diff options
-rw-r--r-- | test/e2e/libpod_suite_test.go | 18 | ||||
-rw-r--r-- | test/e2e/rootless_test.go | 97 |
2 files changed, 113 insertions, 2 deletions
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 796bf2199..9f59eb4a6 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -168,8 +168,8 @@ func (p *PodmanTest) MakeOptions() []string { p.CrioRoot, p.RunRoot, p.RunCBinary, p.ConmonBinary, p.CNIConfigDir), " ") } -// Podman is the exec call to podman on the filesystem -func (p *PodmanTest) Podman(args []string) *PodmanSession { +// Podman is the exec call to podman on the filesystem, uid and gid the credentials to use +func (p *PodmanTest) PodmanAsUser(args []string, uid, gid uint32, env []string) *PodmanSession { podmanOptions := p.MakeOptions() if os.Getenv("HOOK_OPTION") != "" { podmanOptions = append(podmanOptions, os.Getenv("HOOK_OPTION")) @@ -178,6 +178,15 @@ func (p *PodmanTest) Podman(args []string) *PodmanSession { podmanOptions = append(podmanOptions, args...) fmt.Printf("Running: %s %s\n", p.PodmanBinary, strings.Join(podmanOptions, " ")) command := exec.Command(p.PodmanBinary, podmanOptions...) + + if uid != 0 || gid != 0 { + command.SysProcAttr = &syscall.SysProcAttr{} + command.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid} + } + if env != nil { + command.Env = env + } + session, err := gexec.Start(command, GinkgoWriter, GinkgoWriter) if err != nil { Fail(fmt.Sprintf("unable to run podman command: %s\n%v", strings.Join(podmanOptions, " "), err)) @@ -185,6 +194,11 @@ func (p *PodmanTest) Podman(args []string) *PodmanSession { return &PodmanSession{session} } +// Podman is the exec call to podman on the filesystem +func (p *PodmanTest) Podman(args []string) *PodmanSession { + return p.PodmanAsUser(args, 0, 0, nil) +} + //WaitForContainer waits on a started container func WaitForContainer(p *PodmanTest) bool { for i := 0; i < 10; i++ { diff --git a/test/e2e/rootless_test.go b/test/e2e/rootless_test.go new file mode 100644 index 000000000..d628b6fa1 --- /dev/null +++ b/test/e2e/rootless_test.go @@ -0,0 +1,97 @@ +package integration + +import ( + "fmt" + "io/ioutil" + "os" + "os/exec" + "path/filepath" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman rootless", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + }) + + AfterEach(func() { + podmanTest.Cleanup() + }) + + It("podman rootless rootfs", func() { + // Check if we can create an user namespace + err := exec.Command("unshare", "-r", "echo", "hello").Run() + if err != nil { + Skip("User namespaces not supported.") + } + + setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + cid := setup.OutputToString() + + mount := podmanTest.Podman([]string{"mount", cid}) + mount.WaitWithDefaultTimeout() + Expect(mount.ExitCode()).To(Equal(0)) + mountPath := mount.OutputToString() + + chownFunc := func(p string, info os.FileInfo, err error) error { + if err != nil { + return err + } + return os.Lchown(p, 1000, 1000) + } + + err = filepath.Walk(tempdir, chownFunc) + if err != nil { + fmt.Printf("cannot chown the directory: %q\n", err) + os.Exit(1) + } + + runRootless := func(mountPath string) { + tempdir, err := CreateTempDirInTempDir() + Expect(err).To(BeNil()) + podmanTest := PodmanCreate(tempdir) + err = filepath.Walk(tempdir, chownFunc) + Expect(err).To(BeNil()) + + xdgRuntimeDir, err := ioutil.TempDir("/run", "") + Expect(err).To(BeNil()) + defer os.RemoveAll(xdgRuntimeDir) + err = filepath.Walk(xdgRuntimeDir, chownFunc) + Expect(err).To(BeNil()) + + home, err := CreateTempDirInTempDir() + Expect(err).To(BeNil()) + err = filepath.Walk(xdgRuntimeDir, chownFunc) + Expect(err).To(BeNil()) + + env := os.Environ() + env = append(env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", xdgRuntimeDir)) + env = append(env, fmt.Sprintf("HOME=%s", home)) + cmd := podmanTest.PodmanAsUser([]string{"run", "--rootfs", mountPath, "echo", "hello"}, 1000, 1000, env) + cmd.WaitWithDefaultTimeout() + Expect(cmd.LineInOutputContains("hello")).To(BeTrue()) + Expect(cmd.ExitCode()).To(Equal(0)) + } + + runRootless(mountPath) + + umount := podmanTest.Podman([]string{"umount", cid}) + umount.WaitWithDefaultTimeout() + Expect(umount.ExitCode()).To(Equal(0)) + }) +}) |