diff options
Diffstat (limited to 'nixos/tests/podman.nix')
| -rw-r--r-- | nixos/tests/podman.nix | 79 |
1 files changed, 72 insertions, 7 deletions
diff --git a/nixos/tests/podman.nix b/nixos/tests/podman.nix index cd8c2b4308c..6184561e6dd 100644 --- a/nixos/tests/podman.nix +++ b/nixos/tests/podman.nix @@ -13,10 +13,23 @@ import ./make-test-python.nix ( { virtualisation.podman.enable = true; + # To test docker socket support + virtualisation.podman.dockerSocket.enable = true; + environment.systemPackages = [ + pkgs.docker-client + ]; + users.users.alice = { isNormalUser = true; home = "/home/alice"; description = "Alice Foobar"; + extraGroups = [ "podman" ]; + }; + + users.users.mallory = { + isNormalUser = true; + home = "/home/mallory"; + description = "Mallory Foobar"; }; }; @@ -26,17 +39,16 @@ import ./make-test-python.nix ( import shlex - def su_cmd(cmd): + def su_cmd(cmd, user = "alice"): cmd = shlex.quote(cmd) - return f"su alice -l -c {cmd}" + return f"su {user} -l -c {cmd}" podman.wait_for_unit("sockets.target") start_all() - with subtest("Run container as root with runc"): - podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") + podman.succeed("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg") podman.succeed( "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" ) @@ -45,7 +57,7 @@ import ./make-test-python.nix ( podman.succeed("podman rm sleeping") with subtest("Run container as root with crun"): - podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg") + podman.succeed("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg") podman.succeed( "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" ) @@ -53,8 +65,20 @@ import ./make-test-python.nix ( podman.succeed("podman stop sleeping") podman.succeed("podman rm sleeping") + with subtest("Run container as root with the default backend"): + podman.succeed("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg") + podman.succeed( + "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + ) + podman.succeed("podman ps | grep sleeping") + podman.succeed("podman stop sleeping") + podman.succeed("podman rm sleeping") + + # create systemd session for rootless + podman.succeed("loginctl enable-linger alice") + with subtest("Run container rootless with runc"): - podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) + podman.succeed(su_cmd("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg")) podman.succeed( su_cmd( "podman run --runtime=runc -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" @@ -65,7 +89,7 @@ import ./make-test-python.nix ( podman.succeed(su_cmd("podman rm sleeping")) with subtest("Run container rootless with crun"): - podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg")) + podman.succeed(su_cmd("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg")) podman.succeed( su_cmd( "podman run --runtime=crun -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" @@ -74,6 +98,47 @@ import ./make-test-python.nix ( podman.succeed(su_cmd("podman ps | grep sleeping")) podman.succeed(su_cmd("podman stop sleeping")) podman.succeed(su_cmd("podman rm sleeping")) + + with subtest("Run container rootless with the default backend"): + podman.succeed(su_cmd("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg")) + podman.succeed( + su_cmd( + "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + ) + ) + podman.succeed(su_cmd("podman ps | grep sleeping")) + podman.succeed(su_cmd("podman stop sleeping")) + podman.succeed(su_cmd("podman rm sleeping")) + + with subtest("Run container with init"): + podman.succeed( + "tar cvf busybox.tar -C ${pkgs.pkgsStatic.busybox} . && podman import busybox.tar busybox" + ) + pid = podman.succeed("podman run --rm busybox readlink /proc/self").strip() + assert pid == "1" + pid = podman.succeed("podman run --rm --init busybox readlink /proc/self").strip() + assert pid == "2" + + with subtest("A podman member can use the docker cli"): + podman.succeed(su_cmd("docker version")) + + with subtest("Run container via docker cli"): + podman.succeed("docker network create default") + podman.succeed("tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg") + podman.succeed( + "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10" + ) + podman.succeed("docker ps | grep sleeping") + podman.succeed("podman ps | grep sleeping") + podman.succeed("docker stop sleeping") + podman.succeed("docker rm sleeping") + podman.succeed("docker network rm default") + + with subtest("A podman non-member can not use the docker cli"): + podman.fail(su_cmd("docker version", user="mallory")) + + # TODO: add docker-compose test + ''; } ) |