opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-31 07:27:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

rootless: bind mount devices instead of creating them

Browse Source 
when running in rootless mode, --device creates a bind mount from the
host instead of specifying the device in the OCI configuration.  This
is required as an unprivileged user cannot use mknod, even when root
in a user namespace.

Closes: https://github.com/containers/libpod/issues/3905

Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
This commit is contained in:
Giuseppe Scrivano
2019-08-29 22:47:15 +02:00
committed by Giuseppe Scrivano
parent e5568d4acc
commit ba1c57030f
2 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
test/e2e/run_device_test.go
View File

@ -35,44 +35,40 @@ var _ = Describe("Podman run device", func() {
})
It("podman run bad device test", func() {
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/baddevice", ALPINE, "ls", "/dev/kmsg"})
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/baddevice", ALPINE, "true"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Not(Equal(0)))
})
It("podman run device test", func() {
SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"})
session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "ls", "--color=never", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal("/dev/kmsg"))
})
It("podman run device rename test", func() {
SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
It("podman run device permission test", func() {
SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"})
session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "ls", "--color=never", "/dev/kmsg"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal("/dev/kmsg"))
})
It("podman run device rename and permission test", func() {
SkipIfRootless()
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal("/dev/kmsg1"))
})
It("podman run device rename and bad permission test", func() {
session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "ls", "--color=never", "/dev/kmsg1"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Not(Equal(0)))
})