summaryrefslogtreecommitdiff
path: root/libpod/image
diff options
context:
space:
mode:
authorEd Santiago <santiago@redhat.com>2020-07-14 16:02:51 -0600
committerEd Santiago <santiago@redhat.com>2020-07-14 16:02:51 -0600
commit65644d8aa47c3dd9e3d7860b28e0de04d88a554f (patch)
treecefdb34d7f7a3685fa11b890e21c2b81d55dd08d /libpod/image
parentc4843d4e9ce395f1bbcaae848e6172f5a4519a35 (diff)
downloadpodman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.tar.gz
podman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.tar.bz2
podman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.zip
system tests: check for masked-device leaks
PR #6957 added a new path (/sys/devs) to an existing list of masked mount points which an unprivileged container should not be able to access. Here we add a test for those: run 'stat' on those devices in the container, and make sure that they are dummies. This is kind of kludgy, and relies on heuristics that may not be 100% accurate. It also adds duplication, a list that must be kept in sync with the original list in pkg/specgen/generate/config_linux.go. I'd love to hear suggestions on how to do it better. Signed-off-by: Ed Santiago <santiago@redhat.com>
Diffstat (limited to 'libpod/image')
0 files changed, 0 insertions, 0 deletions