opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-29 01:28:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

test/system: delete CgV1 skips and skipped CgV2 tests

Browse Source 
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This commit is contained in:
Lokesh Mandvekar
2025-11-05 10:07:36 -05:00
parent 4970fd26e4
commit 036bf7b44f
11 changed files with 6 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
test/system/030-run.bats
View File

@@ -122,7 +122,6 @@ EOF
# bats test_tags=ci:parallel # bats test_tags=ci:parallel
@test "podman run - uidmapping has no /sys/kernel mounts" { @test "podman run - uidmapping has no /sys/kernel mounts" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
skip_if_rootless "cannot umount as rootless" skip_if_rootless "cannot umount as rootless"
run_podman run --rm --uidmap 0:100:10000 $IMAGE mount run_podman run --rm --uidmap 0:100:10000 $IMAGE mount
@@ -1081,7 +1080,6 @@ EOF
# rhbz#1902979 : podman run fails to update /etc/hosts when --uidmap is provided # rhbz#1902979 : podman run fails to update /etc/hosts when --uidmap is provided
# bats test_tags=ci:parallel # bats test_tags=ci:parallel
@test "podman run update /etc/hosts" { @test "podman run update /etc/hosts" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
HOST=$(random_string 25) HOST=$(random_string 25)
run_podman run --uidmap 0:10001:10002 --rm --hostname ${HOST} $IMAGE grep ${HOST} /etc/hosts run_podman run --uidmap 0:10001:10002 --rm --hostname ${HOST} $IMAGE grep ${HOST} /etc/hosts
is "${lines[0]}" ".*${HOST}.*" is "${lines[0]}" ".*${HOST}.*"
@@ -1451,21 +1449,13 @@ EOF
# bats test_tags=ci:parallel # bats test_tags=ci:parallel
@test "podman run --net=host --cgroupns=host with read only cgroupfs" { @test "podman run --net=host --cgroupns=host with read only cgroupfs" {
skip_if_rootless_cgroupsv1 # verify that the last /sys/fs/cgroup mount is read-only
run_podman run --net=host --cgroupns=host --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1"
assert "$output" =~ "/sys/fs/cgroup ro"
if is_cgroupsv1; then # verify that it works also with a cgroupns
# verify that the memory controller is mounted read-only run_podman run --net=host --cgroupns=private --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1"
run_podman run --net=host --cgroupns=host --rm $IMAGE cat /proc/self/mountinfo assert "$output" =~ "/sys/fs/cgroup ro"
assert "$output" =~ "/sys/fs/cgroup/memory ro.* cgroup cgroup"
else
# verify that the last /sys/fs/cgroup mount is read-only
run_podman run --net=host --cgroupns=host --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1"
assert "$output" =~ "/sys/fs/cgroup ro"
# verify that it works also with a cgroupns
run_podman run --net=host --cgroupns=private --rm $IMAGE sh -c "grep ' / /sys/fs/cgroup ' /proc/self/mountinfo | tail -n 1"
assert "$output" =~ "/sys/fs/cgroup ro"
fi
} }
# bats test_tags=ci:parallel # bats test_tags=ci:parallel

2
test/system/170-run-userns.bats
View File

@@ -33,7 +33,6 @@ function _require_crun() {
# bats test_tags=ci:parallel # bats test_tags=ci:parallel
@test "podman --group-add without keep-groups while in a userns" { @test "podman --group-add without keep-groups while in a userns" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
skip_if_rootless "chroot is not allowed in rootless mode" skip_if_rootless "chroot is not allowed in rootless mode"
skip_if_remote "--group-add keep-groups not supported in remote mode" skip_if_remote "--group-add keep-groups not supported in remote mode"
run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id
@@ -42,7 +41,6 @@ function _require_crun() {
# bats test_tags=ci:parallel # bats test_tags=ci:parallel
@test "rootful pod with custom ID mapping" { @test "rootful pod with custom ID mapping" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
skip_if_rootless "does not work rootless - rootful feature" skip_if_rootless "does not work rootless - rootful feature"
random_pod_name=p_$(safename) random_pod_name=p_$(safename)
run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name

