-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix handling of .containenv on tmpfs #18535
Conversation
test/system/030-run.bats
Outdated
run_podman run --rm $IMAGE --tmpfs=/run stat -c '%s' /run/.containerenv | ||
is "$output" "0" "file size of /run/.containerenv, --tmpfs mount" | ||
|
||
run_podman run --rm $IMAGE --tmpfs=/run --init stat -c '%s' /run/.containerenv | ||
is "$output" "0" "file size of /run/.containerenv, --tmpfs=/run --init mount" | ||
|
||
run_podman run --rm $IMAGE --read-only stat -c '%s' /run/.containerenv | ||
is "$output" "0" "file size of /run/.containerenv, --read-only" | ||
|
||
run_podman run --rm $IMAGE --systemd-always stat -c '%s' /run/.containerenv | ||
is "$output" "0" "file size of /run/.containerenv, --systemd-always" | ||
|
||
run_podman 1 run --rm $IMAGE -v ${PODMAN_TMPDIR}:/run:Z stat -c '%s' /run/.containerenv | ||
is "$output" "stat: can't stat '/run/.containerenv': No such file or directory" "do not create .containerenv on bind mounts" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
broken, wrong option order. Gimme 5 minutes though for a suggestion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Nonprivileged container: file exists, but must be empty
for opt in "" "--tmpfs=/run" "--tmpfs=/run --init" "--read-only" "--systemd=always"; do
run_podman run --rm $opt $IMAGE stat -c '%s' /run/.containerenv
is "$output" "0" "/run/.containerenv exists and is empty: podman run ${opt}"
done
run_podman 1 run --rm -v ${PODMAN_TMPDIR}:/run:Z $IMAGE stat -c '%s' /run/.containerenv
is "$output" "stat: can't stat '/run/.containerenv': No such file or directory" "do not create .containerenv on bind mounts"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
case m.Destination == "/run/.containerenv": | ||
hasRunContainerenv = true | ||
break | ||
case m.Destination == "/run" && m.Source != "tmpfs": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this check for type tmpfs? The source could be anything when tmpfs is used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was not addressed, please fix it!#
1f784d8
to
457bef5
Compare
LGTM. Swagger test has actually completed, long ago, even though (as of this writing) github still has it spinning. |
test/system/030-run.bats
Outdated
# Nonprivileged container: file exists, but must be empty | ||
run_podman run --rm $IMAGE stat -c '%s' /run/.containerenv | ||
is "$output" "0" "file size of /run/.containerenv, nonprivileged" | ||
|
||
|
||
# Nonprivileged container: file exists, but must be empty |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit, same comment twice and unnecessary newlines
Other than the nit, LGTM |
Nasty red marks in the tests are still chasing after you @rhatdan |
Fixes: containers#18531 Signed-off-by: Daniel J Walsh <[email protected]>
Fixes: #18531
Does this PR introduce a user-facing change?