From f0516a01414c28df28d41faa4d3eca5a93a73c10 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 8 Jun 2022 08:50:43 -0400 Subject: --userns=keep-id,nomap are not allowed in rootful mode Signed-off-by: Daniel J Walsh --- test/system/170-run-userns.bats | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) (limited to 'test/system') diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index 46cb37b9d..84788a7f4 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -111,15 +111,30 @@ EOF } @test "podman userns=nomap" { - skip_if_not_rootless "--userns=nomap only works in rootless mode" - ns_user=$(id -un) - baseuid=$(egrep "${ns_user}:" /etc/subuid | cut -f2 -d:) - test ! -z ${baseuid} || skip "no IDs allocated for user ${ns_user}" + if is_rootless; then + ns_user=$(id -un) + baseuid=$(egrep "${ns_user}:" /etc/subuid | cut -f2 -d:) + test ! -z ${baseuid} || skip "no IDs allocated for user ${ns_user}" + + test_name="test_$(random_string 12)" + run_podman run -d --userns=nomap $IMAGE sleep 100 + cid=${output} + run_podman top ${cid} huser + is "${output}" "HUSER.*${baseuid}" "Container should start with baseuid from /etc/subuid not user UID" + run_podman rm -t 0 --force ${cid} + else + run_podman 125 run -d --userns=nomap $IMAGE sleep 100 + is "${output}" "Error: nomap is only supported in rootless mode" "Container should fail to start since nomap is not suppored in rootful mode" + fi +} - test_name="test_$(random_string 12)" - run_podman run -d --userns=nomap $IMAGE sleep 100 - cid=${output} - run_podman top ${cid} huser - is "${output}" "HUSER.*${baseuid}" "Container should start with baseuid from /etc/subuid not user UID" - run_podman rm -t 0 --force ${cid} +@test "podman userns=keep-id" { + if is_rootless; then + user=$(id -u) + run_podman run --rm --userns=keep-id $IMAGE id -u + is "${output}" "$user" "Container should run as the current user" + else + run_podman 125 run --rm --userns=keep-id $IMAGE id -u + is "${output}" "Error: keep-id is only supported in rootless mode" "Container should fail to start since keep-id is not suppored in rootful mode" + fi } -- cgit v1.2.3-54-g00ecf