Vendor in latest containers/common with default capabilities

Also update vendor of containers/storage and image Cleanup display of added/dropped capabilties as well Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-12-05 04:40:47 +08:00 · 2022-12-06 19:49:31 -05:00
parent 1cc22631f6
commit 3718ac8e96
141 changed files with 2344 additions and 1555 deletions
--- a/test/system/090-events.bats
+++ b/test/system/090-events.bats
@@ -262,10 +262,10 @@ EOF
    t0=$(date --iso-8601=seconds)

    CONTAINERS_CONF=$containersConf run_podman create --name=$cname $IMAGE
-    run_podman container inspect --size=true $cname
+    CONTAINERS_CONF=$containersConf run_podman container inspect --size=true $cname
    inspect_json=$(jq -r --tab . <<< "$output")

-    run_podman --events-backend=$1 events \
+    CONTAINERS_CONF=$containersConf run_podman --events-backend=$1 events \
        --since="$t0"           \
        --filter=status=$cname  \
        --filter=status=create  \
@@ -276,7 +276,7 @@ EOF

    # Make sure that the inspect data doesn't show by default in
    # podman-events.
-    run_podman --events-backend=$1 events \
+    CONTAINERS_CONF=$containersConf run_podman --events-backend=$1 events \
        --since="$t0"           \
        --filter=status=$cname  \
        --filter=status=create  \
--- a/test/system/710-kube.bats
+++ b/test/system/710-kube.bats
@@ -5,8 +5,8 @@

 load helpers

-# standard capability drop list
-capabilities='{"drop":["CAP_MKNOD","CAP_NET_RAW","CAP_AUDIT_WRITE"]}'
+# capability drop list
+capabilities='{"drop":["CAP_FOWNER","CAP_SETFCAP"]}'

 # Warning that is emitted once on containers, multiple times on pods
 kubernetes_63='Truncation Annotation: .* Kubernetes only allows 63 characters'
@@ -31,7 +31,7 @@ json.dump(yaml.safe_load(sys.stdin), sys.stdout)'

@test "podman kube generate - container" {
    cname=c$(random_string 15)
-    run_podman container create --name $cname $IMAGE top
+    run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname $IMAGE top
    run_podman kube generate $cname

    # Convert yaml to json, and dump to stdout (to help in case of errors)
@@ -95,7 +95,7 @@ status                           | =  | null
    run_podman 125 kube generate $pname
    assert "$output" =~ "Error: .* only has an infra container"

-    run_podman container create --name $cname1 --pod $pname $IMAGE top
+    run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname1 --pod $pname $IMAGE top
    run_podman container create --name $cname2 --pod $pname $IMAGE bottom
    run_podman kube generate $pname