diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-09-19 06:32:59 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-19 06:32:59 -0400 |
| commit | c2068f11cc18e344d0777bca88c890807a115443 (patch) | |
| tree | 5b744e8f6d3a950407ddf4d015e0ed4883e7faae | |
| parent | 5b7509c562e040ab8ed17990299c0b6eb52cecee (diff) | |
| parent | 2f605dcc1c05c1081537a8eaf56ad256fb0c050c (diff) | |
| download | podman-c2068f11cc18e344d0777bca88c890807a115443.tar.gz podman-c2068f11cc18e344d0777bca88c890807a115443.tar.bz2 podman-c2068f11cc18e344d0777bca88c890807a115443.zip | |
Merge pull request #7694 from mheon/fix_exec_supplemental_groups
Preserve groups in exec sessions in ctrs with --user
| -rw-r--r-- | libpod/container_exec.go | 7 | ||||
| -rw-r--r-- | test/e2e/exec_test.go | 28 |
2 files changed, 29 insertions, 6 deletions
diff --git a/libpod/container_exec.go b/libpod/container_exec.go index f5f54c7cc..fce26acb0 100644 --- a/libpod/container_exec.go +++ b/libpod/container_exec.go @@ -980,11 +980,6 @@ func prepareForExec(c *Container, session *ExecSession) (*ExecOptions, error) { capList = capabilities.AllCapabilities() } - user := c.config.User - if session.Config.User != "" { - user = session.Config.User - } - if err := c.createExecBundle(session.ID()); err != nil { return nil, err } @@ -995,7 +990,7 @@ func prepareForExec(c *Container, session *ExecSession) (*ExecOptions, error) { opts.Env = session.Config.Environment opts.Terminal = session.Config.Terminal opts.Cwd = session.Config.WorkDir - opts.User = user + opts.User = session.Config.User opts.PreserveFDs = session.Config.PreserveFDs opts.DetachKeys = session.Config.DetachKeys opts.ExitCommand = session.Config.ExitCommand diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 055546f88..6841aa5a2 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -283,6 +283,34 @@ var _ = Describe("Podman exec", func() { Expect(strings.Contains(exec.OutputToString(), fmt.Sprintf("%s(%s)", gid, groupName))).To(BeTrue()) }) + It("podman exec preserves container groups with --user and --group-add", func() { + SkipIfRemote() + dockerfile := `FROM fedora-minimal +RUN groupadd -g 4000 first +RUN groupadd -g 4001 second +RUN useradd -u 1000 auser` + imgName := "testimg" + podmanTest.BuildImage(dockerfile, imgName, "false") + + ctrName := "testctr" + ctr := podmanTest.Podman([]string{"run", "-t", "-i", "-d", "--name", ctrName, "--user", "auser:first", "--group-add", "second", imgName, "sleep", "300"}) + ctr.WaitWithDefaultTimeout() + Expect(ctr.ExitCode()).To(Equal(0)) + + exec := podmanTest.Podman([]string{"exec", "-t", ctrName, "id"}) + exec.WaitWithDefaultTimeout() + Expect(exec.ExitCode()).To(Equal(0)) + output := exec.OutputToString() + Expect(strings.Contains(output, "4000(first)")).To(BeTrue()) + Expect(strings.Contains(output, "4001(second)")).To(BeTrue()) + Expect(strings.Contains(output, "1000(auser)")).To(BeTrue()) + + // Kill the container just so the test does not take 15 seconds to stop. + kill := podmanTest.Podman([]string{"kill", ctrName}) + kill.WaitWithDefaultTimeout() + Expect(kill.ExitCode()).To(Equal(0)) + }) + It("podman exec --detach", func() { ctrName := "testctr" ctr := podmanTest.Podman([]string{"run", "-t", "-i", "-d", "--name", ctrName, ALPINE, "top"}) |