2
test/system/200-pod.bats
View File

@@ -535,7 +535,6 @@ spec:
@test "pod resource limits" { @test "pod resource limits" {
skip_if_remote "resource limits only implemented on non-remote" skip_if_remote "resource limits only implemented on non-remote"
skip_if_rootless "resource limits only work with root" skip_if_rootless "resource limits only work with root"
skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2"
# create loopback device # create loopback device
lofile=${PODMAN_TMPDIR}/disk.img lofile=${PODMAN_TMPDIR}/disk.img
@@ -762,7 +761,6 @@ function thingy_with_unique_id() {
# bats test_tags=ci:parallel # bats test_tags=ci:parallel
@test "podman pod cleans cgroup and keeps limits" { @test "podman pod cleans cgroup and keeps limits" {
skip_if_remote "we cannot check cgroup settings" skip_if_remote "we cannot check cgroup settings"
skip_if_rootless_cgroupsv1 "rootless cannot use cgroups on v1"
for infra in true false; do for infra in true false; do
run_podman pod create --infra=$infra --memory=256M run_podman pod create --infra=$infra --memory=256M

7
test/system/250-systemd.bats
View File

@@ -316,13 +316,6 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
run_podman rm $cname run_podman rm $cname
} }
@test "podman --systemd fails on cgroup v1 with a private cgroupns" {
skip_if_cgroupsv2
run_podman 126 run --systemd=always --cgroupns=private $IMAGE true
assert "$output" =~ ".*cgroup namespace is not supported with cgroup v1 and systemd mode"
}
# https://github.com/containers/podman/issues/13153 # https://github.com/containers/podman/issues/13153
@test "podman rootless-netns processes should be in different cgroup" { @test "podman rootless-netns processes should be in different cgroup" {
is_rootless || skip "only meaningful for rootless" is_rootless || skip "only meaningful for rootless"

1
test/system/252-quadlet.bats
View File

@@ -20,7 +20,6 @@ function start_time() {
function setup() { function setup() {
skip_if_remote "quadlet tests are meaningless over remote" skip_if_remote "quadlet tests are meaningless over remote"
skip_if_rootless_cgroupsv1 "Can't use --cgroups=split w/ CGv1 (issue 17456, wontfix)"
skip_if_journald_unavailable "Needed for RHEL. FIXME: we might be able to re-enable a subset of tests." skip_if_journald_unavailable "Needed for RHEL. FIXME: we might be able to re-enable a subset of tests."
test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)" test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)"

1
test/system/253-podman-quadlet.bats
View File

@@ -10,7 +10,6 @@ load helpers.systemd
function setup() { function setup() {
skip_if_remote "podman quadlet is not implemented for remote setup yet" skip_if_remote "podman quadlet is not implemented for remote setup yet"
skip_if_rootless_cgroupsv1 "Can't use --cgroups=split w/ CGv1 (issue 17456, wontfix)"
skip_if_journald_unavailable "Needed for RHEL. FIXME: we might be able to re-enable a subset of tests." skip_if_journald_unavailable "Needed for RHEL. FIXME: we might be able to re-enable a subset of tests."
test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)" test -x "$QUADLET" || die "Cannot run quadlet tests without executable \$QUADLET ($QUADLET)"

1
test/system/400-unprivileged-access.bats
View File

@@ -7,7 +7,6 @@
load helpers load helpers
@test "podman container storage is not accessible by unprivileged users" { @test "podman container storage is not accessible by unprivileged users" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
skip_if_rootless "test meaningless without suid" skip_if_rootless "test meaningless without suid"
skip_if_remote skip_if_remote

4
test/system/410-selinux.bats
View File

@@ -152,10 +152,6 @@ function check_label() {
@test "podman selinux: shared context in (some) namespaces" { @test "podman selinux: shared context in (some) namespaces" {
skip_if_no_selinux skip_if_no_selinux
# rootless users have no usable cgroups with cgroupsv1, so containers
# must use a pid namespace and not join an existing one.
skip_if_rootless_cgroupsv1
if [[ $(podman_runtime) == "runc" ]]; then if [[ $(podman_runtime) == "runc" ]]; then
skip "some sort of runc bug, not worth fixing (issue 11784, wontfix)" skip "some sort of runc bug, not worth fixing (issue 11784, wontfix)"
fi fi

