summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2022-07-21 09:44:20 +0200
committerMatthew Heon <matthew.heon@pm.me>2022-07-26 13:58:18 -0400
commit3edaa174e8bc22f57818a69b284b7535dd99a657 (patch)
tree75f8e03d9b61d7ceb4a6ab440efb508b1ac49711
parente41113dcac329104b81727131cf52c2fcbc39f85 (diff)
downloadpodman-3edaa174e8bc22f57818a69b284b7535dd99a657.tar.gz
podman-3edaa174e8bc22f57818a69b284b7535dd99a657.tar.bz2
podman-3edaa174e8bc22f57818a69b284b7535dd99a657.zip
libpod: create /etc/passwd if missing
create the /etc/passwd and /etc/group files if they are missing in the image. Closes: https://github.com/containers/podman/issues/14966 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--libpod/container_internal_linux.go41
-rw-r--r--test/e2e/run_passwd_test.go7
2 files changed, 8 insertions, 40 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 46e525add..a131ab367 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2886,23 +2886,6 @@ func (c *Container) generatePasswdAndGroup() (string, string, error) {
}
}
- // Next, check if the container even has a /etc/passwd or /etc/group.
- // If it doesn't we don't want to create them ourselves.
- if needPasswd {
- exists, err := c.checkFileExistsInRootfs("/etc/passwd")
- if err != nil {
- return "", "", err
- }
- needPasswd = exists
- }
- if needGroup {
- exists, err := c.checkFileExistsInRootfs("/etc/group")
- if err != nil {
- return "", "", err
- }
- needGroup = exists
- }
-
// If we don't need a /etc/passwd or /etc/group at this point we can
// just return.
if !needPasswd && !needGroup {
@@ -2947,7 +2930,7 @@ func (c *Container) generatePasswdAndGroup() (string, string, error) {
return "", "", fmt.Errorf("error looking up location of container %s /etc/passwd: %w", c.ID(), err)
}
- f, err := os.OpenFile(containerPasswd, os.O_APPEND|os.O_WRONLY, 0600)
+ f, err := os.OpenFile(containerPasswd, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
if err != nil {
return "", "", fmt.Errorf("container %s: %w", c.ID(), err)
}
@@ -2993,7 +2976,7 @@ func (c *Container) generatePasswdAndGroup() (string, string, error) {
return "", "", fmt.Errorf("error looking up location of container %s /etc/group: %w", c.ID(), err)
}
- f, err := os.OpenFile(containerGroup, os.O_APPEND|os.O_WRONLY, 0600)
+ f, err := os.OpenFile(containerGroup, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
if err != nil {
return "", "", fmt.Errorf("container %s: %w", c.ID(), err)
}
@@ -3112,26 +3095,6 @@ func (c *Container) cleanupOverlayMounts() error {
return overlay.CleanupContent(c.config.StaticDir)
}
-// Check if a file exists at the given path in the container's root filesystem.
-// Container must already be mounted for this to be used.
-func (c *Container) checkFileExistsInRootfs(file string) (bool, error) {
- checkPath, err := securejoin.SecureJoin(c.state.Mountpoint, file)
- if err != nil {
- return false, fmt.Errorf("cannot create path to container %s file %q: %w", c.ID(), file, err)
- }
- stat, err := os.Stat(checkPath)
- if err != nil {
- if os.IsNotExist(err) {
- return false, nil
- }
- return false, fmt.Errorf("container %s: %w", c.ID(), err)
- }
- if stat.IsDir() {
- return false, nil
- }
- return true, nil
-}
-
// Creates and mounts an empty dir to mount secrets into, if it does not already exist
func (c *Container) createSecretMountDir() error {
src := filepath.Join(c.state.RunDir, "/run/secrets")
diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go
index 411e12218..20a6ee3b1 100644
--- a/test/e2e/run_passwd_test.go
+++ b/test/e2e/run_passwd_test.go
@@ -66,10 +66,15 @@ RUN rm -f /etc/passwd /etc/shadow /etc/group
USER 1000`, ALPINE)
imgName := "testimg"
podmanTest.BuildImage(dockerfile, imgName, "false")
- session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"})
+ session := podmanTest.Podman([]string{"run", "--passwd=false", "--rm", imgName, "ls", "/etc/"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
+
+ // test that the /etc/passwd file is created
+ session = podmanTest.Podman([]string{"run", "--rm", "--user", "0:0", imgName, "ls", "/etc/passwd"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
})
It("podman run with no user specified does not change --group specified", func() {