change the default to -1, so that we can change the semantic of
"--tail 0" to not print any existing log line.
Closes: https://github.com/containers/libpod/issues/4396
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When starting a container by using its name as a reference, we should
print the name instead of the ID. We regressed on this behaviour
with commit b4124485ae which made it into Podman v1.6.2.
Kudos to openSUSE testing for catching it. To prevent future
regressions, extend the e2e tests to check the printed container
name/ID.
Reported-by: @sysrich
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We want to make sure that the process label of pid 1 is the same as the process label of a process execed into the container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
command.Start() just starts the command. That catches some
errors, but the nasty ones - bad options and similar - happen
when the command runs. Use CombinedOutput() instead - it waits
for the command to exit, and thus catches non-0 exit of the
`mount` command (invalid options, for example).
STDERR from the `mount` command is directly used, which isn't
necessarily the best, but we can't really get much more info on
what went wrong.
Fixes#4303
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Test that when we pull using tag or digest references from locations
that are manifest lists, that we can inspect using the references that
we used for pulling, that the tags show up in the RepoTag list when we
inspect an image that was pulled using a tag, and that the list and
instance digests always both show up in the RepoDigest list.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This matches Docker more closely, but retains the more important
protections of nosuid/nodev.
Fixes#4318
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Unless specified otherwise by --all, --latest or via arguments, list all
running containers. This matches the behaviour of Docker and is also
illustrated in the man pages where containers and options are marked to
be optional.
Fixes: #4274
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Pulling fedora-minimal was potentially causing timeouts, which is
bad. Using the cache avoids that.
Sig-proxy=false test was entirely nonfunctional - I think we
didn't update it when we fixed sig-proxy=true to be less racy.
It was still passing, which is concerning.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Everything else is a flag to mount, but "uid" and "gid" are not.
We need to parse them out of "o" and handle them separately.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
podman exec leaks an exec_pid_<hash> file for every exec in tmpfs,
it's known rhbz#1731117, this case makes sure leakage issue has
been fixed.
rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1731117
Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
Previously, when `podman run` encountered a volume mount without
separate source and destination (e.g. `-v /run`) we would assume
that both were the same - a bind mount of `/run` on the host to
`/run` in the container. However, this does not match Docker's
behavior - in Docker, this makes an anonymous named volume that
will be mounted at `/run`.
We already have (more limited) support for these anonymous
volumes in the form of image volumes. Extend this support to
allow it to be used with user-created volumes coming in from the
`-v` flag.
This change also affects how named volumes created by the
container but given names are treated by `podman run --rm` and
`podman rm -v`. Previously, they would be removed with the
container in these cases, but this did not match Docker's
behaviour. Docker only removed anonymous volumes. With this patch
we move to that model as well; `podman run -v testvol:/test` will
not have `testvol` survive the container being removed by `podman
rm -v`.
The sum total of these changes let us turn on volume removal in
`--rm` by default.
Fixes: #4276
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Rather than checking for non-zero, we need to check for >0 to
distinguish between timeouts and error exit codes.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
When a container is created with a given OCI runtime, but then it
is uninstalled or removed from the configuration file, Libpod
presently reacts very poorly. The EvictContainer code can
potentially remove these containers, but we still can't see them
in `podman ps` (aside from the massive logrus.Errorf messages
they create).
Providing a minimal OCI runtime implementation for missing
runtimes allows us to behave better. We'll be able to retrieve
containers from the database, though we still pop up an error for
each missing runtime. For containers which are stopped, we can
remove them as normal.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The json field is called `Image` while the go field is called `ImageID`,
tricking users into filtering for `Image` which ultimately results in an
error. Hence, rename the field to `Image` to align json and go.
To prevent podman users from regressing, rename `Image` to `ImageID` in
the specified filters. Add tests to prevent us from regressing. Note
that consumers of the go API that are using `ImageID` are regressing;
ultimately we consider it to be a bug fix.
Fixes: #4193
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
similar change to f7d55d64e7
with images --format=json, be sure the output is valid json also when
it is an empty list.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The play kube test suite has many different cases to cover, and should only grow in coverage over time
The old design was difficult to extend, and there was lots of duplicated code.
