github.com/AbhinandanKurakure/podman/v3@v3.4.10/test/e2e/run_passwd_test.go

github.com/AbhinandanKurakure/podman/v3@v3.4.10/test/e2e/run_passwd_test.go (about)

     1  package integration
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  
     7  	. "github.com/containers/podman/v3/test/utils"
     8  	. "github.com/onsi/ginkgo"
     9  	. "github.com/onsi/gomega"
    10  	. "github.com/onsi/gomega/gexec"
    11  )
    12  
    13  var _ = Describe("Podman run passwd", func() {
    14  	var (
    15  		tempdir    string
    16  		err        error
    17  		podmanTest *PodmanTestIntegration
    18  	)
    19  
    20  	BeforeEach(func() {
    21  		tempdir, err = CreateTempDirInTempDir()
    22  		if err != nil {
    23  			os.Exit(1)
    24  		}
    25  		podmanTest = PodmanTestCreate(tempdir)
    26  		podmanTest.Setup()
    27  		podmanTest.SeedImages()
    28  	})
    29  
    30  	AfterEach(func() {
    31  		podmanTest.Cleanup()
    32  		f := CurrentGinkgoTestDescription()
    33  		processTestResult(f)
    34  
    35  	})
    36  
    37  	It("podman run no user specified ", func() {
    38  		session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"})
    39  		session.WaitWithDefaultTimeout()
    40  		Expect(session).Should(Exit(0))
    41  		Expect(session.LineInOutputContains("passwd")).To(BeFalse())
    42  	})
    43  	It("podman run user specified in container", func() {
    44  		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "bin", BB, "mount"})
    45  		session.WaitWithDefaultTimeout()
    46  		Expect(session).Should(Exit(0))
    47  		Expect(session.LineInOutputContains("passwd")).To(BeFalse())
    48  	})
    49  
    50  	It("podman run UID specified in container", func() {
    51  		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "2:1", BB, "mount"})
    52  		session.WaitWithDefaultTimeout()
    53  		Expect(session).Should(Exit(0))
    54  		Expect(session.LineInOutputContains("passwd")).To(BeFalse())
    55  	})
    56  
    57  	It("podman run UID not specified in container", func() {
    58  		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:1", BB, "mount"})
    59  		session.WaitWithDefaultTimeout()
    60  		Expect(session).Should(Exit(0))
    61  		Expect(session.LineInOutputContains("passwd")).To(BeTrue())
    62  	})
    63  
    64  	It("podman can run container without /etc/passwd", func() {
    65  		dockerfile := fmt.Sprintf(`FROM %s
    66  RUN rm -f /etc/passwd /etc/shadow /etc/group
    67  USER 1000`, ALPINE)
    68  		imgName := "testimg"
    69  		podmanTest.BuildImage(dockerfile, imgName, "false")
    70  		session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"})
    71  		session.WaitWithDefaultTimeout()
    72  		Expect(session).Should(Exit(0))
    73  		Expect(session.OutputToString()).To(Not(ContainSubstring("passwd")))
    74  	})
    75  
    76  	It("podman run with no user specified does not change --group specified", func() {
    77  		session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"})
    78  		session.WaitWithDefaultTimeout()
    79  		Expect(session).Should(Exit(0))
    80  		Expect(session.LineInOutputContains("/etc/group")).To(BeFalse())
    81  	})
    82  
    83  	It("podman run group specified in container", func() {
    84  		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:bin", BB, "mount"})
    85  		session.WaitWithDefaultTimeout()
    86  		Expect(session).Should(Exit(0))
    87  		Expect(session.LineInOutputContains("/etc/group")).To(BeFalse())
    88  	})
    89  
    90  	It("podman run non-numeric group not specified in container", func() {
    91  		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:doesnotexist", BB, "mount"})
    92  		session.WaitWithDefaultTimeout()
    93  		Expect(session).To(ExitWithError())
    94  	})
    95  
    96  	It("podman run numeric group specified in container", func() {
    97  		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:11", BB, "mount"})
    98  		session.WaitWithDefaultTimeout()
    99  		Expect(session).Should(Exit(0))
   100  		Expect(session.LineInOutputContains("/etc/group")).To(BeFalse())
   101  	})
   102  
   103  	It("podman run numeric group not specified in container", func() {
   104  		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:20001", BB, "mount"})
   105  		session.WaitWithDefaultTimeout()
   106  		Expect(session).Should(Exit(0))
   107  		Expect(session.LineInOutputContains("/etc/group")).To(BeTrue())
   108  	})
   109  
   110  	It("podman run numeric user not specified in container modifies group", func() {
   111  		session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001", BB, "mount"})
   112  		session.WaitWithDefaultTimeout()
   113  		Expect(session).Should(Exit(0))
   114  		Expect(session.LineInOutputContains("/etc/group")).To(BeTrue())
   115  	})
   116  
   117  	It("podman run numeric group from image and no group file", func() {
   118  		dockerfile := fmt.Sprintf(`FROM %s
   119  RUN rm -f /etc/passwd /etc/shadow /etc/group
   120  USER 1000`, ALPINE)
   121  		imgName := "testimg"
   122  		podmanTest.BuildImage(dockerfile, imgName, "false")
   123  		session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"})
   124  		session.WaitWithDefaultTimeout()
   125  		Expect(session).Should(Exit(0))
   126  		Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group")))
   127  	})
   128  })