2017-03-18 06:45:19 +08:00
#!/usr/bin/env bats
load helpers
@test "run" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2019-12-09 21:45:52 +08:00
_prefetch alpine
2020-04-28 02:12:30 +08:00
${OCI} --version
2022-04-26 23:09:11 +08:00
createrandom ${TEST_SCRATCH_DIR}/randomfile
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
run_buildah mount $cid
root=$output
2019-12-12 04:03:37 +08:00
run_buildah config --workingdir /tmp $cid
2019-12-12 02:28:27 +08:00
run_buildah run $cid pwd
2019-04-05 23:59:54 +08:00
expect_output "/tmp"
2019-12-12 04:03:37 +08:00
run_buildah config --workingdir /root $cid
2019-12-12 02:28:27 +08:00
run_buildah run $cid pwd
2019-04-05 23:59:54 +08:00
expect_output "/root"
2022-04-26 23:09:11 +08:00
cp ${TEST_SCRATCH_DIR}/randomfile $root/tmp/
2019-12-12 04:03:37 +08:00
run_buildah run $cid cp /tmp/randomfile /tmp/other-randomfile
2017-03-18 06:45:19 +08:00
test -s $root/tmp/other-randomfile
2022-04-26 23:09:11 +08:00
cmp ${TEST_SCRATCH_DIR}/randomfile $root/tmp/other-randomfile
2017-07-21 01:41:51 +08:00
2019-06-12 18:19:28 +08:00
seq 100000 | buildah run $cid -- sh -c 'while read i; do echo $i; done'
2017-07-21 01:41:51 +08:00
}
@test "run--args" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2017-07-21 01:41:51 +08:00
# This should fail, because buildah run doesn't have a -n flag.
2020-04-16 21:48:43 +08:00
run_buildah 125 run -n $cid echo test
2017-07-21 01:41:51 +08:00
# This should succeed, because buildah run stops caring at the --, which is preserved as part of the command.
2019-12-12 02:28:27 +08:00
run_buildah run $cid echo -- -n test
2019-04-05 23:59:54 +08:00
expect_output -- "-- -n test"
2017-07-21 01:41:51 +08:00
# This should succeed, because buildah run stops caring at the --, which is not part of the command.
2019-12-12 02:28:27 +08:00
run_buildah run $cid -- echo -n -- test
2019-04-05 23:59:54 +08:00
expect_output -- "-- test"
2017-07-21 01:41:51 +08:00
# This should succeed, because buildah run stops caring at the --.
2019-12-12 02:28:27 +08:00
run_buildah run $cid -- echo -- -n test --
2019-04-05 23:59:54 +08:00
expect_output -- "-- -n test --"
2017-07-21 01:41:51 +08:00
# This should succeed, because buildah run stops caring at the --.
2019-12-12 02:28:27 +08:00
run_buildah run $cid -- echo -n "test"
2019-04-05 23:59:54 +08:00
expect_output "test"
2017-03-18 06:45:19 +08:00
}
2017-04-05 05:31:02 +08:00
2017-06-23 23:53:51 +08:00
@test "run-cmd" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-12-12 04:03:37 +08:00
run_buildah config --workingdir /tmp $cid
2017-06-23 23:53:51 +08:00
2018-05-03 07:50:13 +08:00
# Configured entrypoint/cmd shouldn't modify behaviour of run with no arguments
# empty entrypoint, configured cmd, empty run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint "" $cid
run_buildah config --cmd pwd $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "empty entrypoint, cmd, no args"
2019-04-02 05:56:29 +08:00
2018-05-03 13:48:50 +08:00
# empty entrypoint, configured cmd, empty run arguments, end parsing option
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint "" $cid
run_buildah config --cmd pwd $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid --
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "empty entrypoint, cmd, no args, --"
2017-06-23 23:53:51 +08:00
2018-05-03 07:50:13 +08:00
# configured entrypoint, empty cmd, empty run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint pwd $cid
run_buildah config --cmd "" $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "entrypoint, empty cmd, no args"
2019-04-02 05:56:29 +08:00
2018-05-03 13:48:50 +08:00
# configured entrypoint, empty cmd, empty run arguments, end parsing option
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint pwd $cid
run_buildah config --cmd "" $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid --
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "entrypoint, empty cmd, no args, --"
2017-06-23 23:53:51 +08:00
2018-05-03 07:50:13 +08:00
# configured entrypoint only, empty run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint pwd $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "entrypoint, no args"
2019-04-02 05:56:29 +08:00
2018-05-03 13:48:50 +08:00
# configured entrypoint only, empty run arguments, end parsing option
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint pwd $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid --
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "entrypoint, no args, --"
2017-06-23 23:53:51 +08:00
2019-11-17 00:31:41 +08:00
# configured cmd only, empty run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --cmd pwd $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "cmd, no args"
2018-05-03 07:13:28 +08:00
2019-01-22 23:35:52 +08:00
# configured cmd only, empty run arguments, end parsing option
2019-12-12 04:03:37 +08:00
run_buildah config --cmd pwd $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid --
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "cmd, no args, --"
2018-05-03 13:48:50 +08:00
2018-05-03 07:50:13 +08:00
# configured entrypoint, configured cmd, empty run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint "pwd" $cid
run_buildah config --cmd "whoami" $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "entrypoint, cmd, no args"
2019-04-02 05:56:29 +08:00
2018-05-03 13:48:50 +08:00
# configured entrypoint, configured cmd, empty run arguments, end parsing option
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint "pwd" $cid
