2017-03-18 06:45:19 +08:00
|
|
|
#!/usr/bin/env bats
|
|
|
|
|
|
|
|
|
|
load helpers
|
|
|
|
|
|
|
|
|
|
@test "run" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2017-03-18 06:45:19 +08:00
|
|
|
createrandom ${TESTDIR}/randomfile
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
root=$output
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /tmp $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /root $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/root"
|
2017-03-18 06:45:19 +08:00
|
|
|
cp ${TESTDIR}/randomfile $root/tmp/
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah run $cid cp /tmp/randomfile /tmp/other-randomfile
|
2017-03-18 06:45:19 +08:00
|
|
|
test -s $root/tmp/other-randomfile
|
|
|
|
|
cmp ${TESTDIR}/randomfile $root/tmp/other-randomfile
|
2017-07-21 01:41:51 +08:00
|
|
|
|
2019-06-12 18:19:28 +08:00
|
|
|
seq 100000 | buildah run $cid -- sh -c 'while read i; do echo $i; done'
|
2017-07-21 01:41:51 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run--args" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should fail, because buildah run doesn't have a -n flag.
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -n $cid echo test
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --, which is preserved as part of the command.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid echo -- -n test
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- -n test"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --, which is not part of the command.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -n -- test
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- test"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -- -n test --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- -n test --"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -n "test"
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "test"
|
2017-03-18 06:45:19 +08:00
|
|
|
}
|
2017-04-05 05:31:02 +08:00
|
|
|
|
2017-06-23 23:53:51 +08:00
|
|
|
@test "run-cmd" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /tmp $cid
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# Configured entrypoint/cmd shouldn't modify behaviour of run with no arguments
|
|
|
|
|
|
|
|
|
|
# empty entrypoint, configured cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "empty entrypoint, cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# empty entrypoint, configured cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "empty entrypoint, cmd, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint, empty cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, empty cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint, empty cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, empty cmd, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint only, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint only, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2019-11-17 00:31:41 +08:00
|
|
|
# configured cmd only, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "cmd, no args"
|
2018-05-03 07:13:28 +08:00
|
|
|
|
2019-01-22 23:35:52 +08:00
|
|
|
# configured cmd only, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "cmd, no args, --"
|
2018-05-03 13:48:50 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint, configured cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "pwd" $cid
|
|
|
|
|
run_buildah config --cmd "whoami" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint, configured cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "pwd" $cid
|
|
|
|
|
run_buildah config --cmd "whoami" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, cmd, no args"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# Configured entrypoint/cmd shouldn't modify behaviour of run with argument
|
|
|
|
|
# Note: entrypoint and cmd can be invalid in below tests as they should never execute
|
|
|
|
|
|
|
|
|
|
# empty entrypoint, configured cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "empty entrypoint, invalid cmd, pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint, empty cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid entrypoint, empty cmd, pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint only, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid entrypoint, no cmd(??), pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
2019-11-17 00:31:41 +08:00
|
|
|
# configured cmd only, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid cmd, no entrypoint(??), pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint, configured cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
|
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid cmd & entrypoint, pwd"
|
2017-06-23 23:53:51 +08:00
|
|
|
}
|
|
|
|
|
|
2021-04-29 23:40:50 +08:00
|
|
|
# Helper for run-user test. Generates a UID or GID that is not present
|
|
|
|
|
# in the given idfile (mounted /etc/passwd or /etc/group)
|
|
|
|
|
function random_unused_id() {
|
|
|
|
|
local idfile=$1
|
|
|
|
|
|
|
|
|
|
while :;do
|
|
|
|
|
id=$RANDOM
|
|
|
|
|
if ! fgrep -q :$id: $idfile; then
|
|
|
|
|
echo $id
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-02 05:56:29 +08:00
|
|
|
function configure_and_check_user() {
|
|
|
|
|
local setting=$1
|
|
|
|
|
local expect_u=$2
|
|
|
|
|
local expect_g=$3
|
|
|
|
|
|
|
|
|
|
run_buildah config -u "$setting" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -- $cid id -u
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "$expect_u" "id -u ($setting)"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -- $cid id -g
