2017-03-18 06:45:19 +08:00
|
|
|
#!/usr/bin/env bats
|
|
|
|
|
|
|
|
|
|
load helpers
|
|
|
|
|
|
|
|
|
|
@test "run" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2017-03-18 06:45:19 +08:00
|
|
|
createrandom ${TESTDIR}/randomfile
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
root=$output
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /tmp $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /root $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/root"
|
2017-03-18 06:45:19 +08:00
|
|
|
cp ${TESTDIR}/randomfile $root/tmp/
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah run $cid cp /tmp/randomfile /tmp/other-randomfile
|
2017-03-18 06:45:19 +08:00
|
|
|
test -s $root/tmp/other-randomfile
|
|
|
|
|
cmp ${TESTDIR}/randomfile $root/tmp/other-randomfile
|
2017-07-21 01:41:51 +08:00
|
|
|
|
2019-06-12 18:19:28 +08:00
|
|
|
seq 100000 | buildah run $cid -- sh -c 'while read i; do echo $i; done'
|
2017-07-21 01:41:51 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run--args" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should fail, because buildah run doesn't have a -n flag.
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -n $cid echo test
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --, which is preserved as part of the command.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid echo -- -n test
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- -n test"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --, which is not part of the command.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -n -- test
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- test"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -- -n test --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output -- "-- -n test --"
|
2017-07-21 01:41:51 +08:00
|
|
|
|
|
|
|
|
# This should succeed, because buildah run stops caring at the --.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- echo -n "test"
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "test"
|
2017-03-18 06:45:19 +08:00
|
|
|
}
|
2017-04-05 05:31:02 +08:00
|
|
|
|
2017-06-23 23:53:51 +08:00
|
|
|
@test "run-cmd" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --workingdir /tmp $cid
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# Configured entrypoint/cmd shouldn't modify behaviour of run with no arguments
|
|
|
|
|
|
|
|
|
|
# empty entrypoint, configured cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "empty entrypoint, cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# empty entrypoint, configured cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "empty entrypoint, cmd, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint, empty cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, empty cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint, empty cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, empty cmd, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint only, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint only, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, no args, --"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2019-11-17 00:31:41 +08:00
|
|
|
# configured cmd only, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "cmd, no args"
|
2018-05-03 07:13:28 +08:00
|
|
|
|
2019-01-22 23:35:52 +08:00
|
|
|
# configured cmd only, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd pwd $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "cmd, no args, --"
|
2018-05-03 13:48:50 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
# configured entrypoint, configured cmd, empty run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "pwd" $cid
|
|
|
|
|
run_buildah config --cmd "whoami" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, cmd, no args"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-05-03 13:48:50 +08:00
|
|
|
# configured entrypoint, configured cmd, empty run arguments, end parsing option
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "pwd" $cid
|
|
|
|
|
run_buildah config --cmd "whoami" $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run $cid --
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "command must be specified" "entrypoint, cmd, no args"
|
2017-06-23 23:53:51 +08:00
|
|
|
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# Configured entrypoint/cmd shouldn't modify behaviour of run with argument
|
|
|
|
|
# Note: entrypoint and cmd can be invalid in below tests as they should never execute
|
|
|
|
|
|
|
|
|
|
# empty entrypoint, configured cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "" $cid
|
|
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "empty entrypoint, invalid cmd, pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint, empty cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
|
|
|
|
run_buildah config --cmd "" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid entrypoint, empty cmd, pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint only, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid entrypoint, no cmd(??), pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
2019-11-17 00:31:41 +08:00
|
|
|
# configured cmd only, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid cmd, no entrypoint(??), pwd"
|
2018-05-03 07:50:13 +08:00
|
|
|
|
|
|
|
|
