diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2022-06-08 08:50:43 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2022-06-08 09:59:13 -0400 |
| commit | f0516a01414c28df28d41faa4d3eca5a93a73c10 (patch) | |
| tree | 8d2cb5e28f7edf3200ddeb17e6aaab4aee5cd794 /test/system | |
| parent | b4c981893de2e2c5b0b6163961d6699098f5c1ae (diff) | |
| download | podman-f0516a01414c28df28d41faa4d3eca5a93a73c10.tar.gz podman-f0516a01414c28df28d41faa4d3eca5a93a73c10.tar.bz2 podman-f0516a01414c28df28d41faa4d3eca5a93a73c10.zip | |
--userns=keep-id,nomap are not allowed in rootful mode
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'test/system')
| -rw-r--r-- | test/system/170-run-userns.bats | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index 46cb37b9d..84788a7f4 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -111,15 +111,30 @@ EOF } @test "podman userns=nomap" { - skip_if_not_rootless "--userns=nomap only works in rootless mode" - ns_user=$(id -un) - baseuid=$(egrep "${ns_user}:" /etc/subuid | cut -f2 -d:) - test ! -z ${baseuid} || skip "no IDs allocated for user ${ns_user}" + if is_rootless; then + ns_user=$(id -un) + baseuid=$(egrep "${ns_user}:" /etc/subuid | cut -f2 -d:) + test ! -z ${baseuid} || skip "no IDs allocated for user ${ns_user}" + + test_name="test_$(random_string 12)" + run_podman run -d --userns=nomap $IMAGE sleep 100 + cid=${output} + run_podman top ${cid} huser + is "${output}" "HUSER.*${baseuid}" "Container should start with baseuid from /etc/subuid not user UID" + run_podman rm -t 0 --force ${cid} + else + run_podman 125 run -d --userns=nomap $IMAGE sleep 100 + is "${output}" "Error: nomap is only supported in rootless mode" "Container should fail to start since nomap is not suppored in rootful mode" + fi +} - test_name="test_$(random_string 12)" - run_podman run -d --userns=nomap $IMAGE sleep 100 - cid=${output} - run_podman top ${cid} huser - is "${output}" "HUSER.*${baseuid}" "Container should start with baseuid from /etc/subuid not user UID" - run_podman rm -t 0 --force ${cid} +@test "podman userns=keep-id" { + if is_rootless; then + user=$(id -u) + run_podman run --rm --userns=keep-id $IMAGE id -u + is "${output}" "$user" "Container should run as the current user" + else + run_podman 125 run --rm --userns=keep-id $IMAGE id -u + is "${output}" "Error: keep-id is only supported in rootless mode" "Container should fail to start since keep-id is not suppored in rootful mode" + fi } |