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "$expect_g" "id -g ($setting)"
|
2019-04-02 05:56:29 +08:00
|
|
|
}
|
|
|
|
|
|
2017-04-05 05:31:02 +08:00
|
|
|
@test "run-user" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2017-04-05 05:31:02 +08:00
|
|
|
eval $(go env)
|
|
|
|
|
echo CGO_ENABLED=${CGO_ENABLED}
|
|
|
|
|
if test "$CGO_ENABLED" -ne 1; then
|
2019-04-02 05:56:29 +08:00
|
|
|
skip "CGO_ENABLED = '$CGO_ENABLED'"
|
2017-04-05 05:31:02 +08:00
|
|
|
fi
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
root=$output
|
2017-04-05 05:31:02 +08:00
|
|
|
|
|
|
|
|
testuser=jimbo
|
2017-11-04 01:32:19 +08:00
|
|
|
testbogususer=nosuchuser
|
2017-04-05 05:31:02 +08:00
|
|
|
testgroup=jimbogroup
|
2021-04-29 23:40:50 +08:00
|
|
|
testuid=$(random_unused_id $root/etc/passwd)
|
|
|
|
|
testotheruid=$(random_unused_id $root/etc/passwd)
|
|
|
|
|
testgid=$(random_unused_id $root/etc/group)
|
|
|
|
|
testgroupid=$(random_unused_id $root/etc/group)
|
2017-04-05 05:31:02 +08:00
|
|
|
echo "$testuser:x:$testuid:$testgid:Jimbo Jenkins:/home/$testuser:/bin/sh" >> $root/etc/passwd
|
|
|
|
|
echo "$testgroup:x:$testgroupid:" >> $root/etc/group
|
|
|
|
|
|
2019-04-02 05:56:29 +08:00
|
|
|
configure_and_check_user "" 0 0
|
|
|
|
|
configure_and_check_user "${testuser}" $testuid $testgid
|
|
|
|
|
configure_and_check_user "${testuid}" $testuid $testgid
|
|
|
|
|
configure_and_check_user "${testuser}:${testgroup}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testuid}:${testgroup}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testotheruid}:${testgroup}" $testotheruid $testgroupid
|
|
|
|
|
configure_and_check_user "${testotheruid}" $testotheruid 0
|
|
|
|
|
configure_and_check_user "${testuser}:${testgroupid}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testuid}:${testgroupid}" $testuid $testgroupid
|
|
|
|
|
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config -u ${testbogususer} $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -u
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "id -u (bogus user)"
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -g
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "id -g (bogus user)"
|
2017-11-04 01:32:19 +08:00
|
|
|
|
2017-04-13 01:35:48 +08:00
|
|
|
ln -vsf /etc/passwd $root/etc/passwd
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config -u ${testuser}:${testgroup} $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -u
|
2017-04-13 01:35:48 +08:00
|
|
|
echo "$output"
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "run as unknown user"
|
2017-04-05 05:31:02 +08:00
|
|
|
}
|
2017-09-21 19:39:39 +08:00
|
|
|
|
2021-06-23 04:45:09 +08:00
|
|
|
@test "run --env" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah config --env foo=foo $cid
|
|
|
|
|
# Ensure foo=foo from `buildah config`
|
|
|
|
|
run_buildah run $cid -- /bin/sh -c 'echo $foo'
|
|
|
|
|
expect_output "foo"
|
|
|
|
|
# Ensure foo=bar from --env override
|
|
|
|
|
run_buildah run --env foo=bar $cid -- /bin/sh -c 'echo $foo'
|
|
|
|
|
expect_output "bar"
|
|
|
|
|
# Ensure that the --env override did not persist
|
|
|
|
|
run_buildah run $cid -- /bin/sh -c 'echo $foo'
|
|
|
|
|
expect_output "foo"
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-21 19:39:39 +08:00
|
|
|
@test "run --hostname" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid hostname
|
2017-09-21 19:39:39 +08:00
|
|
|
[ "$output" != "foobar" ]
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --hostname foobar $cid hostname
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "foobar"
|
2017-09-21 19:39:39 +08:00
|
|
|
}
|
2018-05-31 22:56:40 +08:00
|
|
|
|
2022-04-21 15:35:56 +08:00
|
|
|
@test "run should also override /etc/hostname" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
${OCI} --version
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --hostname foobar $cid hostname
|
|
|
|
|
expect_output "foobar"
|
|
|
|
|
hostname=$output
|
|
|
|
|
run_buildah run --hostname foobar $cid cat /etc/hostname
|
|
|
|
|
expect_output $hostname
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-31 22:56:40 +08:00
|
|
|
@test "run --volume" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2018-07-21 05:58:48 +08:00
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
zflag=z
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2018-05-31 22:56:40 +08:00
|
|
|
mkdir -p ${TESTDIR}/was-empty
|
|
|
|
|
# As a baseline, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -v ${TESTDIR}/was-empty:/var/not-empty${zflag:+:${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:59:24 +08:00
|
|
|
# Parsing options that with comma, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -v ${TESTDIR}/was-empty:/var/not-empty:rw,rshared${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2018-05-31 22:56:40 +08:00
|
|
|
# If we're parsing the options at all, this should be read-only, so it should fail.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah 1 run -v ${TESTDIR}/was-empty:/var/not-empty:ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2018-09-11 02:23:26 +08:00
|
|
|
# Even if the parent directory doesn't exist yet, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -v ${TESTDIR}/was-empty:/var/multi-level/subdirectory $cid touch /var/multi-level/subdirectory/testfile
|
2018-09-11 02:23:26 +08:00
|
|
|
# And check the same for file volumes.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -v ${TESTDIR}/was-empty/testfile:/var/different-multi-level/subdirectory/testfile $cid touch /var/different-multi-level/subdirectory/testfile
