diff options
author | Sascha Grunert <sgrunert@suse.com> | 2020-09-07 10:20:32 +0200 |
---|---|---|
committer | Sascha Grunert <sgrunert@suse.com> | 2020-09-07 10:47:32 +0200 |
commit | 1509adc0a7610f368cd9220352d4895da865bffb (patch) | |
tree | a85659e1606a60aa7dc4314bb1d62447f6c53c9e /test/e2e/run_apparmor_test.go | |
parent | ba8d0bb5e336e84aaf68148563e61558b5dc94f5 (diff) | |
download | podman-1509adc0a7610f368cd9220352d4895da865bffb.tar.gz podman-1509adc0a7610f368cd9220352d4895da865bffb.tar.bz2 podman-1509adc0a7610f368cd9220352d4895da865bffb.zip |
Fix unconfined AppArmor profile usage for unsupported systems
If we select "unconfined" as AppArmor profile, then we should not error
even if the host does not support it at all. This behavior has been
fixed and a corresponding e2e test has been added as well.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Diffstat (limited to 'test/e2e/run_apparmor_test.go')
-rw-r--r-- | test/e2e/run_apparmor_test.go | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go index 53cac9529..7d522a752 100644 --- a/test/e2e/run_apparmor_test.go +++ b/test/e2e/run_apparmor_test.go @@ -155,4 +155,17 @@ profile aa-test-profile flags=(attach_disconnected,mediate_deleted) { inspect := podmanTest.InspectContainer(cid) Expect(inspect[0].AppArmorProfile).To(Equal("")) }) + + It("podman run apparmor disabled unconfined", func() { + skipIfAppArmorEnabled() + + session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=unconfined", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal("")) + }) }) |