The largest pain point was the Container struct needed to be changed often, and doing so caused changes every test case
Instead, adopt the `withOption` idiom. Now, adding a new option for customizing just involves adding a new withOption function, and changing the struct definition and initialization in one place.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
rootless podman is using a single user namespace for all the containers
so it can safely access the storage for all of them.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
"init" is a quite common name for the command executed in a container
image and Podman ends up using the systemd mode also when not
required.
Be stricter on enabling the systemd mode and not enable it
automatically when the basename is "init" but expect the full path
"/usr/sbin/init".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
According to the documentation
https://onsi.github.io/gomega/#eventually
> the default value for the polling interval is 10 milliseconds
That is excessively fast given the observed failures in
issue #4021 are always using podman-remote. Lower the interval to
3-seconds, which should be plenty long enough for container removal.
Signed-off-by: Chris Evich <cevich@redhat.com>
...e.g. cloud-user. 9822f54ac was intended to fix this,
but it doesn't. Simple and standard solution is to
move the dash to the end of the character class.
Signed-off-by: Ed Santiago <santiago@redhat.com>
On Ubuntu, /bin/sh != /bin/bash. Update system-tests to only use
bash for testing consistency across platforms.
Signed-off-by: Chris Evich <cevich@redhat.com>
Issue #3829 (cp symlinks) has been fixed: enable tests for it
And, it looks like podman-remote is now handling exit status
of a force-rm'ed container. Enable that test too.
Signed-off-by: Ed Santiago <santiago@redhat.com>
A true result from reexec.Init() isn't an error, but it indicates that
main() should exit with a success exit status.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Changing the test in WaitWithDefaultTimeout() to use Eventually() and
gexec.Exit(). Using ExitCode() before command has really exited returns
a -1, which can cause issues for tests testing for podman to return
non-zero values.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
One or more tests are not taking advantage of the local image cache.
This has been observed to cause a testing flake in at least one
`--sigproxy` test which uses `PodmanTestIntegration.PodmanPID()`.
It has a rather short timeout of 15-seconds, which isn't always
enough time to pull down a remote image.
Fix this by reloacing the `noCache` logic from
`PodmanTest.PodmanAsUserBase()` down the stack into
`PodmanTestIntegration.makeOptions()`. This also eliminates the need to
also check if a remote-client is being used - since it uses a different
function.
Also reverse the parameter order in `PodmanTest.PodmanBase` so that
everywhere is consistently `noEvents` then `noCache`.
Signed-off-by: Chris Evich <cevich@redhat.com>
close#3894
This patch let podman cp return 'no such file or directory' error if DEST_PATH does not exist and ends with / when copying file.
Signed-off-by: Qi Wang <qiwan@redhat.com>
When a named volume is mounted on any of the tmpfs filesystems
created by read-only tmpfs, it caused a conflict that was not
resolved prior to this.
Fixes BZ1755119
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Test had incorrectly been disabled for all podman; it
should've been disabled only for podman-remote. Fixed
that, and fixed the problem that was causing failures:
podman-remote is gobbling up stdin (#4095), so no
tests were actually being run at all, or only one.
Fixed by redirecting input on the run_podman invocation.
Added, as backup, a confirmation mechanism to ensure
that all expected tests are being run.
Note that test is reenabled, but the output check is
disabled for podman-remote due to #4096; this at least
lets us check exit status.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add two unit tests to determine whether mounts are being listed
correctly. One tests that a created container is not listed
until mounted. The second checks that running containers are
mounted, and then no longer listed as mounted when they stop
running. The final test creates three containers, mounts two,
and checks that mount correctly only lists the two mounted.
Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
If the HOME environment variable is not set, make sure it is set to
the configuration found in the container /etc/passwd file.
It was previously depending on a runc behavior that always set HOME
when it is not set. The OCI runtime specifications do not require
HOME to be set so move the logic to libpod.
Closes: https://github.com/debarshiray/toolbox/issues/266
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
While investigating issue
https://github.com/containers/libpod/issues/4044 there is no sense
subjecting forward progress elsewhere. Skip the test with a note
temporarily, until a resolution to 4044 and any other related issues
is found and fix implemented.
