github.com/containers/podman/v5@v5.1.0-rc1/test/e2e/run_passwd_test.go (about) 1 package integration 2 3 import ( 4 "fmt" 5 6 . "github.com/containers/podman/v5/test/utils" 7 . "github.com/onsi/ginkgo/v2" 8 . "github.com/onsi/gomega" 9 ) 10 11 var _ = Describe("Podman run passwd", func() { 12 13 It("podman run no user specified ", func() { 14 session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"}) 15 session.WaitWithDefaultTimeout() 16 Expect(session).Should(ExitCleanly()) 17 Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) 18 }) 19 It("podman run user specified in container", func() { 20 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "bin", BB, "mount"}) 21 session.WaitWithDefaultTimeout() 22 Expect(session).Should(ExitCleanly()) 23 Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) 24 }) 25 26 It("podman run UID specified in container", func() { 27 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "2:1", BB, "mount"}) 28 session.WaitWithDefaultTimeout() 29 Expect(session).Should(ExitCleanly()) 30 Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) 31 }) 32 33 It("podman run UID not specified in container", func() { 34 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:1", BB, "mount"}) 35 session.WaitWithDefaultTimeout() 36 Expect(session).Should(ExitCleanly()) 37 Expect(session.OutputToString()).To(ContainSubstring("passwd")) 38 }) 39 40 It("podman can run container without /etc/passwd", func() { 41 dockerfile := fmt.Sprintf(`FROM %s 42 RUN rm -f /etc/passwd /etc/shadow /etc/group 43 USER 1000`, ALPINE) 44 imgName := "testimg" 45 podmanTest.BuildImage(dockerfile, imgName, "false") 46 session := podmanTest.Podman([]string{"run", "--passwd=false", "--rm", imgName, "ls", "/etc/"}) 47 session.WaitWithDefaultTimeout() 48 Expect(session).Should(ExitCleanly()) 49 Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) 50 51 // test that the /etc/passwd file is created 52 session = podmanTest.Podman([]string{"run", "--rm", "--user", "0:0", imgName, "ls", "/etc/passwd"}) 53 session.WaitWithDefaultTimeout() 54 Expect(session).Should(ExitCleanly()) 55 }) 56 57 It("podman run with no user specified does not change --group specified", func() { 58 session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"}) 59 session.WaitWithDefaultTimeout() 60 Expect(session).Should(ExitCleanly()) 61 Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) 62 }) 63 64 It("podman run group specified in container", func() { 65 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:bin", BB, "mount"}) 66 session.WaitWithDefaultTimeout() 67 Expect(session).Should(ExitCleanly()) 68 Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) 69 }) 70 71 It("podman run non-numeric group not specified in container", func() { 72 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:doesnotexist", BB, "mount"}) 73 session.WaitWithDefaultTimeout() 74 Expect(session).To(ExitWithError(126, "unable to find group doesnotexist: no matching entries in group file")) 75 }) 76 77 It("podman run numeric group specified in container", func() { 78 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:11", BB, "mount"}) 79 session.WaitWithDefaultTimeout() 80 Expect(session).Should(ExitCleanly()) 81 Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) 82 }) 83 84 It("podman run numeric group not specified in container", func() { 85 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:20001", BB, "mount"}) 86 session.WaitWithDefaultTimeout() 87 Expect(session).Should(ExitCleanly()) 88 Expect(session.OutputToString()).To(ContainSubstring("/etc/group")) 89 }) 90 91 It("podman run numeric user not specified in container modifies group", func() { 92 session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001", BB, "mount"}) 93 session.WaitWithDefaultTimeout() 94 Expect(session).Should(ExitCleanly()) 95 Expect(session.OutputToString()).To(ContainSubstring("/etc/group")) 96 }) 97 98 It("podman run numeric group from image and no group file", func() { 99 dockerfile := fmt.Sprintf(`FROM %s 100 RUN rm -f /etc/passwd /etc/shadow /etc/group 101 USER 1000`, ALPINE) 102 imgName := "testimg" 103 podmanTest.BuildImage(dockerfile, imgName, "false") 104 session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) 105 session.WaitWithDefaultTimeout() 106 Expect(session).Should(ExitCleanly()) 107 Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) 108 }) 109 110 It("podman run --no-manage-passwd flag", func() { 111 run := podmanTest.Podman([]string{"run", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"}) 112 run.WaitWithDefaultTimeout() 113 Expect(run).Should(ExitCleanly()) 114 Expect(run.OutputToString()).To(ContainSubstring("1234:1234")) 115 116 run = podmanTest.Podman([]string{"run", "--passwd=false", "--user", "1234:1234", ALPINE, "cat", "/etc/passwd"}) 117 run.WaitWithDefaultTimeout() 118 Expect(run).Should(ExitCleanly()) 119 Expect(run.OutputToString()).NotTo(ContainSubstring("1234:1234")) 120 }) 121 122 It("podman run --passwd-entry flag", func() { 123 // Test that the line we add doesn't contain anything else than what is specified 124 run := podmanTest.Podman([]string{"run", "--user", "1234:1234", "--passwd-entry=FOO", ALPINE, "grep", "^FOO$", "/etc/passwd"}) 125 run.WaitWithDefaultTimeout() 126 Expect(run).Should(ExitCleanly()) 127 128 run = podmanTest.Podman([]string{"run", "--user", "12345:12346", "-w", "/etc", "--passwd-entry=$UID-$GID-$NAME-$HOME-$USERNAME", ALPINE, "cat", "/etc/passwd"}) 129 run.WaitWithDefaultTimeout() 130 Expect(run).Should(ExitCleanly()) 131 Expect(run.OutputToString()).To(ContainSubstring("12345-12346-container user-/etc-12345")) 132 }) 133 134 It("podman run --group-entry flag", func() { 135 // Test that the line we add doesn't contain anything else than what is specified 136 run := podmanTest.Podman([]string{"run", "--user", "1234:1234", "--group-entry=FOO", ALPINE, "grep", "^FOO$", "/etc/group"}) 137 run.WaitWithDefaultTimeout() 138 Expect(run).Should(ExitCleanly()) 139 140 run = podmanTest.Podman([]string{"run", "--user", "12345:12346", "--group-entry=$GID", ALPINE, "tail", "/etc/group"}) 141 run.WaitWithDefaultTimeout() 142 Expect(run).Should(ExitCleanly()) 143 Expect(run.OutputToString()).To(ContainSubstring("12346")) 144 }) 145 })