diff options
author | Ed Santiago <santiago@redhat.com> | 2020-07-14 16:02:51 -0600 |
---|---|---|
committer | Ed Santiago <santiago@redhat.com> | 2020-07-14 16:02:51 -0600 |
commit | 65644d8aa47c3dd9e3d7860b28e0de04d88a554f (patch) | |
tree | cefdb34d7f7a3685fa11b890e21c2b81d55dd08d /commands.md | |
parent | c4843d4e9ce395f1bbcaae848e6172f5a4519a35 (diff) | |
download | podman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.tar.gz podman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.tar.bz2 podman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.zip |
system tests: check for masked-device leaks
PR #6957 added a new path (/sys/devs) to an existing list
of masked mount points which an unprivileged container
should not be able to access. Here we add a test for
those: run 'stat' on those devices in the container,
and make sure that they are dummies.
This is kind of kludgy, and relies on heuristics that
may not be 100% accurate. It also adds duplication,
a list that must be kept in sync with the original
list in pkg/specgen/generate/config_linux.go.
I'd love to hear suggestions on how to do it better.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Diffstat (limited to 'commands.md')
0 files changed, 0 insertions, 0 deletions