Compare commits

..

No commits in common. "c10s" and "c8-stream-3.0" have entirely different histories.

18 changed files with 207 additions and 651 deletions

1
.crun.metadata Normal file
View File

@ -0,0 +1 @@
c79a414d0b980611ba929a7526b7b4c30c2b3b1d SOURCES/crun-0.18.tar.gz

View File

@ -1 +0,0 @@
1

2
.gitignore vendored
View File

@ -1 +1 @@
/*.tar.* SOURCES/crun-0.18.tar.gz

View File

@ -1,130 +0,0 @@
---
# See the documentation for more information:
# https://packit.dev/docs/configuration/
downstream_package_name: crun
packages:
crun-fedora:
pkg_tool: fedpkg
specfile_path: rpm/crun.spec
crun-centos:
pkg_tool: centpkg
specfile_path: rpm/crun.spec
srpm_build_deps:
- git-archive-all
- make
actions:
# This action runs only on copr build jobs
create-archive:
- "git-archive-all -v --force-submodules rpm/crun-HEAD.tar.xz"
- bash -c "ls -1 rpm/crun-HEAD.tar.xz"
jobs:
- job: copr_build
trigger: pull_request
packages: [crun-fedora]
notifications: &copr_build_failure_notification
failure_comment:
message: "Ephemeral COPR build failed. @containers/packit-build please check."
targets:
- fedora-all-x86_64
- fedora-all-aarch64
- fedora-eln-x86_64
- fedora-eln-aarch64
- job: copr_build
trigger: pull_request
packages: [crun-centos]
notifications: *copr_build_failure_notification
targets:
- epel-9-x86_64
- epel-9-aarch64
- centos-stream-9-x86_64
- centos-stream-9-aarch64
- centos-stream-10-x86_64
- centos-stream-10-aarch64
# Run on commit to main branch
- job: copr_build
trigger: commit
notifications:
failure_comment:
message: "podman-next COPR build failed. @containers/packit-build please check."
branch: main
owner: rhcontainerbot
project: podman-next
# Podman system tests for Fedora and CentOS Stream
- job: tests
trigger: pull_request
packages: [crun-fedora]
notifications: &podman_system_test_fail_notification
failure_comment:
message: "podman system tests failed. @containers/packit-build please check."
targets:
- fedora-all-x86_64
- fedora-all-aarch64
identifier: podman_system_test_fedora
tmt_plan: "/plans/podman_system_test"
# Podman system tests for Fedora and CentOS Stream
- job: tests
trigger: pull_request
packages: [crun-centos]
notifications: *podman_system_test_fail_notification
targets:
- centos-stream-9-x86_64
- centos-stream-9-aarch64
# TODO: Enable cs10 tests after netavark has finished defaulting to
# nftables
#- centos-stream-10-x86_64
#- centos-stream-10-aarch64
identifier: podman_system_test_centos
tmt_plan: "/plans/podman_system_test"
# Podman system tests for RHEL
- job: tests
trigger: pull_request
packages: [crun-centos]
use_internal_tf: true
notifications: *podman_system_test_fail_notification
targets:
epel-9-x86_64:
distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly]
epel-9-aarch64:
distros: [RHEL-9.4.0-Nightly,RHEL-9-Nightly]
# TODO: Enable cs10 tests after netavark has finished defaulting to
# nftables
#centos-stream-10-x86_64:
# distros: [RHEL-10-Beta-Nightly]
#centos-stream-10-aarch64:
# distros: [RHEL-10-Beta-Nightly]
identifier: podman_system_test_internal
tmt_plan: "/plans/podman_system_test"
- job: propose_downstream
trigger: release
packages: [crun-fedora]
update_release: false
dist_git_branches:
- fedora-all
- job: propose_downstream
trigger: release
packages: [crun-centos]
update_release: false
dist_git_branches:
- c10s
- job: koji_build
trigger: commit
dist_git_branches:
- fedora-all
- job: bodhi_update
trigger: commit
dist_git_branches:
- fedora-branched # rawhide updates are created automatically

View File

@ -1,3 +0,0 @@
This repository is maintained by packit.
https://packit.dev/
The file was generated using packit 0.95.0.