3
test/system/420-cgroups.bats
View File

@@ -9,8 +9,6 @@ load helpers
@test "podman run, preserves initial --cgroup-manager" { @test "podman run, preserves initial --cgroup-manager" {
skip_if_remote "podman-remote does not support --cgroup-manager" skip_if_remote "podman-remote does not support --cgroup-manager"
skip_if_rootless_cgroupsv1
# Find out our default cgroup manager, and from that, get the non-default # Find out our default cgroup manager, and from that, get the non-default
run_podman info --format '{{.Host.CgroupManager}}' run_podman info --format '{{.Host.CgroupManager}}'
case "$output" in case "$output" in
@@ -41,7 +39,6 @@ load helpers
# bats test_tags=ci:parallel # bats test_tags=ci:parallel
@test "podman run --cgroups=disabled keeps the current cgroup" { @test "podman run --cgroups=disabled keeps the current cgroup" {
skip_if_remote "podman-remote does not support --cgroups=disabled" skip_if_remote "podman-remote does not support --cgroups=disabled"
skip_if_rootless_cgroupsv1
runtime=$(podman_runtime) runtime=$(podman_runtime)
if [[ $runtime != "crun" ]]; then if [[ $runtime != "crun" ]]; then
skip "runtime is $runtime; --cgroups=disabled requires crun" skip "runtime is $runtime; --cgroups=disabled requires crun"

4
test/system/500-networking.bats
View File

@@ -114,7 +114,6 @@ load helpers.network
# Issue #5466 - port-forwarding doesn't work with this option and -d # Issue #5466 - port-forwarding doesn't work with this option and -d
# FIXME: random_rfc1918_subnet is not parallel-safe # FIXME: random_rfc1918_subnet is not parallel-safe
@test "podman networking: port with --userns=keep-id for rootless or --uidmap=* for rootful" { @test "podman networking: port with --userns=keep-id for rootless or --uidmap=* for rootful" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
for cidr in "" "$(random_rfc1918_subnet).0/24"; do for cidr in "" "$(random_rfc1918_subnet).0/24"; do
myport=$(random_free_port 52000-52999) myport=$(random_free_port 52000-52999)
if [[ -z $cidr ]]; then if [[ -z $cidr ]]; then
@@ -878,7 +877,6 @@ EOF
# bats test_tags=ci:parallel # bats test_tags=ci:parallel
@test "podman run /etc/* permissions" { @test "podman run /etc/* permissions" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
userns="--userns=keep-id" userns="--userns=keep-id"
if ! is_rootless; then if ! is_rootless; then
userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536" userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536"
@@ -992,8 +990,6 @@ EOF
# Test for https://github.com/containers/podman/issues/18615 # Test for https://github.com/containers/podman/issues/18615
# CANNOT BE PARALLELIZED due to strict checking of /run/netns # CANNOT BE PARALLELIZED due to strict checking of /run/netns
@test "podman network cleanup --userns + --restart" { @test "podman network cleanup --userns + --restart" {
skip_if_cgroupsv1 "run --uidmap fails on cgroups v1 (issue 15025, wontfix)"
local net1=net-a-$(safename) local net1=net-a-$(safename)
# use /29 subnet to limit available ip space, a 29 gives 5 usable addresses (6 - 1 for the gw) # use /29 subnet to limit available ip space, a 29 gives 5 usable addresses (6 - 1 for the gw)
local subnet="$(random_rfc1918_subnet).0/29" local subnet="$(random_rfc1918_subnet).0/29"

30
test/system/helpers.bash
View File

@@ -938,36 +938,6 @@ function skip_if_no_selinux() {
fi fi
} }
#######################
# skip_if_cgroupsv1 # ...with an optional message
#######################
function skip_if_cgroupsv1() {
if ! is_cgroupsv2; then
skip "${1:-test requires cgroupsv2}"
fi
}
#######################
# skip_if_cgroupsv2 # ...with an optional message
#######################
function skip_if_cgroupsv2() {
if is_cgroupsv2; then
skip "${1:-test requires cgroupsv1}"
fi
}
######################
# skip_if_rootless_cgroupsv1 # ...with an optional message
######################
function skip_if_rootless_cgroupsv1() {
if is_rootless; then
if ! is_cgroupsv2; then
local msg=$(_add_label_if_missing "$1" "rootless cgroupvs1")
skip "${msg:-not supported as rootless under cgroupsv1}"
fi
fi
}
################################## ##################################
# skip_if_journald_unavailable # rhbz#1895105: rootless journald permissions # skip_if_journald_unavailable # rhbz#1895105: rootless journald permissions
################################## ##################################