1
#!/usr/bin/env bats -*- bats -*-
3
# Test specific configuration options and overrides
8
@test "podman CONTAINERS_CONF - CONTAINERS_CONF in conmon" {
9
skip_if_remote "can't check conmon environment over remote"
11
# Get the normal runtime for this host
12
run_podman info --format '{{ .Host.OCIRuntime.Name }}'
14
run_podman info --format "{{ .Host.OCIRuntime.Path }}"
16
run_podman info --format '{{ .Host.DatabaseBackend }}'
19
# Make an innocuous containers.conf in a non-standard location
20
conf_tmp="$PODMAN_TMPDIR/containers.conf"
24
database_backend="$db_backend"
26
$runtime = ["$ocipath"]
28
CONTAINERS_CONF="$conf_tmp" run_podman run -d $IMAGE sleep infinity
31
CONTAINERS_CONF="$conf_tmp" run_podman inspect "$cid" --format "{{ .State.ConmonPid }}"
34
output="$(tr '\0' '\n' < /proc/$conmon/environ | grep '^CONTAINERS_CONF=')"
35
is "$output" "CONTAINERS_CONF=$conf_tmp"
38
# Oddly, sleep can't be interrupted with SIGTERM, so we need the
39
# "-f -t 0" to force a SIGKILL
40
CONTAINERS_CONF="$conf_tmp" run_podman rm -f -t 0 "$cid"
43
@test "podman CONTAINERS_CONF - override runtime name" {
44
skip_if_remote "Can't set CONTAINERS_CONF over remote"
46
# Get the path of the normal runtime
47
run_podman info --format "{{ .Host.OCIRuntime.Path }}"
49
run_podman info --format '{{ .Host.DatabaseBackend }}'
52
export conf_tmp="$PODMAN_TMPDIR/nonstandard_runtime_name.conf"
55
runtime = "nonstandard_runtime_name"
56
database_backend="$db_backend"
58
nonstandard_runtime_name = ["$ocipath"]
61
CONTAINERS_CONF="$conf_tmp" run_podman run -d --rm $IMAGE true
64
# We need to wait for the container to finish before we can check
65
# if it was cleaned up properly. But in the common case that the
66
# container completes fast, and the cleanup *did* happen properly
67
# the container is now gone. So, we need to ignore "no such
68
# container" errors from podman wait.
69
CONTAINERS_CONF="$conf_tmp" run_podman '?' wait "$cid"
70
if [[ $status != 0 ]]; then
71
is "$output" "Error:.*no such container" "unexpected error from podman wait"
74
# The --rm option means the container should no longer exist.
75
# However https://github.com/containers/podman/issues/12917 meant
76
# that the container cleanup triggered by conmon's --exit-cmd
77
# could fail, leaving the container in place.
79
# We verify that the container is indeed gone, by checking that a
80
# podman rm *fails* here - and it has the side effect of cleaning
81
# up in the case this test fails.
82
CONTAINERS_CONF="$conf_tmp" run_podman 1 rm "$cid"
83
is "$output" "Error:.*no such container"
86
@test "podman --module - absolute path" {
87
skip_if_remote "--module is not supported for remote clients"
89
random_data="expected_annotation_$(random_string 15)"
90
conf_tmp="$PODMAN_TMPDIR/test.conf"
93
annotations=['module=$random_data']
96
run_podman 125 create --module=$conf_tmp -q $IMAGE
97
is "$output" "Error: unknown flag: --module
98
See 'podman create --help'" "--module must be specified before the command"
100
run_podman --module=$conf_tmp create -q $IMAGE
102
run_podman container inspect $cid --format '{{index .Config.Annotations "module"}}'
103
is "$output" "$random_data" "container annotation should include the one from the --module"
105
run_podman rm -f $cid
107
# Nonexistent module path with comma
108
nonesuch=${PODMAN_TMPDIR}/nonexistent,withcomma
109
run_podman 1 --module=$nonesuch sdfsdfdsf
110
is "$output" "Failed to obtain podman configuration: could not resolve module \"$nonesuch\": faccessat $nonesuch: no such file or directory" \
114
@test "podman --module - append arrays" {
115
skip_if_remote "--module is not supported for remote clients"
117
random_data="expected_annotation_$(random_string 15)"
118
conf1_tmp="$PODMAN_TMPDIR/test1.conf"
119
conf2_tmp="$PODMAN_TMPDIR/test2.conf"
120
conf2_off_tmp="$PODMAN_TMPDIR/test2_off.conf"
121
cat > $conf1_tmp <<EOF
123
env=["A=CONF1",{append=true}]
125
cat > $conf2_tmp <<EOF
130
cat > $conf2_off_tmp <<EOF
132
env=["B=CONF2_OFF",{append=false}]
