diff --git a/test/system/030-run.bats b/test/system/030-run.bats index ab7daf3bd4..82d8eaa3f8 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -122,7 +122,6 @@ EOF # bats test_tags=ci:parallel @test "podman run - uidmapping has no /sys/kernel mounts" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" skip_if_rootless "cannot umount as rootless" run_podman run --rm --uidmap 0:100:10000 $IMAGE mount @@ -1081,7 +1080,6 @@ EOF # rhbz#1902979 : podman run fails to update /etc/hosts when --uidmap is provided # bats test_tags=ci:parallel @test "podman run update /etc/hosts" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" HOST=$(random_string 25) run_podman run --uidmap 0:10001:10002 --rm --hostname ${HOST} $IMAGE grep ${HOST} /etc/hosts is "${lines[0]}" ".*${HOST}.*" @@ -1451,21 +1449,13 @@ EOF # bats test_tags=ci:parallel @test "podman run --net=host --cgroupns=host with read only cgroupfs" { - skip_if_rootless_cgroupsv1 + # verify that the last /sys/fs/cgroup mount is read-only + run_podman run --net=host --cgroupns=host --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1" + assert "$output" =~ "/sys/fs/cgroup ro" - if is_cgroupsv1; then - # verify that the memory controller is mounted read-only - run_podman run --net=host --cgroupns=host --rm $IMAGE cat /proc/self/mountinfo - assert "$output" =~ "/sys/fs/cgroup/memory ro.* cgroup cgroup" - else - # verify that the last /sys/fs/cgroup mount is read-only - run_podman run --net=host --cgroupns=host --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1" - assert "$output" =~ "/sys/fs/cgroup ro" - - # verify that it works also with a cgroupns - run_podman run --net=host --cgroupns=private --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1" - assert "$output" =~ "/sys/fs/cgroup ro" - fi + # verify that it works also with a cgroupns + run_podman run --net=host --cgroupns=private --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1" + assert "$output" =~ "/sys/fs/cgroup ro" } # bats test_tags=ci:parallel diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index b56e2c12e4..267358fd14 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -33,7 +33,6 @@ function _require_crun() { # bats test_tags=ci:parallel @test "podman --group-add without keep-groups while in a userns" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id @@ -42,7 +41,6 @@ function _require_crun() { # bats test_tags=ci:parallel @test "rootful pod with custom ID mapping" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" skip_if_rootless "does not work rootless - rootful feature" random_pod_name=p_$(safename) run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 1887e68ec4..f59223cd25 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -535,7 +535,6 @@ spec: @test "pod resource limits" { skip_if_remote "resource limits only implemented on non-remote" skip_if_rootless "resource limits only work with root" - skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2" # create loopback device lofile=${PODMAN_TMPDIR}/disk.img @@ -762,7 +761,6 @@ function thingy_with_unique_id() { # bats test_tags=ci:parallel @test "podman pod cleans cgroup and keeps limits" { skip_if_remote "we cannot check cgroup settings" - skip_if_rootless_cgroupsv1 "rootless cannot use cgroups on v1" for infra in true false; do run_podman pod create --infra=$infra --memory=256M diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index 89b8c80aae..5cadd34bec 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -316,13 +316,6 @@ LISTEN_FDNAMES=listen_fdnames" | sort) run_podman rm $cname } -@test "podman --systemd fails on cgroup v1 with a private cgroupns" { - skip_if_cgroupsv2 - - run_podman 126 run --systemd=always --cgroupns=private $IMAGE true - assert "$output" =~ ".*cgroup namespace is not supported with cgroup v1 and systemd mode" -} - # https://github.com/containers/podman/issues/13153 @test "podman rootless-netns processes should be in different cgroup" { is_rootless || skip "only meaningful for rootless" diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats index 901295db9e..bbcf502c81 100644 --- a/test/system/252-quadlet.bats +++ b/test/system/252-quadlet.bats @@ -20,7 +20,6 @@ function start_time() { function setup() { skip_if_remote "quadlet tests are meaningless over remote" - skip_if_rootless_cgroupsv1 "Can't use --cgroups=split w/ CGv1 (issue 17456, wontfix)" skip_if_journald_unavailable "Needed for RHEL. FIXME: we might be able to re-enable a subset of tests." test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)" diff --git a/test/system/253-podman-quadlet.bats