opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-21 09:05:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Honor rootfulness when SSH-ing into named Machine

Browse Source 
Fix a bug where SSH-ing into a named Podman Machine (not podman-machine-default)
results in the user being put in the rootless shell if the default system
connection is rootless.

Resolves: https://github.com/containers/podman/issues/25332

Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
This commit is contained in:
Jake Correnti
2025-03-13 14:55:03 -04:00
parent 79e05ca199
commit f166f1503c
2 changed files with 46 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
cmd/podman/machine/ssh.go
View File

@ -4,7 +4,6 @@ package machine
import ( import (
"fmt" "fmt"
"net/url"
"github.com/containers/podman/v5/pkg/machine/define" "github.com/containers/podman/v5/pkg/machine/define"
"github.com/containers/podman/v5/pkg/machine/env" "github.com/containers/podman/v5/pkg/machine/env"
@ -100,13 +99,6 @@ func ssh(cmd *cobra.Command, args []string) error {
} }
} }
if !validVM && sshOpts.Username == "" {
sshOpts.Username, err = remoteConnectionUsername()
if err != nil {
return err
}
}
state, err := provider.State(mc, false) state, err := provider.State(mc, false)
if err != nil { if err != nil {
return err return err
@ -115,25 +107,14 @@ func ssh(cmd *cobra.Command, args []string) error {
return fmt.Errorf("vm %q is not running", mc.Name) return fmt.Errorf("vm %q is not running", mc.Name)
} }
username := sshOpts.Username if sshOpts.Username == "" {
if username == "" { if mc.HostUser.Rootful {
username = mc.SSH.RemoteUsername sshOpts.Username = "root"
} else {
sshOpts.Username = mc.SSH.RemoteUsername
}
} }
err = machine.CommonSSHShell(username, mc.SSH.IdentityPath, mc.Name, mc.SSH.Port, sshOpts.Args) err = machine.CommonSSHShell(sshOpts.Username, mc.SSH.IdentityPath, mc.Name, mc.SSH.Port, sshOpts.Args)
return utils.HandleOSExecError(err) return utils.HandleOSExecError(err)
} }
func remoteConnectionUsername() (string, error) {
con, err := registry.PodmanConfig().ContainersConfDefaultsRO.GetConnection("", true)
if err != nil {
return "", err
}
uri, err := url.Parse(con.URI)
if err != nil {
return "", err
}
username := uri.User.String()
return username, nil
}

39
pkg/machine/e2e/ssh_test.go
View File

@ -62,4 +62,43 @@ var _ = Describe("podman machine ssh", func() {
Expect(sshSession.errorToString()).To(Equal("")) Expect(sshSession.errorToString()).To(Equal(""))
} }
}) })
It("verify machine rootfulness", func() {
wsl := testProvider.VMType() == define.WSLVirt
name := randomString()
i := new(initMachine)
session, err := mb.setName(name).setCmd(i.withImage(mb.imagePath).withNow()).run()
Expect(err).ToNot(HaveOccurred())
Expect(session).To(Exit(0))
ssh := &sshMachine{}
sshSession, err := mb.setName(name).setCmd(ssh.withSSHCommand([]string{"whoami"})).run()
Expect(err).ToNot(HaveOccurred())
Expect(sshSession).To(Exit(0))
if wsl {
Expect(sshSession.outputToString()).To(Equal("user"))
} else {
Expect(sshSession.outputToString()).To(Equal("core"))
}
stop := &stopMachine{}
stopSession, err := mb.setName(name).setCmd(stop).run()
Expect(err).ToNot(HaveOccurred())
Expect(stopSession).To(Exit(0))
set := &setMachine{}
setSession, err := mb.setName(name).setCmd(set.withRootful(true)).run()
Expect(err).ToNot(HaveOccurred())
Expect(setSession).To(Exit(0))
start := &startMachine{}
startSession, err := mb.setName(name).setCmd(start).run()
Expect(err).ToNot(HaveOccurred())
Expect(startSession).To(Exit(0))
sshSession, err = mb.setName(name).setCmd(ssh.withSSHCommand([]string{"whoami"})).run()
Expect(err).ToNot(HaveOccurred())
Expect(sshSession).To(Exit(0))
Expect(sshSession.outputToString()).To(Equal("root"))
})
}) })