rootless: add cli validator

whenever the podman process is launched, it runs any file found in these directories: - /etc/containers/auth-scripts - /usr/libexec/podman/auth-scripts The current podman command line is passed as arguments to the process. If any of the processes fail, the error is immediately reported back from podman that exits with the same error code. [NO NEW TESTS NEEDED] requires a system-wide configuration. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-12-01 18:49:18 +08:00 · 2022-08-18 15:05:23 +02:00
parent 71f96c2e6f
commit 290019c486
2 changed files with 222 additions and 28 deletions
--- a/test/system/950-auth-scripts.bats
+++ b/test/system/950-auth-scripts.bats
@@ -0,0 +1,33 @@
+#!/usr/bin/env bats
+#
+# Tests for podman auth scripts
+#
+
+load helpers
+load helpers.network
+
+function setup() {
+    basic_setup
+}
+
+function teardown() {
+    basic_teardown
+}
+
+@test "podman auth script" {
+    auth_dir=$PODMAN_TMPDIR/auth
+    mkdir -p $auth_dir
+    auth_script=$auth_dir/pull_check.sh
+
+    cat > $auth_script <<EOF
+#!/bin/sh
+if echo \$@ | grep "pull foobar"; then
+    exit 42
+fi
+exit 43
+EOF
+    chmod +x $auth_script
+
+    PODMAN_AUTH_SCRIPTS_DIR=$auth_dir run_podman 42 pull foobar
+    PODMAN_AUTH_SCRIPTS_DIR=$auth_dir run_podman 43 pull barfoo
+}