diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-05-06 20:35:17 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2022-05-10 16:51:01 +0200 |
| commit | 0774a4ce131754b282443e85cc77c308123ef9c0 (patch) | |
| tree | f5c93b3cc9ce18bb91c1cdc90e223973ba4f5d7c /test | |
| parent | 18713f589c1ed9144d873f2656f2067ebf6f3ba2 (diff) | |
| download | podman-0774a4ce131754b282443e85cc77c308123ef9c0.tar.gz podman-0774a4ce131754b282443e85cc77c308123ef9c0.tar.bz2 podman-0774a4ce131754b282443e85cc77c308123ef9c0.zip | |
kube: add support for --userns=
add support to override the user namespace to use for the pod.
Closes: https://github.com/containers/podman/issues/7504
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/play_kube_test.go | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index c627ada53..216c3357c 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -8,6 +8,7 @@ import ( "net" "net/url" "os" + "os/user" "path/filepath" "strconv" "strings" @@ -3633,6 +3634,55 @@ ENV OPENJ9_JAVA_OPTIONS=%q inspect.WaitWithDefaultTimeout() Expect(start).Should(Exit(0)) Expect((inspect.InspectContainerToJSON()[0]).HostConfig.LogConfig.Tag).To(Equal("{{.ImageName}}")) + }) + + // Check that --userns=auto creates a user namespace + It("podman play kube --userns=auto", func() { + u, err := user.Current() + Expect(err).To(BeNil()) + name := u.Name + if name == "root" { + name = "containers" + } + content, err := ioutil.ReadFile("/etc/subuid") + if err != nil { + Skip("cannot read /etc/subuid") + } + if !strings.Contains(string(content), name) { + Skip("cannot find mappings for the current user") + } + + initialUsernsConfig, err := ioutil.ReadFile("/proc/self/uid_map") + Expect(err).To(BeNil()) + if os.Geteuid() != 0 { + unshare := podmanTest.Podman([]string{"unshare", "cat", "/proc/self/uid_map"}) + unshare.WaitWithDefaultTimeout() + Expect(unshare).Should(Exit(0)) + initialUsernsConfig = unshare.Out.Contents() + } + + pod := getPod() + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + usernsInCtr := podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "cat", "/proc/self/uid_map"}) + usernsInCtr.WaitWithDefaultTimeout() + Expect(usernsInCtr).Should(Exit(0)) + // the conversion to string is needed for better error messages + Expect(string(usernsInCtr.Out.Contents())).To(Equal(string(initialUsernsConfig))) + + // PodmanNoCache is a workaround for https://github.com/containers/storage/issues/1232 + kube = podmanTest.PodmanNoCache([]string{"play", "kube", "--replace", "--userns=auto", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + usernsInCtr = podmanTest.Podman([]string{"exec", getCtrNameInPod(pod), "cat", "/proc/self/uid_map"}) + usernsInCtr.WaitWithDefaultTimeout() + Expect(usernsInCtr).Should(Exit(0)) + Expect(string(usernsInCtr.Out.Contents())).To(Not(Equal(string(initialUsernsConfig)))) }) }) |