|
2021-03-31 18:57:18 +08:00
|
|
|
# And check the same for file volumes.
|
|
|
|
|
# Make sure directories show up inside of container on builtin mounts
|
|
|
|
|
run_buildah run -v ${TESTDIR}/was-empty:/run/secrets/testdir $cid ls -ld /run/secrets/testdir
|
2018-05-31 22:56:40 +08:00
|
|
|
}
|
2018-06-02 02:54:45 +08:00
|
|
|
|
2022-01-20 17:15:48 +08:00
|
|
|
@test "run overlay --volume with custom upper and workdir" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
zflag=z
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
${OCI} --version
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
mkdir -p ${TESTDIR}/upperdir
|
|
|
|
|
mkdir -p ${TESTDIR}/workdir
|
|
|
|
|
mkdir -p ${TESTDIR}/lower
|
|
|
|
|
|
|
|
|
|
echo 'hello' >> ${TESTDIR}/lower/hello
|
|
|
|
|
|
|
|
|
|
# As a baseline, this should succeed.
|
|
|
|
|
run_buildah run -v ${TESTDIR}/lower:/test:O,upperdir=${TESTDIR}/upperdir,workdir=${TESTDIR}/workdir${zflag:+:${zflag}} $cid cat /test/hello
|
|
|
|
|
expect_output "hello"
|
|
|
|
|
run_buildah run -v ${TESTDIR}/lower:/test:O,upperdir=${TESTDIR}/upperdir,workdir=${TESTDIR}/workdir${zflag:+:${zflag}} $cid sh -c 'echo "world" > /test/world'
|
|
|
|
|
|
|
|
|
|
#upper dir should persist content
|
|
|
|
|
result="$(cat ${TESTDIR}/upperdir/world)"
|
|
|
|
|
test "$result" == "world"
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-18 22:50:53 +08:00
|
|
|
@test "run --volume with U flag" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
# Create source volume.
|
|
|
|
|
mkdir ${TESTDIR}/testdata
|
|
|
|
|
|
|
|
|
|
# Create the container.
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
ctr="$output"
|
|
|
|
|
|
|
|
|
|
# Test user can create file in the mounted volume.
|
|
|
|
|
run_buildah run --user 888:888 --volume ${TESTDIR}/testdata:/mnt:z,U "$ctr" touch /mnt/testfile1.txt
|
|
|
|
|
|
|
|
|
|
# Test created file has correct UID and GID ownership.
|
|
|
|
|
run_buildah run --user 888:888 --volume ${TESTDIR}/testdata:/mnt:z,U "$ctr" stat -c "%u:%g" /mnt/testfile1.txt
|
|
|
|
|
expect_output "888:888"
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-23 04:45:09 +08:00
|
|
|
@test "run --workingdir" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run $cid pwd
|
|
|
|
|
expect_output "/"
|
|
|
|
|
run_buildah run --workingdir /bin $cid pwd
|
|
|
|
|
expect_output "/bin"
|
|
|
|
|
# Ensure the /bin workingdir override did not persist
|
|
|
|
|
run_buildah run $cid pwd
|
|
|
|
|
expect_output "/"
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-20 02:17:11 +08:00
|
|
|
@test "run --mount" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-06-20 02:17:11 +08:00
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
zflag=z
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-06-20 02:17:11 +08:00
|
|
|
mkdir -p ${TESTDIR}/was:empty
|
|
|
|
|
# As a baseline, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --mount type=tmpfs,dst=/var/tmpfs-not-empty $cid touch /var/tmpfs-not-empty/testfile
|
2021-10-18 13:51:51 +08:00
|
|
|
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/not-empty,rw${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# If we're parsing the options at all, this should be read-only, so it should fail.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah 1 run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/not-empty,ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# Even if the parent directory doesn't exist yet, this should succeed.