View File

@ -0,0 +1,43 @@
From 320a7ec41342c95fd6bdc500cd207eb0ea5cda6a Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 19 Feb 2021 13:25:37 +0100
Subject: [PATCH] Revert "tests: build init always statically"
This reverts commit a0f322a49a10a014a447b505eda5923a8e6aff7c as it
causes issues on RHEL 8.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
Makefile.am | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e39dc3b..2b8e18b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,7 +14,7 @@ srpm: dist-gzip rpm/crun.spec
$(MAKE) -C $(WD) dist-gzip
rpmbuild -bs --define "_sourcedir $(WD)" --define "_specdir $(WD)" --define "_builddir $(WD)" --define "_srcrpmdir $(WD)" --define "_rpmdir $(WD)" --define "_buildrootdir $(WD)/.build" rpm/crun.spec
-CLEANFILES = crun.spec tests/init
+CLEANFILES = crun.spec
lib_LTLIBRARIES = libcrun.la
@@ -79,9 +79,9 @@ noinst_PROGRAMS = tests/init $(UNIT_TESTS)
TESTS_LDADD = libcrun_testing.a $(FOUND_LIBS)
-tests/init: tests/init.c
- $(CC) -static-libgcc --static -o $@ $<
-EXTRA_DIST += tests/init.c
+tests_init_LDADD =
+tests_init_LDFLAGS = -static-libgcc -all-static
+tests_init_SOURCES = tests/init.c $(UNIT_TESTS)
tests_tests_libcrun_utils_CFLAGS = -I $(abs_top_builddir)/libocispec/src -I $(abs_top_srcdir)/libocispec/src -I $(abs_top_builddir)/src -I $(abs_top_srcdir)/src
tests_tests_libcrun_utils_SOURCES = tests/tests_libcrun_utils.c
--
2.29.2

View File

@ -0,0 +1,30 @@
From ed485db1465d67f0215c27529c57a76a1daf5135 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 28 Feb 2022 11:05:18 +0100
Subject: [PATCH 1/2] spec: do not set inheritable capabilities
Closes: CVE-2022-27650
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit b847d146d496c9d7beba166fd595488e85488562)
---
src/libcrun/container.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/libcrun/container.c b/src/libcrun/container.c
index d3fb017..1e3f3e6 100644
--- a/src/libcrun/container.c
+++ b/src/libcrun/container.c
@@ -128,9 +128,6 @@ static char spec_file[] = "\
\"CAP_NET_BIND_SERVICE\"\n\
],\n\
\"inheritable\": [\n\
- \"CAP_AUDIT_WRITE\",\n\
- \"CAP_KILL\",\n\
- \"CAP_NET_BIND_SERVICE\"\n\
],\n\
\"permitted\": [\n\
\"CAP_AUDIT_WRITE\",\n\
--
2.35.1

View File

@ -0,0 +1,31 @@
From 21cb5a8c7bcc90c42743ffd15cd11a55bf66993d Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 28 Feb 2022 11:06:50 +0100
Subject: [PATCH 2/2] exec: --cap do not set inheritable capabilities
Closes: CVE-2022-27650
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
(cherry picked from commit 1aeeed2e4fdeffb4875c0d0b439915894594c8c6)
---
src/exec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/exec.c b/src/exec.c
index bf6c05f..8c9862d 100644
--- a/src/exec.c
+++ b/src/exec.c
@@ -250,8 +250,8 @@ crun_command_exec (struct crun_global_arguments *global_args, int argc, char **a
capabilities->effective = exec_options.cap;
capabilities->effective_len = exec_options.cap_size;
- capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size);
- capabilities->inheritable_len = exec_options.cap_size;
+ capabilities->inheritable = NULL;
+ capabilities->inheritable_len = 0;
capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size);
capabilities->bounding_len = exec_options.cap_size;
--
2.35.1