# configured entrypoint, configured cmd, configured run arguments
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config --entrypoint "/invalid/entrypoint" $cid
|
|
|
|
|
run_buildah config --cmd "/invalid/cmd" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid -- pwd
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "/tmp" "invalid cmd & entrypoint, pwd"
|
2017-06-23 23:53:51 +08:00
|
|
|
}
|
|
|
|
|
|
2019-04-02 05:56:29 +08:00
|
|
|
function configure_and_check_user() {
|
|
|
|
|
local setting=$1
|
|
|
|
|
local expect_u=$2
|
|
|
|
|
local expect_g=$3
|
|
|
|
|
|
|
|
|
|
run_buildah config -u "$setting" $cid
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -- $cid id -u
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "$expect_u" "id -u ($setting)"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -- $cid id -g
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "$expect_g" "id -g ($setting)"
|
2019-04-02 05:56:29 +08:00
|
|
|
}
|
|
|
|
|
|
2017-04-05 05:31:02 +08:00
|
|
|
@test "run-user" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2017-04-05 05:31:02 +08:00
|
|
|
eval $(go env)
|
|
|
|
|
echo CGO_ENABLED=${CGO_ENABLED}
|
|
|
|
|
if test "$CGO_ENABLED" -ne 1; then
|
2019-04-02 05:56:29 +08:00
|
|
|
skip "CGO_ENABLED = '$CGO_ENABLED'"
|
2017-04-05 05:31:02 +08:00
|
|
|
fi
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
root=$output
|
2017-04-05 05:31:02 +08:00
|
|
|
|
|
|
|
|
testuser=jimbo
|
2017-11-04 01:32:19 +08:00
|
|
|
testbogususer=nosuchuser
|
2017-04-05 05:31:02 +08:00
|
|
|
testgroup=jimbogroup
|
|
|
|
|
testuid=$RANDOM
|
2017-11-03 01:39:56 +08:00
|
|
|
testotheruid=$RANDOM
|
2017-04-05 05:31:02 +08:00
|
|
|
testgid=$RANDOM
|
|
|
|
|
testgroupid=$RANDOM
|
|
|
|
|
echo "$testuser:x:$testuid:$testgid:Jimbo Jenkins:/home/$testuser:/bin/sh" >> $root/etc/passwd
|
|
|
|
|
echo "$testgroup:x:$testgroupid:" >> $root/etc/group
|
|
|
|
|
|
2019-04-02 05:56:29 +08:00
|
|
|
configure_and_check_user "" 0 0
|
|
|
|
|
configure_and_check_user "${testuser}" $testuid $testgid
|
|
|
|
|
configure_and_check_user "${testuid}" $testuid $testgid
|
|
|
|
|
configure_and_check_user "${testuser}:${testgroup}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testuid}:${testgroup}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testotheruid}:${testgroup}" $testotheruid $testgroupid
|
|
|
|
|
configure_and_check_user "${testotheruid}" $testotheruid 0
|
|
|
|
|
configure_and_check_user "${testuser}:${testgroupid}" $testuid $testgroupid
|
|
|
|
|
configure_and_check_user "${testuid}:${testgroupid}" $testuid $testgroupid
|
|
|
|
|
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config -u ${testbogususer} $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -u
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "id -u (bogus user)"
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -g
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "id -g (bogus user)"
|
2017-11-04 01:32:19 +08:00
|
|
|
|
2017-04-13 01:35:48 +08:00
|
|
|
ln -vsf /etc/passwd $root/etc/passwd
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah config -u ${testuser}:${testgroup} $cid
|
2020-04-16 21:48:43 +08:00
|
|
|
run_buildah 125 run -- $cid id -u
|
2017-04-13 01:35:48 +08:00
|
|
|
echo "$output"
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "unknown user" "run as unknown user"
|
2017-04-05 05:31:02 +08:00
|
|
|
}
|
2017-09-21 19:39:39 +08:00
|
|
|
|
|
|
|
|
@test "run --hostname" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid hostname
|
2017-09-21 19:39:39 +08:00
|
|
|
[ "$output" != "foobar" ]
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --hostname foobar $cid hostname
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "foobar"
|
2017-09-21 19:39:39 +08:00
|
|
|
}
|
2018-05-31 22:56:40 +08:00
|
|
|
|
|
|
|
|
@test "run --volume" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2018-07-21 05:58:48 +08:00
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
zflag=z
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2018-05-31 22:56:40 +08:00
|
|
|
mkdir -p ${TESTDIR}/was-empty
|
|
|
|
|
# As a baseline, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -v ${TESTDIR}/was-empty:/var/not-empty${zflag:+:${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:59:24 +08:00
|
|
|
# Parsing options that with comma, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -v ${TESTDIR}/was-empty:/var/not-empty:rw,rshared${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2018-05-31 22:56:40 +08:00
|
|
|
# If we're parsing the options at all, this should be read-only, so it should fail.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah 1 run -v ${TESTDIR}/was-empty:/var/not-empty:ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2018-09-11 02:23:26 +08:00
|
|
|
# Even if the parent directory doesn't exist yet, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -v ${TESTDIR}/was-empty:/var/multi-level/subdirectory $cid touch /var/multi-level/subdirectory/testfile
|
2018-09-11 02:23:26 +08:00
|
|
|
# And check the same for file volumes.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run -v ${TESTDIR}/was-empty/testfile:/var/different-multi-level/subdirectory/testfile $cid touch /var/different-multi-level/subdirectory/testfile
|
2018-05-31 22:56:40 +08:00
|
|
|
}
|
2018-06-02 02:54:45 +08:00
|
|
|
|
2020-11-18 22:50:53 +08:00
|
|
|
@test "run --volume with U flag" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
