mirror of
https://github.com/containers/podman.git
synced 2025-08-06 19:44:14 +08:00
Merge pull request #22306 from edsantiago/gating-fixes
[v4.2.0-rhel] Gating-test fixes
This commit is contained in:
@ -149,16 +149,11 @@ EOF
|
|||||||
|
|
||||||
# By default, volumes are mounted exec, but we have manually added the
|
# By default, volumes are mounted exec, but we have manually added the
|
||||||
# noexec option. This should fail.
|
# noexec option. This should fail.
|
||||||
# ARGH. Unfortunately, runc (used for cgroups v1) produces a different error
|
run_podman 126 run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript
|
||||||
local expect_rc=126
|
|
||||||
local expect_msg='.* OCI permission denied.*'
|
|
||||||
if [[ $(podman_runtime) = "runc" ]]; then
|
|
||||||
expect_rc=1
|
|
||||||
expect_msg='.* exec user process caused.*permission denied'
|
|
||||||
fi
|
|
||||||
|
|
||||||
run_podman ${expect_rc} run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript
|
# crun and runc emit different messages, and even runc is inconsistent
|
||||||
is "$output" "$expect_msg" "run on volume, noexec"
|
# with itself (output changed some time in 2022?). Deal with all.
|
||||||
|
assert "$output" =~ 'permission denied' "run on volume, noexec"
|
||||||
|
|
||||||
# With the default, it should pass
|
# With the default, it should pass
|
||||||
run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript
|
run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript
|
||||||
|
@ -474,9 +474,8 @@ spec:
|
|||||||
|
|
||||||
@test "pod resource limits" {
|
@test "pod resource limits" {
|
||||||
skip_if_remote "resource limits only implemented on non-remote"
|
skip_if_remote "resource limits only implemented on non-remote"
|
||||||
if is_rootless; then
|
skip_if_rootless "resource limits only work with root"
|
||||||
skip "only meaningful for rootful"
|
skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2"
|
||||||
fi
|
|
||||||
|
|
||||||
local name1="resources1"
|
local name1="resources1"
|
||||||
run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 --memory=10m
|
run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 --memory=10m
|
||||||
|
@ -299,7 +299,7 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
|
|||||||
img="healthcheck_i"
|
img="healthcheck_i"
|
||||||
_build_health_check_image $img
|
_build_health_check_image $img
|
||||||
|
|
||||||
cname=$(random_string)
|
cname=c_$(random_string)
|
||||||
run_podman create --name $cname \
|
run_podman create --name $cname \
|
||||||
--health-cmd /healthcheck \
|
--health-cmd /healthcheck \
|
||||||
--health-on-failure=kill \
|
--health-on-failure=kill \
|
||||||
@ -330,7 +330,11 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
|
|||||||
# Wait at most 10 seconds for the service to be restarted
|
# Wait at most 10 seconds for the service to be restarted
|
||||||
local timeout=10
|
local timeout=10
|
||||||
while [[ $timeout -gt 1 ]]; do
|
while [[ $timeout -gt 1 ]]; do
|
||||||
run_podman '?' container inspect $cname
|
# Possible outcomes:
|
||||||
|
# - status 0, old container is still terminating: sleep and retry
|
||||||
|
# - status 0, new CID: yay, break
|
||||||
|
# - status 1, container not found: sleep and retry
|
||||||
|
run_podman '?' container inspect $cname --format '{{.ID}}'
|
||||||
if [[ $status == 0 ]]; then
|
if [[ $status == 0 ]]; then
|
||||||
if [[ "$output" != "$oldID" ]]; then
|
if [[ "$output" != "$oldID" ]]; then
|
||||||
break
|
break
|
||||||
|
@ -17,6 +17,10 @@ function teardown() {
|
|||||||
|
|
||||||
@test "podman-system-service containers survive service stop" {
|
@test "podman-system-service containers survive service stop" {
|
||||||
skip_if_remote "podman system service unavailable over remote"
|
skip_if_remote "podman system service unavailable over remote"
|
||||||
|
local runtime=$(podman_runtime)
|
||||||
|
if [[ "$runtime" != "crun" ]]; then
|
||||||
|
skip "survival code only implemented in crun; you're using $runtime"
|
||||||
|
fi
|
||||||
|
|
||||||
port=$(random_free_port)
|
port=$(random_free_port)
|
||||||
URL=tcp://127.0.0.1:$port
|
URL=tcp://127.0.0.1:$port
|
||||||
|
@ -209,7 +209,7 @@ function check_label() {
|
|||||||
# https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e
|
# https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e
|
||||||
# from failed to set /proc/self/attr/keycreate on procfs
|
# from failed to set /proc/self/attr/keycreate on procfs
|
||||||
# to write /proc/self/attr/keycreate: invalid argument
|
# to write /proc/self/attr/keycreate: invalid argument
|
||||||
runc) expect="OCI runtime error: .*: \(failed to set|write\) /proc/self/attr/keycreate" ;;
|
runc) expect=".*: \(failed to set\|write\) /proc/self/attr/keycreate.*" ;;
|
||||||
*) skip "Unknown runtime '$runtime'";;
|
*) skip "Unknown runtime '$runtime'";;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user