run_buildah config --cmd "whoami" $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run $cid --
2019-04-05 23:59:54 +08:00
expect_output --substring "command must be specified" "entrypoint, cmd, no args"
2017-06-23 23:53:51 +08:00
2018-05-03 07:50:13 +08:00
# Configured entrypoint/cmd shouldn't modify behaviour of run with argument
# Note: entrypoint and cmd can be invalid in below tests as they should never execute
# empty entrypoint, configured cmd, configured run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint "" $cid
run_buildah config --cmd "/invalid/cmd" $cid
2019-12-12 02:28:27 +08:00
run_buildah run $cid -- pwd
2019-04-05 23:59:54 +08:00
expect_output "/tmp" "empty entrypoint, invalid cmd, pwd"
2018-05-03 07:50:13 +08:00
# configured entrypoint, empty cmd, configured run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint "/invalid/entrypoint" $cid
run_buildah config --cmd "" $cid
2019-12-12 02:28:27 +08:00
run_buildah run $cid -- pwd
2019-04-05 23:59:54 +08:00
expect_output "/tmp" "invalid entrypoint, empty cmd, pwd"
2018-05-03 07:50:13 +08:00
# configured entrypoint only, configured run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint "/invalid/entrypoint" $cid
2019-12-12 02:28:27 +08:00
run_buildah run $cid -- pwd
2019-04-05 23:59:54 +08:00
expect_output "/tmp" "invalid entrypoint, no cmd(??), pwd"
2018-05-03 07:50:13 +08:00
2019-11-17 00:31:41 +08:00
# configured cmd only, configured run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --cmd "/invalid/cmd" $cid
2019-12-12 02:28:27 +08:00
run_buildah run $cid -- pwd
2019-04-05 23:59:54 +08:00
expect_output "/tmp" "invalid cmd, no entrypoint(??), pwd"
2018-05-03 07:50:13 +08:00
# configured entrypoint, configured cmd, configured run arguments
2019-12-12 04:03:37 +08:00
run_buildah config --entrypoint "/invalid/entrypoint" $cid
run_buildah config --cmd "/invalid/cmd" $cid
2019-12-12 02:28:27 +08:00
run_buildah run $cid -- pwd
2019-04-05 23:59:54 +08:00
expect_output "/tmp" "invalid cmd & entrypoint, pwd"
2017-06-23 23:53:51 +08:00
}
2021-04-29 23:40:50 +08:00
# Helper for run-user test. Generates a UID or GID that is not present
# in the given idfile (mounted /etc/passwd or /etc/group)
function random_unused_id() {
local idfile=$1
while :;do
id=$RANDOM
if ! fgrep -q :$id: $idfile; then
echo $id
return
fi
done
}
2019-04-02 05:56:29 +08:00
function configure_and_check_user() {
local setting=$1
local expect_u=$2
local expect_g=$3
run_buildah config -u "$setting" $cid
2019-12-12 02:28:27 +08:00
run_buildah run -- $cid id -u
2019-04-05 23:59:54 +08:00
expect_output "$expect_u" "id -u ($setting)"
2019-04-02 05:56:29 +08:00
2019-12-12 02:28:27 +08:00
run_buildah run -- $cid id -g
2019-04-05 23:59:54 +08:00
expect_output "$expect_g" "id -g ($setting)"
2019-04-02 05:56:29 +08:00
}
2017-04-05 05:31:02 +08:00
@test "run-user" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2017-04-05 05:31:02 +08:00
eval $(go env)
echo CGO_ENABLED=${CGO_ENABLED}
if test "$CGO_ENABLED" -ne 1; then
2019-04-02 05:56:29 +08:00
skip "CGO_ENABLED = '$CGO_ENABLED'"
2017-04-05 05:31:02 +08:00
fi
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
run_buildah mount $cid
root=$output
2017-04-05 05:31:02 +08:00
testuser=jimbo
2017-11-04 01:32:19 +08:00
testbogususer=nosuchuser
2017-04-05 05:31:02 +08:00
testgroup=jimbogroup
2021-04-29 23:40:50 +08:00
testuid=$(random_unused_id $root/etc/passwd)
testotheruid=$(random_unused_id $root/etc/passwd)
testgid=$(random_unused_id $root/etc/group)
testgroupid=$(random_unused_id $root/etc/group)
2017-04-05 05:31:02 +08:00
echo "$testuser:x:$testuid:$testgid:Jimbo Jenkins:/home/$testuser:/bin/sh" >> $root/etc/passwd
echo "$testgroup:x:$testgroupid:" >> $root/etc/group
2019-04-02 05:56:29 +08:00
configure_and_check_user "" 0 0
configure_and_check_user "${testuser}" $testuid $testgid
configure_and_check_user "${testuid}" $testuid $testgid
configure_and_check_user "${testuser}:${testgroup}" $testuid $testgroupid
configure_and_check_user "${testuid}:${testgroup}" $testuid $testgroupid
configure_and_check_user "${testotheruid}:${testgroup}" $testotheruid $testgroupid
configure_and_check_user "${testotheruid}" $testotheruid 0
configure_and_check_user "${testuser}:${testgroupid}" $testuid $testgroupid
configure_and_check_user "${testuid}:${testgroupid}" $testuid $testgroupid
2019-12-12 04:03:37 +08:00
run_buildah config -u ${testbogususer} $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run -- $cid id -u
2019-04-05 23:59:54 +08:00
expect_output --substring "unknown user" "id -u (bogus user)"
2020-04-16 21:48:43 +08:00
run_buildah 125 run -- $cid id -g
2019-04-05 23:59:54 +08:00
expect_output --substring "unknown user" "id -g (bogus user)"
2017-11-04 01:32:19 +08:00
2017-04-13 01:35:48 +08:00
ln -vsf /etc/passwd $root/etc/passwd
2019-12-12 04:03:37 +08:00
run_buildah config -u ${testuser}:${testgroup} $cid
2020-04-16 21:48:43 +08:00
run_buildah 125 run -- $cid id -u
2017-04-13 01:35:48 +08:00
echo "$output"
2019-04-05 23:59:54 +08:00
expect_output --substring "unknown user" "run as unknown user"
2017-04-05 05:31:02 +08:00
}
2017-09-21 19:39:39 +08:00
2021-06-23 04:45:09 +08:00
@test "run --env" {
skip_if_no_runtime
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-06-23 04:45:09 +08:00
cid=$output
run_buildah config --env foo=foo $cid
2023-04-02 03:07:00 +08:00
2021-06-23 04:45:09 +08:00