# Create source volume.
|
|
|
|
|
mkdir ${TESTDIR}/testdata
|
|
|
|
|
|
|
|
|
|
# Create the container.
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
ctr="$output"
|
|
|
|
|
|
|
|
|
|
# Test user can create file in the mounted volume.
|
|
|
|
|
run_buildah run --user 888:888 --volume ${TESTDIR}/testdata:/mnt:z,U "$ctr" touch /mnt/testfile1.txt
|
|
|
|
|
|
|
|
|
|
# Test created file has correct UID and GID ownership.
|
|
|
|
|
run_buildah run --user 888:888 --volume ${TESTDIR}/testdata:/mnt:z,U "$ctr" stat -c "%u:%g" /mnt/testfile1.txt
|
|
|
|
|
expect_output "888:888"
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-20 02:17:11 +08:00
|
|
|
@test "run --mount" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-06-20 02:17:11 +08:00
|
|
|
zflag=
|
|
|
|
|
if which selinuxenabled > /dev/null 2> /dev/null ; then
|
|
|
|
|
if selinuxenabled ; then
|
|
|
|
|
zflag=z
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-06-20 02:17:11 +08:00
|
|
|
mkdir -p ${TESTDIR}/was:empty
|
|
|
|
|
# As a baseline, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --mount type=tmpfs,dst=/var/tmpfs-not-empty $cid touch /var/tmpfs-not-empty/testfile
|
|
|
|
|
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/not-empty${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# If we're parsing the options at all, this should be read-only, so it should fail.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah 1 run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/not-empty,ro${zflag:+,${zflag}} $cid touch /var/not-empty/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# Even if the parent directory doesn't exist yet, this should succeed.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty,dst=/var/multi-level/subdirectory $cid touch /var/multi-level/subdirectory/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
# And check the same for file volumes.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --mount type=bind,src=${TESTDIR}/was:empty/testfile,dst=/var/different-multi-level/subdirectory/testfile $cid touch /var/different-multi-level/subdirectory/testfile
|
2019-06-20 02:17:11 +08:00
|
|
|
}
|
|
|
|
|
|
2018-06-02 02:54:45 +08:00
|
|
|
@test "run symlinks" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2018-06-02 02:54:45 +08:00
|
|
|
mkdir -p ${TESTDIR}/tmp
|
|
|
|
|
ln -s tmp ${TESTDIR}/tmp2
|
|
|
|
|
export TMPDIR=${TESTDIR}/tmp2
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid id
|
2018-06-02 02:54:45 +08:00
|
|
|
}
|
2018-06-05 05:36:26 +08:00
|
|
|
|
|
|
|
|
@test "run --cap-add/--cap-drop" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2020-04-28 02:12:30 +08:00
|
|
|
${OCI} --version
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2018-06-05 05:36:26 +08:00
|
|
|
# Try with default caps.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
defaultcaps="$output"
|
|
|
|
|
# Try adding DAC_OVERRIDE.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --cap-add CAP_DAC_OVERRIDE $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
addedcaps="$output"
|
|
|
|
|
# Try dropping DAC_OVERRIDE.
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run --cap-drop CAP_DAC_OVERRIDE $cid grep ^CapEff /proc/self/status
|
2018-06-05 05:36:26 +08:00
|
|
|
droppedcaps="$output"
|
|
|
|
|
# Okay, now the "dropped" and "added" should be different.
|
|
|
|
|
test "$addedcaps" != "$droppedcaps"