101
SPECS/crun.spec Normal file
View File

@ -0,0 +1,101 @@
Summary: OCI runtime written in C
Name: crun
Version: 0.18
Release: 3%{?dist}
Source0: https://github.com/containers/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
Patch0: 0001-revert-tests-build-init-always-statically.patch
Patch1: 0001-spec-do-not-set-inheritable-capabilities.patch
Patch2: 0002-exec-cap-do-not-set-inheritable-capabilities.patch
License: GPLv2+
URL: https://github.com/containers/crun
# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
ExclusiveArch: %{go_arches}
# We always run autogen.sh
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
BuildRequires: python3
BuildRequires: git
BuildRequires: libcap-devel
BuildRequires: systemd-devel
BuildRequires: yajl-devel
BuildRequires: libseccomp-devel
BuildRequires: libselinux-devel
BuildRequires: python3-libmount
BuildRequires: libtool
BuildRequires: go-md2man
Provides: oci-runtime = 2
%description
crun is a runtime for running OCI containers
%prep
%autosetup -Sgit -n %{name}-%{version}
%build
export CFLAGS="%{optflags} -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
./autogen.sh
%configure --disable-silent-rules
%make_build
%install
%make_install
rm -rf $RPM_BUILD_ROOT/usr/lib*
%files
%license COPYING
%{_bindir}/%{name}
%{_mandir}/man1/*
%changelog
* Tue Apr 05 2022 Jindrich Novy <jnovy@redhat.com> - 0.18-3
- fix CVE-2022-27650
- Related: #2061390
* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 0.18-2
- allow to build without glibc-static (thanks to Giuseppe Scrivano)
- Related: #1883490
* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 0.18-1
- update to https://github.com/containers/crun/releases/tag/0.18
- Related: #1883490
* Fri Jan 22 2021 Jindrich Novy <jnovy@redhat.com> - 0.17-1
- update to https://github.com/containers/crun/releases/tag/0.17
- Related: #1883490
* Thu Dec 03 2020 Jindrich Novy <jnovy@redhat.com> - 0.16-2
- exclude i686 because of build failures
- Related: #1883490
* Wed Nov 25 2020 Jindrich Novy <jnovy@redhat.com> - 0.16-1
- update to https://github.com/containers/crun/releases/tag/0.16
- Related: #1883490
* Wed Nov 04 2020 Jindrich Novy <jnovy@redhat.com> - 0.15.1-1
- update to https://github.com/containers/crun/releases/tag/0.15.1
- Related: #1883490
* Thu Oct 29 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-2
- synchronize with stream-container-tools-rhel8
- Related: #1883490
* Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 0.15-1
- synchronize with stream-container-tools-rhel8
- Related: #1883490
* Tue Aug 11 2020 Jindrich Novy <jnovy@redhat.com> - 0.14.1-2
- use proper CFLAGS
- Related: #1821193
* Wed Jul 08 2020 Jindrich Novy <jnovy@redhat.com> - 0.14.1-1
- update to https://github.com/containers/crun/releases/tag/v0.14.1
- Related: #1821193
* Thu Jul 02 2020 Jindrich Novy <jnovy@redhat.com> - 0.14-1
- update to https://github.com/containers/crun/releases/tag/v0.14
- Related: #1821193
* Tue Jun 16 2020 Giuseppe Scrivano <gscrivan@redhat.com> - 0.13-1
- initial import

