Skip to content

Commit

Permalink
Merge pull request #18331 from TomSweeneyRedHat/dev/tsweeney/hooked
Browse files Browse the repository at this point in the history
Add file switch for pre-exec hooks
  • Loading branch information
openshift-merge-robot authored May 11, 2023
2 parents 20b15f0 + c8e423b commit 189b09d
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 1 deletion.
7 changes: 7 additions & 0 deletions pkg/rootless/rootless_linux.c
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,13 @@ do_preexec_hooks_dir (const char *dir, char **argv, int argc)
static void
do_preexec_hooks (char **argv, int argc)
{
// Access the preexec_hooks_dir indicator file
// return without processing if the file doesn't exist
char preexec_hooks_path[] = "/etc/containers/podman_preexec_hooks.txt";
if (access(preexec_hooks_path, F_OK) != 0) {
return;
}

char *preexec_hooks = getenv ("PODMAN_PREEXEC_HOOKS_DIR");
do_preexec_hooks_dir (LIBEXECPODMAN "/pre-exec-hooks", argv, argc);
do_preexec_hooks_dir (ETC_PREEXEC_HOOKS, argv, argc);
Expand Down
31 changes: 30 additions & 1 deletion test/system/950-preexec-hooks.bats
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,39 @@
load helpers
load helpers.network

# The existence of this file allows preexec hooks to run.
preexec_hook_ok_file=/etc/containers/podman_preexec_hooks.txt

function setup() {
basic_setup
}

function teardown() {
if [[ -n "$preexec_hook_ok_file" ]]; then
sudo -n rm -f $preexec_hook_ok_file || true
fi

basic_teardown
}

@test "podman preexec hook" {
# This file does not exist on any CI system nor any developer system
# nor actually anywhere in the universe except a small small set of
# places with very specific requirements. If we find this file on
# our test system, it could be a leftover from prior testing, or
# basically just something very weird. So, fail loudly if we see it.
# No podman developer ever wants this file to exist.
if [[ -e $preexec_hook_ok_file ]]; then
# Unset the variable, so we don't delete it in teardown
msg="File already exists (it should not): $preexec_hook_ok_file"
preexec_hook_ok_file=

die "$msg"
fi

# Good. File does not exist. Now see if we can TEMPORARILY create it.
sudo -n touch $preexec_hook_ok_file || skip "test requires sudo"

preexec_hook_dir=$PODMAN_TMPDIR/auth
mkdir -p $preexec_hook_dir
preexec_hook_script=$preexec_hook_dir/pull_check.sh
Expand All @@ -29,5 +53,10 @@ EOF
chmod +x $preexec_hook_script

PODMAN_PREEXEC_HOOKS_DIR=$preexec_hook_dir run_podman 42 pull foobar
PODMAN_PREEXEC_HOOKS_DIR=$preexec_hook_dir run_podman 43 pull barfoo
PODMAN_PREEXEC_HOOKS_DIR=$preexec_hook_dir run_podman 43 version

sudo -n rm -f $preexec_hook_ok_file || true

# no hooks-ok file, everything should now work again (HOOKS_DIR is ignored)
PODMAN_PREEXEC_HOOKS_DIR=$preexec_hook_dir run_podman version
}

0 comments on commit 189b09d

Please sign in to comment.