diff options
author | cdoern <cdoern@redhat.com> | 2021-12-20 10:23:08 -0500 |
---|---|---|
committer | cdoern <cdoern@redhat.com> | 2021-12-21 17:19:41 -0500 |
commit | 20ce6e5c6031bd4180514ec412760a294f8a83a2 (patch) | |
tree | d725886615e4353e46cd30a73df188257ff7ade0 /test | |
parent | f45070ee0e63ea26e475e618ff32a498096fa561 (diff) | |
download | podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.gz podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.bz2 podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.zip |
Podman run --passwd
added support for a new flag --passwd which, when false prohibits podman from creating entries in
/etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint
resolves #11805
Signed-off-by: cdoern <cdoern@redhat.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/e2e/run_passwd_test.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 6d1d26914..2207a50a8 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -125,4 +125,16 @@ USER 1000`, ALPINE) Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) }) + + It("podman run --no-manage-passwd flag", func() { + run := podmanTest.Podman([]string{"run", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + Expect(run.OutputToString()).To(ContainSubstring("1234:1234")) + + run = podmanTest.Podman([]string{"run", "--passwd=false", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"}) + run.WaitWithDefaultTimeout() + Expect(run).Should(Exit(0)) + Expect(run.OutputToString()).NotTo((ContainSubstring("1234:1234"))) + }) }) |