153
crun.spec
View File

@ -1,153 +0,0 @@
%global krun_opts %{nil}
%global wasmedge_opts %{nil}
%global yajl_opts %{nil}
%if %{defined copr_username}
%define copr_build 1
%endif
# krun and wasm support only on aarch64 and x86_64
%ifarch aarch64 || x86_64
# Disable wasmedge on rhel 10 until EPEL10 is in place, otherwise it causes
# build issues on copr
%if %{defined fedora} || (%{defined copr_build} && %{defined rhel} && 0%{?rhel} < 10)
%global wasm_support 1
%global wasmedge_support 1
%global wasmedge_opts --with-wasmedge
%endif
# krun only exists on fedora
%if %{defined fedora}
%global krun_support 1
%global krun_opts --with-libkrun
%endif
%endif
%if %{defined fedora} || (%{defined rhel} && 0%{?rhel} < 10)
%global system_yajl 1
%else
%global yajl_opts --enable-embedded-yajl
%endif
Summary: OCI runtime written in C
Name: crun
%if %{defined copr_build}
Epoch: 102
%endif
# DO NOT TOUCH the Version string!
# The TRUE source of this specfile is:
# https://github.com/containers/crun/blob/main/rpm/crun.spec
# If that's what you're reading, Version must be 0, and will be updated by Packit for
# copr and koji builds.
# If you're reading this on dist-git, the version is automatically filled in by Packit.
Version: 1.19.1
Release: 1%{?dist}
URL: https://github.com/containers/%{name}
Source0: %{url}/releases/download/%{version}/%{name}-%{version}.tar.zst
License: GPL-2.0-only
%if %{defined golang_arches_future}
ExclusiveArch: %{golang_arches_future}
%else
ExclusiveArch: aarch64 ppc64le riscv64 s390x x86_64
%endif
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc
BuildRequires: git-core
BuildRequires: gperf
BuildRequires: libcap-devel
%if %{defined krun_support}
BuildRequires: libkrun-devel
%endif
BuildRequires: systemd-devel
%if %{defined system_yajl}
BuildRequires: yajl-devel
%endif
BuildRequires: libseccomp-devel
BuildRequires: python3-libmount
BuildRequires: libtool
BuildRequires: protobuf-c-devel
%ifnarch riscv64
BuildRequires: criu-devel >= 3.17.1-2
Recommends: criu >= 3.17.1
Recommends: criu-libs
%endif
%if %{defined wasmedge_support}
BuildRequires: wasmedge-devel
%endif
BuildRequires: python
Provides: oci-runtime
%description
%{name} is a OCI runtime
%if %{defined krun_support}
%package krun
Summary: %{name} with libkrun support
Requires: libkrun
Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
Provides: krun = %{?epoch:%{epoch}:}%{version}-%{release}
%description krun
krun is a symlink to the %{name} binary, with libkrun as an additional dependency.
%endif
%if %{defined wasm_support}
%package wasm
Summary: %{name} with wasm support
Requires: %{name} = %{?epoch:%{epoch}:}%{version}-%{release}
# wasm packages are not present on RHEL yet and are currently a PITA to test
# Best to only include wasmedge as weak dep on rhel
%if %{defined fedora}
Requires: wasm-library
%endif
Recommends: wasmedge
%description wasm
%{name}-wasm is a symlink to the %{name} binary, with wasm as an additional dependency.
%endif
%prep
%autosetup -Sgit -n %{name}-%{version}
%build
./autogen.sh
./configure --disable-silent-rules %{krun_opts} %{wasmedge_opts} %{yajl_opts}
%make_build
%install
%make_install prefix=%{_prefix}
rm -rf %{buildroot}%{_prefix}/lib*
%files
%license COPYING
%{_bindir}/%{name}
%{_mandir}/man1/%{name}.1.gz
%if %{defined krun_support}
%files krun
%license COPYING
%{_bindir}/krun
%{_mandir}/man1/krun.1.gz
%endif
%if %{defined wasm_support}
%files wasm
%license COPYING
%{_bindir}/%{name}-wasm
%endif
%changelog
* Thu Jan 02 2025 Jindrich Novy <jnovy@redhat.com> - 1.19.1-1
- update to https://github.com/containers/crun/releases/tag/1.19.1
- Related: RHEL-58990
* Mon Dec 09 2024 Jindrich Novy <jnovy@redhat.com> - 1.19-1
- update to https://github.com/containers/crun/releases/tag/1.19
- Related: RHEL-58990
* Mon Nov 25 2024 Jindrich Novy <jnovy@redhat.com> - 1.18.2-1
- update to https://github.com/containers/crun/releases/tag/1.18.2
- Related: RHEL-58992

View File

@ -1,15 +0,0 @@
--- !Policy
product_versions:
- fedora-*
decision_context:
- bodhi_update_push_stable
- bodhi_update_push_testing
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

View File

@ -1,40 +0,0 @@
discover:
how: fmf
execute:
how: tmt
adjust:
- when: initiator == packit
because: "We need to test with updated packages from rhcontainerbot/podman-next copr"
prepare+:
how: shell
script: |
sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo
dnf -y upgrade --allowerasing
# FIXME: Use epel10 once bats is available there
- when: distro == centos-stream-10 or distro == rhel-10
because: "bats isn't yet available on epel10"
prepare+:
how: install
copr: rhcontainerbot/bats-el10
package: bats
- when: distro == centos-stream-9 or distro == rhel-9
because: "bats is present on EPEL on rhel9 / c9s"
prepare+:
how: feature
epel: enabled
/upstream:
summary: Run crun specific Podman system tests on upstream PRs
discover+:
filter: tag:upstream
adjust+:
- enabled: false
when: initiator is not defined or initiator != packit
/downstream:
summary: Run crun specific Podman system tests on bodhi / errata and dist-git PRs
discover+:
filter: tag:downstream
adjust+:
- enabled: false
when: initiator == packit