|
2021-10-18 13:51:51 +08:00
|
|
|
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/multi-level/subdirectory,rw $cid touch /var/multi-level/subdirectory/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# And check the same for file volumes.
|
2021-10-18 13:51:51 +08:00
|
|
|
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty/testfile,dst=/var/different-multi-level/subdirectory/testfile,rw $cid touch /var/different-multi-level/subdirectory/testfile
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run --mount=type=bind with from like buildkit" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
skip "skip if selinux enabled, since stages have different selinux label"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
run_buildah build -t buildkitbase --signature-policy ${TESTSDIR}/policy.json -f ${TESTSDIR}/bud/buildkit-mount-from/Dockerfilebuildkitbase ${TESTSDIR}/bud/buildkit-mount-from/
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --mount type=bind,source=.,from=buildkitbase,target=/test,z $cid cat /test/hello
|
|
|
|
|
expect_output --substring "hello"
|
|
|
|
|
run_buildah rmi -f buildkitbase
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run --mount=type=cache like buildkit" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
skip "skip if selinux enabled, since stages have different selinux label"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --mount type=cache,target=/test,z $cid sh -c 'echo "hello" > /test/hello && cat /test/hello'
|
|
|
|
|
run_buildah run --mount type=cache,target=/test,z $cid cat /test/hello
|
|
|
|
|
expect_output --substring "hello"
|
2019-06-20 02:17:11 +08:00
|
|
|
}
|
|
|
|
|
|
2018-06-02 02:54:45 +08:00
|
|
|
@test "run symlinks" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2018-06-02 02:54:45 +08:00
|
|
|
mkdir -p ${TESTDIR}/tmp
|
|
|
|
|
ln -s tmp ${TESTDIR}/tmp2
|
|
|
|
|
export TMPDIR=${TESTDIR}/tmp2
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid id
|
2018-06-02 02:54:45 +08:00
|
|
|
}
|
2018-06-05 05:36:26 +08:00
|
|
|
|
|
|
|
|
@test "run --cap-add/--cap-drop" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2018-06-05 05:36:26 +08:00
|
|
|
# Try with default caps.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
defaultcaps="$output"
|
|
|
|
|
# Try adding DAC_OVERRIDE.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --cap-add CAP_DAC_OVERRIDE $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
addedcaps="$output"
|
|
|
|
|
# Try dropping DAC_OVERRIDE.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --cap-drop CAP_DAC_OVERRIDE $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
droppedcaps="$output"
|
|
|
|
|
# Okay, now the "dropped" and "added" should be different.
|
|
|
|
|
test "$addedcaps" != "$droppedcaps"
|
|
|
|
|
# And one or the other should be different from the default, with the other being the same.
|
|
|
|
|
if test "$defaultcaps" == "$addedcaps" ; then
|
|
|
|
|
test "$defaultcaps" != "$droppedcaps"
|
|
|
|
|
fi
|
|
|
|
|
if test "$defaultcaps" == "$droppedcaps" ; then
|
|
|
|
|
test "$defaultcaps" != "$addedcaps"
|
|
|
|
|
fi
|
|
|
|
|
}
|
2018-07-30 23:54:15 +08:00
|
|
|
|
|
|
|
|
@test "Check if containers run with correct open files/processes limits" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
2021-05-12 00:21:09 +08:00
|
|
|
|
|
|
|
|
# we need to not use the list of limits that are set in our default
|
|
|
|
|
# ${TESTSDIR}/containers.conf for the sake of other tests, and override
|
|
|
|
|
# any that might be picked up from system-wide configuration
|
|
|
|
|
echo '[containers]' > ${TESTDIR}/containers.conf
|
|
|
|
|
echo 'default_ulimits = []' >> ${TESTDIR}/containers.conf
|
|
|
|
|
export CONTAINERS_CONF=${TESTDIR}/containers.conf
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2020-02-08 01:54:18 +08:00
|
|
|
maxpids=$(cat /proc/sys/kernel/pid_max)
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
|
2020-02-08 01:54:18 +08:00
|
|
|
expect_output 1024 "limits: open files (unlimited)"
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/processes/{print $3}' /proc/self/limits
|
2020-02-08 01:54:18 +08:00
|
|
|
expect_output ${maxpids} "limits: processes (unlimited)"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah rm $cid
|
2018-07-30 23:54:15 +08:00
|
|
|
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --ulimit nofile=300:400 --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "300" "limits: open files (w/file limit)"
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/processes/{print $3}' /proc/self/limits
|
2020-02-08 01:54:18 +08:00
|
|
|
expect_output ${maxpids} "limits: processes (w/file limit)"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah rm $cid
|
2018-07-30 23:54:15 +08:00
|
|
|
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --ulimit nproc=100:200 --ulimit nofile=300:400 --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "300" "limits: open files (w/file & proc limits)"
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/processes/{print $3}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "100" "limits: processes (w/file & proc limits)"
