github.com/containers/podman/v5@v5.1.0-rc1/test/system/800-config.bats (about) 1 #!/usr/bin/env bats -*- bats -*- 2 # 3 # Test specific configuration options and overrides 4 # 5 6 load helpers 7 8 @test "podman CONTAINERS_CONF - CONTAINERS_CONF in conmon" { 9 skip_if_remote "can't check conmon environment over remote" 10 11 # Get the normal runtime for this host 12 run_podman info --format '{{ .Host.OCIRuntime.Name }}' 13 runtime="$output" 14 run_podman info --format "{{ .Host.OCIRuntime.Path }}" 15 ocipath="$output" 16 run_podman info --format '{{ .Host.DatabaseBackend }}' 17 db_backend="$output" 18 19 # Make an innocuous containers.conf in a non-standard location 20 conf_tmp="$PODMAN_TMPDIR/containers.conf" 21 cat >$conf_tmp <<EOF 22 [engine] 23 runtime="$runtime" 24 database_backend="$db_backend" 25 [engine.runtimes] 26 $runtime = ["$ocipath"] 27 EOF 28 CONTAINERS_CONF="$conf_tmp" run_podman run -d $IMAGE sleep infinity 29 cid="$output" 30 31 CONTAINERS_CONF="$conf_tmp" run_podman inspect "$cid" --format "{{ .State.ConmonPid }}" 32 conmon="$output" 33 34 output="$(tr '\0' '\n' < /proc/$conmon/environ | grep '^CONTAINERS_CONF=')" 35 is "$output" "CONTAINERS_CONF=$conf_tmp" 36 37 # Clean up 38 # Oddly, sleep can't be interrupted with SIGTERM, so we need the 39 # "-f -t 0" to force a SIGKILL 40 CONTAINERS_CONF="$conf_tmp" run_podman rm -f -t 0 "$cid" 41 } 42 43 @test "podman CONTAINERS_CONF - override runtime name" { 44 skip_if_remote "Can't set CONTAINERS_CONF over remote" 45 46 # Get the path of the normal runtime 47 run_podman info --format "{{ .Host.OCIRuntime.Path }}" 48 ocipath="$output" 49 run_podman info --format '{{ .Host.DatabaseBackend }}' 50 db_backend="$output" 51 52 export conf_tmp="$PODMAN_TMPDIR/nonstandard_runtime_name.conf" 53 cat > $conf_tmp <<EOF 54 [engine] 55 runtime = "nonstandard_runtime_name" 56 database_backend="$db_backend" 57 [engine.runtimes] 58 nonstandard_runtime_name = ["$ocipath"] 59 EOF 60 61 CONTAINERS_CONF="$conf_tmp" run_podman run -d --rm $IMAGE true 62 cid="$output" 63 64 # We need to wait for the container to finish before we can check 65 # if it was cleaned up properly. But in the common case that the 66 # container completes fast, and the cleanup *did* happen properly 67 # the container is now gone. So, we need to ignore "no such 68 # container" errors from podman wait. 69 CONTAINERS_CONF="$conf_tmp" run_podman '?' wait "$cid" 70 if [[ $status != 0 ]]; then 71 is "$output" "Error:.*no such container" "unexpected error from podman wait" 72 fi 73 74 # The --rm option means the container should no longer exist. 75 # However https://github.com/containers/podman/issues/12917 meant 76 # that the container cleanup triggered by conmon's --exit-cmd 77 # could fail, leaving the container in place. 78 # 79 # We verify that the container is indeed gone, by checking that a 80 # podman rm *fails* here - and it has the side effect of cleaning 81 # up in the case this test fails. 82 CONTAINERS_CONF="$conf_tmp" run_podman 1 rm "$cid" 83 is "$output" "Error:.*no such container" 84 } 85 86 @test "podman --module - absolute path" { 87 skip_if_remote "--module is not supported for remote clients" 88 89 random_data="expected_annotation_$(random_string 15)" 90 conf_tmp="$PODMAN_TMPDIR/test.conf" 91 cat > $conf_tmp <<EOF 92 [containers] 93 annotations=['module=$random_data'] 94 EOF 95 96 run_podman 125 create --module=$conf_tmp -q $IMAGE 97 is "$output" "Error: unknown flag: --module 98 See 'podman create --help'" "--module must be specified before the command" 99 100 run_podman --module=$conf_tmp create -q $IMAGE 