diff options
| author | Matthew Heon <matthew.heon@pm.me> | 2020-07-15 15:25:12 -0400 |
|---|---|---|
| committer | Matthew Heon <mheon@redhat.com> | 2020-07-23 14:27:19 -0400 |
| commit | bae6853906c388051a49b9a43776eba97e4f0523 (patch) | |
| tree | e20eace33ee1448310b8c0836528031f3172e097 /test/e2e/run_passwd_test.go | |
| parent | 9051546c4df40b611ca09b02ae57ae6e8fb72c94 (diff) | |
| download | podman-bae6853906c388051a49b9a43776eba97e4f0523.tar.gz podman-bae6853906c388051a49b9a43776eba97e4f0523.tar.bz2 podman-bae6853906c388051a49b9a43776eba97e4f0523.zip | |
Make changes to /etc/passwd on disk for non-read only
Bind-mounting /etc/passwd into the container is problematic
becuase of how system utilities like `useradd` work. They want
to make a copy and then rename to try to prevent breakage; this
is, unfortunately, impossible when the file they want to rename
is a bind mount. The current behavior is fine for read-only
containers, though, because we expect useradd to fail in those
cases.
Instead of bind-mounting, we can edit /etc/passwd in the
container's rootfs. This is kind of gross, because the change
will show up in `podman diff` and similar tools, and will be
included in images made by `podman commit`. However, it's a lot
better than breaking important system tools.
Fixes #6953
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Diffstat (limited to 'test/e2e/run_passwd_test.go')
| -rw-r--r-- | test/e2e/run_passwd_test.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 3152f166b..5df8e1649 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -35,27 +35,27 @@ var _ = Describe("Podman run passwd", func() { }) It("podman run no user specified ", func() { - session := podmanTest.Podman([]string{"run", BB, "mount"}) + session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOutputContains("passwd")).To(BeFalse()) }) It("podman run user specified in container", func() { - session := podmanTest.Podman([]string{"run", "-u", "bin", BB, "mount"}) + session := podmanTest.Podman([]string{"run", "--read-only", "-u", "bin", BB, "mount"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOutputContains("passwd")).To(BeFalse()) }) It("podman run UID specified in container", func() { - session := podmanTest.Podman([]string{"run", "-u", "2:1", BB, "mount"}) + session := podmanTest.Podman([]string{"run", "--read-only", "-u", "2:1", BB, "mount"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOutputContains("passwd")).To(BeFalse()) }) It("podman run UID not specified in container", func() { - session := podmanTest.Podman([]string{"run", "-u", "20001:1", BB, "mount"}) + session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:1", BB, "mount"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOutputContains("passwd")).To(BeTrue()) |