summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorcdoern <cdoern@redhat.com>2021-12-20 10:23:08 -0500
committercdoern <cdoern@redhat.com>2021-12-21 17:19:41 -0500
commit20ce6e5c6031bd4180514ec412760a294f8a83a2 (patch)
treed725886615e4353e46cd30a73df188257ff7ade0 /test
parentf45070ee0e63ea26e475e618ff32a498096fa561 (diff)
downloadpodman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.gz
podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.tar.bz2
podman-20ce6e5c6031bd4180514ec412760a294f8a83a2.zip
Podman run --passwd
added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
Diffstat (limited to 'test')
-rw-r--r--test/e2e/run_passwd_test.go12
1 files changed, 12 insertions, 0 deletions
diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go
index 6d1d26914..2207a50a8 100644
--- a/test/e2e/run_passwd_test.go
+++ b/test/e2e/run_passwd_test.go
@@ -125,4 +125,16 @@ USER 1000`, ALPINE)
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
})
+
+ It("podman run --no-manage-passwd flag", func() {
+ run := podmanTest.Podman([]string{"run", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"})
+ run.WaitWithDefaultTimeout()
+ Expect(run).Should(Exit(0))
+ Expect(run.OutputToString()).To(ContainSubstring("1234:1234"))
+
+ run = podmanTest.Podman([]string{"run", "--passwd=false", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"})
+ run.WaitWithDefaultTimeout()
+ Expect(run).Should(Exit(0))
+ Expect(run.OutputToString()).NotTo((ContainSubstring("1234:1234")))
+ })
})