opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-31 18:08:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

test: check that kube generate/play restores the userns

Browse Source 
validate that a "podman generate" and "podman play" cycle restores the
specified user namespace.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano
2024-07-11 11:53:29 +02:00
parent f70976a7e2
commit d9c2806461
1 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
test/system/700-play.bats
View File

@ -1037,3 +1037,33 @@ spec:
run_podman kube down $fname run_podman kube down $fname
run_podman rmi $imgname run_podman rmi $imgname
} }
@test "podman kube restore user namespace" {
if ! is_rootless; then
grep -E -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'"
fi
run_podman pod create --userns auto --name usernspod
run_podman create --pod usernspod $IMAGE true
run_podman pod inspect --format {{.InfraContainerID}} usernspod
infraID="$output"
run_podman inspect --format '{{index .Config.Annotations "io.podman.annotations.userns"}}' $infraID
assert "$output" == "auto" "user namespace should be kept"
YAML=$PODMAN_TMPDIR/test.yml
# Make sure the same setting is restored if the pod is recreated from the yaml
run_podman kube generate usernspod -f $YAML
cat $YAML
run_podman kube play --replace $YAML
run_podman pod inspect --format {{.InfraContainerID}} usernspod
infraID="$output"
run_podman inspect --format '{{index .Config.Annotations "io.podman.annotations.userns"}}' $infraID
assert "$output" == "auto" "user namespace should be kept"
run_podman pod rm -f usernspod
}