From c58127602e57ad489bd951760026dccd7593eeaf Mon Sep 17 00:00:00 2001
From: Brent Baude <bbaude@redhat.com>
Date: Tue, 14 Jul 2020 12:39:24 -0500
Subject: Error on rootless mac and ip addresses

When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125.

Fixes: #6972

Signed-off-by: Brent Baude <bbaude@redhat.com>
---
 test/e2e/common_test.go              |  4 ++++
 test/e2e/create_staticip_test.go     | 27 ++++++++++++++++++---------
 test/e2e/create_staticmac_test.go    | 12 +++++++-----
 test/e2e/libpod_suite_remote_test.go |  5 -----
 test/e2e/libpod_suite_test.go        |  6 ------
 test/e2e/pod_create_test.go          | 35 +++++++++++++++++++++--------------
 6 files changed, 50 insertions(+), 39 deletions(-)

(limited to 'test/e2e')

diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 51f290159..aa0e9635a 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -595,3 +595,7 @@ func SkipIfNotFedora() {
 		ginkgo.Skip("Test can only run on Fedora")
 	}
 }
+
+func isRootless() bool {
+	return os.Geteuid() != 0
+}
diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go
index e52b37417..a1a08045a 100644
--- a/test/e2e/create_staticip_test.go
+++ b/test/e2e/create_staticip_test.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"time"
 
+	"github.com/containers/libpod/v2/pkg/rootless"
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -19,7 +20,6 @@ var _ = Describe("Podman create with --ip flag", func() {
 	)
 
 	BeforeEach(func() {
-		SkipIfRootless()
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
@@ -39,18 +39,21 @@ var _ = Describe("Podman create with --ip flag", func() {
 	})
 
 	It("Podman create --ip with garbage address", func() {
+		SkipIfRootless()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "114232346", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).To(ExitWithError())
 	})
 
 	It("Podman create --ip with v6 address", func() {
+		SkipIfRootless()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "2001:db8:bad:beef::1", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result).To(ExitWithError())
 	})
 
 	It("Podman create --ip with non-allocatable IP", func() {
+		SkipIfRootless()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", "203.0.113.124", ALPINE, "ls"})
 		result.WaitWithDefaultTimeout()
 		Expect(result.ExitCode()).To(Equal(0))
@@ -64,19 +67,25 @@ var _ = Describe("Podman create with --ip flag", func() {
 		ip := GetRandomIPAddress()
 		result := podmanTest.Podman([]string{"create", "--name", "test", "--ip", ip, ALPINE, "ip", "addr"})
 		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
+		// Rootless static ip assignment should error
+		if rootless.IsRootless() {
+			Expect(result.ExitCode()).To(Equal(125))
+		} else {
+			Expect(result.ExitCode()).To(Equal(0))
 
-		result = podmanTest.Podman([]string{"start", "test"})
-		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
+			result = podmanTest.Podman([]string{"start", "test"})
+			result.WaitWithDefaultTimeout()
+			Expect(result.ExitCode()).To(Equal(0))
 
-		result = podmanTest.Podman([]string{"logs", "test"})
-		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
-		Expect(result.OutputToString()).To(ContainSubstring(ip + "/16"))
+			result = podmanTest.Podman([]string{"logs", "test"})
+			result.WaitWithDefaultTimeout()
+			Expect(result.ExitCode()).To(Equal(0))
+			Expect(result.OutputToString()).To(ContainSubstring(ip + "/16"))
+		}
 	})
 
 	It("Podman create two containers with the same IP", func() {
+		SkipIfRootless()
 		ip := GetRandomIPAddress()
 		result := podmanTest.Podman([]string{"create", "--name", "test1", "--ip", ip, ALPINE, "sleep", "999"})
 		result.WaitWithDefaultTimeout()
diff --git a/test/e2e/create_staticmac_test.go b/test/e2e/create_staticmac_test.go
index fbe11440c..33675d607 100644
--- a/test/e2e/create_staticmac_test.go
+++ b/test/e2e/create_staticmac_test.go
@@ -1,10 +1,9 @@
-// +build !remote
-
 package integration
 
 import (
 	"os"
 
+	"github.com/containers/libpod/v2/pkg/rootless"
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -18,7 +17,6 @@ var _ = Describe("Podman run with --mac-address flag", func() {
 	)
 
