Bump the GIT_VALIDATION_EPOCH in tests/validate/git-validation.sh to a
later commit.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #340
Approved by: rhatdan
buildah bud was not setting the mount label on the image
so SELinux in enforcing mode is blocking writing to the image
This patch also fixes a similar problem with the `buildah mount`
command
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #332
Approved by: TomSweeneyRedHat
Since we fall back to reading the credentials from $HOME/.docker/config
set by docker login when kpod login doesn't have the credentials
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #331
Approved by: rhatdan
Since containers can be created using other tools then buildah
we can not fail when they don't have buildah config.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #327
Approved by: nalind
buildah push and from now use the credentials stored in ${XDG_RUNTIME_DIR}/containers/auth.json by kpod login
if the auth file path is changed, buildah push and from can get the credentials from the custom auth file
using the --authfile flag
e.g buildah push --authfile /tmp/auths/myauths.json alpine docker://username/image
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #325
Approved by: rhatdan
buildah push supports manifest type conversion when pushing using the 'dir' transport
Manifest types include oci, v2s1, and v2s2
e.g buildah push --format v2s2 alpine dir:my-directory
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #321
Approved by: rhatdan
Adds support for converting manifest types when using the dir transport
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #321
Approved by: rhatdan
Add a test that makes sure that "buildah run" fails if it can't resolve
the name of the user for the container.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
* Use chroot() instead of trying to read the right file ourselves.
This should resolve#66.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Change our behavior when we're given USER with a numeric UID and no GID,
so that we no longer error out if the UID doesn't correspond to a known
user so that we can use that user's primary GID. Instead, use GID 0.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Add a test that makes sure we catch cases where we attempt to open a
file in the container's tree that's actually a symlink that points out
of the tree.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Drop fallbacks for resolving USER values that attempt to look up names
on the host, since that's never predictable.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
Switch fopenContainerFile from using Stat/Lstat after opening the file
to using openat() to walk the given path, resolving links to keep them
from escaping the container's root fs. This should resolve#66.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #313
Approved by: rhatdan
We don't need to mount the container for this test or add files to it,
and switching to a smaller base image that already includes a "hostname"
command means we don't need to run a package installer in the container.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #320
Approved by: nalind
Default to running integration tests using /var/tmp as scratch space,
since it's more likely to support proper SELinux labeling than /tmp,
which is more likely to be on a tmpfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #320
Approved by: nalind
