System tests: new system-df and passwd tests

 - New test for #6991 - passwd file is writable even when
   run with --userns=keep-id

 - Enable another keep-id test, commented out due to #6593

 - New test for podman system df

Also, independently, removed this line:

   apt-get -y upgrade conmon

...because it's causing CI failures, probably because of the
boothole CVE, probably because the Ubuntu grub update was
rushed out. I believe it is safe to remove this, because
both Ubuntu 19 and 20 report:

   conmon is already the newest version (2.0.18~1).

Signed-off-by: Ed Santiago <santiago@redhat.com>

1 files changed, 16 insertions, 0 deletions

diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 04d1e4eac..b30c1103b 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -284,4 +284,20 @@ echo $rand        |   0 | $rand
     is "$output" "root" "--user=0 overrides keep-id"
 }
 
+# #6991 : /etc/passwd is modifiable
+@test "podman run : --userns=keep-id: passwd file is modifiable" {
+    run_podman run -d --userns=keep-id $IMAGE sh -c 'while ! test -e /stop; do sleep 0.1; done'
+    cid="$output"
+
+    gecos="$(random_string 6) $(random_string 8)"
+    run_podman exec --user root $cid adduser -D -g "$gecos" -s /bin/sh newuser3
+    is "$output" "" "output from adduser"
+    run_podman exec $cid tail -1 /etc/passwd
+    is "$output" "newuser3:x:1000:1000:$gecos:/home/newuser3:/bin/sh" \
+       "newuser3 added to /etc/passwd in container"
+
+    run_podman exec $cid touch /stop
+    run_podman wait $cid
+}
+
 # vim: filetype=sh