diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-07-15 10:27:09 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-07-15 10:27:09 -0400 |
commit | 8704b78a6fbb953acb6b74d1671d5ad6456bf81f (patch) | |
tree | 7ad7b6effec13409798fa2d6f96bd9de4d4462c9 /test/system/030-run.bats | |
parent | 60127cf5e88ef53748cb601d7c27f082d284e7f4 (diff) | |
parent | fea3eea68bf483e33bae56d77071d5cb8ded91db (diff) | |
download | podman-8704b78a6fbb953acb6b74d1671d5ad6456bf81f.tar.gz podman-8704b78a6fbb953acb6b74d1671d5ad6456bf81f.tar.bz2 podman-8704b78a6fbb953acb6b74d1671d5ad6456bf81f.zip |
Merge pull request #6958 from edsantiago/bats
system tests: new tests for run, exec
Diffstat (limited to 'test/system/030-run.bats')
-rw-r--r-- | test/system/030-run.bats | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats index bc6347012..13fec20ad 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -242,4 +242,46 @@ echo $rand | 0 | $rand run_podman rmi myi } +# #6735 : complex interactions with multiple user namespaces +# The initial report has to do with bind mounts, but that particular +# symptom only manifests on a fedora container image -- we have no +# reproducer on alpine. Checking directory ownership is good enough. +@test "podman run : user namespace preserved root ownership" { + for priv in "" "--privileged"; do + for user in "--user=0" "--user=100"; do + for keepid in "" "--userns=keep-id"; do + opts="$priv $user $keepid" + + for dir in /etc /usr;do + run_podman run --rm $opts $IMAGE stat -c '%u:%g:%n' $dir + remove_same_dev_warning # grumble + is "$output" "0:0:$dir" "run $opts ($dir)" + done + done + done + done +} + +# #6829 : add username to /etc/passwd inside container if --userns=keep-id +@test "podman run : add username to /etc/passwd if --userns=keep-id" { + # Default: always run as root + run_podman run --rm $IMAGE id -un + is "$output" "root" "id -un on regular container" + + # This would always work on root, but is new behavior on rootless: #6829 + # adds a user entry to /etc/passwd + run_podman run --rm --userns=keep-id $IMAGE id -un + is "$output" "$(id -un)" "username on container with keep-id" + + # --privileged should make no difference + run_podman run --rm --privileged --userns=keep-id $IMAGE id -un + remove_same_dev_warning # grumble + is "$output" "$(id -un)" "username on container with keep-id" + + # ...but explicitly setting --user should override keep-id + run_podman run --rm --privileged --userns=keep-id --user=0 $IMAGE id -un + remove_same_dev_warning # grumble + is "$output" "root" "--user=0 overrides keep-id" +} + # vim: filetype=sh |