View File

@ -1 +0,0 @@
SHA512 (crun-1.19.1.tar.zst) = 4122b6474a1da4c17d781e0ccf2f97a89cbddd4bfca1bca55b4cb15b11bef03f9101b00a921dc6dbcac43be3661a64d61bb7ddfd750672b5bf85561df13cc7a8

View File

@ -1,15 +0,0 @@
require:
- bats
- conmon
- crun
- make
- podman-tests
adjust:
duration: 10m
when: arch == aarch64
/system_test:
tag: [ upstream, downstream ]
summary: Run crun specific Podman tests
test: bash ./system-test.sh

View File

@ -1,16 +0,0 @@
#!/usr/bin/env bash
set -exo pipefail
if [[ "$(id -u)" -ne 0 ]];then
echo "Please run this script as superuser"
exit 1
fi
cat /etc/redhat-release
rpm -q conmon containers-common crun podman podman-tests
# Run crun specific podman tests
bats -t /usr/share/podman/test/system/030-run.bats
bats -t /usr/share/podman/test/system/075-exec.bats
bats -t /usr/share/podman/test/system/280-update.bats

View File

@ -1,180 +0,0 @@
{
"ociVersion": "1.0.0",
"process": {
"terminal": false,
"user": {
"uid": 0,
"gid": 0
},
"args": [
"sleep", "10"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": "/",
"capabilities": {
"bounding": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"effective": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"inheritable": [
],
"permitted": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"ambient": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
]
},
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"noNewPrivileges": true
},
"root": {
"path": "rootfs",
"readonly": true
},
"hostname": "crun",
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
}
],
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "pid"
},
{
"type": "network"
},
{
"type": "ipc"
},
{
"type": "uts"
},
{
"type": "cgroup"
},
{
"type": "mount"
}
],
"maskedPaths": [
"/proc/acpi",
"/proc/asound",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/sys/firmware",
"/proc/scsi"
],
"readonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
}
}

View File

@ -1,5 +0,0 @@
require: [crun, podman]
summary: Sanity test for crun
tag: ['upstream', 'downstream']
test: bash ./runtest.sh
duration: 10m

View File

@ -1,91 +0,0 @@
#!/usr/bin/env bash
set -exo pipefail
TEMPDIR=$(mktemp -d)
TESTIMG="quay.io/libpod/busybox"
CNAME="mycont-$RANDOM"
cat /etc/redhat-release
uname -r
rpm -q crun criu
crun --version
[ $? -ne 0 ] && exit 1
crun features
[ $? -ne 0 ] && exit 1
crun list
[ $? -ne 0 ] && exit 1
# create the top most bundle and rootfs directory
mkdir -p $TEMPDIR/rootfs
# export busybox via podman into the rootfs directory
podman export $(podman create $TESTIMG) | tar -C $TEMPDIR/rootfs -xvf -
[ $? -ne 0 ] && exit 1
# use existing spec
cp ./config.json $TEMPDIR
ls $TEMPDIR
cd $TEMPDIR
crun create $CNAME
[ $? -ne 0 ] && exit 1
crun list
[ $? -ne 0 ] && exit 1
crun start $CNAME
[ $? -ne 0 ] && exit 1
crun list
[ $? -ne 0 ] && exit 1
crun state $CNAME
[ $? -ne 0 ] && exit 1
crun ps $CNAME
[ $? -ne 0 ] && exit 1
ret=$(crun exec $CNAME pwd)
[ $? -ne 0 ] || [ $ret != '/' ] && exit 1
crun pause $CNAME
[ $? -ne 0 ] && exit 1
crun state $CNAME
[ $? -ne 0 ] && exit 1
crun resume $CNAME
[ $? -ne 0 ] && exit 1
crun state $CNAME
[ $? -ne 0 ] && exit 1
ret=$(crun exec $CNAME pwd)
[ $? -ne 0 ] || [ $ret != '/' ] && exit 1
crun delete --force $CNAME
[ $? -ne 0 ] && exit 1
crun list
[ $? -ne 0 ] && exit 1
crun run $CNAME &
[ $? -ne 0 ] && exit 1
crun list
[ $? -ne 0 ] && exit 1
# make sure the container is running state
sleep 2
ret=$(crun exec $CNAME echo 'ok')
[ $? -ne 0 ] || [ $ret != 'ok' ] && exit 1
crun kill $CNAME
[ $? -ne 0 ] && exit 1
exit 0