diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2021-03-03 08:28:29 -0500 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2021-03-03 16:49:51 -0500 |
| commit | 252aec1c9ae7e7ed01a4b72cf208e3c0130eb7e7 (patch) | |
| tree | 2aba6df6f8320f0b475120cf722956d21503daa7 /test/e2e/run_selinux_test.go | |
| parent | 87e20560ac885c541784af1341098ce8e1e7a940 (diff) | |
| download | podman-252aec1c9ae7e7ed01a4b72cf208e3c0130eb7e7.tar.gz podman-252aec1c9ae7e7ed01a4b72cf208e3c0130eb7e7.tar.bz2 podman-252aec1c9ae7e7ed01a4b72cf208e3c0130eb7e7.zip | |
Check for supportsKVM based on basename of the runtime
Fixes: https://github.com/containers/podman/issues/9582
This PR also adds tests to make sure SELinux labels match the runtime,
or if init is specified works with the correct label.
Add tests for selinux kvm/init labels
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'test/e2e/run_selinux_test.go')
| -rw-r--r-- | test/e2e/run_selinux_test.go | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 8c712b1be..6abe152a9 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -2,6 +2,7 @@ package integration import ( "os" + "path/filepath" . "github.com/containers/podman/v3/test/utils" . "github.com/onsi/ginkgo" @@ -294,4 +295,52 @@ var _ = Describe("Podman run", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("container_t")) }) + + It("podman test --ipc=net", func() { + session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("container_t")) + }) + + It("podman test --ipc=net", func() { + session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("container_t")) + }) + + It("podman test --runtime=/PATHTO/kata-runtime", func() { + runtime := podmanTest.OCIRuntime + podmanTest.OCIRuntime = filepath.Join(podmanTest.TempDir, "kata-runtime") + err := os.Symlink("/bin/true", podmanTest.OCIRuntime) + Expect(err).To(BeNil()) + if IsRemote() { + podmanTest.StopRemoteService() + podmanTest.StartRemoteService() + } + session := podmanTest.Podman([]string{"create", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + cid := session.OutputToString() + session = podmanTest.Podman([]string{"inspect", "--format", "{{ .ProcessLabel }}", cid}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(ContainSubstring("container_kvm_t")) + + podmanTest.OCIRuntime = runtime + if IsRemote() { + podmanTest.StopRemoteService() + podmanTest.StartRemoteService() + } + }) + + It("podman test init labels", func() { + session := podmanTest.Podman([]string{"create", ubi_init, "/sbin/init"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + cid := session.OutputToString() + session = podmanTest.Podman([]string{"inspect", "--format", "{{ .ProcessLabel }}", cid}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(ContainSubstring("container_init_t")) + }) }) |