test: run --cgroups=split in new cgroup

the --cgroups=split test changes the current cgroup as it creates a sub-cgroup. This can cause a race condition in tests that are reading the current cgroup. Closes: https://github.com/containers/podman/issues/11191 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-06-27 21:50:18 +08:00 · 2021-11-02 12:51:10 +01:00
parent 0686f0bb2f
commit 0234b153cc
6 changed files with 42 additions and 12 deletions
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@ -685,7 +685,7 @@ func SkipIfContainerized(reason string) {

 // PodmanAsUser is the exec call to podman on the filesystem with the specified uid/gid and environment
 func (p *PodmanTestIntegration) PodmanAsUser(args []string, uid, gid uint32, cwd string, env []string) *PodmanSessionIntegration {
-	podmanSession := p.PodmanAsUserBase(args, uid, gid, cwd, env, false, false, nil)
+	podmanSession := p.PodmanAsUserBase(args, uid, gid, cwd, env, false, false, nil, nil)
 	return &PodmanSessionIntegration{podmanSession}
 }

--- a/test/e2e/libpod_suite_remote_test.go
+++ b/test/e2e/libpod_suite_remote_test.go
@ -38,11 +38,25 @@ func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration
 	return &PodmanSessionIntegration{podmanSession}
 }

+// PodmanSystemdScope runs the podman command in a new systemd scope
+func (p *PodmanTestIntegration) PodmanSystemdScope(args []string) *PodmanSessionIntegration {
+	var remoteArgs = []string{"--remote", "--url", p.RemoteSocket}
+	remoteArgs = append(remoteArgs, args...)
+
+	wrapper := []string{"systemd-run", "--scope"}
+	if rootless.IsRootless() {
+		wrapper = []string{"systemd-run", "--scope", "--user"}
+	}
+
+	podmanSession := p.PodmanAsUserBase(remoteArgs, 0, 0, "", nil, false, false, wrapper, nil)
+	return &PodmanSessionIntegration{podmanSession}
+}
+
 // PodmanExtraFiles is the exec call to podman on the filesystem and passes down extra files
 func (p *PodmanTestIntegration) PodmanExtraFiles(args []string, extraFiles []*os.File) *PodmanSessionIntegration {
 	var remoteArgs = []string{"--remote", "--url", p.RemoteSocket}
 	remoteArgs = append(remoteArgs, args...)
-	podmanSession := p.PodmanAsUserBase(remoteArgs, 0, 0, "", nil, false, false, extraFiles)
+	podmanSession := p.PodmanAsUserBase(remoteArgs, 0, 0, "", nil, false, false, nil, extraFiles)
 	return &PodmanSessionIntegration{podmanSession}
 }

--- a/test/e2e/libpod_suite_test.go
+++ b/test/e2e/libpod_suite_test.go
@ -8,6 +8,8 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+
+	"github.com/containers/podman/v3/pkg/rootless"
 )

 func IsRemote() bool {
@ -23,9 +25,19 @@ func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration
 	return &PodmanSessionIntegration{podmanSession}
 }

+// PodmanSystemdScope runs the podman command in a new systemd scope
+func (p *PodmanTestIntegration) PodmanSystemdScope(args []string) *PodmanSessionIntegration {
+	wrapper := []string{"systemd-run", "--scope"}
+	if rootless.IsRootless() {
+		wrapper = []string{"systemd-run", "--scope", "--user"}
+	}
+	podmanSession := p.PodmanAsUserBase(args, 0, 0, "", nil, false, false, wrapper, nil)
+	return &PodmanSessionIntegration{podmanSession}
+}
+
 // PodmanExtraFiles is the exec call to podman on the filesystem and passes down extra files
 func (p *PodmanTestIntegration) PodmanExtraFiles(args []string, extraFiles []*os.File) *PodmanSessionIntegration {
-	podmanSession := p.PodmanAsUserBase(args, 0, 0, "", nil, false, false, extraFiles)
+	podmanSession := p.PodmanAsUserBase(args, 0, 0, "", nil, false, false, nil, extraFiles)
 	return &PodmanSessionIntegration{podmanSession}
 }

--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@ -1381,13 +1381,13 @@ USER mail`, BB)
 			}
 		}

-		container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"})
+		container := podmanTest.PodmanSystemdScope([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"})
 		container.WaitWithDefaultTimeout()
 		Expect(container).Should(Exit(0))
 		checkLines(container.OutputToStringArray())