# Ensure foo=foo from `buildah config`
run_buildah run $cid -- /bin/sh -c 'echo $foo'
expect_output "foo"
2023-04-02 03:07:00 +08:00
2021-06-23 04:45:09 +08:00
# Ensure foo=bar from --env override
run_buildah run --env foo=bar $cid -- /bin/sh -c 'echo $foo'
expect_output "bar"
2023-04-02 03:07:00 +08:00
# Reference foo=baz from process environment
foo=baz run_buildah run --env foo $cid -- /bin/sh -c 'echo $foo'
expect_output "baz"
2021-06-23 04:45:09 +08:00
# Ensure that the --env override did not persist
run_buildah run $cid -- /bin/sh -c 'echo $foo'
expect_output "foo"
}
2022-12-22 03:51:59 +08:00
@test "run --group-add" {
skip_if_no_runtime
id=$RANDOM
_prefetch alpine
run_buildah from --group-add $id --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
run_buildah run $cid id -G
expect_output --substring "$id"
if is_rootless && has_supplemental_groups; then
run_buildah from --group-add keep-groups --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
run_buildah run $cid id -G
expect_output --substring "65534"
fi
}
2017-09-21 19:39:39 +08:00
@test "run --hostname" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2019-12-09 21:45:52 +08:00
_prefetch alpine
2020-04-28 02:12:30 +08:00
${OCI} --version
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-12-12 02:28:27 +08:00
run_buildah run $cid hostname
2017-09-21 19:39:39 +08:00
[ "$output" != "foobar" ]
2019-12-12 02:28:27 +08:00
run_buildah run --hostname foobar $cid hostname
2019-04-05 23:59:54 +08:00
expect_output "foobar"
2017-09-21 19:39:39 +08:00
}
2018-05-31 22:56:40 +08:00
2022-04-21 15:35:56 +08:00
@test "run should also override /etc/hostname" {
skip_if_no_runtime
_prefetch alpine
${OCI} --version
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2022-04-21 15:35:56 +08:00
cid=$output
run_buildah run --hostname foobar $cid hostname
expect_output "foobar"
hostname=$output
run_buildah run --hostname foobar $cid cat /etc/hostname
expect_output $hostname
2023-10-25 07:43:56 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
run_buildah inspect --format "{{ .ContainerID }}" $cid
id=$output
run_buildah run $cid cat /etc/hostname
expect_output "${id:0:12}"
run_buildah run --no-hostname $cid cat /etc/hostname
expect_output 'localhost'
2022-04-21 15:35:56 +08:00
}
2018-05-31 22:56:40 +08:00
@test "run --volume" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2018-07-21 05:58:48 +08:00
zflag=
if which selinuxenabled > /dev/null 2> /dev/null ; then
if selinuxenabled ; then
zflag=z
fi
fi
2020-04-28 02:12:30 +08:00
${OCI} --version
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2022-04-26 23:09:11 +08:00
mkdir -p ${TEST_SCRATCH_DIR}/was-empty
2018-05-31 22:56:40 +08:00
# As a baseline, this should succeed.
2022-04-26 23:09:11 +08:00
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty${zflag:+:${zflag}} $cid touch /var/not-empty/testfile
2019-06-20 02:59:24 +08:00
# Parsing options that with comma, this should succeed.
2022-04-26 23:09:11 +08:00
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty:rw,rshared${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
2018-05-31 22:56:40 +08:00
# If we're parsing the options at all, this should be read-only, so it should fail.
2022-04-26 23:09:11 +08:00
run_buildah 1 run -v ${TEST_SCRATCH_DIR}/was-empty:/var/not-empty:ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
2018-09-11 02:23:26 +08:00
# Even if the parent directory doesn't exist yet, this should succeed.
2022-04-26 23:09:11 +08:00
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/var/multi-level/subdirectory $cid touch /var/multi-level/subdirectory/testfile
2018-09-11 02:23:26 +08:00
# And check the same for file volumes.
2022-04-26 23:09:11 +08:00
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty/testfile:/var/different-multi-level/subdirectory/testfile $cid touch /var/different-multi-level/subdirectory/testfile
2021-03-31 18:57:18 +08:00
# And check the same for file volumes.
# Make sure directories show up inside of container on builtin mounts
2022-04-26 23:09:11 +08:00
run_buildah run -v ${TEST_SCRATCH_DIR}/was-empty:/run/secrets/testdir $cid ls -ld /run/secrets/testdir
2018-05-31 22:56:40 +08:00
}
2018-06-02 02:54:45 +08:00
2022-01-20 17:15:48 +08:00
@test "run overlay --volume with custom upper and workdir" {
skip_if_no_runtime
zflag=
if which selinuxenabled > /dev/null 2> /dev/null ; then
if selinuxenabled ; then
zflag=z
fi
fi
${OCI} --version
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2022-01-20 17:15:48 +08:00
cid=$output
2022-04-26 23:09:11 +08:00
mkdir -p ${TEST_SCRATCH_DIR}/upperdir
mkdir -p ${TEST_SCRATCH_DIR}/workdir
mkdir -p ${TEST_SCRATCH_DIR}/lower
2022-01-20 17:15:48 +08:00
2022-04-26 23:09:11 +08:00
echo 'hello' >> ${TEST_SCRATCH_DIR}/lower/hello
2022-01-20 17:15:48 +08:00
# As a baseline, this should succeed.
2022-04-26 23:09:11 +08:00
run_buildah run -v ${TEST_SCRATCH_DIR}/lower:/test:O,upperdir=${TEST_SCRATCH_DIR}/upperdir,workdir=${TEST_SCRATCH_DIR}/workdir${zflag:+:${zflag}} $cid cat /test/hello
2022-01-20 17:15:48 +08:00
expect_output "hello"
2022-04-26 23:09:11 +08:00
run_buildah run -v ${TEST_SCRATCH_DIR}/lower:/test:O,upperdir=${TEST_SCRATCH_DIR}/upperdir,workdir=${TEST_SCRATCH_DIR}/workdir${zflag:+:${zflag}} $cid sh -c 'echo "world" > /test/world'
2022-01-20 17:15:48 +08:00
#upper dir should persist content
2022-04-26 23:09:11 +08:00
result="$(cat ${TEST_SCRATCH_DIR}/upperdir/world)"
2022-01-20 17:15:48 +08:00
test "$result" == "world"
}
2020-11-18 22:50:53 +08:00
@test "run --volume with U flag" {
skip_if_no_runtime
# Create source volume.
2022-04-26 23:09:11 +08:00
mkdir ${TEST_SCRATCH_DIR}/testdata
2020-11-18 22:50:53 +08:00
# Create the container.
_prefetch alpine
2023-11-28 23:57:20 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2020-11-18 22:50:53 +08:00
ctr="$output"
# Test user can create file in the mounted volume.
2022-04-26 23:09:11 +08:00
run_buildah run --user 888:888 --volume ${TEST_SCRATCH_DIR}/testdata:/mnt:z,U "$ctr" touch /mnt/testfile1.txt
2020-11-18 22:50:53 +08:00
# Test created file has correct UID and GID ownership.
2022-04-26 23:09:11 +08:00
run_buildah run --user 888:888 --volume ${TEST_SCRATCH_DIR}/testdata:/mnt:z,U "$ctr" stat -c "%u:%g" /mnt/testfile1.txt
2020-11-18 22:50:53 +08:00
expect_output "888:888"
}
2022-08-24 11:12:23 +08:00
@test "run --user and verify gid in supplemental groups" {
skip_if_no_runtime
# Create the container.
_prefetch alpine
2023-11-28 23:57:20 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2022-08-24 11:12:23 +08:00
ctr="$output"
# Run with uid:gid 1000:1000 and verify if gid is present in additional groups
run_buildah run --user 1000:1000 "$ctr" cat /proc/self/status
# gid 1000 must be in additional/supplemental groups
expect_output --substring "Groups: 1000 "
}
2021-06-23 04:45:09 +08:00
@test "run --workingdir" {
skip_if_no_runtime
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-06-23 04:45:09 +08:00
cid=$output
run_buildah run $cid pwd
expect_output "/"
run_buildah run --workingdir /bin $cid pwd
expect_output "/bin"
# Ensure the /bin workingdir override did not persist
run_buildah run $cid pwd
expect_output "/"
}
2019-06-20 02:17:11 +08:00
@test "run --mount" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2019-06-20 02:17:11 +08:00
zflag=
if which selinuxenabled > /dev/null 2> /dev/null ; then
if selinuxenabled ; then
zflag=z
fi
fi
2020-04-28 02:12:30 +08:00
${OCI} --version
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2022-04-26 23:09:11 +08:00
mkdir -p ${TEST_SCRATCH_DIR}/was:empty
2019-06-20 02:17:11 +08:00
# As a baseline, this should succeed.
2019-12-12 02:28:27 +08:00
run_buildah run --mount type=tmpfs,dst=/var/tmpfs-not-empty $cid touch /var/tmpfs-not-empty/testfile
2024-11-07 06:22:49 +08:00
# This should succeed, but the writes should effectively be discarded
2022-04-26 23:09:11 +08:00
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/not-empty,rw${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
2024-11-07 06:22:49 +08:00
if test -r ${TEST_SCRATCH_DIR}/was:empty/testfile ; then
die write to mounted type=bind was not discarded, ${TEST_SCRATCH_DIR}/was:empty/testfile exists
fi
2019-06-20 02:17:11 +08:00
# If we're parsing the options at all, this should be read-only, so it should fail.
2022-04-26 23:09:11 +08:00
run_buildah 1 run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/not-empty,ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
2024-11-07 06:22:49 +08:00
# Even if the parent directory doesn't exist yet, this should succeed, but again the write should be discarded.
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty,dst=/var/multi-level/subdirectory,rw${zflag:+,${zflag}} $cid touch /var/multi-level/subdirectory/testfile
if test -r ${TEST_SCRATCH_DIR}/was:empty/testfile ; then
die write to mounted type=bind was not discarded, ${TEST_SCRATCH_DIR}/was:empty/testfile exists
fi
# And check the same for file volumes, which make life harder because the kernel's overlay
# filesystem really only wants to be dealing with directories.
: > ${TEST_SCRATCH_DIR}/was:empty/testfile
run_buildah run --mount type=bind,src=${TEST_SCRATCH_DIR}/was:empty/testfile,dst=/var/different-multi-level/subdirectory/testfile,rw${zflag:+,${zflag}} $cid sh -c 'echo wrote > /var/different-multi-level/subdirectory/testfile'
if test -s ${TEST_SCRATCH_DIR}/was:empty/testfile ; then
die write to mounted type=bind was not discarded, ${TEST_SCRATCH_DIR}/was:empty/testfile was written to
fi
2021-10-18 13:51:51 +08:00
}
@test "run --mount=type=bind with from like buildkit" {
skip_if_no_runtime
zflag=
if which selinuxenabled > /dev/null 2> /dev/null ; then
if selinuxenabled ; then
2024-11-07 06:22:49 +08:00
zflag=,z
2021-10-18 13:51:51 +08:00
fi
fi
2022-04-26 21:56:21 +08:00
run_buildah build -t buildkitbase $WITH_POLICY_JSON -f $BUDFILES/buildkit-mount-from/Dockerfilebuildkitbase $BUDFILES/buildkit-mount-from/
2021-10-18 13:51:51 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-10-18 13:51:51 +08:00
cid=$output
2024-12-14 05:55:59 +08:00
run_buildah run --mount type=bind,source=.,from=buildkitbase,target=/test${zflag} $cid cat /test/hello1
expect_output --substring "hello1"
run_buildah run --mount type=bind,source=subdir,from=buildkitbase,target=/test${zflag} $cid cat /test/hello
expect_output --substring "hello2"
2021-10-18 13:51:51 +08:00
}
@test "run --mount=type=cache like buildkit" {
skip_if_no_runtime
zflag=
if which selinuxenabled > /dev/null 2> /dev/null ; then
if selinuxenabled ; then
2024-11-07 06:22:49 +08:00
zflag=,z
2021-10-18 13:51:51 +08:00
fi
fi
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-10-18 13:51:51 +08:00
cid=$output
2024-12-14 05:55:59 +08:00
run_buildah run --mount type=cache,target=/test${zflag} $cid sh -c 'mkdir -p /test/subdir && echo "hello" > /test/subdir/h.txt && cat /test/subdir/h.txt'
run_buildah run --mount type=cache,src=subdir,target=/test${zflag} $cid cat /test/h.txt
2021-10-18 13:51:51 +08:00
expect_output --substring "hello"
2019-06-20 02:17:11 +08:00
}
2018-06-02 02:54:45 +08:00
@test "run symlinks" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2020-04-28 02:12:30 +08:00
${OCI} --version
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2022-04-26 23:09:11 +08:00
mkdir -p ${TEST_SCRATCH_DIR}/tmp
ln -s tmp ${TEST_SCRATCH_DIR}/tmp2
export TMPDIR=${TEST_SCRATCH_DIR}/tmp2
2019-12-12 02:28:27 +08:00
run_buildah run $cid id
2018-06-02 02:54:45 +08:00
}
2018-06-05 05:36:26 +08:00
@test "run --cap-add/--cap-drop" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2020-04-28 02:12:30 +08:00
