System test additions

libpod/container_internal_linux.go

@@ -1717,11 +1717,35 @@ func (c *Container) generateCurrentUserPasswdEntry() (string, int, int, error) {
 	// If the user's actual home directory exists, or was mounted in - use
 	// that.
 	homeDir := c.WorkingDir()
-	if MountExists(c.config.Spec.Mounts, u.HomeDir) {
-		homeDir = u.HomeDir
+	hDir := u.HomeDir
+	for hDir != "/" {
+		if MountExists(c.config.Spec.Mounts, hDir) {
+			homeDir = u.HomeDir
+			break
+		}
+		hDir = filepath.Dir(hDir)
+	}
+	if homeDir != u.HomeDir {
+		for _, hDir := range c.UserVolumes() {
+			if hDir == u.HomeDir {
+				homeDir = u.HomeDir
+				break
+			}
+		}
+	}
+	// Set HOME environment if not already set
+	hasHomeSet := false
+	for _, s := range c.config.Spec.Process.Env {
+		if strings.HasPrefix(s, "HOME=") {
+			hasHomeSet = true
+			break
+		}
+	}
+	if !hasHomeSet {
+		c.config.Spec.Process.Env = append(c.config.Spec.Process.Env, fmt.Sprintf("HOME=%s", homeDir))
 	}
 
-	return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Username, homeDir), uid, rootless.GetRootlessGID(), nil
+	return fmt.Sprintf("%s:*:%s:%s:%s:%s:/bin/sh\n", u.Username, u.Uid, u.Gid, u.Name, homeDir), uid, rootless.GetRootlessGID(), nil
 }
 
 // generateUserPasswdEntry generates an /etc/passwd entry for the container user

test/e2e/toolbox_test.go

@@ -365,4 +365,16 @@ var _ = Describe("Toolbox-specific testing", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.OutputToString()).To(ContainSubstring("READY"))
 	})
+
+	It("podman run --userns=keep-id check $HOME", func() {
+		var session *PodmanSessionIntegration
+
+		currentUser, err := user.Current()
+		Expect(err).To(BeNil())
+		session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
+	})
+
 })

test/system/030-run.bats

@@ -303,8 +303,36 @@ echo $rand        |   0 | $rand
 
     # This would always work on root, but is new behavior on rootless: #6829
     # adds a user entry to /etc/passwd
+    whoami=$(id -un)
     run_podman run --rm --userns=keep-id $IMAGE id -un
-    is "$output" "$(id -un)" "username on container with keep-id"
+    is "$output" "$whoami" "username on container with keep-id"
+
+    # Setting user should also set $HOME (#8013).
+    # Test setup below runs three cases: one with an existing home dir
+    # and two without (one without any volume mounts, one with a misspelled
+    # username). In every case, initial cwd should be /home/podman because
+    # that's the container-defined WORKDIR. In the case of an existing
+    # home dir, $HOME and ~ (passwd entry) will be /home/user; otherwise
+    # they should be /home/podman.
+    if is_rootless; then
+        tests="
+                |  /home/podman /home/podman /home/podman    | no vol mount
+/home/x$whoami  |  /home/podman /home/podman /home/podman    | bad vol mount
+/home/$whoami   |  /home/podman /home/$whoami /home/$whoami  | vol mount
+"
+        while read vol expect name; do
+            opts=
+            if [[ "$vol" != "''" ]]; then
+                opts="-v $vol"
+            fi
+            run_podman run --rm $opts --userns=keep-id \
+                   $IMAGE sh -c 'echo $(pwd;printenv HOME;echo ~)'
+            is "$output" "$expect" "run with --userns=keep-id and $name sets \$HOME"
+        done < <(parse_table "$tests")
+
+        # Clean up volumes
+        run_podman volume rm -a
+    fi
 
