summaryrefslogtreecommitdiff
path: root/test/e2e/run_apparmor_test.go
diff options
context:
space:
mode:
authorSascha Grunert <sgrunert@suse.com>2020-09-07 10:20:32 +0200
committerSascha Grunert <sgrunert@suse.com>2020-09-07 10:47:32 +0200
commit1509adc0a7610f368cd9220352d4895da865bffb (patch)
treea85659e1606a60aa7dc4314bb1d62447f6c53c9e /test/e2e/run_apparmor_test.go
parentba8d0bb5e336e84aaf68148563e61558b5dc94f5 (diff)
downloadpodman-1509adc0a7610f368cd9220352d4895da865bffb.tar.gz
podman-1509adc0a7610f368cd9220352d4895da865bffb.tar.bz2
podman-1509adc0a7610f368cd9220352d4895da865bffb.zip
Fix unconfined AppArmor profile usage for unsupported systems
If we select "unconfined" as AppArmor profile, then we should not error even if the host does not support it at all. This behavior has been fixed and a corresponding e2e test has been added as well. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Diffstat (limited to 'test/e2e/run_apparmor_test.go')
-rw-r--r--test/e2e/run_apparmor_test.go13
1 files changed, 13 insertions, 0 deletions
diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go
index 53cac9529..7d522a752 100644
--- a/test/e2e/run_apparmor_test.go
+++ b/test/e2e/run_apparmor_test.go
@@ -155,4 +155,17 @@ profile aa-test-profile flags=(attach_disconnected,mediate_deleted) {
inspect := podmanTest.InspectContainer(cid)
Expect(inspect[0].AppArmorProfile).To(Equal(""))
})
+
+ It("podman run apparmor disabled unconfined", func() {
+ skipIfAppArmorEnabled()
+
+ session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=unconfined", ALPINE, "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ cid := session.OutputToString()
+ // Verify that apparmor.Profile is being set
+ inspect := podmanTest.InspectContainer(cid)
+ Expect(inspect[0].AppArmorProfile).To(Equal(""))
+ })
})