${OCI} --version
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2018-06-05 05:36:26 +08:00
# Try with default caps.
2019-12-12 02:28:27 +08:00
run_buildah run $cid grep ^CapEff /proc/self/status
2018-06-05 05:36:26 +08:00
defaultcaps="$output"
# Try adding DAC_OVERRIDE.
2019-12-12 02:28:27 +08:00
run_buildah run --cap-add CAP_DAC_OVERRIDE $cid grep ^CapEff /proc/self/status
2018-06-05 05:36:26 +08:00
addedcaps="$output"
# Try dropping DAC_OVERRIDE.
2019-12-12 02:28:27 +08:00
run_buildah run --cap-drop CAP_DAC_OVERRIDE $cid grep ^CapEff /proc/self/status
2018-06-05 05:36:26 +08:00
droppedcaps="$output"
# Okay, now the "dropped" and "added" should be different.
test "$addedcaps" != "$droppedcaps"
# And one or the other should be different from the default, with the other being the same.
if test "$defaultcaps" == "$addedcaps" ; then
test "$defaultcaps" != "$droppedcaps"
fi
if test "$defaultcaps" == "$droppedcaps" ; then
test "$defaultcaps" != "$addedcaps"
fi
}
2018-07-30 23:54:15 +08:00
@test "Check if containers run with correct open files/processes limits" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2024-11-07 23:24:23 +08:00
skip "FIXME: we cannot rely on podman-run ulimits matching buildah-bud (see #5820)"
2021-05-12 00:21:09 +08:00
# we need to not use the list of limits that are set in our default
2022-04-26 22:03:44 +08:00
# ${TEST_SOURCES}/containers.conf for the sake of other tests, and override
2021-05-12 00:21:09 +08:00
# any that might be picked up from system-wide configuration
2022-04-26 23:09:11 +08:00
echo '[containers]' > ${TEST_SCRATCH_DIR}/containers.conf
echo 'default_ulimits = []' >> ${TEST_SCRATCH_DIR}/containers.conf
export CONTAINERS_CONF=${TEST_SCRATCH_DIR}/containers.conf
2021-05-12 00:21:09 +08:00
2019-12-09 21:45:52 +08:00
_prefetch alpine
2024-01-18 00:03:06 +08:00
run podman run --rm alpine sh -c "awk '/open files/{print \$4 \"/\" \$5}' /proc/self/limits"
podman_files=$output
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2024-01-18 00:03:06 +08:00
run_buildah run $cid awk '/open files/{print $4 "/" $5}' /proc/self/limits
expect_output "${podman_files}" "limits: podman and buildah should agree on open files"
run podman run --rm alpine sh -c "awk '/processes/{print \$3 \"/\" \$4}' /proc/self/limits"
podman_processes=$output
run_buildah run $cid awk '/processes/{print $3 "/" $4}' /proc/self/limits
expect_output ${podman_processes} "processes should match podman"
2019-12-12 04:03:37 +08:00
run_buildah rm $cid
2018-07-30 23:54:15 +08:00
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --ulimit nofile=300:400 --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-12-12 02:28:27 +08:00
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
2019-04-05 23:59:54 +08:00
expect_output "300" "limits: open files (w/file limit)"
2019-12-12 04:03:37 +08:00
run_buildah rm $cid
2018-07-30 23:54:15 +08:00
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --ulimit nproc=100:200 --ulimit nofile=300:400 --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-12-12 02:28:27 +08:00
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
2019-04-05 23:59:54 +08:00
expect_output "300" "limits: open files (w/file & proc limits)"
2019-12-12 02:28:27 +08:00
run_buildah run $cid awk '/processes/{print $3}' /proc/self/limits
2019-04-05 23:59:54 +08:00
expect_output "100" "limits: processes (w/file & proc limits)"
2021-05-12 00:21:09 +08:00
unset CONTAINERS_CONF
2018-07-30 23:54:15 +08:00
}
2018-10-25 03:15:40 +08:00
@test "run-builtin-volume-omitted" {
# This image is known to include a volume, but not include the mountpoint
# in the image.
2024-03-30 04:46:47 +08:00
_prefetch quay.io/libpod/registry:volume_omitted
2024-02-22 18:08:24 +08:00
run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON quay.io/libpod/registry:volume_omitted
2019-12-12 03:11:08 +08:00
cid=$output
run_buildah mount $cid
mnt=$output
2018-10-25 03:15:40 +08:00
# By default, the mountpoint should not be there.
run test -d "$mnt"/var/lib/registry
echo "$output"
[ "$status" -ne 0 ]
# We'll create the mountpoint for "run".
2019-12-12 02:28:27 +08:00
run_buildah run $cid ls -1 /var/lib
2019-04-05 23:59:54 +08:00
expect_output --substring "registry"
