All containers within a Pod need to run with the same SELinux
label, unless overwritten by the user.
Also added a bunch of SELinux tests to make sure selinux labels
are correct on namespaces.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The `tag` parameter of the compat `images/create` endpoint can be both,
a tag and a digest. Fix parsing of the parameter to detect digests and
use the appropriate `@` separator.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
A podman could not read logs written to journald properly, due to a tail config bug.
Added a system test to check this - since e2e tests don't like journald
Signed-off-by: Ashley Cui <acui@redhat.com>
* --format "table {{.field..." will print fields out in a table with
headings. Table keyword is removed, spaces between fields are
converted to tabs
* Update parse.MatchesJSONFormat()'s regex to be more inclusive
* Add report.Headers(), obtain all the field names to be used as
column headers, a map of field name to column headers may be provided
to override the field names
* Update several commands to use new functions
Signed-off-by: Jhon Honce <jhonce@redhat.com>
At the top of each generated page, add a Synopsis table with:
PR number/name, and link to github
Author name(s)
Test name (fedora/ubuntu, rootless, etc)
Cirrus build ID (usually uninteresting)
Cirrus task ID (usu. important), with link to Cirrus
The value of $SPECIALMODE
This is all we can get from the Cirrus environment in
which logformatter runs; we can't get things like
cgroup manager or username that the test runs under.
Note that the table is at the top, which is usually
unseen because we autoscroll to the bottom on
page load. I tentatively think that top is a more
natural place for this info than bottom, but am
willing to listen to arguments against.
Also, one minor tweak: highlight podman commands in
the BATS output. The idea is to make it easier for the eye
to spot those, then copy/paste them to find a reproducer.
And, sigh, disable the new 'podman network create'
system test. It is flaking much too much.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Extend the system tests to test `podman untag $image` without further
arguments to force removing all tags from the image.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The network test created config files with random filenames
but the network name was static. Since the tests can run in
parallel podman was not able to distinguish the networks.
We need to make sure that each test has its own config file
and network name. This helps to prevent unnecessary flakes.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The systemd test was inaccurately being skipped when a userns env. var.
flag was set. At best this is confusing to new developers, and at worse
it actively blocks an otherwise legitimate class of tests. Improve the
accuracy of skip-logic by adding/using a purpose built set of
functions.
Signed-off-by: Chris Evich <cevich@redhat.com>
If run&create image returns error: image contains manifest list, not a runnable image, find the local image that has digest matching the digest from the list and use the image from local storage for the command.
Signed-off-by: Qi Wang <qiwan@redhat.com>
When looking up local images, take the unqualified-serach registries of
the registries.conf into account (on top of "localhost/").
Also extend the integration tests to prevent future regressions.
Fixes: #6381
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We need to handle removal of non existing network.
This allows the `removeCNINetwork` function
always to be called. This is needed by tests which are trying
to remove the network manually in order to prevent flakes.
Fixes#7809
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Test passes on Fedora because the registry server is one of the
defaults. However it is not typically configured on Ubuntu hosts, and
therefor this test can fail. While specifying the FQIN in the
dockerfile text is not an ideal solution, it cannot negatively
affect other tests which utilize `podmanTest.BuildImage`.
Signed-off-by: Chris Evich <cevich@redhat.com>
change capabilities handling to reflect what docker does.
Bounding: set to caplist
Inheritable: set to caplist
Effective: if uid != 0 then clear; else set to caplist
Permitted: if uid != 0 then clear; else set to caplist
Ambient: clear
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fix the remote client to untag all tags of the specified image.
Instead of querying the image on the client side, support the
case where both, repo and tag, are empty and remove all tags.
Reuse the ABI implementation where possible. In retrospective,
the libpod untag endpoint should support a slice of strings to
batch remove tags rather than reaching out for each tag individually.
Enable the skipped test.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
In podman containers rm and podman images rm, the commands
exit with error code 1 if the object does not exists.
This PR implements similar functionality to volumes, networks, and Pods.
Similarly if volumes or Networks are in use by other containers, and return
exit code 2.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
New tests for podman run --tz=EXPLICIT and =local. Requires
updating our testimage by adding a fixed reference timestamp
to a known file path.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Obscure corner case in which 'podman run --pull=never alpine'
will actually pass *with no alpine image* if there's an
image named "myalpine". (i.e. a substring match, not full
string match). Fixed in #7770 but the tests that were added
there do not actually test that.
This adds a double-duty test for that as well as making
sure that 'run --pull=never SHORTNAME' (implicit :latest)
does not match our existing :YYYYMMDD image; then one
more quick test to make sure that if we tag as :latest,
the same --pull=never succeeds.
Signed-off-by: Ed Santiago <santiago@redhat.com>
OpenShift Merge Robot
Andy Librian
zhangguanzhang
Daniel J Walsh
Valentin Rothberg
Ashley Cui
Jhon Honce
Ed Santiago
Paul Holzinger
baude
Qi Wang
Chris Evich
Giuseppe Scrivano