Improving and testing PAM authentication for PodmanSpawner

Hi,

I created a PodmanSpawner one year ago and we recently discussed (here Any interest in PodmanSpawner ? · Issue #360 · jupyterhub/dockerspawner · GitHub) to incorporate some changes into JupyterHub in order to officially support the PodmanSpawner. These changes enable the JupyterHub to correctly log in system users with the system with PAM such that the system creates tmp folders for the user and logs login times, etc.

I do not know if this is absolutely relevant for the PodmanSpawner but it would allow to use Podman without a lot of additional configuration. I think logging in users at the system might also improve security.

However, to login users with PAM the calling process needs root privileges. In production mode this is not so much a problem. But in order to write tests this is a problem. So I wonder if there are any packages that extent pytest in order to simulate root privileges? There is the fakeroot command but it fakes different root privileges. I also found this tool https://cwrap.org/ but havent taken a deeper look. Can anyone recommend similar tools?

Best,
Niklas

Do you know what the current status of running Podman-in-Docker or Podman-in-Podman is? That could provide a nice way to run as root.

This sounds like a good solution, although I do not know the details of Podman-in-Podman. But is it possible to run such a scheme in GitHub actions for automatic testing?

I don’t know about podman-in-podman, but it’s definitely possible to test podman in GitHub actions. It’s included in the ubuntu-20.04 VM, and I’ve used it successfully, e.g.:

Note some of those configs may be out of date. Since you’ve got sudo access in those VMs you should be able to configure podman however you want.