diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-08-08 11:09:53 +0200 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2022-08-10 16:46:05 -0400 |
commit | fa1085ed01e2b901bfd3963ea4e1952a9d27a694 (patch) | |
tree | 6cf52a085515ae57082222210553f6adb733a3a6 /test/e2e | |
parent | 91a1f3022b7bcc84e8587d104c86f3e61979467b (diff) | |
download | podman-fa1085ed01e2b901bfd3963ea4e1952a9d27a694.tar.gz podman-fa1085ed01e2b901bfd3963ea4e1952a9d27a694.tar.bz2 podman-fa1085ed01e2b901bfd3963ea4e1952a9d27a694.zip |
cmd: refuse --userns if a mapping is specified
if an explicit mapping is specified, do not accept `--userns` since it
overriden to "private".
Closes: https://github.com/containers/podman/issues/15233
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test/e2e')
-rw-r--r-- | test/e2e/run_userns_test.go | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index 613727118..f247b2dac 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -307,6 +307,30 @@ var _ = Describe("Podman UserNS support", func() { } }) + + It("podman --userns= conflicts with ui[dg]map and sub[ug]idname", func() { + session := podmanTest.Podman([]string{"run", "--userns=host", "--uidmap=0:1:500", "alpine", "true"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(125)) + Expect(session.ErrorToString()).To(ContainSubstring("--userns and --uidmap/--gidmap/--subuidname/--subgidname are mutually exclusive")) + + session = podmanTest.Podman([]string{"run", "--userns=host", "--gidmap=0:200:5000", "alpine", "true"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(125)) + Expect(session.ErrorToString()).To(ContainSubstring("--userns and --uidmap/--gidmap/--subuidname/--subgidname are mutually exclusive")) + + // with sub[ug]idname we don't check for the error output since the error message could be different, depending on the + // system configuration since the specified user could not be defined and cause a different earlier error. + // In any case, make sure the command doesn't succeed. + session = podmanTest.Podman([]string{"run", "--userns=private", "--subuidname=containers", "alpine", "true"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Not(Exit(0))) + + session = podmanTest.Podman([]string{"run", "--userns=private", "--subgidname=containers", "alpine", "true"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Not(Exit(0))) + }) + It("podman PODMAN_USERNS", func() { SkipIfNotRootless("keep-id only works in rootless mode") |