing@redhat.com/
|
|
|
|
|
skip "pasta bug prevents this from working"
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON debian
|
|
|
|
|
cid=$output
|
|
|
|
|
|
|
|
|
|
local hostname=h-$(random_string)
|
|
|
|
|
ip=$(hostname -I | cut -f 1 -d " ")
|
|
|
|
|
run_buildah run --network pasta --hostname $hostname $cid cat /etc/hosts
|
2023-06-28 21:20:39 +08:00
|
|
|
assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "--network pasta adds correct hostname"
|
|
|
|
|
|
|
|
|
|
# check with containers.conf setting
|
|
|
|
|
echo -e "[network]\ndefault_rootless_network_cmd = \"pasta\"" > ${TEST_SCRATCH_DIR}/containers.conf
|
|
|
|
|
CONTAINERS_CONF_OVERRIDE=${TEST_SCRATCH_DIR}/containers.conf run_buildah run --hostname $hostname $cid cat /etc/hosts
|
|
|
|
|
assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "default_rootless_network_cmd = \"pasta\" works"
|
2023-06-23 00:14:50 +08:00
|
|
|
}
|
|
|
|
|
|
2020-07-23 05:06:01 +08:00
|
|
|
@test "run check /etc/resolv.conf" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2021-08-04 18:31:13 +08:00
|
|
|
skip_if_no_runtime
|
2020-07-23 05:06:01 +08:00
|
|
|
|
2021-08-04 18:31:13 +08:00
|
|
|
${OCI} --version
|
|
|
|
|
_prefetch alpine
|
2020-07-23 05:06:01 +08:00
|
|
|
|
2021-08-04 18:31:13 +08:00
|
|
|
# Make sure to read the correct /etc/resolv.conf file in case of systemd-resolved.
|
|
|
|
|
resolve_file=$(readlink -f /etc/resolv.conf)
|
|
|
|
|
if [[ "$resolve_file" == "/run/systemd/resolve/stub-resolv.conf" ]]; then
|
|
|
|
|
resolve_file="/run/systemd/resolve/resolv.conf"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
run grep nameserver $resolve_file
|
|
|
|
|
# filter out 127... nameservers
|
|
|
|
|
run grep -v "nameserver 127." <<< "$output"
|
|
|
|
|
nameservers="$output"
|
|
|
|
|
# in case of rootless add extra slirp4netns nameserver
|
|
|
|
|
if is_rootless; then
|
|
|
|
|
nameservers="nameserver 10.0.2.3
|
|
|
|
|
$output"
|
|
|
|
|
fi
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-08-04 18:31:13 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --network=private $cid grep nameserver /etc/resolv.conf
|
|
|
|
|
# check that no 127... nameserver is in resolv.conf
|
|
|
|
|
assert "$output" !~ "^nameserver 127." "Container contains local nameserver"
|
|
|
|
|
assert "$nameservers" "Container nameservers match correct host nameservers"
|
|
|
|
|
if ! is_rootless; then
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
assert "$output" != ""
|
|
|
|
|
assert "$(< $output/etc/resolv.conf)" = "" "resolv.conf is empty"
|
|
|
|
|
fi
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah rm -a
|
|
|
|
|
|
2021-08-04 18:31:13 +08:00
|
|
|
run grep nameserver /etc/resolv.conf
|
|
|
|
|
nameservers="$output"
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-08-04 18:31:13 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --isolation=chroot --network=host $cid grep nameserver /etc/resolv.conf
|
|
|
|
|
assert "$nameservers" "Container nameservers match the host nameservers"
|
|
|
|
|
if ! is_rootless; then
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
assert "$output" != ""
|
|
|
|
|
assert "$(< $output/etc/resolv.conf)" = "" "resolv.conf is empty"
|
|
|
|
|
fi
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah rm -a
|
|
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-08-04 18:31:13 +08:00
|
|
|
cid=$output
|
2022-09-19 17:08:50 +08:00
|
|
|
run_buildah 125 run --isolation=chroot --network=none $cid sh -c 'echo "nameserver 110.110.0.110" >> /etc/resolv.conf; cat /etc/resolv.conf'
|
|
|
|
|
expect_output --substring "cannot set --network other than host with --isolation chroot"
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah rm -a
|
|
|
|
|
}
|
2021-03-02 01:19:01 +08:00
|
|
|
|
2022-09-19 17:08:50 +08:00
|
|
|
@test "run --network=none and --isolation chroot must conflict" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2024-02-22 18:08:24 +08:00
|
|
|
run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
|
2022-09-19 17:08:50 +08:00
|
|
|
cid=$output
|
|
|
|
|
# should fail by default
|
|
|
|
|
run_buildah 125 run --isolation=chroot --network=none $cid wget google.com
|
|
|
|
|
expect_output --substring "cannot set --network other than host with --isolation chroot"
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-23 21:47:58 +08:00
|
|
|
@test "run --network=private must mount a fresh /sys" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2024-02-22 18:08:24 +08:00
