diff options
author | Paul Holzinger <pholzing@redhat.com> | 2022-04-29 14:41:33 +0200 |
---|---|---|
committer | Paul Holzinger <pholzing@redhat.com> | 2022-04-29 15:30:55 +0200 |
commit | 5198209269eb8248eb001e02d39b3dd0dfce6c19 (patch) | |
tree | af0062125f903ee7ed87fa9751699d441d632ccd /test/system | |
parent | ab3e072a0c3d321fd12cbd1f6ef8e322c6d9214a (diff) | |
download | podman-5198209269eb8248eb001e02d39b3dd0dfce6c19.tar.gz podman-5198209269eb8248eb001e02d39b3dd0dfce6c19.tar.bz2 podman-5198209269eb8248eb001e02d39b3dd0dfce6c19.zip |
fix incorrect permissions for /etc/resolv.conf in userns
The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always
be owned by the root user in the container. This worked correct for
/etc/hostname and /etc/hosts but not for /etc/resolv.conf.
A container run with --userns keep-id would have the reolv.conf file
owned by the current container user which is wrong.
Consolidate some common code in a new helper function to make the code more
cleaner.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Diffstat (limited to 'test/system')
-rw-r--r-- | test/system/500-networking.bats | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 01571d176..c7007741b 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -723,4 +723,19 @@ EOF is "${#lines[@]}" "5" "expect 5 host entries in /etc/hosts" } +@test "podman run /etc/* permissions" { + userns="--userns=keep-id" + if ! is_rootless; then + userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536" + fi + # check with and without userns + for userns in "" "$userns"; do + # check the /etc/hosts /etc/hostname /etc/resolv.conf are owned by root + run_podman run $userns --rm $IMAGE stat -c %u:%g /etc/hosts /etc/resolv.conf /etc/hostname + is "${lines[0]}" "0\:0" "/etc/hosts owned by root" + is "${lines[1]}" "0\:0" "/etc/resolv.conf owned by root" + is "${lines[2]}" "0\:0" "/etc/hosts owned by root" + done +} + # vim: filetype=sh |