github.com/containers/podman/v5@v5.1.0-rc1/test/system/550-pause-process.bats (about) 1 #!/usr/bin/env bats -*- bats -*- 2 # 3 # test to make sure we use the correct podman pause process 4 # 5 6 load helpers 7 load helpers.registry 8 load helpers.sig-proxy 9 10 function setup_file() { 11 # We have to stop the background registry here. These tests kill the podman pause 12 # process which means commands after that are in a new one and when the cleanup 13 # later tries to stop the registry container it will be in the wrong ns and can fail. 14 # https://github.com/containers/podman/pull/21563#issuecomment-1960047648 15 stop_registry 16 } 17 18 function _check_pause_process() { 19 pause_pid= 20 if [[ -z "$pause_pid_file" ]]; then 21 return 22 fi 23 24 test -e $pause_pid_file || die "Pause pid file $pause_pid_file missing" 25 26 # do not mark this variable as local; our parent expects it 27 pause_pid=$(<$pause_pid_file) 28 test -d /proc/$pause_pid || die "Pause process $pause_pid (from $pause_pid_file) is not running" 29 30 assert "$(</proc/$pause_pid/comm)" =~ 'catatonit|podman pause' \ 31 "Pause process $pause_pid has an unexpected name" 32 } 33 34 # Test for https://github.com/containers/podman/issues/17903 35 @test "rootless podman only ever uses single pause process" { 36 skip_if_not_rootless "pause process is only used as rootless" 37 skip_if_remote "--tmpdir not supported via remote" 38 39 # There are nasty bugs when we are not in the correct userns, 40 # we have good reproducer to see how things can go wrong here: 41 # https://github.com/containers/podman/issues/17903#issuecomment-1497232184 42 43 # To prevent any issues we should only ever have a single pause process running, 44 # regardless of any --root/-runroot/--tmpdir values. 45 46 # System tests can execute in contexts without XDG; in those, we have to 47 # skip the pause-pid-file checks. 48 local pause_pid_file 49 if [[ -n "$XDG_RUNTIME_DIR" ]]; then 50 pause_pid_file="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid" 51 fi 52 53 # Baseline: get the current userns (one will be created on demand) 54 local getns="unshare readlink /proc/self/ns/user" 55 run_podman $getns 56 local baseline_userns="$output" 57 58 # A pause process will now be running 59 _check_pause_process 60 61 # Use podman system migrate to stop the currently running pause process 62 run_podman system migrate 63 64 # After migrate, there must be no pause process 65 if [[ -n "$pause_pid_file" ]]; then 66 test -e $pause_pid_file && die "Pause pid file $pause_pid_file still exists, even after podman system migrate" 67 68 run kill -0 $pause_pid 69 test $status -eq 0 && die "Pause process $pause_pid is still running even after podman system migrate" 70 fi 71 72 run_podman $(podman_isolation_opts ${PODMAN_TMPDIR}) $getns 73 tmpdir_userns="$output" 74 75 # And now we should once again have a pause process 76 _check_pause_process 77 78 # and all podmans, with & without --tmpdir, should use the same ns 79 run_podman $getns 80 assert "$output" == "$tmpdir_userns" \ 81 "podman should use the same userns created using a tmpdir" 82 83 run_podman --tmpdir $PODMAN_TMPDIR/tmp2 $getns 84 assert "$output" == "$tmpdir_userns" \ 85 "podman with tmpdir2 should use the same userns created using a tmpdir" 86 } 87 88 # https://github.com/containers/podman/issues/16091 89 @test "rootless reexec with sig-proxy" { 90 skip_if_not_rootless "pause process is only used as rootless" 91 skip_if_remote "system migrate not supported via remote" 92 93 # Use podman system migrate to stop the currently running pause process 94 run_podman system migrate 95 96 # We're forced to use $PODMAN because run_podman cannot be backgrounded 97 # Also special logic to set a different argv0 to make sure the reexec still works: 98 # https://github.com/containers/podman/issues/22672 99 bash -c "exec -a argv0-podman $PODMAN run -i --name c_run $IMAGE sh -c '$SLEEPLOOP'" & 100 local kidpid=$! 101 102 _test_sigproxy c_run $kidpid 103 104 # our container exits 0 so podman should too 105 wait $kidpid || die "podman run exited $? instead of zero" 106 } 107 108 109 @test "rootless reexec with sig-proxy when rejoining userns from container" { 110 skip_if_not_rootless "pause process is only used as rootless" 111 skip_if_remote "unshare not supported via remote" 112 113 # System tests can execute in contexts without XDG; in those, we have to 114 # skip the pause-pid-file checks. 115 if [[ -z "$XDG_RUNTIME_DIR" ]]; then 116 skip "\$XDG_RUNTIME_DIR not defined" 117 fi 118 local pause_pid_file="$XDG_RUNTIME_DIR/libpod/tmp/pause.pid" 119 120 # First let's run a container in the background to keep the userns active 121 local cname1=c1_$(random_string) 122 run_podman run -d --name $cname1 $IMAGE top 123 124 run_podman unshare readlink /proc/self/ns/user 125 userns="$output" 126 127 # check for pause pid and then kill it 128 _check_pause_process 129 kill -9 $pause_pid 130 131 # Now again directly start podman run and make sure it can forward signals 132 # We're forced to use $PODMAN because run_podman cannot be backgrounded 133 local cname2=c2_$(random_string) 134 $PODMAN run -i --name $cname2 $IMAGE sh -c "$SLEEPLOOP" & 135 local kidpid=$! 136 137 _test_sigproxy $cname2 $kidpid 138 139 # our container exits 0 so podman should too 140 wait $kidpid || die "podman run exited $? instead of zero" 141 142 # Check that podman joined the same userns as it tries to use the one 143 # from the running podman process in the background. 144 run_podman unshare readlink /proc/self/ns/user 145 assert "$output" == "$userns" "userns before/after kill is the same" 146 147 run_podman rm -f -t0 $cname1 148 }