diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-09-01 06:07:08 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-01 06:07:08 -0400 |
commit | 65036cc49dcfc1bbd032cf06bfce2b9e45243b90 (patch) | |
tree | f0a1f653a502eb5ab861f0acbffee2084d952a53 | |
parent | 138132e16357c1c6103e6ffa770398b663462736 (diff) | |
parent | 3875040f134de0aef01d4f360fe563f52ae7b441 (diff) | |
download | podman-65036cc49dcfc1bbd032cf06bfce2b9e45243b90.tar.gz podman-65036cc49dcfc1bbd032cf06bfce2b9e45243b90.tar.bz2 podman-65036cc49dcfc1bbd032cf06bfce2b9e45243b90.zip |
Merge pull request #7516 from mheon/handle_no_passwd_file
Ensure rootless containers without a passwd can start
-rw-r--r-- | libpod/container_internal_linux.go | 11 | ||||
-rw-r--r-- | test/e2e/run_passwd_test.go | 13 |
2 files changed, 24 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 31dbee572..c61c1a325 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -1584,6 +1584,17 @@ func (c *Container) generatePasswd() (string, error) { if _, err := os.Stat(passwdPath); err == nil { return passwdPath, nil } + // Check if container has a /etc/passwd - if it doesn't do nothing. + passwdPath, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/passwd") + if err != nil { + return "", errors.Wrapf(err, "error creating path to container %s /etc/passwd", c.ID()) + } + if _, err := os.Stat(passwdPath); err != nil { + if os.IsNotExist(err) { + return "", nil + } + return "", errors.Wrapf(err, "unable to access container %s /etc/passwd", c.ID()) + } pwd := "" if c.config.User != "" { entry, err := c.generateUserPasswdEntry() diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 8dea7d39b..c48876dee 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -58,4 +58,17 @@ var _ = Describe("Podman run passwd", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOutputContains("passwd")).To(BeTrue()) }) + + It("podman can run container without /etc/passwd", func() { + SkipIfRemote() + dockerfile := `FROM alpine +RUN rm -f /etc/passwd /etc/shadow /etc/group +USER 1000` + imgName := "testimg" + podmanTest.BuildImage(dockerfile, imgName, "false") + session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) + }) }) |