Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance priv. dev. check #11164

Merged
merged 3 commits into from
Aug 11, 2021
Merged

Enhance priv. dev. check #11164

merged 3 commits into from
Aug 11, 2021

Conversation

cevich
Copy link
Member

@cevich cevich commented Aug 9, 2021

Update test to confirm the negative-case, proving the --privileged
"option is required" case.

This was referenced Aug 9, 2021
Merged
Merged
@cevich cevich force-pushed the enhance_priv_dev_test branch from 2912396 to 3038339 Compare August 9, 2021 14:53
@rhatdan
Copy link
Member

rhatdan commented Aug 9, 2021

/approve
LGTM

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 9, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cevich, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 9, 2021
@mheon
Copy link
Member

mheon commented Aug 9, 2021

LGTM, but tests are red

@cevich cevich force-pushed the enhance_priv_dev_test branch from 3038339 to 85807bf Compare August 9, 2021 20:09
@TomSweeneyRedHat
Copy link
Member

LGTM

@edsantiago
Copy link
Member

Looks like we have a new flake:

not ok 189 podman auto-update - label io.containers.autoupdate=local with rollback
...
# podman auto-update --format {{.Unit}},{{.Image}},{{.Updated}},{{.Policy}}
container-c_local_17QCdwBiM5.service,quay.io/libpod/test:latest,failed,local
Error: restarting unit with old image during fallback: auto-updating container "8e78effb8292795b4afc95b6722efb5a0848a53ed14050921706639519857b95": restarting systemd unit "container-c_local_17QCdwBiM5.service" failed: expected "done" but received "failed"
[ rc=125 (** EXPECTED 0 **) ]

@cevich cevich force-pushed the enhance_priv_dev_test branch from dd50646 to e70ebe9 Compare August 10, 2021 18:17
@cevich
Copy link
Member Author

cevich commented Aug 11, 2021

(IMHO) This PR is ready for merging if there are no further comments or discovered "woopsie".

edsantiago
edsantiago reviewed Aug 11, 2021
View reviewed changes
Copy link
Member

@edsantiago edsantiago left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It took me a long time to confirm all the changes, and some of the tests are IMO a little incomplete, but that's beyond the scope of this PR. Mostly LGTM aside from one misspelling.

test/e2e/run_device_test.go Outdated Show resolved Hide resolved
@cevich cevich force-pushed the enhance_priv_dev_test branch from e70ebe9 to be234be Compare August 11, 2021 17:06
cevich added 3 commits August 11, 2021 13:07
@cevich
Workaround host availability of /dev/kvm
cfbbc38 
This test has been failing for a long time but nobody noticed because CI
doesn't have the device node (nested-VM support was disabled).  After
having enabled nested VM support, tests fail due to some unknown
special-handling of this device.

Fix both problems by removing the `skip()` and switching to a more generic
device which is only present when `--privileged` is used.

Signed-off-by: Chris Evich <[email protected]>
@cevich
Enhance priv. dev. check
d0e3b3c 
Update test to confirm the negative-case, proving the `--privileged`
"option is required" for this character device to be present in a
container (including rootless).

Signed-off-by: Chris Evich <[email protected]>
@cevich
Fix device tests using ls test files
73a755e 
The `ls` command is not intended for this purpose and may behave in
unexpected ways, leading to false positive or negative results.  Update
the tests to use the purpose built `test` command instead.

Also added several *TODO* comments for possible future testing
enhancements.

Signed-off-by: Chris Evich <[email protected]>
@cevich cevich force-pushed the enhance_priv_dev_test branch from be234be to 73a755e Compare August 11, 2021 17:07
@edsantiago
Copy link
Member

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 11, 2021
@openshift-ci openshift-ci bot merged commit 7e5a9fd into containers:main Aug 11, 2021
@cevich cevich deleted the enhance_priv_dev_test branch April 18, 2023 14:43
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Aug 31, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@rhatdan rhatdan rhatdan left review comments

@edsantiago edsantiago edsantiago left review comments

Assignees

@edsantiago edsantiago

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cevich @rhatdan @mheon @TomSweeneyRedHat @edsantiago