|
2021-05-12 00:21:09 +08:00
|
|
|
|
|
|
|
|
unset CONTAINERS_CONF
|
2018-07-30 23:54:15 +08:00
|
|
|
}
|
2018-10-25 03:15:40 +08:00
|
|
|
|
|
|
|
|
@test "run-builtin-volume-omitted" {
|
|
|
|
|
# This image is known to include a volume, but not include the mountpoint
|
|
|
|
|
# in the image.
|
Move away from using docker.io
November 2020, docker.io started restricting unauthenticated
image pulls. Try to work around this by using a custom
registries.conf file.
For the most part this means copying images from docker.io
to quay.io, via:
$ skopeo copy --all docker://docker.io/library/img:tag \
docker://quay.io/libpod/img:tag
...for the following values of 'img:tag':
busybox:musl
centos:7 centos:8 centos:latest
composer:latest
debian:latest ubuntu:latest
docker:latest
php:7.2
For each of those, it was necessary to go into the quay.io
GUI, click the image name, click the settings (gear) icon
at bottom left, click 'Make public', and confirm.
This process did not work in four instances, which required
special-casing:
commit.bats : openshift/hello-openshift did not match the
mirroring rules; I switched to alpine instead.
Nalin confirmed on IRC that there was no magic
reason for requiring hello-openshift.
pull.bats : change a SHA. AFAICT there was nothing magic
about the SHA being used, it was just a
convenient one for purposes of testing
pull-by-sha. I simply switched to the SHA
of an image present on quay.
registries.bats : was assuming that fedora-minimal shortname
would be pulled from fedora registry.
Unfortunately, we have a copy on quay
(for podman tests), so that's what we
pull by shortname, and it does not match
the SHA of the fedoraproject.org one.
Solution: pull by tag (fedora-minimal:32)
and hope that nobody ever mirrors that one
on quay.
run.bats : another pull-by-SHA, but this time I changed
the SHA to a named tag, and skopeo copy'd
that image from docker.io to the given name
on quay. This time there _is_ something
magic about that particular SHA (it's an
image with a specific volume quirk) but
there's no actual reason to reference it
by SHA - we simply did so because we have
no control over tag names on docker.io.
Since we control tag names on quay.io,
it's easy and more maintainable to give
this image a descriptive tag.
Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-12-08 06:36:43 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json quay.io/libpod/registry:volume_omitted
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
mnt=$output
|
2018-10-25 03:15:40 +08:00
|
|
|
# By default, the mountpoint should not be there.
|
|
|
|
|
run test -d "$mnt"/var/lib/registry
|
|
|
|
|
echo "$output"
|
|
|
|
|
[ "$status" -ne 0 ]
|
|
|
|
|
# We'll create the mountpoint for "run".
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid ls -1 /var/lib
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "registry"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-10-25 03:15:40 +08:00