2019-04-02 05:56:29 +08:00
2018-10-25 03:15:40 +08:00
# Double-check that the mountpoint is there.
2019-04-02 05:56:29 +08:00
test -d "$mnt"/var/lib/registry
2018-10-25 03:15:40 +08:00
}
2019-08-23 00:45:36 +08:00
@test "run-exit-status" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-08-23 00:45:36 +08:00
run_buildah 42 run ${cid} sh -c 'exit 42'
}
2019-09-06 04:54:40 +08:00
2020-04-16 21:48:43 +08:00
@test "run-exit-status on non executable" {
skip_if_no_runtime
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2020-04-16 21:48:43 +08:00
cid=$output
run_buildah 1 run ${cid} /etc
}
2019-09-06 04:54:40 +08:00
@test "Verify /run/.containerenv exist" {
2022-03-04 18:38:38 +08:00
skip_if_rootless_environment
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-09-06 04:54:40 +08:00
# test a standard mount to /run/.containerenv
2019-12-12 02:28:27 +08:00
run_buildah run $cid ls -1 /run/.containerenv
2019-09-06 04:54:40 +08:00
expect_output --substring "/run/.containerenv"
2020-11-24 08:07:50 +08:00
run_buildah run $cid sh -c '. /run/.containerenv; echo $engine'
expect_output --substring "buildah"
run_buildah run $cid sh -c '. /run/.containerenv; echo $name'
expect_output "alpine-working-container"
run_buildah run $cid sh -c '. /run/.containerenv; echo $image'
expect_output --substring "alpine:latest"
rootless=0
if ["$(id -u)" -ne 0 ]; then
rootless=1
fi
run_buildah run $cid sh -c '. /run/.containerenv; echo $rootless'
expect_output ${rootless}
2019-09-06 04:54:40 +08:00
}
2019-09-07 03:07:18 +08:00
@test "run-device" {
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false --device /dev/fuse $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-09-07 03:07:18 +08:00
run_buildah 0 run ${cid} ls /dev/fuse
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse:rm $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-09-07 03:07:18 +08:00
run_buildah 0 run ${cid} ls /dev/fuse
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse:rwm $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-09-07 03:07:18 +08:00
run_buildah 0 run ${cid} ls /dev/fuse
}
@test "run-device-Rename" {
2022-03-04 18:38:38 +08:00
skip_if_rootless_environment
2019-11-06 02:22:07 +08:00
skip_if_no_runtime
skip_if_chroot
skip_if_rootless
2019-09-07 03:07:18 +08:00
2019-12-09 21:45:52 +08:00
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse1 $WITH_POLICY_JSON alpine
2019-12-12 03:11:08 +08:00
cid=$output
2019-09-07 03:07:18 +08:00
run_buildah 0 run ${cid} ls /dev/fuse1
}
2020-07-23 05:06:01 +08:00
@test "run check /etc/hosts" {
2022-03-04 18:38:38 +08:00
skip_if_rootless_environment
2020-07-23 05:06:01 +08:00
skip_if_no_runtime
2022-01-19 23:43:02 +08:00
skip_if_in_container
2020-07-23 05:06:01 +08:00
${OCI} --version
2024-06-12 00:10:22 +08:00
# We use ubuntu image because it has no /etc/hosts file. This
# allows the fake_host test below to be an equality check,
# not a substring check.
_prefetch ubuntu
2020-07-23 05:06:01 +08:00
2022-04-19 16:55:16 +08:00
local hostname=h-$(random_string)
2024-06-12 00:10:22 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON ubuntu
2020-07-23 05:06:01 +08:00
cid=$output
2021-10-13 03:33:07 +08:00
run_buildah 125 run --network=bogus $cid cat /etc/hosts
2022-03-08 04:44:14 +08:00
expect_output --substring "unable to find network with name or ID bogus: network not found"
2022-04-19 16:55:16 +08:00
run_buildah run --hostname $hostname $cid cat /etc/hosts
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$hostname $cid"
2021-10-13 03:33:07 +08:00
ip=$(hostname -I | cut -f 1 -d " ")
expect_output --substring "$ip.*host.containers.internal"
2022-04-19 16:55:16 +08:00
hosts="127.0.0.5 host1
127.0.0.6 host2"
2022-04-26 23:09:11 +08:00
base_hosts_file="$TEST_SCRATCH_DIR/base_hosts"
2022-04-19 16:55:16 +08:00
echo "$hosts" > "$base_hosts_file"
2022-04-26 23:09:11 +08:00
containers_conf_file="$TEST_SCRATCH_DIR/containers.conf"
2022-04-19 16:55:16 +08:00
echo -e "[containers]\nbase_hosts_file = \"$base_hosts_file\"" > "$containers_conf_file"
CONTAINERS_CONF="$containers_conf_file" run_buildah run --hostname $hostname $cid cat /etc/hosts
expect_output --substring "127.0.0.5[[:blank:]]host1"
expect_output --substring "127.0.0.6[[:blank:]]host2"
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$hostname $cid"
# now check that hostname from base file is not overwritten
CONTAINERS_CONF="$containers_conf_file" run_buildah run --hostname host1 $cid cat /etc/hosts
expect_output --substring "127.0.0.5[[:blank:]]host1"
expect_output --substring "127.0.0.6[[:blank:]]host2"
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$cid"
assert "$output" !~ "(10.88.*|10.0.2.100)[[:blank:]]host1 $cid" "Container IP should not contain host1"
2023-06-22 21:31:32 +08:00
# check slirp4netns sets correct hostname with another cidr
run_buildah run --network slirp4netns:cidr=192.168.2.0/24 --hostname $hostname $cid cat /etc/hosts
expect_output --substring "192.168.2.100[[:blank:]]$hostname $cid"
2021-10-13 03:33:07 +08:00
run_buildah run --network=container $cid cat /etc/hosts
2020-07-23 05:06:01 +08:00
m=$(buildah mount $cid)
run cat $m/etc/hosts
[ "$status" -eq 0 ]
expect_output --substring ""
run_buildah rm -a
2024-06-12 00:10:22 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON ubuntu
2020-07-23 05:06:01 +08:00
cid=$output
2023-06-15 18:27:28 +08:00
run_buildah run --network=host --hostname $hostname $cid cat /etc/hosts
assert "$output" =~ "$ip[[:blank:]]$hostname"
