opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-19 16:33:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

podman image scp never enter podman user NS

Browse Source 
Podman image scp should never enter the Podman UserNS unless it needs to. This allows for
a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo,
the simple sudo podman save/load does not work, machinectl/su is necessary here.

This modification allows for both rootful and rootless transfers, and an overall change of scp to be
more of a wrapper function for different load and save calls as well as the ssh component

Signed-off-by: cdoern <cdoern@redhat.com>
This commit is contained in:
cdoern
2021-11-21 22:48:32 -05:00
parent b6ce7e19ec
commit f6d00ea6ef
15 changed files with 498 additions and 276 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
test/e2e/image_scp_test.go
View File

@ -29,7 +29,6 @@ var _ = Describe("podman image scp", func() {
panic(err)
}
os.Setenv("CONTAINERS_CONF", conf.Name())
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
@ -52,38 +51,6 @@ var _ = Describe("podman image scp", func() {
})
It("podman image scp quiet flag", func() {
if IsRemote() {
Skip("this test is only for non-remote")
}
scp := podmanTest.Podman([]string{"image", "scp", "-q", ALPINE})
scp.WaitWithDefaultTimeout()
Expect(scp).To(Exit(0))
})
It("podman image scp root to rootless transfer", func() {
SkipIfNotRootless("this is a rootless only test, transferring from root to rootless using PodmanAsUser")
if IsRemote() {
Skip("this test is only for non-remote")
}
env := os.Environ()
img := podmanTest.PodmanAsUser([]string{"image", "pull", ALPINE}, 0, 0, "", env) // pull image to root
img.WaitWithDefaultTimeout()
Expect(img).To(Exit(0))
scp := podmanTest.PodmanAsUser([]string{"image", "scp", "root@localhost::" + ALPINE, "1000:1000@localhost::"}, 0, 0, "", env) //transfer from root to rootless (us)
scp.WaitWithDefaultTimeout()
Expect(scp).To(Exit(0))
list := podmanTest.Podman([]string{"image", "list"}) // our image should now contain alpine loaded in from root
list.WaitWithDefaultTimeout()
Expect(list).To(Exit(0))
Expect(list.OutputToStringArray()).To(ContainElement(HavePrefix("quay.io/libpod/alpine")))
scp = podmanTest.PodmanAsUser([]string{"image", "scp", "root@localhost::" + ALPINE}, 0, 0, "", env) //transfer from root to rootless (us)
scp.WaitWithDefaultTimeout()
Expect(scp).To(Exit(0))
})
It("podman image scp bogus image", func() {
if IsRemote() {
Skip("this test is only for non-remote")
@ -119,11 +86,8 @@ var _ = Describe("podman image scp", func() {
scp.Wait(45)
// exit with error because we cannot make an actual ssh connection
// This tests that the input we are given is validated and prepared correctly
// Error: failed to connect: dial tcp: address foo: missing port in address
// The error given should either be a missing image (due to testing suite complications) or a i/o timeout on ssh
Expect(scp).To(ExitWithError())
Expect(scp.ErrorToString()).To(ContainSubstring(
"Error: failed to connect: dial tcp 66.151.147.142:2222: i/o timeout",
))
})