From 84f4b87c2e22afe0375c24936b1e6f15e731ea19 Mon Sep 17 00:00:00 2001
From: Ed Santiago <santiago@redhat.com>
Date: Wed, 29 Jul 2020 13:26:02 -0600
Subject: System tests: new system-df and passwd tests

 - New test for #6991 - passwd file is writable even when
   run with --userns=keep-id

 - Enable another keep-id test, commented out due to #6593

 - New test for podman system df

Also, independently, removed this line:

   apt-get -y upgrade conmon

...because it's causing CI failures, probably because of the
boothole CVE, probably because the Ubuntu grub update was
rushed out. I believe it is safe to remove this, because
both Ubuntu 19 and 20 report:

   conmon is already the newest version (2.0.18~1).

Signed-off-by: Ed Santiago <santiago@redhat.com>
---
 contrib/cirrus/setup_environment.sh |  1 -
 test/system/030-run.bats            | 16 ++++++++++
 test/system/075-exec.bats           |  2 --
 test/system/320-system-df.bats      | 61 +++++++++++++++++++++++++++++++++++++
 4 files changed, 77 insertions(+), 3 deletions(-)
 create mode 100644 test/system/320-system-df.bats

diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 437a83c4b..e5f3168da 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -49,7 +49,6 @@ case "${OS_RELEASE_ID}" in
 	    if [[ "$OS_RELEASE_VER" == "20" ]]; then
 		    apt-get install -y python-is-python3
 	    fi
-	    apt-get upgrade -y conmon
         ;;
     fedora)
         # All SELinux distros need this for systemd-in-a-container
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 04d1e4eac..b30c1103b 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -284,4 +284,20 @@ echo $rand        |   0 | $rand
     is "$output" "root" "--user=0 overrides keep-id"
 }
 
+# #6991 : /etc/passwd is modifiable
+@test "podman run : --userns=keep-id: passwd file is modifiable" {
+    run_podman run -d --userns=keep-id $IMAGE sh -c 'while ! test -e /stop; do sleep 0.1; done'
+    cid="$output"
+
+    gecos="$(random_string 6) $(random_string 8)"
+    run_podman exec --user root $cid adduser -D -g "$gecos" -s /bin/sh newuser3
+    is "$output" "" "output from adduser"
+    run_podman exec $cid tail -1 /etc/passwd
+    is "$output" "newuser3:x:1000:1000:$gecos:/home/newuser3:/bin/sh" \
+       "newuser3 added to /etc/passwd in container"
+
+    run_podman exec $cid touch /stop
+    run_podman wait $cid
+}
+
 # vim: filetype=sh
diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats
index 945bcfa2d..b2c49510a 100644
--- a/test/system/075-exec.bats
+++ b/test/system/075-exec.bats
@@ -81,8 +81,6 @@ load helpers
 # #6829 : add username to /etc/passwd inside container if --userns=keep-id
 # #6593 : doesn't actually work with podman exec
 @test "podman exec - with keep-id" {
-    skip "Please enable once #6593 is fixed"
-
     run_podman run -d --userns=keep-id $IMAGE sh -c \
                "echo READY;while [ ! -f /stop ]; do sleep 1; done"
     cid="$output"
diff --git a/test/system/320-system-df.bats b/test/system/320-system-df.bats
new file mode 100644
index 000000000..a96507448
--- /dev/null
+++ b/test/system/320-system-df.bats
@@ -0,0 +1,61 @@
+#!/usr/bin/env bats   -*- bats -*-
+#
+# tests for podman system df
+#
+
+load helpers
+
+function teardown() {
+    basic_teardown
+
+    # In case the active-volumes test failed: clean up stray volumes
+    run_podman volume rm -a
+}
+
+@test "podman system df - basic functionality" {
+    run_podman system df
+    is "$output" ".*Images  *1 *0 "       "Exactly one image"
+    is "$output" ".*Containers *0 *0 "    "No containers"
+    is "$output" ".*Local Volumes *0 *0 " "No volumes"
+}
+
+@test "podman system df - with active containers and volumes" {
+    run_podman run    -v /myvol1 --name c1 $IMAGE true
+    run_podman run -d -v /myvol2 --name c2 $IMAGE \
+               sh -c 'while ! test -e /stop; do sleep 0.1;done'
+
+    run_podman system df --format '{{ .Type }}:{{ .Total }}:{{ .Active }}--'
+    # FIXME: if/when #7149 gets fixed, split this into three tests (i.e. test "${lines[0]}", [1], [2] )
+    is "$output" "Images:1:1--Containers:2:1--Local Volumes:2:1--"
+
+    # Try -v. (Grrr. No way to specify individual formats)
+    #
+    # Yes, I know this would be more elegant as a separate @test, but
+    # container/volume setup/teardown costs ~3 seconds and that matters.
+    run_podman system df -v
+    is "${lines[2]}" \
+       "${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/${PODMAN_TEST_IMAGE_NAME} * ${PODMAN_TEST_IMAGE_TAG} [0-9a-f]* .* 2" \
+       "system df -v: the 'Images' line"
+
+    # Containers are listed in random order. Just check that each has 1 volume
+    is "${lines[5]}" \
+       "[0-9a-f]\{12\} *[0-9a-f]\{12\} .* 1 .* c[12]" \
+       "system df -v, 'Containers', first line"
+    is "${lines[6]}" \
+       "[0-9a-f]\{12\} *[0-9a-f]\{12\} .* 1 .* c[12]" \
+       "system df -v, 'Containers', second line"
+
+    # Volumes, likewise: random order.
+    is "${lines[9]}" "[0-9a-f]\{64\} *[01] * 0B" \
+       "system df -v, 'Volumes', first line"
+    is "${lines[10]}" "[0-9a-f]\{64\} *[01] * 0B" \
+       "system df -v, 'Volumes', second line"
+
+    # Clean up
+    run_podman exec c2 touch /stop
+    run_podman wait c2
+    run_podman rm c1 c2
+    run_podman volume rm -a
+}
+
+# vim: filetype=sh
-- 
cgit v1.2.3-54-g00ecf