github.com/AbhinandanKurakure/podman/v3@v3.4.10/test/e2e/run_passwd_test.go (about) 1 package integration 2 3 import ( 4 "fmt" 5 "os" 6 7 . "github.com/containers/podman/v3/test/utils" 8 . "github.com/onsi/ginkgo" 9 . "github.com/onsi/gomega" 10 . "github.com/onsi/gomega/gexec" 11 ) 12 13 var _ = Describe("Podman run passwd", func() { 14 var ( 15 tempdir string 16 err error 17 podmanTest *PodmanTestIntegration 18 ) 19 20 BeforeEach(func() { 21 tempdir, err = CreateTempDirInTempDir() 22 if err != nil { 23 os.Exit(1) 24 } 25 podmanTest = PodmanTestCreate(tempdir) 26 podmanTest.Setup() 27 podmanTest.SeedImages() 28 }) 29 30 AfterEach(func() { 31 podmanTest.Cleanup() 32 f := CurrentGinkgoTestDescription() 33 processTestResult(f) 34 35 }) 36 37 It("podman run no user specified ", func() { 38 session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"}) 39 session.WaitWithDefaultTimeout() 40 Expect(session).Should(Exit(0)) 41 Expect(session.LineInOutputContains("passwd")).To(BeFalse()) 42 }) 43 It("podman run user specified in container", func() { 44 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "bin", BB, "mount"}) 45 session.WaitWithDefaultTimeout() 46 Expect(session).Should(Exit(0)) 47 Expect(session.LineInOutputContains("passwd")).To(BeFalse()) 48 }) 49 50 It("podman run UID specified in container", func() { 51 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "2:1", BB, "mount"}) 52 session.WaitWithDefaultTimeout() 53 Expect(session).Should(Exit(0)) 54 Expect(session.LineInOutputContains("passwd")).To(BeFalse()) 55 }) 56 57 It("podman run UID not specified in container", func() { 58 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:1", BB, "mount"}) 59 session.WaitWithDefaultTimeout() 60 Expect(session).Should(Exit(0)) 61 Expect(session.LineInOutputContains("passwd")).To(BeTrue()) 62 }) 63 64 It("podman can run container without /etc/passwd", func() { 65 dockerfile := fmt.Sprintf(`FROM %s 66 RUN rm -f /etc/passwd /etc/shadow /etc/group 67 USER 1000`, ALPINE) 68 imgName := "testimg" 69 podmanTest.BuildImage(dockerfile, imgName, "false") 70 session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) 71 session.WaitWithDefaultTimeout() 72 Expect(session).Should(Exit(0)) 73 Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) 74 }) 75 76 It("podman run with no user specified does not change --group specified", func() { 77 session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"}) 78 session.WaitWithDefaultTimeout() 79 Expect(session).Should(Exit(0)) 80 Expect(session.LineInOutputContains("/etc/group")).To(BeFalse()) 81 }) 82 83 It("podman run group specified in container", func() { 84 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:bin", BB, "mount"}) 85 session.WaitWithDefaultTimeout() 86 Expect(session).Should(Exit(0)) 87 Expect(session.LineInOutputContains("/etc/group")).To(BeFalse()) 88 }) 89 90 It("podman run non-numeric group not specified in container", func() { 91 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:doesnotexist", BB, "mount"}) 92 session.WaitWithDefaultTimeout() 93 Expect(session).To(ExitWithError()) 94 }) 95 96 It("podman run numeric group specified in container", func() { 97 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:11", BB, "mount"}) 98 session.WaitWithDefaultTimeout() 99 Expect(session).Should(Exit(0)) 100 Expect(session.LineInOutputContains("/etc/group")).To(BeFalse()) 101 }) 102 103 It("podman run numeric group not specified in container", func() { 104 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:20001", BB, "mount"}) 105 session.WaitWithDefaultTimeout() 106 Expect(session).Should(Exit(0)) 107 Expect(session.LineInOutputContains("/etc/group")).To(BeTrue()) 108 }) 109 110 It("podman run numeric user not specified in container modifies group", func() { 111 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001", BB, "mount"}) 112 session.WaitWithDefaultTimeout() 113 Expect(session).Should(Exit(0)) 114 Expect(session.LineInOutputContains("/etc/group")).To(BeTrue()) 115 }) 116 117 It("podman run numeric group from image and no group file", func() { 118 dockerfile := fmt.Sprintf(`FROM %s 119 RUN rm -f /etc/passwd /etc/shadow /etc/group 120 USER 1000`, ALPINE) 121 imgName := "testimg" 122 podmanTest.BuildImage(dockerfile, imgName, "false") 123 session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) 124 session.WaitWithDefaultTimeout() 125 Expect(session).Should(Exit(0)) 126 Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) 127 }) 128 })