summaryrefslogtreecommitdiff
path: root/test/e2e/run_test.go
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2022-04-01 10:15:08 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2022-04-01 10:15:17 +0200
commit1cd529b22d40205c1f3246ed49f07e3615cf8292 (patch)
tree2bad250c3c7e36ef6f6c3609b559f7286459eec9 /test/e2e/run_test.go
parentd1f3a2d6a82ed66d4dab5be62821bc59bfb84dd8 (diff)
downloadpodman-1cd529b22d40205c1f3246ed49f07e3615cf8292.tar.gz
podman-1cd529b22d40205c1f3246ed49f07e3615cf8292.tar.bz2
podman-1cd529b22d40205c1f3246ed49f07e3615cf8292.zip
specgen: permit --privileged and --cap-add
--cap-add is useful when running a privileged container with UID != 0, so that individual capabilities can be added to the container process. Closes: https://github.com/containers/podman/issues/13449 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test/e2e/run_test.go')
-rw-r--r--test/e2e/run_test.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 1a93296b7..a1d04ddee 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -535,6 +535,11 @@ var _ = Describe("Podman run", func() {
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("0000000000000000"))
+ session = podmanTest.Podman([]string{"run", "--user=1:1", "--cap-add=DAC_OVERRIDE", "--rm", ALPINE, "grep", "CapEff", "/proc/self/status"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring("0000000000000002"))
+
if os.Geteuid() > 0 {
if os.Getenv("SKIP_USERNS") != "" {
Skip("Skip userns tests.")