summaryrefslogtreecommitdiff
path: root/test/e2e/rootless_test.go
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2018-08-23 23:02:04 +0200
committerAtomic Bot <atomic-devel@projectatomic.io>2018-08-26 07:22:42 +0000
commit720eb85ba55d8c825262e9b2e058ec8a8e0e4d9f (patch)
tree73ef0abad027bc6bffe97d75b6936b8c7562cca8 /test/e2e/rootless_test.go
parent1ac4dbb50861d502cb819c63335848a60ffa7dec (diff)
downloadpodman-720eb85ba55d8c825262e9b2e058ec8a8e0e4d9f.tar.gz
podman-720eb85ba55d8c825262e9b2e058ec8a8e0e4d9f.tar.bz2
podman-720eb85ba55d8c825262e9b2e058ec8a8e0e4d9f.zip
rootless: fix exec
We cannot re-exec into a new user namespace to gain privileges and access an existing as the new namespace is not the owner of the existing container. "unshare" is used to join the user namespace of the target container. The current implementation assumes that the main process of the container didn't create a new user namespace. Since in the setup phase we are not running with euid=0, we must skip the setup for containers/storage. Closes: https://github.com/containers/libpod/issues/1329 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #1331 Approved by: rhatdan
Diffstat (limited to 'test/e2e/rootless_test.go')
-rw-r--r--test/e2e/rootless_test.go13
1 files changed, 13 insertions, 0 deletions
diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go
index f77ad9924..8813d040d 100644
--- a/test/e2e/rootless_test.go
+++ b/test/e2e/rootless_test.go
@@ -102,6 +102,19 @@ var _ = Describe("Podman rootless", func() {
cmd.WaitWithDefaultTimeout()
Expect(cmd.LineInOutputContains("hello")).To(BeTrue())
Expect(cmd.ExitCode()).To(Equal(0))
+
+ allArgsD := append([]string{"run", "-d"}, args...)
+ allArgsD = append(allArgsD, "--rootfs", mountPath, "sleep", "1d")
+ cmd = podmanTest.PodmanAsUser(allArgsD, 1000, 1000, env)
+ cmd.WaitWithDefaultTimeout()
+ Expect(cmd.ExitCode()).To(Equal(0))
+ cid := cmd.OutputToStringArray()[0]
+
+ allArgsE := []string{"exec", cid, "echo", "hello"}
+ cmd = podmanTest.PodmanAsUser(allArgsE, 1000, 1000, env)
+ cmd.WaitWithDefaultTimeout()
+ Expect(cmd.ExitCode()).To(Equal(0))
+ Expect(cmd.LineInOutputContains("hello")).To(BeTrue())
}
runRootless(mountPath)