 	BeforeEach(func() {
-		SkipIfRootless()
 		tempdir, err = CreateTempDirInTempDir()
 		if err != nil {
 			os.Exit(1)
@@ -40,7 +38,11 @@ var _ = Describe("Podman run with --mac-address flag", func() {
 	It("Podman run --mac-address", func() {
 		result := podmanTest.Podman([]string{"run", "--mac-address", "92:d0:c6:0a:29:34", ALPINE, "ip", "addr"})
 		result.WaitWithDefaultTimeout()
-		Expect(result.ExitCode()).To(Equal(0))
-		Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:0a:29:34"))
+		if rootless.IsRootless() {
+			Expect(result.ExitCode()).To(Equal(125))
+		} else {
+			Expect(result.ExitCode()).To(Equal(0))
+			Expect(result.OutputToString()).To(ContainSubstring("92:d0:c6:0a:29:34"))
+		}
 	})
 })
diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go
index 7a067e861..13f4e1aef 100644
--- a/test/e2e/libpod_suite_remote_test.go
+++ b/test/e2e/libpod_suite_remote_test.go
@@ -28,11 +28,6 @@ func SkipIfRootless() {
 		ginkgo.Skip("This function is not enabled for rootless podman")
 	}
 }
-func SkipIfRootlessV2() {
-	if os.Geteuid() != 0 {
-		ginkgo.Skip("This function is not enabled for v2 rootless podman")
-	}
-}
 
 // Podman is the exec call to podman on the filesystem
 func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration {
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go
index 105fcf6a8..29ad01363 100644
--- a/test/e2e/libpod_suite_test.go
+++ b/test/e2e/libpod_suite_test.go
@@ -41,12 +41,6 @@ func SkipIfRootless() {
 	}
 }
 
-func SkipIfRootlessV2() {
-	if os.Geteuid() != 0 {
-		Skip("This function is not enabled for v2 rootless podman")
-	}
-}
-
 // Podman is the exec call to podman on the filesystem
 func (p *PodmanTestIntegration) Podman(args []string) *PodmanSessionIntegration {
 	podmanSession := p.PodmanBase(args, false, false)
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index 57737ad59..016eaaa99 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/containers/libpod/v2/pkg/rootless"
 	. "github.com/containers/libpod/v2/test/utils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -238,17 +239,20 @@ var _ = Describe("Podman pod create", func() {
 	})
 
 	It("podman create pod with IP address", func() {
-		SkipIfRootless()
 		name := "test"
 		ip := GetRandomIPAddress()
 		podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name})
 		podCreate.WaitWithDefaultTimeout()
-		Expect(podCreate.ExitCode()).To(Equal(0))
-
-		podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
-		podResolvConf.WaitWithDefaultTimeout()
-		Expect(podResolvConf.ExitCode()).To(Equal(0))
-		Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue())
+		// Rootless should error
+		if rootless.IsRootless() {
+			Expect(podCreate.ExitCode()).To(Equal(125))
+		} else {
+			Expect(podCreate.ExitCode()).To(Equal(0))
+			podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
+			podResolvConf.WaitWithDefaultTimeout()
+			Expect(podResolvConf.ExitCode()).To(Equal(0))
+			Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue())
+		}
 	})
 
 	It("podman create pod with IP address and no infra should fail", func() {
@@ -262,17 +266,20 @@ var _ = Describe("Podman pod create", func() {
 
 	It("podman create pod with MAC address", func() {
 		SkipIfRemote()
-		SkipIfRootless()
 		name := "test"
 		mac := "92:d0:c6:0a:29:35"
 		podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name})
 		podCreate.WaitWithDefaultTimeout()
-		Expect(podCreate.ExitCode()).To(Equal(0))
-
-		podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
-		podResolvConf.WaitWithDefaultTimeout()
-		Expect(podResolvConf.ExitCode()).To(Equal(0))
-		Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue())
+		// Rootless should error
+		if rootless.IsRootless() {
+			Expect(podCreate.ExitCode()).To(Equal(125))
+		} else {
+			Expect(podCreate.ExitCode()).To(Equal(0))
+			podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
+			podResolvConf.WaitWithDefaultTimeout()
+			Expect(podResolvConf.ExitCode()).To(Equal(0))
+			Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue())
+		}
 	})
 
 	It("podman create pod with MAC address and no infra should fail", func() {
-- 
cgit v1.2.3-54-g00ecf