Merge pull request #2683 from nalind/idmapping-test-1.16

[release-1.16] Set directory ownership when copied with ID mapping
containers · Oct 10, 2020 · 8b950c2 · 8b950c2
2 parents ce52b4d + 10a37ae
commit 8b950c2
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/copier/copier.go b/copier/copier.go
@@ -1271,6 +1271,7 @@ func copierHandlerPut(bulkReader io.Reader, req request, idMappings *idtools.IDM
 			return errorResponse("copier: put: error mapping container filesystem owner %d:%d to host filesystem owners: %v", dirUID, dirGID, err)
 		}
 		dirUID, dirGID = hostDirPair.UID, hostDirPair.GID
+		defaultDirUID, defaultDirGID = hostDirPair.UID, hostDirPair.GID
 		if req.PutOptions.ChownFiles != nil {
 			containerFilePair := idtools.IDPair{UID: *fileUID, GID: *fileGID}
 			hostFilePair, err := idMappings.ToHost(containerFilePair)

diff --git a/tests/namespaces.bats b/tests/namespaces.bats
@@ -97,14 +97,6 @@ load helpers
   gidmapargs[1]="--userns-gid-map=0:$gidbase:$gidsize"
   uidmaps[1]="0 $uidbase $uidsize"
   gidmaps[1]="0 $gidbase $gidsize"
-  # Test with just a UID map specified.
-  uidmapargs[2]=--userns-uid-map=0:$uidbase:$uidsize
-  uidmaps[2]="0 $uidbase $uidsize"
-  gidmaps[2]="0 $uidbase $uidsize"
-  # Test with just a GID map specified.
-  gidmapargs[3]=--userns-gid-map=0:$gidbase:$gidsize
-  uidmaps[3]="0 $gidbase $gidsize"
-  gidmaps[3]="0 $gidbase $gidsize"
   # Conditionalize some tests on the subuid and subgid files being present.
   if test -s /etc/subuid ; then
     if test -s /etc/subgid ; then
@@ -162,7 +154,7 @@ load helpers
   chmod 700 ${TESTDIR}/somedir/someotherfile
   chmod u+s ${TESTDIR}/somedir/someotherfile
 
-  for i in $(seq 0 "$((${#maps[*]}-1))") ; do
+  for i in $(seq 0 "$((${#uidmaps[*]}-1))") ; do
     # Create a container using these mappings.
     echo "Building container with --signature-policy ${TESTSDIR}/policy.json --quiet ${uidmapargs[$i]} ${gidmapargs[$i]} alpine"
     _prefetch alpine
@@ -172,7 +164,7 @@ load helpers
     # If we specified mappings, expect to be in a different namespace by default.
     run_buildah run $RUNOPTS "$ctr" readlink /proc/self/ns/user
     [ "$output" != "" ]
-    case x"$map" in
+    case x"${uidmapargs[$i]}""${gidmapargs[$i]}" in
     x)
       if test "$BUILDAH_ISOLATION" != "chroot" -a "$BUILDAH_ISOLATION" != "rootless" ; then
         expect_output "$mynamespace"
@@ -190,8 +182,8 @@ load helpers
     [ "$output" != "" ]
     gidmap=$(sed -E -e 's, +, ,g' -e 's,^ +,,g' <<< "$output")
     echo With settings "$map", expected UID map "${uidmaps[$i]}", got UID map "${uidmap}", expected GID map "${gidmaps[$i]}", got GID map "${gidmap}".
-    expect_output --from=$uidmap "${uidmaps[$i]}"
-    expect_output --from=$gidmap "${gidmaps[$i]}"
+    expect_output --from="$uidmap" "${uidmaps[$i]}"
+    expect_output --from="$gidmap" "${gidmaps[$i]}"
     rootuid=$(sed -E -e 's,^([^ ]*) (.*) ([^ ]*),\2,' <<< "$uidmap")
     rootgid=$(sed -E -e 's,^([^ ]*) (.*) ([^ ]*),\2,' <<< "$gidmap")
 
@@ -214,6 +206,13 @@ load helpers
   done
 }
 
+@test "idmapping-syntax" {
+  run_buildah 125 from --signature-policy ${TESTSDIR}/policy.json --quiet --userns-uid-map=0:10000:65536 alpine
+  expect_output --substring "must be used together"
+  run_buildah 125 from --signature-policy ${TESTSDIR}/policy.json --quiet --userns-gid-map=0:10000:65536 alpine
+  expect_output --substring "must be used together"
+}
+
 general_namespace() {
   mkdir -p $TESTDIR/no-cni-configs
   RUNOPTS="--cni-config-dir=${TESTDIR}/no-cni-configs ${RUNC_BINARY:+--runtime $RUNC_BINARY}"