Merge pull request #22306 from edsantiago/gating-fixes

[v4.2.0-rhel] Gating-test fixes
This commit is contained in:
Paul Holzinger
2024-04-09 17:43:41 +02:00
committed by GitHub
5 changed files with 17 additions and 15 deletions

View File

@ -149,16 +149,11 @@ EOF
# By default, volumes are mounted exec, but we have manually added the # By default, volumes are mounted exec, but we have manually added the
# noexec option. This should fail. # noexec option. This should fail.
# ARGH. Unfortunately, runc (used for cgroups v1) produces a different error run_podman 126 run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript
local expect_rc=126
local expect_msg='.* OCI permission denied.*'
if [[ $(podman_runtime) = "runc" ]]; then
expect_rc=1
expect_msg='.* exec user process caused.*permission denied'
fi
run_podman ${expect_rc} run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript # crun and runc emit different messages, and even runc is inconsistent
is "$output" "$expect_msg" "run on volume, noexec" # with itself (output changed some time in 2022?). Deal with all.
assert "$output" =~ 'permission denied' "run on volume, noexec"
# With the default, it should pass # With the default, it should pass
run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript

View File

@ -474,9 +474,8 @@ spec:
@test "pod resource limits" { @test "pod resource limits" {
skip_if_remote "resource limits only implemented on non-remote" skip_if_remote "resource limits only implemented on non-remote"
if is_rootless; then skip_if_rootless "resource limits only work with root"
skip "only meaningful for rootful" skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2"
fi
local name1="resources1" local name1="resources1"
run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 --memory=10m run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 --memory=10m

View File

@ -299,7 +299,7 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
img="healthcheck_i" img="healthcheck_i"
_build_health_check_image $img _build_health_check_image $img
cname=$(random_string) cname=c_$(random_string)
run_podman create --name $cname \ run_podman create --name $cname \
--health-cmd /healthcheck \ --health-cmd /healthcheck \
--health-on-failure=kill \ --health-on-failure=kill \
@ -330,7 +330,11 @@ LISTEN_FDNAMES=listen_fdnames" | sort)
# Wait at most 10 seconds for the service to be restarted # Wait at most 10 seconds for the service to be restarted
local timeout=10 local timeout=10
while [[ $timeout -gt 1 ]]; do while [[ $timeout -gt 1 ]]; do
run_podman '?' container inspect $cname # Possible outcomes:
# - status 0, old container is still terminating: sleep and retry
# - status 0, new CID: yay, break
# - status 1, container not found: sleep and retry
run_podman '?' container inspect $cname --format '{{.ID}}'
if [[ $status == 0 ]]; then if [[ $status == 0 ]]; then
if [[ "$output" != "$oldID" ]]; then if [[ "$output" != "$oldID" ]]; then
break break

View File

@ -17,6 +17,10 @@ function teardown() {
@test "podman-system-service containers survive service stop" { @test "podman-system-service containers survive service stop" {
skip_if_remote "podman system service unavailable over remote" skip_if_remote "podman system service unavailable over remote"
local runtime=$(podman_runtime)
if [[ "$runtime" != "crun" ]]; then
skip "survival code only implemented in crun; you're using $runtime"
fi
port=$(random_free_port) port=$(random_free_port)
URL=tcp://127.0.0.1:$port URL=tcp://127.0.0.1:$port

View File

@ -209,7 +209,7 @@ function check_label() {
# https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e # https://github.com/opencontainers/selinux/pull/148/commits/a5dc47f74c56922d58ead05d1fdcc5f7f52d5f4e
# from failed to set /proc/self/attr/keycreate on procfs # from failed to set /proc/self/attr/keycreate on procfs
# to write /proc/self/attr/keycreate: invalid argument # to write /proc/self/attr/keycreate: invalid argument
runc) expect="OCI runtime error: .*: \(failed to set|write\) /proc/self/attr/keycreate" ;; runc) expect=".*: \(failed to set\|write\) /proc/self/attr/keycreate.*" ;;
*) skip "Unknown runtime '$runtime'";; *) skip "Unknown runtime '$runtime'";;
esac esac