From 2a75164e23c98c2b2f6f1267b0839bb8ab9ccf48 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothberg@redhat.com>
Date: Thu, 14 Apr 2022 14:17:57 +0200
Subject: add a regression test for CVE-2022-1227

Will also be included in the upcoming backports.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
---
 test/system/030-run.bats | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 72e4a2bc8..aba18badb 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -821,4 +821,28 @@ EOF
     run_podman run --rm $IMAGE cat /proc/self/oom_score_adj
     is "$output" "$current_oom_score_adj" "different oom_score_adj in the container"
 }
+
+# CVE-2022-1227 : podman top joins container mount NS and uses nsenter from image
+@test "podman top does not use nsenter from image" {
+    tmpdir=$PODMAN_TMPDIR/build-test
+    mkdir -p $tmpdir
+    tmpbuilddir=$tmpdir/build
+    mkdir -p $tmpbuilddir
+    dockerfile=$tmpbuilddir/Dockerfile
+    cat >$dockerfile <<EOF
+FROM $IMAGE
+RUN rm /usr/bin/nsenter; \
+echo -e "#!/bin/sh\nfalse" >> /usr/bin/nsenter; \
+chmod +x /usr/bin/nsenter
+EOF
+
+    test_image="cve_2022_1227_test"
+    run_podman build -t $test_image $tmpbuilddir
+    run_podman run -d --userns=keep-id $test_image top
+    ctr="$output"
+    run_podman top $ctr huser,user
+    run_podman rm -f -t0 $ctr
+    run_podman rmi $test_image
+}
+
 # vim: filetype=sh
-- 
cgit v1.2.3-54-g00ecf