 		// check that --cgroups=split is honored also when a container runs in a pod
-		container = podmanTest.Podman([]string{"run", "--rm", "--pod", "new:split-test-pod", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"})
+		container = podmanTest.PodmanSystemdScope([]string{"run", "--rm", "--pod", "new:split-test-pod", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"})
 		container.WaitWithDefaultTimeout()
 		Expect(container).Should(Exit(0))
 		checkLines(container.OutputToStringArray())
--- a/test/utils/podmantest_test.go
+++ b/test/utils/podmantest_test.go
@ -23,7 +23,7 @@ var _ = Describe("PodmanTest test", func() {
 		FakeOutputs["check"] = []string{"check"}
 		os.Setenv("HOOK_OPTION", "hook_option")
 		env := os.Environ()
-		session := podmanTest.PodmanAsUserBase([]string{"check"}, 1000, 1000, "", env, true, false, nil)
+		session := podmanTest.PodmanAsUserBase([]string{"check"}, 1000, 1000, "", env, true, false, nil, nil)
 		os.Unsetenv("HOOK_OPTION")
 		session.WaitWithDefaultTimeout()
 		Expect(session.Command.Process).ShouldNot(BeNil())
--- a/test/utils/utils.go
+++ b/test/utils/utils.go
@ -66,27 +66,31 @@ func (p *PodmanTest) MakeOptions(args []string, noEvents, noCache bool) []string

 // PodmanAsUserBase exec podman as user. uid and gid is set for credentials usage. env is used
 // to record the env for debugging
-func (p *PodmanTest) PodmanAsUserBase(args []string, uid, gid uint32, cwd string, env []string, noEvents, noCache bool, extraFiles []*os.File) *PodmanSession {
+func (p *PodmanTest) PodmanAsUserBase(args []string, uid, gid uint32, cwd string, env []string, noEvents, noCache bool, wrapper []string, extraFiles []*os.File) *PodmanSession {
 	var command *exec.Cmd
 	podmanOptions := p.MakeOptions(args, noEvents, noCache)
 	podmanBinary := p.PodmanBinary
 	if p.RemoteTest {
 		podmanBinary = p.RemotePodmanBinary
 	}
+
+	runCmd := append(wrapper, podmanBinary)
 	if p.RemoteTest {
 		podmanOptions = append([]string{"--remote", "--url", p.RemoteSocket}, podmanOptions...)
 	}
 	if env == nil {
-		fmt.Printf("Running: %s %s\n", podmanBinary, strings.Join(podmanOptions, " "))
+		fmt.Printf("Running: %s %s\n", strings.Join(runCmd, " "), strings.Join(podmanOptions, " "))
 	} else {
-		fmt.Printf("Running: (env: %v) %s %s\n", env, podmanBinary, strings.Join(podmanOptions, " "))
+		fmt.Printf("Running: (env: %v) %s %s\n", env, strings.Join(runCmd, " "), strings.Join(podmanOptions, " "))
 	}
 	if uid != 0 || gid != 0 {
 		pythonCmd := fmt.Sprintf("import os; import sys; uid = %d; gid = %d; cwd = '%s'; os.setgid(gid); os.setuid(uid); os.chdir(cwd) if len(cwd)>0 else True; os.execv(sys.argv[1], sys.argv[1:])", gid, uid, cwd)
-		nsEnterOpts := append([]string{"-c", pythonCmd, podmanBinary}, podmanOptions...)
+		runCmd = append(runCmd, podmanOptions...)
+		nsEnterOpts := append([]string{"-c", pythonCmd}, runCmd...)
 		command = exec.Command("python", nsEnterOpts...)
 	} else {
-		command = exec.Command(podmanBinary, podmanOptions...)
+		runCmd = append(runCmd, podmanOptions...)
+		command = exec.Command(runCmd[0], runCmd[1:]...)
 	}
 	if env != nil {
 		command.Env = env
@ -106,7 +110,7 @@ func (p *PodmanTest) PodmanAsUserBase(args []string, uid, gid uint32, cwd string

 // PodmanBase exec podman with default env.
 func (p *PodmanTest) PodmanBase(args []string, noEvents, noCache bool) *PodmanSession {
-	return p.PodmanAsUserBase(args, 0, 0, "", nil, noEvents, noCache, nil)
+	return p.PodmanAsUserBase(args, 0, 0, "", nil, noEvents, noCache, nil, nil)
 }

 // WaitForContainer waits on a started container