|
|
|
|
|
# And one or the other should be different from the default, with the other being the same.
|
|
|
|
|
if test "$defaultcaps" == "$addedcaps" ; then
|
|
|
|
|
test "$defaultcaps" != "$droppedcaps"
|
|
|
|
|
fi
|
|
|
|
|
if test "$defaultcaps" == "$droppedcaps" ; then
|
|
|
|
|
test "$defaultcaps" != "$addedcaps"
|
|
|
|
|
fi
|
|
|
|
|
}
|
2018-07-30 23:54:15 +08:00
|
|
|
|
|
|
|
|
@test "Check if containers run with correct open files/processes limits" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2020-02-08 01:54:18 +08:00
|
|
|
maxpids=$(cat /proc/sys/kernel/pid_max)
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
|
2020-02-08 01:54:18 +08:00
|
|
|
expect_output 1024 "limits: open files (unlimited)"
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/processes/{print $3}' /proc/self/limits
|
2020-02-08 01:54:18 +08:00
|
|
|
expect_output ${maxpids} "limits: processes (unlimited)"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah rm $cid
|
2018-07-30 23:54:15 +08:00
|
|
|
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --ulimit nofile=300:400 --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "300" "limits: open files (w/file limit)"
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/processes/{print $3}' /proc/self/limits
|
2020-02-08 01:54:18 +08:00
|
|
|
expect_output ${maxpids} "limits: processes (w/file limit)"
|
2019-12-12 04:03:37 +08:00
|
|
|
run_buildah rm $cid
|
2018-07-30 23:54:15 +08:00
|
|
|
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --ulimit nproc=100:200 --ulimit nofile=300:400 --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/open files/{print $4}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "300" "limits: open files (w/file & proc limits)"
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid awk '/processes/{print $3}' /proc/self/limits
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output "100" "limits: processes (w/file & proc limits)"
|
2018-07-30 23:54:15 +08:00
|
|
|
}
|
2018-10-25 03:15:40 +08:00
|
|
|
|
|
|
|
|
@test "run-builtin-volume-omitted" {
|
|
|
|
|
# This image is known to include a volume, but not include the mountpoint
|
|
|
|
|
# in the image.
|
Move away from using docker.io
November 2020, docker.io started restricting unauthenticated
image pulls. Try to work around this by using a custom
registries.conf file.
For the most part this means copying images from docker.io
to quay.io, via:
$ skopeo copy --all docker://docker.io/library/img:tag \
docker://quay.io/libpod/img:tag
...for the following values of 'img:tag':
busybox:musl
centos:7 centos:8 centos:latest
composer:latest
debian:latest ubuntu:latest
docker:latest
php:7.2
For each of those, it was necessary to go into the quay.io
GUI, click the image name, click the settings (gear) icon
at bottom left, click 'Make public', and confirm.
This process did not work in four instances, which required
special-casing:
commit.bats : openshift/hello-openshift did not match the
mirroring rules; I switched to alpine instead.
Nalin confirmed on IRC that there was no magic
reason for requiring hello-openshift.
pull.bats : change a SHA. AFAICT there was nothing magic
about the SHA being used, it was just a
convenient one for purposes of testing
pull-by-sha. I simply switched to the SHA
of an image present on quay.
registries.bats : was assuming that fedora-minimal shortname
would be pulled from fedora registry.
Unfortunately, we have a copy on quay
(for podman tests), so that's what we
pull by shortname, and it does not match
the SHA of the fedoraproject.org one.
Solution: pull by tag (fedora-minimal:32)
and hope that nobody ever mirrors that one
on quay.
run.bats : another pull-by-SHA, but this time I changed
the SHA to a named tag, and skopeo copy'd
that image from docker.io to the given name
on quay. This time there _is_ something
magic about that particular SHA (it's an
image with a specific volume quirk) but
there's no actual reason to reference it
by SHA - we simply did so because we have
no control over tag names on docker.io.
Since we control tag names on quay.io,
it's easy and more maintainable to give
this image a descriptive tag.
Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-12-08 06:36:43 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json quay.io/libpod/registry:volume_omitted
|
2019-12-12 03:11:08 +08:00
|
|
|
cid=$output
|
|
|
|
|
run_buildah mount $cid
|
|
|
|
|
mnt=$output
|
2018-10-25 03:15:40 +08:00
|
|
|
# By default, the mountpoint should not be there.
|
|
|
|
|
run test -d "$mnt"/var/lib/registry
|
|
|
|
|
echo "$output"
|
|
|
|
|
[ "$status" -ne 0 ]
|
|
|
|
|
# We'll create the mountpoint for "run".
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid ls -1 /var/lib
|
2019-04-05 23:59:54 +08:00
|
|
|
expect_output --substring "registry"