|
|
|
# Double-check that the mountpoint is there.
|
2019-04-02 05:56:29 +08:00
|
|
|
test -d "$mnt"/var/lib/registry
|
2018-10-25 03:15:40 +08:00
|
|
|
}
|
2019-08-23 00:45:36 +08:00
|
|
|
|
|
|
|
|
@test "run-exit-status" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-08-23 00:45:36 +08:00
|
|
|
run_buildah 42 run ${cid} sh -c 'exit 42'
|
|
|
|
|
}
|
2019-09-06 04:54:40 +08:00
|
|
|
|
2020-04-16 21:48:43 +08:00
|
|
|
@test "run-exit-status on non executable" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah 1 run ${cid} /etc
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-06 04:54:40 +08:00
|
|
|
@test "Verify /run/.containerenv exist" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-06 04:54:40 +08:00
|
|
|
# test a standard mount to /run/.containerenv
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid ls -1 /run/.containerenv
|
2019-09-06 04:54:40 +08:00
|
|
|
expect_output --substring "/run/.containerenv"
|
2020-11-24 08:07:50 +08:00
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $engine'
|
|
|
|
|
expect_output --substring "buildah"
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $name'
|
|
|
|
|
expect_output "alpine-working-container"
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $image'
|
|
|
|
|
expect_output --substring "alpine:latest"
|
|
|
|
|
|
|
|
|
|
rootless=0
|
|
|
|
|
if ["$(id -u)" -ne 0 ]; then
|
|
|
|
|
rootless=1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $rootless'
|
|
|
|
|
expect_output ${rootless}
|
2019-09-06 04:54:40 +08:00
|
|
|
}
|
2019-09-07 03:07:18 +08:00
|
|
|
|
|
|
|
|
@test "run-device" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse:rm --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse:rwm --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run-device-Rename" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
skip_if_chroot
|
|
|
|
|
skip_if_rootless
|
2019-09-07 03:07:18 +08:00
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse1 --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse1
|
|
|
|
|
}
|
2020-07-23 05:06:01 +08:00
|
|
|
|
|
|
|
|
@test "run check /etc/hosts" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2020-07-23 05:06:01 +08:00
|
|
|
skip_if_no_runtime
|
2022-01-19 23:43:02 +08:00
|
|
|
skip_if_in_container
|
2020-07-23 05:06:01 +08:00
|
|
|
|
|
|
|
|
${OCI} --version
|
|
|
|
|
_prefetch debian
|
|
|
|
|
|
2022-04-19 16:55:16 +08:00
|
|
|
local hostname=h-$(random_string)
|
|
|
|
|
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json debian
|
|
|
|
|
cid=$output
|
2021-10-13 03:33:07 +08:00
|
|
|
run_buildah 125 run --network=bogus $cid cat /etc/hosts
|
2022-03-08 04:44:14 +08:00
|
|
|
expect_output --substring "unable to find network with name or ID bogus: network not found"
|
2022-04-19 16:55:16 +08:00
|
|
|
run_buildah run --hostname $hostname $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$hostname $cid"
|
2021-10-13 03:33:07 +08:00
|
|
|
ip=$(hostname -I | cut -f 1 -d " ")
|
|
|
|
|
expect_output --substring "$ip.*host.containers.internal"
|
|
|
|
|
|
2022-04-19 16:55:16 +08:00
|
|
|
hosts="127.0.0.5 host1
|
|
|
|
|
127.0.0.6 host2"
|
|
|
|
|
base_hosts_file="$TESTDIR/base_hosts"
|
|
|
|
|
echo "$hosts" > "$base_hosts_file"
|
|
|
|
|
containers_conf_file="$TESTDIR/containers.conf"
|
|
|
|
|
echo -e "[containers]\nbase_hosts_file = \"$base_hosts_file\"" > "$containers_conf_file"
|
|
|
|
|
CONTAINERS_CONF="$containers_conf_file" run_buildah run --hostname $hostname $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "127.0.0.5[[:blank:]]host1"
|
|
|
|
|
expect_output --substring "127.0.0.6[[:blank:]]host2"
|
|
|
|
|
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$hostname $cid"
|
|
|
|
|
|
|
|
|
|
# now check that hostname from base file is not overwritten
|
|
|
|
|
CONTAINERS_CONF="$containers_conf_file" run_buildah run --hostname host1 $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "127.0.0.5[[:blank:]]host1"
|
|
|
|
|
expect_output --substring "127.0.0.6[[:blank:]]host2"
|
|
|
|
|
expect_output --substring "(10.88.*|10.0.2.100)[[:blank:]]$cid"
|
|
|
|
|
assert "$output" !~ "(10.88.*|10.0.2.100)[[:blank:]]host1 $cid" "Container IP should not contain host1"
|
|
|
|
|
|
2021-10-13 03:33:07 +08:00
|
|
|
run_buildah run --network=container $cid cat /etc/hosts
|
2020-07-23 05:06:01 +08:00
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring ""
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json debian
|
|
|
|
|
cid=$output
|
2021-10-13 03:33:07 +08:00
|
|
|
run_buildah run --network=host $cid cat /etc/hosts
|
2022-03-08 04:44:14 +08:00
|
|
|
hostOutput=$output
|
2020-07-23 05:06:01 +08:00
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring ""
|
2022-03-08 04:44:14 +08:00
|
|
|
run_buildah run --network=host --no-hosts $cid cat /etc/hosts
|
|
|
|
|
[ "$output" != "$hostOutput" ]
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah rm -a
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json debian
|
|
|
|
|
cid=$output
|
2021-10-13 03:33:07 +08:00
|
|
|
run_buildah run --network=none $cid sh -c 'echo "110.110.110.0 fake_host" >> /etc/hosts; cat /etc/hosts'
|
2020-07-23 05:06:01 +08:00
|
|
|
expect_output "110.110.110.0 fake_host"
|
|
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output "110.110.110.0 fake_host"
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run check /etc/resolv.conf" {