101 cid="$output" 102 run_podman container inspect $cid --format '{{index .Config.Annotations "module"}}' 103 is "$output" "$random_data" "container annotation should include the one from the --module" 104 105 run_podman rm -f $cid 106 107 # Nonexistent module path with comma 108 nonesuch=${PODMAN_TMPDIR}/nonexistent,withcomma 109 run_podman 1 --module=$nonesuch sdfsdfdsf 110 is "$output" "Failed to obtain podman configuration: could not resolve module \"$nonesuch\": faccessat $nonesuch: no such file or directory" \ 111 "--module=ENOENT" 112 } 113 114 @test "podman --module - append arrays" { 115 skip_if_remote "--module is not supported for remote clients" 116 117 random_data="expected_annotation_$(random_string 15)" 118 conf1_tmp="$PODMAN_TMPDIR/test1.conf" 119 conf2_tmp="$PODMAN_TMPDIR/test2.conf" 120 conf2_off_tmp="$PODMAN_TMPDIR/test2_off.conf" 121 cat > $conf1_tmp <<EOF 122 [containers] 123 env=["A=CONF1",{append=true}] 124 EOF 125 cat > $conf2_tmp <<EOF 126 [containers] 127 env=["B=CONF2"] 128 EOF 129 130 cat > $conf2_off_tmp <<EOF 131 [containers] 132 env=["B=CONF2_OFF",{append=false}] 133 EOF 134 135 # Once append is set, all subsequent loads (and the current) will be appended. 136 run_podman --module=$conf1_tmp --module=$conf2_tmp run --rm $IMAGE printenv A B 137 assert "$output" = "CONF1 138 CONF2" 139 140 # When explicitly turned off, values are replaced/overridden again. 141 run_podman 1 --module=$conf1_tmp --module=$conf2_off_tmp run --rm $IMAGE printenv A B 142 assert "$output" = "CONF2_OFF" 143 } 144 145 @test "podman --module - XDG_CONFIG_HOME" { 146 skip_if_remote "--module is not supported for remote clients" 147 skip_if_not_rootless "loading a module from XDG_CONFIG_HOME requires rootless" 148 149 fake_home="$PODMAN_TMPDIR/home/.config" 150 fake_modules_dir="$fake_home/containers/containers.conf.modules" 151 mkdir -p $fake_modules_dir 152 153 random_data="expected_annotation_$(random_string 15)" 154 module_name="test.conf" 155 conf_tmp="$fake_modules_dir/$module_name" 156 cat > $conf_tmp <<EOF 157 [containers] 158 annotations=['module=$random_data'] 159 EOF 160 161 # Test loading a relative path (test.conf) as a module. This should find 162 # the one in the fake XDG_CONFIG_HOME. We cannot override /etc or 163 # /usr/share in the tests here, so for those paths we need to rely on the 164 # unit tests in containers/common/pkg/config and manual QE. 165 XDG_CONFIG_HOME=$fake_home run_podman --module $module_name run -d -q $IMAGE sleep infinity 166 cid="$output" 167 run_podman container inspect $cid --format '{{index .Config.Annotations "module"}}' 168 is "$output" "$random_data" "container annotation should include the one from the --module" 169 170 # Now make sure that conmon's exit-command points to the _absolute path_ of 171 # the module. 172 run_podman container inspect $cid --format "{{ .State.ConmonPid }}" 173 conmon_pid="$output" 174 is "$(< /proc/$conmon_pid/cmdline)" ".*--exit-command-arg--module--exit-command-arg$conf_tmp.*" "conmon's exit-command uses the module" 175 run_podman rm -f -t0 $cid 176 177 # Corrupt module file 178 cat > $conf_tmp <<EOF 179 [containers] 180 sdf= 181 EOF 182 XDG_CONFIG_HOME=$fake_home run_podman 1 --module $module_name 183 is "$output" "Failed to obtain podman configuration: reading additional config \"$conf_tmp\": decode configuration $conf_tmp: toml: line 3 (last key \"containers.sdf\"): expected value but found '\n' instead" \ 184 "Corrupt module file" 185 186 # Nonexistent module name 187 nonesuch=assume-this-does-not-exist-$(random_string) 188 XDG_CONFIG_HOME=$fake_home run_podman 