summaryrefslogtreecommitdiff
path: root/test/system/500-networking.bats
diff options
context:
space:
mode:
authorPaul Holzinger <pholzing@redhat.com>2022-04-29 14:41:33 +0200
committerMatthew Heon <matthew.heon@pm.me>2022-05-03 13:45:29 -0400
commit1cdf18a86b092caf5d23ddf605b23c9c143f270f (patch)
tree484ad5d68db30297b3196f414f74438c5556641f /test/system/500-networking.bats
parentbbb10bb52d0acd089bf26339dbb62e4b1e1b4d59 (diff)
downloadpodman-1cdf18a86b092caf5d23ddf605b23c9c143f270f.tar.gz
podman-1cdf18a86b092caf5d23ddf605b23c9c143f270f.tar.bz2
podman-1cdf18a86b092caf5d23ddf605b23c9c143f270f.zip
fix incorrect permissions for /etc/resolv.conf in userns
The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always be owned by the root user in the container. This worked correct for /etc/hostname and /etc/hosts but not for /etc/resolv.conf. A container run with --userns keep-id would have the reolv.conf file owned by the current container user which is wrong. Consolidate some common code in a new helper function to make the code more cleaner. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Diffstat (limited to 'test/system/500-networking.bats')
-rw-r--r--test/system/500-networking.bats15
1 files changed, 15 insertions, 0 deletions
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 01571d176..c7007741b 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -723,4 +723,19 @@ EOF
is "${#lines[@]}" "5" "expect 5 host entries in /etc/hosts"
}
+@test "podman run /etc/* permissions" {
+ userns="--userns=keep-id"
+ if ! is_rootless; then
+ userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536"
+ fi
+ # check with and without userns
+ for userns in "" "$userns"; do
+ # check the /etc/hosts /etc/hostname /etc/resolv.conf are owned by root
+ run_podman run $userns --rm $IMAGE stat -c %u:%g /etc/hosts /etc/resolv.conf /etc/hostname
+ is "${lines[0]}" "0\:0" "/etc/hosts owned by root"
+ is "${lines[1]}" "0\:0" "/etc/resolv.conf owned by root"
+ is "${lines[2]}" "0\:0" "/etc/hosts owned by root"
+ done
+}
+
# vim: filetype=sh