|
2022-03-04 18:38:38 +08:00
|
|
|
skip_if_rootless_environment
|
2021-08-04 18:31:13 +08:00
|
|
|
skip_if_no_runtime
|
2020-07-23 05:06:01 +08:00
|
|
|
|
2021-08-04 18:31:13 +08:00
|
|
|
${OCI} --version
|
|
|
|
|
_prefetch alpine
|
2020-07-23 05:06:01 +08:00
|
|
|
|
2021-08-04 18:31:13 +08:00
|
|
|
# Make sure to read the correct /etc/resolv.conf file in case of systemd-resolved.
|
|
|
|
|
resolve_file=$(readlink -f /etc/resolv.conf)
|
|
|
|
|
if [[ "$resolve_file" == "/run/systemd/resolve/stub-resolv.conf" ]]; then
|
|
|
|
|
resolve_file="/run/systemd/resolve/resolv.conf"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
run grep nameserver $resolve_file
|
|
|
|
|
# filter out 127... nameservers
|
|
|
|
|
run grep -v "nameserver 127." <<< "$output"
|
|
|
|
|
nameservers="$output"
|
|
|
|
|
# in case of rootless add extra slirp4netns nameserver
|
|
|
|
|
if is_rootless; then
|
|
|
|
|
nameservers="nameserver 10.0.2.3
|
|
|
|
|
$output"
|
|
|
|
|
fi
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --network=private $cid grep nameserver /etc/resolv.conf
|
|
|
|
|
# check that no 127... nameserver is in resolv.conf
|
|
|
|
|
assert "$output" !~ "^nameserver 127." "Container contains local nameserver"
|
|
|
|
|
assert "$nameservers" "Container nameservers match correct host nameservers"
|
|
|
|
|
if ! is_rootless; then
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
assert "$output" != ""
|
|
|
|
|
assert "$(< $output/etc/resolv.conf)" = "" "resolv.conf is empty"
|
|
|
|
|
fi
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah rm -a
|
|
|
|
|
|
2021-08-04 18:31:13 +08:00
|
|
|
run grep nameserver /etc/resolv.conf
|
|
|
|
|
nameservers="$output"
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --isolation=chroot --network=host $cid grep nameserver /etc/resolv.conf
|
|
|
|
|
assert "$nameservers" "Container nameservers match the host nameservers"
|
|
|
|
|
if ! is_rootless; then
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
assert "$output" != ""
|
|
|
|
|
assert "$(< $output/etc/resolv.conf)" = "" "resolv.conf is empty"
|
|
|
|
|
fi
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah rm -a
|
|
|
|
|
|
2021-08-04 18:31:13 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --isolation=chroot --network=none $cid sh -c 'echo "nameserver 110.110.0.110" >> /etc/resolv.conf; cat /etc/resolv.conf'
|
2020-07-23 05:06:01 +08:00
|
|
|
expect_output "nameserver 110.110.0.110"
|
2021-08-04 18:31:13 +08:00
|
|
|
if ! is_rootless; then
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
assert "$output" != ""
|
|
|
|
|
assert "$(< $output/etc/resolv.conf)" =~ "^nameserver 110.110.0.110" "Nameserver is set in the image resolv.conf file"
|
|
|
|
|
fi
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah rm -a
|
|
|
|
|
}
|
2021-03-02 01:19:01 +08:00
|
|
|
|
2021-10-26 16:53:20 +08:00
|
|
|
@test "run --network should override build --network" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
run_buildah from --network=none --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
# should fail by default
|
|
|
|
|
run_buildah 1 run $cid wget google.com
|
|
|
|
|
expect_output --substring "bad"
|
|
|
|
|
# try pinging external website
|
|
|
|
|
run_buildah run --network=private $cid wget google.com
|
|
|
|
|
expect_output --substring "index.html"
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 01:19:01 +08:00
|
|
|
@test "run --user" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --user sync $cid whoami
|
|
|
|
|
expect_output "sync"
|
|
|
|
|
run_buildah 125 run --user noexist $cid whoami
|
|
|
|
|
expect_output --substring "unknown user error"
