summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-09-01 06:07:08 -0400
committerGitHub <noreply@github.com>2020-09-01 06:07:08 -0400
commit65036cc49dcfc1bbd032cf06bfce2b9e45243b90 (patch)
treef0a1f653a502eb5ab861f0acbffee2084d952a53
parent138132e16357c1c6103e6ffa770398b663462736 (diff)
parent3875040f134de0aef01d4f360fe563f52ae7b441 (diff)
downloadpodman-65036cc49dcfc1bbd032cf06bfce2b9e45243b90.tar.gz
podman-65036cc49dcfc1bbd032cf06bfce2b9e45243b90.tar.bz2
podman-65036cc49dcfc1bbd032cf06bfce2b9e45243b90.zip
Merge pull request #7516 from mheon/handle_no_passwd_file
Ensure rootless containers without a passwd can start
-rw-r--r--libpod/container_internal_linux.go11
-rw-r--r--test/e2e/run_passwd_test.go13
2 files changed, 24 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 31dbee572..c61c1a325 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1584,6 +1584,17 @@ func (c *Container) generatePasswd() (string, error) {
if _, err := os.Stat(passwdPath); err == nil {
return passwdPath, nil
}
+ // Check if container has a /etc/passwd - if it doesn't do nothing.
+ passwdPath, err := securejoin.SecureJoin(c.state.Mountpoint, "/etc/passwd")
+ if err != nil {
+ return "", errors.Wrapf(err, "error creating path to container %s /etc/passwd", c.ID())
+ }
+ if _, err := os.Stat(passwdPath); err != nil {
+ if os.IsNotExist(err) {
+ return "", nil
+ }
+ return "", errors.Wrapf(err, "unable to access container %s /etc/passwd", c.ID())
+ }
pwd := ""
if c.config.User != "" {
entry, err := c.generateUserPasswdEntry()
diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go
index 8dea7d39b..c48876dee 100644
--- a/test/e2e/run_passwd_test.go
+++ b/test/e2e/run_passwd_test.go
@@ -58,4 +58,17 @@ var _ = Describe("Podman run passwd", func() {
Expect(session.ExitCode()).To(Equal(0))
Expect(session.LineInOutputContains("passwd")).To(BeTrue())
})
+
+ It("podman can run container without /etc/passwd", func() {
+ SkipIfRemote()
+ dockerfile := `FROM alpine
+RUN rm -f /etc/passwd /etc/shadow /etc/group
+USER 1000`
+ imgName := "testimg"
+ podmanTest.BuildImage(dockerfile, imgName, "false")
+ session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
+ })
})