135
# Once append is set, all subsequent loads (and the current) will be appended.
136
run_podman --module=$conf1_tmp --module=$conf2_tmp run --rm $IMAGE printenv A B
137
assert "$output" = "CONF1
140
# When explicitly turned off, values are replaced/overridden again.
141
run_podman 1 --module=$conf1_tmp --module=$conf2_off_tmp run --rm $IMAGE printenv A B
142
assert "$output" = "CONF2_OFF"
145
@test "podman --module - XDG_CONFIG_HOME" {
146
skip_if_remote "--module is not supported for remote clients"
147
skip_if_not_rootless "loading a module from XDG_CONFIG_HOME requires rootless"
149
fake_home="$PODMAN_TMPDIR/home/.config"
150
fake_modules_dir="$fake_home/containers/containers.conf.modules"
151
mkdir -p $fake_modules_dir
153
random_data="expected_annotation_$(random_string 15)"
154
module_name="test.conf"
155
conf_tmp="$fake_modules_dir/$module_name"
156
cat > $conf_tmp <<EOF
158
annotations=['module=$random_data']
161
# Test loading a relative path (test.conf) as a module. This should find
162
# the one in the fake XDG_CONFIG_HOME. We cannot override /etc or
163
# /usr/share in the tests here, so for those paths we need to rely on the
164
# unit tests in containers/common/pkg/config and manual QE.
165
XDG_CONFIG_HOME=$fake_home run_podman --module $module_name run -d -q $IMAGE sleep infinity
167
run_podman container inspect $cid --format '{{index .Config.Annotations "module"}}'
168
is "$output" "$random_data" "container annotation should include the one from the --module"
170
# Now make sure that conmon's exit-command points to the _absolute path_ of
172
run_podman container inspect $cid --format "{{ .State.ConmonPid }}"
174
is "$(< /proc/$conmon_pid/cmdline)" ".*--exit-command-arg--module--exit-command-arg$conf_tmp.*" "conmon's exit-command uses the module"
175
run_podman rm -f -t0 $cid
177
# Corrupt module file
178
cat > $conf_tmp <<EOF
182
XDG_CONFIG_HOME=$fake_home run_podman 1 --module $module_name
183
is "$output" "Failed to obtain podman configuration: reading additional config \"$conf_tmp\": decode configuration $conf_tmp: toml: line 3 (last key \"containers.sdf\"): expected value but found '\n' instead" \
184
"Corrupt module file"
186
# Nonexistent module name
187
nonesuch=assume-this-does-not-exist-$(random_string)
188
XDG_CONFIG_HOME=$fake_home run_podman 1 --module=$nonesuch invalid-command
189
expect="Failed to obtain podman configuration: could not resolve module \"$nonesuch\": 3 errors occurred:"
190
for dir in $fake_home /etc /usr/share;do
191
expect+=$'\n\t'"* faccessat $dir/containers/containers.conf.modules/$nonesuch: no such file or directory"
193
is "$output" "$expect" "--module=ENOENT : error message"
196
# Too hard to test in 600-completion.bats because of the remote/rootless check
197
@test "podman --module - command-line completion" {
198
skip_if_remote "--module is not supported for remote clients"
199
skip_if_not_rootless "loading a module from XDG_CONFIG_HOME requires rootless"
201
fake_home="$PODMAN_TMPDIR/home/.config"
202
fake_modules_dir="$fake_home/containers/containers.conf.modules"
203
mkdir -p $fake_modules_dir
205
m1=m1odule_$(random_string)
206
m2=m2$(random_string)
208
touch $fake_modules_dir/{$m2,$m1}
209
XDG_CONFIG_HOME=$fake_home run_podman __completeNoDesc --module ""
210
# Even if there are modules in /etc or elsewhere, these will be first
211
assert "${lines[0]}" = "$m1" "completion finds module 1"
212
assert "${lines[1]}" = "$m2" "completion finds module 2"
215
@test "podman --module - supported fields" {
216
skip_if_remote "--module is not supported for remote clients"
218
conf_tmp="$PODMAN_TMPDIR/test.conf"
219
cat > $conf_tmp <<EOF
225
random_env_var="expected_env_var_$(random_string 15)"
226
FOO="$random_env_var" run_podman --module=$conf_tmp run -d --name=$cname $IMAGE top
229
# Make sure `env_host` is read
230
run_podman container inspect $cname --format "{{.Config.Env}}"
231
assert "$output" =~ "FOO=$random_env_var" "--module should yield injecting host env vars into the container"
233
# Make sure `privileged` is read during container creation
234
run_podman container inspect $cname --format "{{.HostConfig.Privileged}}"
235
assert "$output" = "true" "--module should enable a privileged container"
237
run_podman rm -f -t0 $cname
239
# Make sure `privileged` is read during exec, which requires running a
240
# non-privileged container.
241
run_podman run -d $IMAGE top
244
run_podman container exec $cname grep CapBnd /proc/self/status
245
non_privileged_caps="$output"
246
run_podman --module=$conf_tmp container exec $cname grep CapBnd /proc/self/status
247
assert "$output" != "$non_privileged_caps" "--module should enable a privileged exec session"
249
run_podman rm -f -t0 $cname
252
@test "podman push CONTAINERS_CONF" {
253
skip_if_remote "containers.conf does not effect client side of --remote"
255
CONTAINERS_CONF=/dev/null run_podman push --help
256
assert "$output" =~ "--compression-format string.*compression format to use \(default \"gzip\"\)" "containers.conf should set default to gzip"
257
assert "$output" !~ "compression level to use \(default" "containers.conf should not set default compressionlevel"
259
conf_tmp="$PODMAN_TMPDIR/containers.conf"
262
compression_format="zstd:chunked"
265
CONTAINERS_CONF="$conf_tmp" run_podman push --help
266
assert "$output" =~ "--compression-format string.*compression format to use \(default \"zstd:chunked\"\)" "containers.conf should set default to zstd:chunked"
267
assert "$output" =~ "--compression-level int.*compression level to use \(default 1\)" "containers.conf should set default compressionlevel to 1"