|
|
|
run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
|
2023-03-23 21:47:58 +08:00
|
|
|
cid=$output
|
|
|
|
|
# verify there is no /sys/kernel/security in the container, that would mean /sys
|
|
|
|
|
# was bind mounted from the host.
|
|
|
|
|
run_buildah 1 run --network=private $cid grep /sys/kernel/security /proc/self/mountinfo
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-26 16:53:20 +08:00
|
|
|
@test "run --network should override build --network" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2024-02-22 18:08:24 +08:00
|
|
|
run_buildah from --network=none --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
|
2021-10-26 16:53:20 +08:00
|
|
|
cid=$output
|
|
|
|
|
# should fail by default
|
|
|
|
|
run_buildah 1 run $cid wget google.com
|
|
|
|
|
expect_output --substring "bad"
|
|
|
|
|
# try pinging external website
|
|
|
|
|
run_buildah run --network=private $cid wget google.com
|
|
|
|
|
expect_output --substring "index.html"
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 01:19:01 +08:00
|
|
|
@test "run --user" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-03-02 01:19:01 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --user sync $cid whoami
|
|
|
|
|
expect_output "sync"
|
|
|
|
|
run_buildah 125 run --user noexist $cid whoami
|
|
|
|
|
expect_output --substring "unknown user error"
|
|
|
|
|
}
|
2021-04-02 05:16:05 +08:00
|
|
|
|
|
|
|
|
@test "run --runtime --runtime-flag" {
|
|
|
|
|
skip_if_in_container
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
|
|
|
|
|
# Use seccomp to make crun output a warning message because crun writes few logs.
|
2022-04-26 23:09:11 +08:00
|
|
|
cat > ${TEST_SCRATCH_DIR}/seccomp.json << _EOF
|
2021-04-02 05:16:05 +08:00
|
|
|
{
|
|
|
|
|
"defaultAction": "SCMP_ACT_ALLOW",
|
|
|
|
|
"syscalls": [
|
|
|
|
|
{
|
|
|
|
|
"name": "unknown",
|
|
|
|
|
"action": "SCMP_ACT_KILL"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
_EOF
|
2022-04-26 23:09:11 +08:00
|
|
|
run_buildah from --security-opt seccomp=${TEST_SCRATCH_DIR}/seccomp.json --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-04-02 05:16:05 +08:00
|
|
|
cid=$output
|
|
|
|
|
|
2021-04-06 04:17:59 +08:00
|
|
|
local found_runtime=
|
|
|
|
|
|
2021-04-02 05:16:05 +08:00
|
|
|
if [ -n "$(command -v runc)" ]; then
|
2021-04-06 04:17:59 +08:00
|
|
|
found_runtime=y
|
2022-08-02 05:15:33 +08:00
|
|
|
run_buildah '?' run --runtime=runc --runtime-flag=debug $cid true
|
2021-04-02 05:16:05 +08:00
|
|
|
if [ "$status" -eq 0 ]; then
|
2023-01-05 21:42:11 +08:00
|
|
|
assert "$output" != "" "Output from running 'true' with --runtime-flag=debug"
