system tests: check for masked-device leaks - containers/podman.git - forked from: https://github.com/containers/podman.git

diff options

author	Ed Santiago <santiago@redhat.com>	2020-07-14 16:02:51 -0600
committer	Ed Santiago <santiago@redhat.com>	2020-07-14 16:02:51 -0600
commit	65644d8aa47c3dd9e3d7860b28e0de04d88a554f (patch)
tree	cefdb34d7f7a3685fa11b890e21c2b81d55dd08d /pkg/cgroups
parent	c4843d4e9ce395f1bbcaae848e6172f5a4519a35 (diff)
download	podman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.tar.gz podman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.tar.bz2 podman-65644d8aa47c3dd9e3d7860b28e0de04d88a554f.zip

system tests: check for masked-device leaks

PR #6957 added a new path (/sys/devs) to an existing list of masked mount points which an unprivileged container should not be able to access. Here we add a test for those: run 'stat' on those devices in the container, and make sure that they are dummies. This is kind of kludgy, and relies on heuristics that may not be 100% accurate. It also adds duplication, a list that must be kept in sync with the original list in pkg/specgen/generate/config_linux.go. I'd love to hear suggestions on how to do it better. Signed-off-by: Ed Santiago <santiago@redhat.com>

Diffstat (limited to 'pkg/cgroups')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: