summaryrefslogtreecommitdiff
path: root/test/system/030-run.bats
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-07-15 10:27:09 -0400
committerGitHub <noreply@github.com>2020-07-15 10:27:09 -0400
commit8704b78a6fbb953acb6b74d1671d5ad6456bf81f (patch)
tree7ad7b6effec13409798fa2d6f96bd9de4d4462c9 /test/system/030-run.bats
parent60127cf5e88ef53748cb601d7c27f082d284e7f4 (diff)
parentfea3eea68bf483e33bae56d77071d5cb8ded91db (diff)
downloadpodman-8704b78a6fbb953acb6b74d1671d5ad6456bf81f.tar.gz
podman-8704b78a6fbb953acb6b74d1671d5ad6456bf81f.tar.bz2
podman-8704b78a6fbb953acb6b74d1671d5ad6456bf81f.zip
Merge pull request #6958 from edsantiago/bats
system tests: new tests for run, exec
Diffstat (limited to 'test/system/030-run.bats')
-rw-r--r--test/system/030-run.bats42
1 files changed, 42 insertions, 0 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index bc6347012..13fec20ad 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -242,4 +242,46 @@ echo $rand | 0 | $rand
run_podman rmi myi
}
+# #6735 : complex interactions with multiple user namespaces
+# The initial report has to do with bind mounts, but that particular
+# symptom only manifests on a fedora container image -- we have no
+# reproducer on alpine. Checking directory ownership is good enough.
+@test "podman run : user namespace preserved root ownership" {
+ for priv in "" "--privileged"; do
+ for user in "--user=0" "--user=100"; do
+ for keepid in "" "--userns=keep-id"; do
+ opts="$priv $user $keepid"
+
+ for dir in /etc /usr;do
+ run_podman run --rm $opts $IMAGE stat -c '%u:%g:%n' $dir
+ remove_same_dev_warning # grumble
+ is "$output" "0:0:$dir" "run $opts ($dir)"
+ done
+ done
+ done
+ done
+}
+
+# #6829 : add username to /etc/passwd inside container if --userns=keep-id
+@test "podman run : add username to /etc/passwd if --userns=keep-id" {
+ # Default: always run as root
+ run_podman run --rm $IMAGE id -un
+ is "$output" "root" "id -un on regular container"
+
+ # This would always work on root, but is new behavior on rootless: #6829
+ # adds a user entry to /etc/passwd
+ run_podman run --rm --userns=keep-id $IMAGE id -un
+ is "$output" "$(id -un)" "username on container with keep-id"
+
+ # --privileged should make no difference
+ run_podman run --rm --privileged --userns=keep-id $IMAGE id -un
+ remove_same_dev_warning # grumble
+ is "$output" "$(id -un)" "username on container with keep-id"
+
+ # ...but explicitly setting --user should override keep-id
+ run_podman run --rm --privileged --userns=keep-id --user=0 $IMAGE id -un
+ remove_same_dev_warning # grumble
+ is "$output" "root" "--user=0 overrides keep-id"
+}
+
# vim: filetype=sh