Signed-off-by: Chris Evich <cevich@redhat.com>
There were two problems with preserve fds.
libpod didn't open the fds before passing _OCI*PIPE to conmon. This caused libpod to talk on the preserved fds, rather than the pipes, with conmon talking on the pipes. This caused a hang.
Libpod also didn't convert an int to string correctly, so it would further fail.
Fix these and add a unit test to make sure we don't regress in the future
Note: this test will not pass on crun until crun supports --preserve-fds
Signed-off-by: Peter Hunt <pehunt@redhat.com>
The Expect function does not return a result of True or False
depending on the value of the first instance, but instead requires
a comparison using ".To(", so change to use ".To(ContainSubstring("
Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
This change matches what is happening on the podman local side
and should eliminate a race condition.
Also exit commands on the server side should start to return to client.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We have leaked the exit number codess all over the code, this patch
removes the numbers to constants.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is mostly used with Systemd, which really wants to manage
CGroups itself when managing containers via unit file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This change adds the following annotation to every container created by
podman:
```json
"Annotations": {
"io.containers.manager": "libpod"
}
```
Target of this annotaions is to indicate which project in the containers
ecosystem is the major manager of a container when applications share
the same storage paths. This way projects can decide if they want to
manipulate the container or not. For example, since CRI-O and podman are
not using the same container library (libpod), CRI-O can skip podman
containers and provide the end user more useful information.
A corresponding end-to-end test has been adapted as well.
Relates to: https://github.com/cri-o/cri-o/pull/2761
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Previously, we only did this for volumes created at the same time
as the container. However, this is not correct behavior - Docker
does so for all named volumes, even those made with
'podman volume create' and mounted into a container later.
Fixes#3945
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This isn't included in Docker, but seems handy enough.
Use the new API for 'volume rm' and 'volume inspect'.
Fixes#3891
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
When volume options and the local volume driver are specified,
the volume is intended to be mounted using the 'mount' command.
Supported options will be used to volume the volume before the
first container using it starts, and unmount the volume after the
last container using it dies.
This should work for any local filesystem, though at present I've
only tested with tmpfs and btrfs.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Add '.To(BeTrue())' to 'Expect(' statements in unit tests that
are missing them. These tests weren't being compared to anything,
thus reporting false positives.
Signed-off-by: gabi beyer <gabrielle.n.beyer@intel.com>
crun emits wildly different error messages than runc in
two cases:
podman run ... /no/such/path (enoent)
podman run ... /etc (trying to exec a directory)
Deal with it by getting the runtime from 'podman info' and,
if crun, changing what we expect.
There may be more tweaks needed to get system tests working
with crun, but right now podman rawhide is too broken to
have any hope of finding them all.
Signed-off-by: Ed Santiago <santiago@redhat.com>
when running in rootless mode, --device creates a bind mount from the
host instead of specifying the device in the OCI configuration. This
is required as an unprivileged user cannot use mknod, even when root
in a user namespace.
Closes: https://github.com/containers/libpod/issues/3905
Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
when using an upper case image name for container commit, we observed
panics due to a channel closing early.
Fixes: #3897
Signed-off-by: baude <bbaude@redhat.com>
This will require a 'podman system renumber' after being applied
to get lock numbers for existing volumes.
Add the DB backend code for rewriting volume configs and use it
for updating lock numbers as part of 'system renumber'.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
podman cp has had some unexpected bugs, and still has
some surprising behavior. It looks like this part of
the code is fragile. Add tests to try to prevent
future breakages.
Note that two of the new tests are disabled (skipped)
until #3829 gets fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Jimmy Crumpler
Giuseppe Scrivano
OpenShift Merge Robot
Valentin Rothberg
Daniel J Walsh
Matthew Heon
Nalin Dahyabhai
baude
Matthew Heon
Alex Jia
Jhon Honce
Peter Hunt
Mrigank Krishan
Chris Evich
Ed Santiago
Kunal Kushwaha
Qi Wang
gabi beyer
Debarshi Ray
Sascha Grunert
Giuseppe Scrivano