|
2019-04-02 05:56:29 +08:00
|
|
|
|
2018-10-25 03:15:40 +08:00
|
|
|
# Double-check that the mountpoint is there.
|
2019-04-02 05:56:29 +08:00
|
|
|
test -d "$mnt"/var/lib/registry
|
2018-10-25 03:15:40 +08:00
|
|
|
}
|
2019-08-23 00:45:36 +08:00
|
|
|
|
|
|
|
|
@test "run-exit-status" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-08-23 00:45:36 +08:00
|
|
|
run_buildah 42 run ${cid} sh -c 'exit 42'
|
|
|
|
|
}
|
2019-09-06 04:54:40 +08:00
|
|
|
|
2020-04-16 21:48:43 +08:00
|
|
|
@test "run-exit-status on non executable" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
_prefetch alpine
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah 1 run ${cid} /etc
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-06 04:54:40 +08:00
|
|
|
@test "Verify /run/.containerenv exist" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-06 04:54:40 +08:00
|
|
|
# test a standard mount to /run/.containerenv
|
2019-12-12 02:28:27 +08:00
|
|
|
run_buildah run $cid ls -1 /run/.containerenv
|
2019-09-06 04:54:40 +08:00
|
|
|
expect_output --substring "/run/.containerenv"
|
2020-11-24 08:07:50 +08:00
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $engine'
|
|
|
|
|
expect_output --substring "buildah"
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $name'
|
|
|
|
|
expect_output "alpine-working-container"
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $image'
|
|
|
|
|
expect_output --substring "alpine:latest"
|
|
|
|
|
|
|
|
|
|
rootless=0
|
|
|
|
|
if ["$(id -u)" -ne 0 ]; then
|
|
|
|
|
rootless=1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
run_buildah run $cid sh -c '. /run/.containerenv; echo $rootless'
|
|
|
|
|
expect_output ${rootless}
|
2019-09-06 04:54:40 +08:00
|
|
|
}
|
2019-09-07 03:07:18 +08:00
|
|
|
|
|
|
|
|
@test "run-device" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse:rm --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse:rwm --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run-device-Rename" {
|
2019-11-06 02:22:07 +08:00
|
|
|
skip_if_no_runtime
|
|
|
|
|
skip_if_chroot
|
|
|
|
|
skip_if_rootless
|
2019-09-07 03:07:18 +08:00
|
|
|
|
2019-12-09 21:45:52 +08:00
|
|
|
_prefetch alpine
|
2019-12-12 03:11:08 +08:00
|
|
|
run_buildah from --quiet --pull=false --device /dev/fuse:/dev/fuse1 --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
2019-09-07 03:07:18 +08:00
|
|
|
run_buildah 0 run ${cid} ls /dev/fuse1
|
|
|
|
|
}
|
2020-07-23 05:06:01 +08:00
|
|
|
|
|
|
|
|
@test "run check /etc/hosts" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
${OCI} --version
|
|
|
|
|
_prefetch debian
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json debian
|
|
|
|
|
cid=$output
|
2020-12-02 23:03:07 +08:00
|
|
|
run_buildah 125 run --isolation=chroot --network=bogus $cid cat /etc/hosts
|
|
|
|
|
expect_output "error checking for network namespace: stat bogus: no such file or directory"
|
2020-07-23 05:06:01 +08:00
|
|
|
run_buildah run --isolation=chroot --network=container $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "# Generated by Buildah"
|
|
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring ""
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json debian
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --isolation=chroot --network=host $cid cat /etc/hosts
|
|
|
|
|
expect_output --substring "# Generated by Buildah"
|
|
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring ""
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json debian
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --isolation=chroot --network=none $cid sh -c 'echo "110.110.110.0 fake_host" >> /etc/hosts; cat /etc/hosts'
|
|
|
|
|
expect_output "110.110.110.0 fake_host"
|
|
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/hosts
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output "110.110.110.0 fake_host"
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@test "run check /etc/resolv.conf" {
|
|
|
|
|
skip_if_no_runtime
|
|
|
|
|
|
|
|
|
|
${OCI} --version
|
|
|
|
|
_prefetch debian
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --isolation=chroot --network=container $cid cat /etc/resolv.conf
|
|
|
|
|
expect_output --substring "nameserver"
|
|
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/resolv.conf
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring ""
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --isolation=chroot --network=host $cid cat /etc/resolv.conf
|
|
|
|
|
expect_output --substring "nameserver"
|
|
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/resolv.conf
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring ""
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
|
|
|
|
|
run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
|
|
|
|
|
cid=$output
|
|
|
|
|
run_buildah run --isolation=chroot --network=none $cid sh -c 'echo "nameserver 110.110.0.110" >> /etc/resolv.conf; cat /etc/resolv.conf'
|
|
|
|
|
expect_output "nameserver 110.110.0.110"
|
|
|
|
|
m=$(buildah mount $cid)
|
|
|
|
|
run cat $m/etc/resolv.conf
|
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
|
expect_output --substring "nameserver 110.110.0.110"
|
|
|
|
|
run_buildah rm -a
|
|
|
|
|
}
|
