summaryrefslogtreecommitdiff
path: root/test/system
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2021-12-16 12:02:36 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2021-12-20 17:03:40 +0100
commit89ee302a9f98e71138da5fd80a0a004f2b40160b (patch)
treec22f75e0cea4921095040ceb4f7be43a80fae3a4 /test/system
parent46a094a7a29f4e37dbb8464e75701fa5873148af (diff)
downloadpodman-89ee302a9f98e71138da5fd80a0a004f2b40160b.tar.gz
podman-89ee302a9f98e71138da5fd80a0a004f2b40160b.tar.bz2
podman-89ee302a9f98e71138da5fd80a0a004f2b40160b.zip
specgen: honor userns=auto from containers.conf
when using the default userns value, make sure its value is parsed so that userns=auto is parsed and the options for the storage are filled. Closes: https://github.com/containers/podman/issues/12615 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test/system')
-rw-r--r--test/system/170-run-userns.bats26
1 files changed, 26 insertions, 0 deletions
diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats
index 809dd0470..a5be591ef 100644
--- a/test/system/170-run-userns.bats
+++ b/test/system/170-run-userns.bats
@@ -52,3 +52,29 @@ function _require_crun() {
run_podman 125 run --rm --group-add keep-groups --group-add 457 $IMAGE id
is "$output" ".*the '--group-add keep-groups' option is not allowed with any other --group-add options" "Check group leaked into container"
}
+
+@test "podman userns=auto in config file" {
+ skip_if_remote "userns=auto is set on the server"
+
+ if is_rootless; then
+ egrep -q "^$(id -un):" /etc/subuid || skip "no IDs allocated for current user"
+ else
+ egrep -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'"
+ fi
+
+ cat > $PODMAN_TMPDIR/userns_auto.conf <<EOF
+[containers]
+userns="auto"
+EOF
+ # First make sure a user namespace is created
+ CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman run -d $IMAGE sleep infinity
+ cid=$output
+
+ run_podman inspect --format '{{.HostConfig.UsernsMode}}' $cid
+ is "$output" "private" "Check that a user namespace was created for the container"
+
+ run_podman rm -t 0 -f $cid
+
+ # Then check that the main user is not mapped into the user namespace
+ CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman 0 run --rm $IMAGE awk '{if($2 == "0"){exit 1}}' /proc/self/uid_map /proc/self/gid_map
+}