|
2021-04-02 05:16:05 +08:00
|
|
|
else
|
|
|
|
|
# runc fully supports cgroup v2 (unified mode) since v1.0.0-rc93.
|
|
|
|
|
# older runc doesn't work on cgroup v2.
|
|
|
|
|
expect_output --substring "this version of runc doesn't work on cgroups v2" "should fail by unsupportability for cgroupv2"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -n "$(command -v crun)" ]; then
|
2021-04-06 04:17:59 +08:00
|
|
|
found_runtime=y
|
2023-01-18 00:02:04 +08:00
|
|
|
run_buildah run --runtime=crun --runtime-flag=log=${TEST_SCRATCH_DIR}/oci-log $cid true
|
|
|
|
|
if test \! -e ${TEST_SCRATCH_DIR}/oci-log; then
|
|
|
|
|
die "the expected file ${TEST_SCRATCH_DIR}/oci-log was not created"
|
|
|
|
|
fi
|
2021-04-02 05:16:05 +08:00
|
|
|
fi
|
2021-04-06 04:17:59 +08:00
|
|
|
|
|
|
|
|
if [ -z "${found_runtime}" ]; then
|
|
|
|
|
skip "Did not find 'runc' nor 'crun' in \$PATH - could not run this test!"
|
|
|
|
|
fi
|
|
|
|
|
|
2021-04-02 05:16:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run --terminal" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2021-04-02 05:16:05 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --terminal=true $cid ls --color=auto
|
|
|
|
|
colored="$output"
|
|
|
|
|
run_buildah run --terminal=false $cid ls --color=auto
|
|
|
|
|
uncolored="$output"
|
|
|
|
|
[ "$colored" != "$uncolored" ]
|
|
|
|
|
}
|
2022-02-14 17:05:46 +08:00
|
|
|
|
|
|
|
|
@test "rootless on cgroupv2 and systemd runs under user.slice" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
skip_if_cgroupsv1
|
|
|
|
|
skip_if_in_container
|
2022-04-01 21:28:53 +08:00
|
|
|
skip_if_root_environment
|
2022-02-14 17:05:46 +08:00
|
|
|
if test "$DBUS_SESSION_BUS_ADDRESS" = ""; then
|
2022-04-01 21:28:53 +08:00
|
|
|
skip "$test does not work when DBUS_SESSION_BUS_ADDRESS is not defined"
|
2022-02-14 17:05:46 +08:00
|
|
|
fi
|
2022-03-25 04:32:47 +08:00
|
|
|
_prefetch alpine
|
2022-02-14 17:05:46 +08:00
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2022-02-14 17:05:46 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --cgroupns=host $cid cat /proc/self/cgroup
|
|
|
|
|
expect_output --substring "/user.slice/"
|
|
|
|
|
}
|
2022-03-25 04:32:47 +08:00
|
|
|
|
|
|
|
|
@test "run-inheritable-capabilities" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
|
2022-04-26 21:47:03 +08:00
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
2022-03-25 04:32:47 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah run $cid grep ^CapInh: /proc/self/status
|
|
|
|
|
expect_output "CapInh: 0000000000000000"
|
|
|
|
|
run_buildah run --cap-add=ALL $cid grep ^CapInh: /proc/self/status
|
|
|
|
|
expect_output "CapInh: 0000000000000000"
|
|
|
|
|
}
|
2023-10-28 01:10:18 +08:00
|
|
|
|
|
|
|
|
@test "run masks" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
for mask in /proc/acpi /proc/kcore /proc/keys /proc/latency_stats /proc/sched_debug /proc/scsi /proc/timer_list /proc/timer_stats /sys/dev/block /sys/devices/virtual/powercap /sys/firmware /sys/fs/selinux; do
|
|
|
|
|
if test -d $mask; then
|
|
|
|
|
run_buildah run $cid ls $mask
|
|
|
|
|
expect_output "" "Directories should be empty"
|
|
|
|
|
fi
|
|
|
|
|
if test -f $mask; then
|
|
|
|
|
run_buildah run $cid cat $mask
|
|
|
|
|
expect_output "" "Directories should be empty"
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
}
|
2024-02-02 00:14:13 +08:00
|
|
|
|
|
|
|
|
@test "empty run statement doesn't crash" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
|
|
|
|
|
cd ${TEST_SCRATCH_DIR}
|
|
|
|
|
|
|
|
|
|
printf 'FROM alpine\nRUN \\\n echo && echo' > Dockerfile
|
|
|
|
|
run_buildah bud --pull=false --layers .
|
|
|
|
|
|
|
|
|
|
printf 'FROM alpine\nRUN\n echo && echo' > Dockerfile
|
|
|
|
|
run_buildah ? bud --pull=false --layers .
|
|
|
|
|
expect_output --substring -- "-c requires an argument"
|
|
|
|
|
}
|
