diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-20 12:05:02 +0100 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-03-21 21:18:13 +0100 |
| commit | 7f6f2f3f4a764f8e566752e61092254bd285424b (patch) | |
| tree | 04ffcf5979fc8261e40d780843906efde7f9065b /test | |
| parent | bf10fac19371f295dab3038b5042483f595c68f3 (diff) | |
| download | podman-7f6f2f3f4a764f8e566752e61092254bd285424b.tar.gz podman-7f6f2f3f4a764f8e566752e61092254bd285424b.tar.bz2 podman-7f6f2f3f4a764f8e566752e61092254bd285424b.zip | |
userns: use the intermediate mountns for volumes
when --uidmap is used, the user won't be able to access
/var/lib/containers/storage/volumes. Use the intermediate mount
namespace, that is accessible to root in the container, for mounting
the volumes inside the container.
Closes: https://github.com/containers/libpod/issues/2713
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/run_userns_test.go | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/test/e2e/run_userns_test.go b/test/e2e/run_userns_test.go index c6c94d2f6..5c38a8950 100644 --- a/test/e2e/run_userns_test.go +++ b/test/e2e/run_userns_test.go @@ -69,6 +69,21 @@ var _ = Describe("Podman UserNS support", func() { Expect(ok).To(BeTrue()) }) + It("podman uidmapping and gidmapping with a volume", func() { + if os.Getenv("SKIP_USERNS") != "" { + Skip("Skip userns tests.") + } + if _, err := os.Stat("/proc/self/uid_map"); err != nil { + Skip("User namespaces not supported.") + } + + session := podmanTest.Podman([]string{"run", "--uidmap=0:1:70000", "--gidmap=0:20000:70000", "-v", "my-foo-volume:/foo:Z", "busybox", "echo", "hello"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + ok, _ := session.GrepString("hello") + Expect(ok).To(BeTrue()) + }) + It("podman uidmapping and gidmapping --net=host", func() { if os.Getenv("SKIP_USERNS") != "" { Skip("Skip userns tests.") |