Skip to content

Commit

Permalink
Get correct username in pod when using --userns=keep-id
Browse files Browse the repository at this point in the history
Fixes: #17148

Signed-off-by: Daniel J Walsh <[email protected]>
  • Loading branch information
rhatdan committed Jan 24, 2023
1 parent ce504bb commit c4aae9b
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 3 deletions.
4 changes: 4 additions & 0 deletions libpod/container_internal_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -2465,6 +2465,10 @@ func (c *Container) generateUserPasswdEntry(addedUID int) (string, error) {
return entry, nil
}

u, err := user.LookupId(fmt.Sprintf("%d", uid))
if err == nil {
return fmt.Sprintf("%s:*:%d:%d:%s:%s:/bin/sh\n", u.Username, uid, gid, u.Name, c.WorkingDir()), nil
}
return fmt.Sprintf("%d:*:%d:%d:container user:%s:/bin/sh\n", uid, uid, gid, c.WorkingDir()), nil
}

Expand Down
8 changes: 5 additions & 3 deletions test/e2e/pod_create_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -711,12 +711,14 @@ ENTRYPOINT ["sleep","99999"]
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))

// container inside pod inherits user form infra container if --user is not set
// etc/passwd entry will look like 1000:*:1000:1000:container user:/:/bin/sh
u, err := user.Current()
Expect(err).ToNot(HaveOccurred())
// container inside pod inherits user from infra container if --user is not set
// etc/passwd entry will look like USERNAME:*:1000:1000:Full User Name:/:/bin/sh
exec1 := podmanTest.Podman([]string{"exec", ctrName, "cat", "/etc/passwd"})
exec1.WaitWithDefaultTimeout()
Expect(exec1).Should(Exit(0))
Expect(exec1.OutputToString()).To(ContainSubstring("container"))
Expect(exec1.OutputToString()).To(ContainSubstring(u.Name))

exec2 := podmanTest.Podman([]string{"exec", ctrName, "useradd", "testuser"})
exec2.WaitWithDefaultTimeout()
Expand Down
13 changes: 13 additions & 0 deletions test/system/170-run-userns.bats
Original file line number Diff line number Diff line change
Expand Up @@ -140,3 +140,16 @@ EOF
is "${output}" "Error: keep-id is only supported in rootless mode" "Container should fail to start since keep-id is not supported in rootful mode"
fi
}

@test "podman userns=keep-id in a pod" {
if is_rootless; then
user=$(id -u)
run_podman pod create --userns keep-id
pid=$output
run_podman run --rm --pod $pid $IMAGE id -u
is "${output}" "$user" "Container should run as the current user"
else
run_podman 125 pod create --userns keep-id
is "${output}" 'Error:.*keep-id is only supported in rootless mode' "pod should fail to be created since keep-id is not supported in rootful mode"
fi
}

0 comments on commit c4aae9b

Please sign in to comment.