podman

run_passwd_test.go
145 строк · 6.0 Кб
Перенос по словам
1
package integration
2

3
import (
4
	"fmt"
5

6
	. "github.com/containers/podman/v5/test/utils"
7
	. "github.com/onsi/ginkgo/v2"
8
	. "github.com/onsi/gomega"
9
)
10

11
var _ = Describe("Podman run passwd", func() {
12

13
	It("podman run no user specified ", func() {
14
		session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"})
15
		session.WaitWithDefaultTimeout()
16
		Expect(session).Should(ExitCleanly())
17
		Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
18
	})
19
	It("podman run user specified in container", func() {
20
		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "bin", BB, "mount"})
21
		session.WaitWithDefaultTimeout()
22
		Expect(session).Should(ExitCleanly())
23
		Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
24
	})
25

26
	It("podman run UID specified in container", func() {
27
		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "2:1", BB, "mount"})
28
		session.WaitWithDefaultTimeout()
29
		Expect(session).Should(ExitCleanly())
30
		Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
31
	})
32

33
	It("podman run UID not specified in container", func() {
34
		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:1", BB, "mount"})
35
		session.WaitWithDefaultTimeout()
36
		Expect(session).Should(ExitCleanly())
37
		Expect(session.OutputToString()).To(ContainSubstring("passwd"))
38
	})
39

40
	It("podman can run container without /etc/passwd", func() {
41
		dockerfile := fmt.Sprintf(`FROM %s
42
RUN rm -f /etc/passwd /etc/shadow /etc/group
43
USER 1000`, ALPINE)
44
		imgName := "testimg"
45
		podmanTest.BuildImage(dockerfile, imgName, "false")
46
		session := podmanTest.Podman([]string{"run", "--passwd=false", "--rm", imgName, "ls", "/etc/"})
47
		session.WaitWithDefaultTimeout()
48
		Expect(session).Should(ExitCleanly())
49
		Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
50

51
		// test that the /etc/passwd file is created
52
		session = podmanTest.Podman([]string{"run", "--rm", "--user", "0:0", imgName, "ls", "/etc/passwd"})
53
		session.WaitWithDefaultTimeout()
54
		Expect(session).Should(ExitCleanly())
55
	})
56

57
	It("podman run with no user specified does not change --group specified", func() {
58
		session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"})
59
		session.WaitWithDefaultTimeout()
60
		Expect(session).Should(ExitCleanly())
61
		Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
62
	})
63

64
	It("podman run group specified in container", func() {
65
		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:bin", BB, "mount"})
66
		session.WaitWithDefaultTimeout()
67
		Expect(session).Should(ExitCleanly())
68
		Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
69
	})
70

71
	It("podman run non-numeric group not specified in container", func() {
72
		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:doesnotexist", BB, "mount"})
73
		session.WaitWithDefaultTimeout()
74
		Expect(session).To(ExitWithError())
75
	})
76

77
	It("podman run numeric group specified in container", func() {
78
		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:11", BB, "mount"})
79
		session.WaitWithDefaultTimeout()
80
		Expect(session).Should(ExitCleanly())
81
		Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
82
	})
83

84
	It("podman run numeric group not specified in container", func() {
85
		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:20001", BB, "mount"})
86
		session.WaitWithDefaultTimeout()
87
		Expect(session).Should(ExitCleanly())
88
		Expect(session.OutputToString()).To(ContainSubstring("/etc/group"))
89
	})
90

91
	It("podman run numeric user not specified in container modifies group", func() {
92
		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001", BB, "mount"})
93
		session.WaitWithDefaultTimeout()
94
		Expect(session).Should(ExitCleanly())
95
		Expect(session.OutputToString()).To(ContainSubstring("/etc/group"))
96
	})
97

98
	It("podman run numeric group from image and no group file", func() {
99
		dockerfile := fmt.Sprintf(`FROM %s
100
RUN rm -f /etc/passwd /etc/shadow /etc/group
101
USER 1000`, ALPINE)
102
		imgName := "testimg"
103
		podmanTest.BuildImage(dockerfile, imgName, "false")
104
		session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"})
105
		session.WaitWithDefaultTimeout()
106
		Expect(session).Should(ExitCleanly())
107
		Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
108
	})
109

110
	It("podman run --no-manage-passwd flag", func() {
111
		run := podmanTest.Podman([]string{"run", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"})
112
		run.WaitWithDefaultTimeout()
113
		Expect(run).Should(ExitCleanly())
114
		Expect(run.OutputToString()).To(ContainSubstring("1234:1234"))
115

116
		run = podmanTest.Podman([]string{"run", "--passwd=false", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"})
117
		run.WaitWithDefaultTimeout()
118
		Expect(run).Should(ExitCleanly())
119
		Expect(run.OutputToString()).NotTo(ContainSubstring("1234:1234"))
120
	})
121

122
	It("podman run --passwd-entry flag", func() {
123
		// Test that the line we add doesn't contain anything else than what is specified
124
		run := podmanTest.Podman([]string{"run", "--user", "1234:1234", "--passwd-entry=FOO", ALPINE, "grep", "^FOO$", "/etc/passwd"})
125
		run.WaitWithDefaultTimeout()
126
		Expect(run).Should(ExitCleanly())
127

128
		run = podmanTest.Podman([]string{"run", "--user", "12345:12346", "-w", "/etc", "--passwd-entry=$UID-$GID-$NAME-$HOME-$USERNAME", ALPINE, "cat", "/etc/passwd"})
129
		run.WaitWithDefaultTimeout()
130
		Expect(run).Should(ExitCleanly())
131
		Expect(run.OutputToString()).To(ContainSubstring("12345-12346-container user-/etc-12345"))
132
	})
133

134
	It("podman run --group-entry flag", func() {
135
		// Test that the line we add doesn't contain anything else than what is specified
136
		run := podmanTest.Podman([]string{"run", "--user", "1234:1234", "--group-entry=FOO", ALPINE, "grep", "^FOO$", "/etc/group"})
137
		run.WaitWithDefaultTimeout()
138
		Expect(run).Should(ExitCleanly())
139

140
		run = podmanTest.Podman([]string{"run", "--user", "12345:12346", "--group-entry=$GID", ALPINE, "tail", "/etc/group"})
141
		run.WaitWithDefaultTimeout()
142
		Expect(run).Should(ExitCleanly())
143
		Expect(run.OutputToString()).To(ContainSubstring("12346"))
144
	})
145
})
146
podman

Использование cookies
