diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index c83b32a911..82ddc5c121 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -161,7 +161,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { podman := PodmanTestSetup(filepath.Join(globalTmpDir, "image-init")) // Pull cirros but don't put it into the cache - pullImages := []string{CIRROS_IMAGE, fedoraToolbox, volumeTest} + pullImages := []string{CIRROS_IMAGE, volumeTest} pullImages = append(pullImages, CACHE_IMAGES...) for _, image := range pullImages { podman.createArtifact(image) diff --git a/test/e2e/config.go b/test/e2e/config.go index 3ab956dd9a..4867734247 100644 --- a/test/e2e/config.go +++ b/test/e2e/config.go @@ -13,7 +13,6 @@ var ( INFRA_IMAGE = "quay.io/libpod/k8s-pause:3.5" //nolint:revive,stylecheck BB = "quay.io/libpod/busybox:latest" HEALTHCHECK_IMAGE = "quay.io/libpod/alpine_healthcheck:latest" //nolint:revive,stylecheck - fedoraToolbox = "registry.fedoraproject.org/fedora-toolbox:36" volumeTest = "quay.io/libpod/volume-plugin-test-img:20220623" // This image has seccomp profiles that blocks all syscalls. diff --git a/test/e2e/config_amd64.go b/test/e2e/config_amd64.go index 1ef7ec4aa3..27ad021b46 100644 --- a/test/e2e/config_amd64.go +++ b/test/e2e/config_amd64.go @@ -1,15 +1,15 @@ package integration var ( - STORAGE_FS = "overlay" //nolint:revive,stylecheck - STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck - ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck - ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck - CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck - NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck - BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck - REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck - CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck - SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck - CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck + STORAGE_FS = "overlay" //nolint:revive,stylecheck + STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck + ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck + ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck + CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck + NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck + BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck + REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck + CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck + SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck + CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck ) diff --git a/test/e2e/config_arm64.go b/test/e2e/config_arm64.go index 9ace0fc41f..3bb2d3600f 100644 --- a/test/e2e/config_arm64.go +++ b/test/e2e/config_arm64.go @@ -1,15 +1,15 @@ package integration var ( - STORAGE_FS = "overlay" //nolint:revive,stylecheck - STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck - ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck - ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck - CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck - NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck - BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck - REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck - CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck - SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck - CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck + STORAGE_FS = "overlay" //nolint:revive,stylecheck + STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck + ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck + ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck + CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck + NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck + BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck + REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck + CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck + SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck + CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck ) diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go index ce2537a6cb..8e2fce35e3 100644 --- a/test/e2e/toolbox_test.go +++ b/test/e2e/toolbox_test.go @@ -38,7 +38,6 @@ import ( . "github.com/containers/podman/v5/test/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gexec" ) var _ = Describe("Toolbox-specific testing", func() { @@ -178,123 +177,18 @@ var _ = Describe("Toolbox-specific testing", func() { Expect(session.OutputToString()).To(ContainSubstring(expectedOutput)) }) - It("podman create --userns=keep-id - entrypoint - adding user with useradd and then removing their password", func() { - SkipIfNotRootless("only meaningful when run rootless") - var session *PodmanSessionIntegration + It("podman run --userns=keep-id - modify /etc/passwd and /etc/group", func() { + passwdLine := "testuser:x:1001:1001::/home/testuser:/bin/sh" + groupLine := "testuser:x:1001:" - var username = "testuser" - var homeDir = "/home/testuser" - var shell = "/bin/sh" - var uid = "1001" - var gid = "1001" - - useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s", - homeDir, shell, uid, username) - passwd := fmt.Sprintf("passwd --delete %s", username) - session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c", - fmt.Sprintf("%s; %s; echo READY; sleep 1000", useradd, passwd)}) + // ensure that the container can edit passwd and group files + session := podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", + "--user", "root:root", ALPINE, "sh", "-c", + fmt.Sprintf("echo %s > /etc/passwd && echo %s > /etc/group && cat /etc/passwd && cat /etc/group", passwdLine, groupLine)}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - - session = podmanTest.Podman([]string{"start", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue()) - - expectedOutput := fmt.Sprintf("%s:x:%s:%s::%s:%s", - username, uid, gid, homeDir, shell) - - session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring(expectedOutput)) - - expectedOutput = "passwd: Note: deleting a password also unlocks the password." - - session = podmanTest.Podman([]string{"logs", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - Expect(session.ErrorToString()).To(ContainSubstring(expectedOutput)) - }) - - It("podman create --userns=keep-id + podman exec - adding group with groupadd", func() { - SkipIfNotRootless("only meaningful when run rootless") - var session *PodmanSessionIntegration - - var groupName = "testgroup" - var gid = "1001" - - groupadd := fmt.Sprintf("groupadd --gid %s %s", gid, groupName) - - session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c", - fmt.Sprintf("%s; echo READY; sleep 1000", groupadd)}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - session = podmanTest.Podman([]string{"start", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue()) - - session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/group"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring(groupName)) - - session = podmanTest.Podman([]string{"logs", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("READY")) - }) - - It("podman create --userns=keep-id - entrypoint - modifying existing user with usermod - add to new group, change home/shell/uid", func() { - SkipIfNotRootless("only meaningful when run rootless") - var session *PodmanSessionIntegration - var badHomeDir = "/home/badtestuser" - var badShell = "/bin/sh" - var badUID = "1001" - var username = "testuser" - var homeDir = "/home/testuser" - var shell = "/bin/bash" - var uid = "1411" - var groupName = "testgroup" - var gid = "1422" - - // The use of bad* in the name of variables does not imply the invocation - // of useradd should fail The user is supposed to be created successfully - // but later his information (uid, home, shell,..) is changed via usermod. - useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s", - badHomeDir, badShell, badUID, username) - groupadd := fmt.Sprintf("groupadd --gid %s %s", - gid, groupName) - usermod := fmt.Sprintf("usermod --append --groups wheel --home %s --shell %s --uid %s --gid %s %s", - homeDir, shell, uid, gid, username) - - session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c", - fmt.Sprintf("%s; %s; %s; echo READY; sleep 1000", useradd, groupadd, usermod)}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - session = podmanTest.Podman([]string{"start", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue()) - - expectedUser := fmt.Sprintf("%s:x:%s:%s::%s:%s", - username, uid, gid, homeDir, shell) - - session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring(expectedUser)) - - session = podmanTest.Podman([]string{"logs", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("READY")) + Expect(session.OutputToString()).Should(ContainSubstring(passwdLine)) + Expect(session.OutputToString()).Should(ContainSubstring(groupLine)) }) It("podman run --privileged --userns=keep-id --user root:root - entrypoint - (bind)mounting", func() { @@ -312,13 +206,12 @@ var _ = Describe("Toolbox-specific testing", func() { Expect(session).Should(ExitCleanly()) }) - It("podman create + start - with all needed switches for create - sleep as entry-point", func() { + It("podman create + start - with all needed switches for create", func() { SkipIfNotRootless("only meaningful when run rootless") - var session *PodmanSessionIntegration // These should be most of the switches that Toolbox uses to create a "toolbox" container // https://github.com/containers/toolbox/blob/main/src/cmd/create.go - session = podmanTest.Podman([]string{"create", + session := podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--dns", "none", "--hostname", "toolbox", @@ -333,20 +226,14 @@ var _ = Describe("Toolbox-specific testing", func() { "--ulimit", "host", "--userns=keep-id", "--user", "root:root", - fedoraToolbox, "sh", "-c", "echo READY; sleep 1000"}) + ALPINE, "sh", "-c", "echo READY"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - session = podmanTest.Podman([]string{"start", "test"}) + session = podmanTest.Podman([]string{"start", "-a", "test"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - - Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue()) - - session = podmanTest.Podman([]string{"logs", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("READY")) + Expect(session.OutputToString()).Should(ContainSubstring("READY")) }) It("podman run --userns=keep-id check $HOME", func() { @@ -355,22 +242,20 @@ var _ = Describe("Toolbox-specific testing", func() { currentUser, err := user.Current() Expect(err).ToNot(HaveOccurred()) - session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"}) + session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", ALPINE, "sh", "-c", "echo $HOME"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) - if isRootless() { - location := path.Dir(currentUser.HomeDir) - volumeArg := fmt.Sprintf("%s:%s", location, location) - session = podmanTest.Podman([]string{"run", - "--userns=keep-id", - "--volume", volumeArg, - fedoraToolbox, "sh", "-c", "echo $HOME"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) - } + location := path.Dir(currentUser.HomeDir) + volumeArg := fmt.Sprintf("%s:%s", location, location) + session = podmanTest.Podman([]string{"run", + "--userns=keep-id", + "--volume", volumeArg, + ALPINE, "sh", "-c", "echo $HOME"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(ExitCleanly()) + Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) }) })