opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-22 18:08:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17174 from rhatdan/pod

Browse Source 
Get correct username in pod when using --userns=keep-id
This commit is contained in:
OpenShift Merge Robot
2023-01-24 16:23:45 -05:00
committed by GitHub
parent eef60ef288 c4aae9b47e
commit 8073e90ed5
3 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libpod/container_internal_common.go
View File

@ -2465,6 +2465,10 @@ func (c *Container) generateUserPasswdEntry(addedUID int) (string, error) {
return entry, nil return entry, nil
} }
u, err := user.LookupId(fmt.Sprintf("%d", uid))
if err == nil {
return fmt.Sprintf("%s:*:%d:%d:%s:%s:/bin/sh\n", u.Username, uid, gid, u.Name, c.WorkingDir()), nil
}
return fmt.Sprintf("%d:*:%d:%d:container user:%s:/bin/sh\n", uid, uid, gid, c.WorkingDir()), nil return fmt.Sprintf("%d:*:%d:%d:container user:%s:/bin/sh\n", uid, uid, gid, c.WorkingDir()), nil
} }

8
test/e2e/pod_create_test.go
View File

@ -711,12 +711,14 @@ ENTRYPOINT ["sleep","99999"]
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0)) Expect(session).Should(Exit(0))
// container inside pod inherits user form infra container if --user is not set u, err := user.Current()
// etc/passwd entry will look like 1000:*:1000:1000:container user:/:/bin/sh Expect(err).ToNot(HaveOccurred())
// container inside pod inherits user from infra container if --user is not set
// etc/passwd entry will look like USERNAME:*:1000:1000:Full User Name:/:/bin/sh
exec1 := podmanTest.Podman([]string{"exec", ctrName, "cat", "/etc/passwd"}) exec1 := podmanTest.Podman([]string{"exec", ctrName, "cat", "/etc/passwd"})
exec1.WaitWithDefaultTimeout() exec1.WaitWithDefaultTimeout()
Expect(exec1).Should(Exit(0)) Expect(exec1).Should(Exit(0))
Expect(exec1.OutputToString()).To(ContainSubstring("container")) Expect(exec1.OutputToString()).To(ContainSubstring(u.Name))
exec2 := podmanTest.Podman([]string{"exec", ctrName, "useradd", "testuser"}) exec2 := podmanTest.Podman([]string{"exec", ctrName, "useradd", "testuser"})
exec2.WaitWithDefaultTimeout() exec2.WaitWithDefaultTimeout()

13
test/system/170-run-userns.bats
View File

@ -140,3 +140,16 @@ EOF
is "${output}" "Error: keep-id is only supported in rootless mode" "Container should fail to start since keep-id is not supported in rootful mode" is "${output}" "Error: keep-id is only supported in rootless mode" "Container should fail to start since keep-id is not supported in rootful mode"
fi fi
} }
@test "podman userns=keep-id in a pod" {
if is_rootless; then
user=$(id -u)
run_podman pod create --userns keep-id
pid=$output
run_podman run --rm --pod $pid $IMAGE id -u
is "${output}" "$user" "Container should run as the current user"
else
run_podman 125 pod create --userns keep-id
is "${output}" 'Error:.*keep-id is only supported in rootless mode' "pod should fail to be created since keep-id is not supported in rootful mode"
fi
}