diff options
| author | Matthew Heon <mheon@redhat.com> | 2022-09-02 13:40:29 -0400 |
|---|---|---|
| committer | Matthew Heon <mheon@redhat.com> | 2022-09-02 15:51:36 -0400 |
| commit | d82a41687e614d9ac8b2d169dee47fe226835e4c (patch) | |
| tree | b557e257245d28db09c704bf40f4271efa73d165 /test/e2e | |
| parent | 0e66f75f2a6d3792ae7fd2d77fe8a55b6fbdb0ce (diff) | |
| download | podman-d82a41687e614d9ac8b2d169dee47fe226835e4c.tar.gz podman-d82a41687e614d9ac8b2d169dee47fe226835e4c.tar.bz2 podman-d82a41687e614d9ac8b2d169dee47fe226835e4c.zip | |
Add container GID to additional groups
Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'test/e2e')
| -rw-r--r-- | test/e2e/run_test.go | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 1f6b6fa3d..3b10fdff3 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -945,7 +945,7 @@ echo -n %s >%s session := podmanTest.Podman([]string{"run", "--rm", "--user=1234", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - Expect(session.OutputToString()).To(Equal("uid=1234(1234) gid=0(root)")) + Expect(session.OutputToString()).To(Equal("uid=1234(1234) gid=0(root) groups=0(root)")) }) It("podman run with user (integer, in /etc/passwd)", func() { @@ -966,14 +966,14 @@ echo -n %s >%s session := podmanTest.Podman([]string{"run", "--rm", "--user=mail:21", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp)")) + Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp) groups=21(ftp)")) }) It("podman run with user:group (integer:groupname)", func() { session := podmanTest.Podman([]string{"run", "--rm", "--user=8:ftp", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp)")) + Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp) groups=21(ftp)")) }) It("podman run with user, verify caps dropped", func() { @@ -984,6 +984,14 @@ echo -n %s >%s Expect("0000000000000000").To(Equal(capEff[1])) }) + It("podman run with user, verify group added", func() { + session := podmanTest.Podman([]string{"run", "--rm", "--user=1000:1000", ALPINE, "grep", "Groups:", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + groups := strings.Split(session.OutputToString(), " ")[1] + Expect("1000").To(Equal(groups)) + }) + It("podman run with attach stdin outputs container ID", func() { session := podmanTest.Podman([]string{"run", "--attach", "stdin", ALPINE, "printenv"}) session.WaitWithDefaultTimeout() |