|
|
|
|
|
}
|
2021-04-02 05:16:05 +08:00
|
|
|
|
|
|
|
|
@test "run --runtime --runtime-flag" {
|
|
|
|
|
skip_if_in_container
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
|
|
|
|
|
# Use seccomp to make crun output a warning message because crun writes few logs.
|
|
|
|
|
cat > ${TESTDIR}/seccomp.json << _EOF
|
|
|
|
|
{
|
|
|
|
|
"defaultAction": "SCMP_ACT_ALLOW",
|
|
|
|
|
"syscalls": [
|
|
|
|
|
{
|
|
|
|
|
"name": "unknown",
|
|
|
|
|
"action": "SCMP_ACT_KILL"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
_EOF
|
|
|
|
|
run_buildah from --security-opt seccomp=${TESTDIR}/seccomp.json --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
|
2021-04-06 04:17:59 +08:00
|
|
|
local found_runtime=
|
|
|
|
|
|
2021-04-02 05:16:05 +08:00
|
|
|
if [ -n "$(command -v runc)" ]; then
|
2021-04-06 04:17:59 +08:00
|
|
|
found_runtime=y
|
2021-04-02 05:16:05 +08:00
|
|
|
run_buildah ? run --runtime=runc --runtime-flag=debug $cid true
|
|
|
|
|
if [ "$status" -eq 0 ]; then
|
|
|
|
|
[ -n "$output" ]
|
|
|
|
|
else
|
|
|
|
|
# runc fully supports cgroup v2 (unified mode) since v1.0.0-rc93.
|
|
|
|
|
# older runc doesn't work on cgroup v2.
|
|
|
|
|
expect_output --substring "this version of runc doesn't work on cgroups v2" "should fail by unsupportability for cgroupv2"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -n "$(command -v crun)" ]; then
|
2021-04-06 04:17:59 +08:00
|
|
|
found_runtime=y
|
2021-04-02 05:16:05 +08:00
|
|
|
run_buildah run --runtime=crun --runtime-flag=debug $cid true
|
|
|
|
|
[ -n "$output" ]
|
|
|
|
|
fi
|
2021-04-06 04:17:59 +08:00
|
|
|
|
|
|
|
|
if [ -z "${found_runtime}" ]; then
|
|
|
|
|
skip "Did not find 'runc' nor 'crun' in \$PATH - could not run this test!"
|
|
|
|
|
fi
|
|
|
|
|
|
2021-04-02 05:16:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run --terminal" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --terminal=true $cid ls --color=auto
|
|
|
|
|
colored="$output"
|
|
|
|
|
run_buildah run --terminal=false $cid ls --color=auto
|
|
|
|
|
uncolored="$output"
|
|
|
|
|
[ "$colored" != "$uncolored" ]
|
|
|
|
|
}
|
2022-02-14 17:05:46 +08:00
|
|
|
|
|
|
|
|
@test "rootless on cgroupv2 and systemd runs under user.slice" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
skip_if_cgroupsv1
|
|
|
|
|
skip_if_in_container
|
2022-04-01 21:28:53 +08:00
|
|
|
skip_if_root_environment
|
2022-02-14 17:05:46 +08:00
|
|
|
if test "$DBUS_SESSION_BUS_ADDRESS" = ""; then
|
2022-04-01 21:28:53 +08:00
|
|
|
skip "$test does not work when DBUS_SESSION_BUS_ADDRESS is not defined"
|
2022-02-14 17:05:46 +08:00
|
|
|
fi
|
2022-03-25 04:32:47 +08:00
|
|
|
_prefetch alpine
|
2022-02-14 17:05:46 +08:00
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --cgroupns=host $cid cat /proc/self/cgroup
|
|
|
|
|
expect_output --substring "/user.slice/"
|
|
|
|
|
}
|
2022-03-25 04:32:47 +08:00
|
|
|
|
|
|
|
|
@test "run-inheritable-capabilities" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run $cid grep ^CapInh: /proc/self/status
|
|
|
|
|
expect_output "CapInh: 0000000000000000"
|
|
|
|
|
run_buildah run --cap-add=ALL $cid grep ^CapInh: /proc/self/status
|
|
|
|
|
expect_output "CapInh: 0000000000000000"
|
|
|
|
|
}
|