2022-03-08 04:44:14 +08:00
hostOutput=$output
2020-07-23 05:06:01 +08:00
m=$(buildah mount $cid)
run cat $m/etc/hosts
[ "$status" -eq 0 ]
expect_output --substring ""
2022-03-08 04:44:14 +08:00
run_buildah run --network=host --no-hosts $cid cat /etc/hosts
[ "$output" != "$hostOutput" ]
2023-06-15 18:27:28 +08:00
# --isolation chroot implies host networking so check for the correct hosts entry
run_buildah run --isolation chroot --hostname $hostname $cid cat /etc/hosts
assert "$output" =~ "$ip[[:blank:]]$hostname"
2020-07-23 05:06:01 +08:00
run_buildah rm -a
2024-06-12 00:10:22 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON ubuntu
2020-07-23 05:06:01 +08:00
cid=$output
2021-10-13 03:33:07 +08:00
run_buildah run --network=none $cid sh -c 'echo "110.110.110.0 fake_host" >> /etc/hosts; cat /etc/hosts'
2020-07-23 05:06:01 +08:00
expect_output "110.110.110.0 fake_host"
m=$(buildah mount $cid)
run cat $m/etc/hosts
[ "$status" -eq 0 ]
expect_output "110.110.110.0 fake_host"
run_buildah rm -a
}
2024-03-18 18:22:31 +08:00
@test "run check /etc/hosts and resolv.conf with --network pasta" {
2023-06-23 00:14:50 +08:00
skip_if_no_runtime
skip_if_chroot
skip_if_root_environment "pasta only works rootless"
2024-03-05 18:36:49 +08:00
_prefetch alpine
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2023-06-23 00:14:50 +08:00
cid=$output
local hostname=h-$(random_string)
ip=$(hostname -I | cut -f 1 -d " ")
run_buildah run --network pasta --hostname $hostname $cid cat /etc/hosts
2023-06-28 21:20:39 +08:00
assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "--network pasta adds correct hostname"
2024-09-06 21:10:19 +08:00
# FIXME we need pasta 20240814 or newer in the VMs to enable this
# assert "$output" =~ "169.254.1.2[[:blank:]]host.containers.internal" "--network pasta adds correct internal entry"
2023-06-28 21:20:39 +08:00
# check with containers.conf setting
echo -e "[network]\ndefault_rootless_network_cmd = \"pasta\"" > ${TEST_SCRATCH_DIR}/containers.conf
CONTAINERS_CONF_OVERRIDE=${TEST_SCRATCH_DIR}/containers.conf run_buildah run --hostname $hostname $cid cat /etc/hosts
assert "$output" =~ "$ip[[:blank:]]$hostname $cid" "default_rootless_network_cmd = \"pasta\" works"
2024-03-18 18:22:31 +08:00
# resolv.conf checks
run_buildah run --network pasta $cid grep nameserver /etc/resolv.conf
2024-09-06 21:10:19 +08:00
assert "${lines[0]}" == "nameserver 169.254.1.1" "first pasta nameserver should be stub forwarder"
2024-03-18 18:22:31 +08:00
run_buildah run --network pasta:--dns-forward,192.168.0.1 $cid grep nameserver /etc/resolv.conf
assert "${lines[0]}" == "nameserver 192.168.0.1" "pasta nameserver with --dns-forward"
2023-06-23 00:14:50 +08:00
}
2020-07-23 05:06:01 +08:00
@test "run check /etc/resolv.conf" {
2022-03-04 18:38:38 +08:00
skip_if_rootless_environment
2021-08-04 18:31:13 +08:00
skip_if_no_runtime
2020-07-23 05:06:01 +08:00
2021-08-04 18:31:13 +08:00
${OCI} --version
_prefetch alpine
2020-07-23 05:06:01 +08:00
2021-08-04 18:31:13 +08:00
# Make sure to read the correct /etc/resolv.conf file in case of systemd-resolved.
resolve_file=$(readlink -f /etc/resolv.conf)
if [[ "$resolve_file" == "/run/systemd/resolve/stub-resolv.conf" ]]; then
resolve_file="/run/systemd/resolve/resolv.conf"
fi
run grep nameserver $resolve_file
# filter out 127... nameservers
run grep -v "nameserver 127." <<< "$output"
nameservers="$output"
# in case of rootless add extra slirp4netns nameserver
if is_rootless; then
nameservers="nameserver 10.0.2.3
$output"
fi
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-08-04 18:31:13 +08:00
cid=$output
run_buildah run --network=private $cid grep nameserver /etc/resolv.conf
# check that no 127... nameserver is in resolv.conf
assert "$output" !~ "^nameserver 127." "Container contains local nameserver"
assert "$nameservers" "Container nameservers match correct host nameservers"
if ! is_rootless; then
run_buildah mount $cid
assert "$output" != ""
assert "$(< $output/etc/resolv.conf)" = "" "resolv.conf is empty"
fi
2020-07-23 05:06:01 +08:00
run_buildah rm -a
2021-08-04 18:31:13 +08:00
run grep nameserver /etc/resolv.conf
nameservers="$output"
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-08-04 18:31:13 +08:00
cid=$output
run_buildah run --isolation=chroot --network=host $cid grep nameserver /etc/resolv.conf
assert "$nameservers" "Container nameservers match the host nameservers"
if ! is_rootless; then
run_buildah mount $cid
assert "$output" != ""
assert "$(< $output/etc/resolv.conf)" = "" "resolv.conf is empty"
fi
2020-07-23 05:06:01 +08:00
run_buildah rm -a
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-08-04 18:31:13 +08:00
cid=$output
2022-09-19 17:08:50 +08:00
run_buildah 125 run --isolation=chroot --network=none $cid sh -c 'echo "nameserver 110.110.0.110" >> /etc/resolv.conf; cat /etc/resolv.conf'
expect_output --substring "cannot set --network other than host with --isolation chroot"
2020-07-23 05:06:01 +08:00
run_buildah rm -a
}
2021-03-02 01:19:01 +08:00
2022-09-19 17:08:50 +08:00
@test "run --network=none and --isolation chroot must conflict" {
skip_if_no_runtime
2024-03-30 04:46:47 +08:00
_prefetch alpine
2024-02-22 18:08:24 +08:00
run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
2022-09-19 17:08:50 +08:00
cid=$output
# should fail by default
run_buildah 125 run --isolation=chroot --network=none $cid wget google.com
expect_output --substring "cannot set --network other than host with --isolation chroot"