1 --module=$nonesuch invalid-command 189 expect="Failed to obtain podman configuration: could not resolve module \"$nonesuch\": 3 errors occurred:" 190 for dir in $fake_home /etc /usr/share;do 191 expect+=$'\n\t'"* faccessat $dir/containers/containers.conf.modules/$nonesuch: no such file or directory" 192 done 193 is "$output" "$expect" "--module=ENOENT : error message" 194 } 195 196 # Too hard to test in 600-completion.bats because of the remote/rootless check 197 @test "podman --module - command-line completion" { 198 skip_if_remote "--module is not supported for remote clients" 199 skip_if_not_rootless "loading a module from XDG_CONFIG_HOME requires rootless" 200 201 fake_home="$PODMAN_TMPDIR/home/.config" 202 fake_modules_dir="$fake_home/containers/containers.conf.modules" 203 mkdir -p $fake_modules_dir 204 205 m1=m1odule_$(random_string) 206 m2=m2$(random_string) 207 208 touch $fake_modules_dir/{$m2,$m1} 209 XDG_CONFIG_HOME=$fake_home run_podman __completeNoDesc --module "" 210 # Even if there are modules in /etc or elsewhere, these will be first 211 assert "${lines[0]}" = "$m1" "completion finds module 1" 212 assert "${lines[1]}" = "$m2" "completion finds module 2" 213 } 214 215 @test "podman --module - supported fields" { 216 skip_if_remote "--module is not supported for remote clients" 217 218 conf_tmp="$PODMAN_TMPDIR/test.conf" 219 cat > $conf_tmp <<EOF 220 [containers] 221 env_host=true 222 privileged=true 223 EOF 224 225 random_env_var="expected_env_var_$(random_string 15)" 226 FOO="$random_env_var" run_podman --module=$conf_tmp run -d --name=$cname $IMAGE top 227 cname="$output" 228 229 # Make sure `env_host` is read 230 run_podman container inspect $cname --format "{{.Config.Env}}" 231 assert "$output" =~ "FOO=$random_env_var" "--module should yield injecting host env vars into the container" 232 233 # Make sure `privileged` is read during container creation 234 run_podman container inspect $cname --format "{{.HostConfig.Privileged}}" 235 assert "$output" = "true" "--module should enable a privileged container" 236 237 run_podman rm -f -t0 $cname 238 239 # Make sure `privileged` is read during exec, which requires running a 240 # non-privileged container. 241 run_podman run -d $IMAGE top 242 cname="$output" 243 244 run_podman container exec $cname grep CapBnd /proc/self/status 245 non_privileged_caps="$output" 246 run_podman --module=$conf_tmp container exec $cname grep CapBnd /proc/self/status 247 assert "$output" != "$non_privileged_caps" "--module should enable a privileged exec session" 248 249 run_podman rm -f -t0 $cname 250 } 251 252 @test "podman push CONTAINERS_CONF" { 253 skip_if_remote "containers.conf does not effect client side of --remote" 254 255 CONTAINERS_CONF=/dev/null run_podman push --help 256 assert "$output" =~ "--compression-format string.*compression format to use \(default \"gzip\"\)" "containers.conf should set default to gzip" 257 assert "$output" !~ "compression level to use \(default" "containers.conf should not set default compressionlevel" 258 259 conf_tmp="$PODMAN_TMPDIR/containers.conf" 260 cat >$conf_tmp <<EOF 261 [engine] 262 compression_format="zstd:chunked" 263 compression_level=1 264 EOF 265 CONTAINERS_CONF="$conf_tmp" run_podman push --help 266 assert "$output" =~ "--compression-format string.*compression format to use \(default \"zstd:chunked\"\)" "containers.conf should set default to zstd:chunked" 267 assert "$output" =~ "--compression-level int.*compression level to use \(default 1\)" "containers.conf should set default compressionlevel to 1" 268 } 269 270 # vim: filetype=sh