diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-12-16 12:02:36 +0100 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2021-12-20 17:03:40 +0100 |
commit | 89ee302a9f98e71138da5fd80a0a004f2b40160b (patch) | |
tree | c22f75e0cea4921095040ceb4f7be43a80fae3a4 /test/system | |
parent | 46a094a7a29f4e37dbb8464e75701fa5873148af (diff) | |
download | podman-89ee302a9f98e71138da5fd80a0a004f2b40160b.tar.gz podman-89ee302a9f98e71138da5fd80a0a004f2b40160b.tar.bz2 podman-89ee302a9f98e71138da5fd80a0a004f2b40160b.zip |
specgen: honor userns=auto from containers.conf
when using the default userns value, make sure its value is parsed so
that userns=auto is parsed and the options for the storage are filled.
Closes: https://github.com/containers/podman/issues/12615
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test/system')
-rw-r--r-- | test/system/170-run-userns.bats | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index 809dd0470..a5be591ef 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -52,3 +52,29 @@ function _require_crun() { run_podman 125 run --rm --group-add keep-groups --group-add 457 $IMAGE id is "$output" ".*the '--group-add keep-groups' option is not allowed with any other --group-add options" "Check group leaked into container" } + +@test "podman userns=auto in config file" { + skip_if_remote "userns=auto is set on the server" + + if is_rootless; then + egrep -q "^$(id -un):" /etc/subuid || skip "no IDs allocated for current user" + else + egrep -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'" + fi + + cat > $PODMAN_TMPDIR/userns_auto.conf <<EOF +[containers] +userns="auto" +EOF + # First make sure a user namespace is created + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman run -d $IMAGE sleep infinity + cid=$output + + run_podman inspect --format '{{.HostConfig.UsernsMode}}' $cid + is "$output" "private" "Check that a user namespace was created for the container" + + run_podman rm -t 0 -f $cid + + # Then check that the main user is not mapped into the user namespace + CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman 0 run --rm $IMAGE awk '{if($2 == "0"){exit 1}}' /proc/self/uid_map /proc/self/gid_map +} |