From e686269da34ed4208f4ed517c0587ab38e8eaf2c Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Fri, 4 May 2018 11:26:56 -0400
Subject: chrootuser: default to GID 0 when given a numeric --user

When we're given a numeric --user value, default to GID 0 if the numeric
ID doesn't correspond to a user entry in /etc/passwd that can provide us
with the user's primary group ID.

Make sure that GetAdditionalGroupsForUser() returns wrapped errors.

Also test various user:group forms.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>

Closes: #728
Approved by: mheon
---
 test/e2e/run_test.go | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

(limited to 'test')

diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 5eb21c433..cc8492958 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -334,11 +334,18 @@ var _ = Describe("Podman run", func() {
 		Expect(session.OutputToString()).To(Equal("uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)"))
 	})
 
-	It("podman run with user (integer)", func() {
+	It("podman run with user (integer, not in /etc/passwd)", func() {
 		session := podmanTest.Podman([]string{"run", "--rm", "--user=1234", ALPINE, "id"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
-		Expect(session.OutputToString()).To(Equal("uid=1234 gid=1234"))
+		Expect(session.OutputToString()).To(Equal("uid=1234 gid=0(root)"))
+	})
+
+	It("podman run with user (integer, in /etc/passwd)", func() {
+		session := podmanTest.Podman([]string{"run", "--rm", "--user=8", ALPINE, "id"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=12(mail) groups=12(mail)"))
 	})
 
 	It("podman run with user (username)", func() {
@@ -348,6 +355,20 @@ var _ = Describe("Podman run", func() {
 		Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=12(mail) groups=12(mail)"))
 	})
 
+	It("podman run with user:group (username:integer)", func() {
+		session := podmanTest.Podman([]string{"run", "--rm", "--user=mail:21", ALPINE, "id"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp)"))
+	})
+
+	It("podman run with user:group (integer:groupname)", func() {
+		session := podmanTest.Podman([]string{"run", "--rm", "--user=8:ftp", ALPINE, "id"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=21(ftp)"))
+	})
+
 	It("podman run with attach stdin outputs container ID", func() {
 		session := podmanTest.Podman([]string{"run", "--attach", "stdin", ALPINE, "printenv"})
 		session.WaitWithDefaultTimeout()
-- 
cgit v1.2.3-54-g00ecf