Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test/system: Ensure that the user is part of a group with the same name, and the process started by 'podman exec' has all groups #1447

Merged
merged 2 commits into from
Feb 9, 2024
Merged

test/system: Ensure that the user is part of a group with the same name, and the process started by 'podman exec' has all groups #1447

merged 2 commits into from
Feb 9, 2024

Conversation

debarshiray
Copy link
Member

@debarshiray debarshiray commented Feb 8, 2024
edited
Loading

@debarshiray debarshiray force-pushed the wip/rishi/test-system-id-versus-id-user branch from 369ab68 to 0669a85 Compare February 8, 2024 21:40
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/e0d0212da4d34471890507bc92197da6

✔️ unit-test SUCCESS in 4m 41s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 13s
✔️ unit-test-restricted SUCCESS in 3m 43s
✔️ system-test-fedora-rawhide SUCCESS in 28m 13s
✔️ system-test-fedora-39 SUCCESS in 33m 38s
✔️ system-test-fedora-38 SUCCESS in 33m 55s

@debarshiray debarshiray mentioned this pull request Feb 8, 2024
Closed
@debarshiray debarshiray changed the title test/system: Ensure that the user is part of a group with the same name test/system: Ensure that the user is part of a group with the same name, and the process started by 'podman exec' has all groups Feb 8, 2024
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed.
https://softwarefactory-project.io/zuul/t/local/buildset/e2f64870d2e24ccca592a3bcea6f5621

✔️ unit-test SUCCESS in 4m 43s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 44s
✔️ unit-test-restricted SUCCESS in 3m 45s
✔️ system-test-fedora-rawhide SUCCESS in 28m 53s
system-test-fedora-39 POST_FAILURE in 34m 16s
✔️ system-test-fedora-38 SUCCESS in 30m 09s

@debarshiray
test/system: Ensure that process started by 'podman exec' has all groups
641b04a 
Commit 15173f8 exposed a bug in crun(1) [1] where the process
started directly by 'podman exec --user ...' inside the Toolbx container
would not have the supplementary groups attached to the user by the
entry point.

This could be observed by differences in id(1):
  ⬢$ id
  uid=1000(user) gid=1000(user) groups=1000(user)
  ⬢$ id user
  uid=1000(user) gid=1000(user) groups=1000(user),10(wheel)

... and could be worked around by starting a new session with sudo(8).

[1] crun commit 9effaebb429a1aed
    containers/crun@9effaebb429a1aed
    containers/crun#644
    containers/podman#9986

containers#608
@debarshiray debarshiray force-pushed the wip/rishi/test-system-id-versus-id-user branch from 127b6b7 to 641b04a Compare February 9, 2024 10:34
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/1b359ac1378547e982bc0a2314b6ad41

✔️ unit-test SUCCESS in 5m 11s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 40s
✔️ unit-test-restricted SUCCESS in 3m 56s
✔️ system-test-fedora-rawhide SUCCESS in 35m 29s
✔️ system-test-fedora-39 SUCCESS in 36m 14s
✔️ system-test-fedora-38 SUCCESS in 30m 20s

debarshiray
debarshiray commented Feb 9, 2024
View reviewed changes
test/system/206-user.bats
assert_line --regexp "^sudo:x:[[:digit:]]+:$USER$"
assert [ ${#lines[@]} -gt 1 ]

# shellcheck disable=SC2154
assert [ ${#stderr_lines[@]} -eq 0 ]
}

@test "user: id(1) for $USER inside the default container" {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These tests fail if I revert the crun fix. So, I suppose they serve their purpose.

@debarshiray debarshiray merged commit 641b04a into containers:main Feb 9, 2024
3 checks passed
@debarshiray debarshiray deleted the wip/rishi/test-system-id-versus-id-user branch February 9, 2024 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HarryMichal HarryMichal Awaiting requested review from HarryMichal HarryMichal is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@debarshiray