6
. "github.com/containers/podman/v5/test/utils"
7
. "github.com/onsi/ginkgo/v2"
8
. "github.com/onsi/gomega"
11
var _ = Describe("Podman run passwd", func() {
13
It("podman run no user specified ", func() {
14
session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"})
15
session.WaitWithDefaultTimeout()
16
Expect(session).Should(ExitCleanly())
17
Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
19
It("podman run user specified in container", func() {
20
session := podmanTest.Podman([]string{"run", "--read-only", "-u", "bin", BB, "mount"})
21
session.WaitWithDefaultTimeout()
22
Expect(session).Should(ExitCleanly())
23
Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
26
It("podman run UID specified in container", func() {
27
session := podmanTest.Podman([]string{"run", "--read-only", "-u", "2:1", BB, "mount"})
28
session.WaitWithDefaultTimeout()
29
Expect(session).Should(ExitCleanly())
30
Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
33
It("podman run UID not specified in container", func() {
34
session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:1", BB, "mount"})
35
session.WaitWithDefaultTimeout()
36
Expect(session).Should(ExitCleanly())
37
Expect(session.OutputToString()).To(ContainSubstring("passwd"))
40
It("podman can run container without /etc/passwd", func() {
41
dockerfile := fmt.Sprintf(`FROM %s
42
RUN rm -f /etc/passwd /etc/shadow /etc/group
45
podmanTest.BuildImage(dockerfile, imgName, "false")
46
session := podmanTest.Podman([]string{"run", "--passwd=false", "--rm", imgName, "ls", "/etc/"})
47
session.WaitWithDefaultTimeout()
48
Expect(session).Should(ExitCleanly())
49
Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
52
session = podmanTest.Podman([]string{"run", "--rm", "--user", "0:0", imgName, "ls", "/etc/passwd"})
53
session.WaitWithDefaultTimeout()
54
Expect(session).Should(ExitCleanly())
57
It("podman run with no user specified does not change --group specified", func() {
58
session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"})
59
session.WaitWithDefaultTimeout()
60
Expect(session).Should(ExitCleanly())
61
Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
64
It("podman run group specified in container", func() {
65
session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:bin", BB, "mount"})
66
session.WaitWithDefaultTimeout()
67
Expect(session).Should(ExitCleanly())
68
Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
71
It("podman run non-numeric group not specified in container", func() {
72
session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:doesnotexist", BB, "mount"})
73
session.WaitWithDefaultTimeout()
74
Expect(session).To(ExitWithError())
77
It("podman run numeric group specified in container", func() {
78
session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:11", BB, "mount"})
79
session.WaitWithDefaultTimeout()
80
Expect(session).Should(ExitCleanly())
81
Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
84
It("podman run numeric group not specified in container", func() {
85
session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:20001", BB, "mount"})
86
session.WaitWithDefaultTimeout()
87
Expect(session).Should(ExitCleanly())
88
Expect(session.OutputToString()).To(ContainSubstring("/etc/group"))
91
It("podman run numeric user not specified in container modifies group", func() {
92
session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001", BB, "mount"})
93
session.WaitWithDefaultTimeout()
94
Expect(session).Should(ExitCleanly())
95
Expect(session.OutputToString()).To(ContainSubstring("/etc/group"))
98
It("podman run numeric group from image and no group file", func() {
99
dockerfile := fmt.Sprintf(`FROM %s
100
RUN rm -f /etc/passwd /etc/shadow /etc/group
103
podmanTest.BuildImage(dockerfile, imgName, "false")
104
session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"})
105
session.WaitWithDefaultTimeout()
106
Expect(session).Should(ExitCleanly())
107
Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
110
It("podman run --no-manage-passwd flag", func() {
111
run := podmanTest.Podman([]string{"run", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"})
112
run.WaitWithDefaultTimeout()
113
Expect(run).Should(ExitCleanly())
114
Expect(run.OutputToString()).To(ContainSubstring("1234:1234"))
116
run = podmanTest.Podman([]string{"run", "--passwd=false", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"})
117
run.WaitWithDefaultTimeout()
118
Expect(run).Should(ExitCleanly())
119
Expect(run.OutputToString()).NotTo(ContainSubstring("1234:1234"))
122
It("podman run --passwd-entry flag", func() {
124
run := podmanTest.Podman([]string{"run", "--user", "1234:1234", "--passwd-entry=FOO", ALPINE, "grep", "^FOO$", "/etc/passwd"})
125
run.WaitWithDefaultTimeout()
126
Expect(run).Should(ExitCleanly())
128
run = podmanTest.Podman([]string{"run", "--user", "12345:12346", "-w", "/etc", "--passwd-entry=$UID-$GID-$NAME-$HOME-$USERNAME", ALPINE, "cat", "/etc/passwd"})
129
run.WaitWithDefaultTimeout()
130
Expect(run).Should(ExitCleanly())
131
Expect(run.OutputToString()).To(ContainSubstring("12345-12346-container user-/etc-12345"))
134
It("podman run --group-entry flag", func() {
136
run := podmanTest.Podman([]string{"run", "--user", "1234:1234", "--group-entry=FOO", ALPINE, "grep", "^FOO$", "/etc/group"})
137
run.WaitWithDefaultTimeout()
138
Expect(run).Should(ExitCleanly())
140
run = podmanTest.Podman([]string{"run", "--user", "12345:12346", "--group-entry=$GID", ALPINE, "tail", "/etc/group"})
141
run.WaitWithDefaultTimeout()
142
Expect(run).Should(ExitCleanly())
143
Expect(run.OutputToString()).To(ContainSubstring("12346"))