}
2023-03-23 21:47:58 +08:00
@test "run --network=private must mount a fresh /sys" {
skip_if_no_runtime
2024-03-30 04:46:47 +08:00
_prefetch alpine
2024-02-22 18:08:24 +08:00
run_buildah from --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
2023-03-23 21:47:58 +08:00
cid=$output
# verify there is no /sys/kernel/security in the container, that would mean /sys
# was bind mounted from the host.
run_buildah 1 run --network=private $cid grep /sys/kernel/security /proc/self/mountinfo
}
2021-10-26 16:53:20 +08:00
@test "run --network should override build --network" {
skip_if_no_runtime
2024-03-30 04:46:47 +08:00
_prefetch alpine
2024-02-22 18:08:24 +08:00
run_buildah from --network=none --quiet --pull=ifmissing $WITH_POLICY_JSON alpine
2021-10-26 16:53:20 +08:00
cid=$output
# should fail by default
run_buildah 1 run $cid wget google.com
expect_output --substring "bad"
# try pinging external website
run_buildah run --network=private $cid wget google.com
expect_output --substring "index.html"
run_buildah rm -a
}
2021-03-02 01:19:01 +08:00
@test "run --user" {
skip_if_no_runtime
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-03-02 01:19:01 +08:00
cid=$output
run_buildah run --user sync $cid whoami
expect_output "sync"
run_buildah 125 run --user noexist $cid whoami
expect_output --substring "unknown user error"
}
2021-04-02 05:16:05 +08:00
@test "run --runtime --runtime-flag" {
skip_if_in_container
skip_if_no_runtime
_prefetch alpine
# Use seccomp to make crun output a warning message because crun writes few logs.
2022-04-26 23:09:11 +08:00
cat > ${TEST_SCRATCH_DIR}/seccomp.json << _EOF
2021-04-02 05:16:05 +08:00
{
"defaultAction": "SCMP_ACT_ALLOW",
"syscalls": [
{
"name": "unknown",
"action": "SCMP_ACT_KILL"
}
]
}
_EOF
2022-04-26 23:09:11 +08:00
run_buildah from --security-opt seccomp=${TEST_SCRATCH_DIR}/seccomp.json --quiet --pull=false $WITH_POLICY_JSON alpine
2021-04-02 05:16:05 +08:00
cid=$output
2021-04-06 04:17:59 +08:00
local found_runtime=
2021-04-02 05:16:05 +08:00
if [ -n "$(command -v runc)" ]; then
2021-04-06 04:17:59 +08:00
found_runtime=y
2022-08-02 05:15:33 +08:00
run_buildah '?' run --runtime=runc --runtime-flag=debug $cid true
2021-04-02 05:16:05 +08:00
if [ "$status" -eq 0 ]; then
2023-01-05 21:42:11 +08:00
assert "$output" != "" "Output from running 'true' with --runtime-flag=debug"
2021-04-02 05:16:05 +08:00
else
# runc fully supports cgroup v2 (unified mode) since v1.0.0-rc93.
# older runc doesn't work on cgroup v2.
expect_output --substring "this version of runc doesn't work on cgroups v2" "should fail by unsupportability for cgroupv2"
fi
fi
if [ -n "$(command -v crun)" ]; then
2021-04-06 04:17:59 +08:00
found_runtime=y
2023-01-18 00:02:04 +08:00
run_buildah run --runtime=crun --runtime-flag=log=${TEST_SCRATCH_DIR}/oci-log $cid true
if test \! -e ${TEST_SCRATCH_DIR}/oci-log; then
die "the expected file ${TEST_SCRATCH_DIR}/oci-log was not created"
fi
2021-04-02 05:16:05 +08:00
fi
2021-04-06 04:17:59 +08:00
if [ -z "${found_runtime}" ]; then
skip "Did not find 'runc' nor 'crun' in \$PATH - could not run this test!"
fi
2021-04-02 05:16:05 +08:00
}
@test "run --terminal" {
skip_if_no_runtime
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2021-04-02 05:16:05 +08:00
cid=$output
run_buildah run --terminal=true $cid ls --color=auto
colored="$output"
run_buildah run --terminal=false $cid ls --color=auto
uncolored="$output"
[ "$colored" != "$uncolored" ]
}
2022-02-14 17:05:46 +08:00
@test "rootless on cgroupv2 and systemd runs under user.slice" {
skip_if_no_runtime
skip_if_cgroupsv1
skip_if_in_container
2022-04-01 21:28:53 +08:00
skip_if_root_environment
2022-02-14 17:05:46 +08:00
if test "$DBUS_SESSION_BUS_ADDRESS" = ""; then
2022-04-01 21:28:53 +08:00
skip "$test does not work when DBUS_SESSION_BUS_ADDRESS is not defined"
2022-02-14 17:05:46 +08:00
fi
2022-03-25 04:32:47 +08:00
_prefetch alpine
2022-02-14 17:05:46 +08:00
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2022-02-14 17:05:46 +08:00
cid=$output
run_buildah run --cgroupns=host $cid cat /proc/self/cgroup
expect_output --substring "/user.slice/"
}
2022-03-25 04:32:47 +08:00
@test "run-inheritable-capabilities" {
skip_if_no_runtime
_prefetch alpine
2022-04-26 21:47:03 +08:00
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
2022-03-25 04:32:47 +08:00
cid=$output
run_buildah run $cid grep ^CapInh: /proc/self/status
expect_output "CapInh: 0000000000000000"
run_buildah run --cap-add=ALL $cid grep ^CapInh: /proc/self/status
expect_output "CapInh: 0000000000000000"
}
2023-10-28 01:10:18 +08:00
@test "run masks" {
skip_if_no_runtime
_prefetch alpine
run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
cid=$output
2025-01-22 01:52:15 +08:00
for mask in /proc/acpi /proc/kcore /proc/keys /proc/latency_stats /proc/sched_debug /proc/scsi /proc/timer_list /proc/timer_stats /sys/devices/virtual/powercap /sys/firmware /sys/fs/selinux; do
2023-10-28 01:10:18 +08:00
if test -d $mask; then
run_buildah run $cid ls $mask
expect_output "" "Directories should be empty"
fi
if test -f $mask; then
run_buildah run $cid cat $mask
expect_output "" "Directories should be empty"
fi
done
}
2024-02-02 00:14:13 +08:00
@test "empty run statement doesn't crash" {
skip_if_no_runtime
_prefetch alpine
cd ${TEST_SCRATCH_DIR}
printf 'FROM alpine\nRUN \\\n echo && echo' > Dockerfile
run_buildah bud --pull=false --layers .
printf 'FROM alpine\nRUN\n echo && echo' > Dockerfile
run_buildah ? bud --pull=false --layers .
expect_output --substring -- "-c requires an argument"
}