b/test/system/253-podman-quadlet.bats index 892a0c6fc1..775532abaa 100644 --- a/test/system/253-podman-quadlet.bats +++ b/test/system/253-podman-quadlet.bats @@ -10,7 +10,6 @@ load helpers.systemd function setup() { skip_if_remote "podman quadlet is not implemented for remote setup yet" - skip_if_rootless_cgroupsv1 "Can't use --cgroups=split w/ CGv1 (issue 17456, wontfix)" skip_if_journald_unavailable "Needed for RHEL. FIXME: we might be able to re-enable a subset of tests." test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)" diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index a253ad5cc0..9f89dad83e 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -7,7 +7,6 @@ load helpers @test "podman container storage is not accessible by unprivileged users" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" skip_if_rootless "test meaningless without suid" skip_if_remote diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 0c70379b9e..956525ed9e 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -152,10 +152,6 @@ function check_label() { @test "podman selinux: shared context in (some) namespaces" { skip_if_no_selinux - # rootless users have no usable cgroups with cgroupsv1, so containers - # must use a pid namespace and not join an existing one. - skip_if_rootless_cgroupsv1 - if [[ $(podman_runtime) == "runc" ]]; then skip "some sort of runc bug, not worth fixing (issue 11784, wontfix)" fi diff --git a/test/system/420-cgroups.bats b/test/system/420-cgroups.bats index d0bfd36b66..512dec89e1 100644 --- a/test/system/420-cgroups.bats +++ b/test/system/420-cgroups.bats @@ -9,8 +9,6 @@ load helpers @test "podman run, preserves initial --cgroup-manager" { skip_if_remote "podman-remote does not support --cgroup-manager" - skip_if_rootless_cgroupsv1 - # Find out our default cgroup manager, and from that, get the non-default run_podman info --format '{{.Host.CgroupManager}}' case "$output" in @@ -41,7 +39,6 @@ load helpers # bats test_tags=ci:parallel @test "podman run --cgroups=disabled keeps the current cgroup" { skip_if_remote "podman-remote does not support --cgroups=disabled" - skip_if_rootless_cgroupsv1 runtime=$(podman_runtime) if [[ $runtime != "crun" ]]; then skip "runtime is $runtime; --cgroups=disabled requires crun" diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 7fc58713ea..c96122bf4f 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -114,7 +114,6 @@ load helpers.network # Issue #5466 - port-forwarding doesn't work with this option and -d # FIXME: random_rfc1918_subnet is not parallel-safe @test "podman networking: port with --userns=keep-id for rootless or --uidmap=* for rootful" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" for cidr in "" "$(random_rfc1918_subnet).0/24"; do myport=$(random_free_port 52000-52999) if [[ -z $cidr ]]; then @@ -878,7 +877,6 @@ EOF # bats test_tags=ci:parallel @test "podman run /etc/* permissions" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" userns="--userns=keep-id" if ! is_rootless; then userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536" @@ -992,8 +990,6 @@ EOF # Test for https://github.com/containers/podman/issues/18615 # CANNOT BE PARALLELIZED due to strict checking of /run/netns @test "podman network cleanup --userns + --restart" { - skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)" - local net1=net-a-$(safename) # use /29 subnet to limit available ip space, a 29 gives 5 usable addresses (6 - 1 for the gw) local subnet="$(random_rfc1918_subnet).0/29" diff --git a/test/system/helpers.bash b/test/system/helpers.bash index d6bfa31b32..f9df5b8404 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -938,36 +938,6 @@ function skip_if_no_selinux() { fi } -####################### -# skip_if_cgroupsv1 # ...with an optional message -####################### -function skip_if_cgroupsv1() { - if ! is_cgroupsv2; then - skip "${1:-test requires cgroupsv2}" - fi -} - -####################### -# skip_if_cgroupsv2 # ...with an optional message -####################### -function skip_if_cgroupsv2() { - if is_cgroupsv2; then - skip "${1:-test requires cgroupsv1}" - fi -} - -###################### -# skip_if_rootless_cgroupsv1 # ...with an optional message -###################### -function skip_if_rootless_cgroupsv1() { - if is_rootless; then - if ! is_cgroupsv2; then - local msg=$(_add_label_if_missing "$1" "rootless cgroupvs1") - skip "${msg:-not supported as rootless under cgroupsv1}" - fi - fi -} - ################################## # skip_if_journald_unavailable # rhbz#1895105: rootless journald permissions ##################################