     # --privileged should make no difference
     run_podman run --rm --privileged --userns=keep-id $IMAGE id -un

test/system/070-build.bats

@@ -224,6 +224,12 @@ EOF
     # Confirm that 'podman inspect' shows the expected values
     # FIXME: can we rely on .Env[0] being PATH, and the rest being in order??
     run_podman image inspect build_test
+
+    # (Assert that output is formatted, not a one-line blob: #8011)
+    if [[ "${#lines[*]}" -lt 10 ]]; then
+        die "Output from 'image inspect' is only ${#lines[*]} lines; see #8011"
+    fi
+
     tests="
 Env[1]             | MYENV1=$s_env1
 Env[2]             | MYENV2=this-should-be-overridden-by-env-host

test/system/160-volumes.bats

@@ -213,6 +213,12 @@ EOF
         run_podman volume create $vol
     done
 
+    # (Assert that output is formatted, not a one-line blob: #8011)
+    run_podman volume inspect ${v[1]}
+    if [[ "${#lines[*]}" -lt 10 ]]; then
+        die "Output from 'volume inspect' is only ${#lines[*]} lines; see #8011"
+    fi
+
     # Run two containers: one mounting v1, one mounting v2 & v3
     run_podman run --name c1 --volume ${v[1]}:/vol1 $IMAGE date
     run_podman run --name c2 --volume ${v[2]}:/vol2 -v ${v[3]}:/vol3 \

test/system/200-pod.bats

@@ -66,6 +66,12 @@ function teardown() {
     run_podman pod exists $podname
     run_podman pod exists $podid
 
+    # (Assert that output is formatted, not a one-line blob: #8021)
+    run_podman pod inspect $podname
+    if [[ "${#lines[*]}" -lt 10 ]]; then
+        die "Output from 'pod inspect' is only ${#lines[*]} lines; see #8011"
+    fi
+
     # Randomly-assigned port in the 5xxx range
     for port in $(shuf -i 5000-5999);do
         if ! { exec 3<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then

test/system/260-sdnotify.bats

@@ -12,8 +12,6 @@ _SOCAT_LOG=
 function setup() {
     skip_if_remote "systemd tests are meaningless over remote"
 
-    skip "FIXME FIXME FIXME, is this what's causing the CI hang???"
-
     # Skip if systemd is not running
     systemctl list-units &>/dev/null || skip "systemd not available"
 

test/system/420-cgroups.bats

@@ -0,0 +1,34 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# cgroups-related tests
+#
+
+load helpers
+
+@test "podman run, preserves initial --cgroup-manager" {
+    skip_if_remote "podman-remote does not support --cgroup-manager"
+
+    if is_rootless && is_cgroupsv1; then
+        skip "not supported as rootless under cgroups v1"
+    fi
+
+    # Find out our default cgroup manager, and from that, get the non-default
+    run_podman info --format '{{.Host.CgroupManager}}'
+    case "$output" in
+        systemd)  other="cgroupfs" ;;
+        cgroupfs) other="systemd"  ;;
+        *)        die "Unknown CgroupManager '$output'" ;;
+    esac
+
+    run_podman --cgroup-manager=$other run --name myc $IMAGE true
+    run_podman container inspect --format '{{.HostConfig.CgroupManager}}' myc
+    is "$output" "$other" "podman preserved .HostConfig.CgroupManager"
+
+    # Restart the container, without --cgroup-manager option (ie use default)
+    # Prior to #7970, this would fail with an OCI runtime error
+    run_podman start myc
+
+    run_podman rm myc
+}
+
+# vim: filetype=sh

test/system/500-networking.bats

@@ -90,7 +90,12 @@ load helpers
     run_podman network create --subnet "${mysubnet}.0/24" $mynetname
     is "$output" ".*/cni/net.d/$mynetname.conflist" "output of 'network create'"
 
-    # WARNING: this pulls a ~100MB image from quay.io, hence is slow/flaky
+    # (Assert that output is formatted, not a one-line blob: #8011)
+    run_podman network inspect $mynetname
+    if [[ "${#lines[*]}" -lt 5 ]]; then
+        die "Output from 'pod inspect' is only ${#lines[*]} lines; see #8011"
+    fi
+
     run_podman run --rm --network $mynetname $IMAGE ip a
     is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \
        "sdfsdf"

test/system/helpers.bash

@@ -247,7 +247,7 @@ function is_cgroupsv1() {
 
 function is_cgroupsv2() {
     cgroup_type=$(stat -f -c %T /sys/fs/cgroup)
-    test "$cgroup_type" = "cgroupfs"
+    test "$cgroup_type" = "cgroup2fs"
 }
 
 ###########################