summaryrefslogtreecommitdiff
path: root/test/e2e/run_volume_test.go
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-09-04 22:43:41 +0200
committerGitHub <noreply@github.com>2019-09-04 22:43:41 +0200
commitab44484becdb2a5806c6fa892e65846f05f98d0d (patch)
tree4626cf53b9089163f76bebdadec93b2df8cfb54a /test/e2e/run_volume_test.go
parent52f24540988f4ce1da7949325716121d9a78decc (diff)
parent5f1550157842c4e93f728efbc12720d87790c26f (diff)
downloadpodman-ab44484becdb2a5806c6fa892e65846f05f98d0d.tar.gz
podman-ab44484becdb2a5806c6fa892e65846f05f98d0d.tar.bz2
podman-ab44484becdb2a5806c6fa892e65846f05f98d0d.zip
Merge pull request #3876 from mheon/fix_mount_flags
Allow suid, exec, dev mount options to cancel nosuid/noexec/nodev
Diffstat (limited to 'test/e2e/run_volume_test.go')
-rw-r--r--test/e2e/run_volume_test.go28
1 files changed, 28 insertions, 0 deletions
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index abb93a149..5bad6744b 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -162,4 +162,32 @@ var _ = Describe("Podman run with volumes", func() {
Expect(session.OutputToString()).To(ContainSubstring("/testvol1"))
Expect(session.OutputToString()).To(ContainSubstring("/testvol2"))
})
+
+ It("podman run with volumes and suid/dev/exec options", func() {
+ mountPath := filepath.Join(podmanTest.TempDir, "secrets")
+ os.Mkdir(mountPath, 0755)
+ session := podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:/run/test:suid,dev,exec", mountPath), ALPINE, "grep", "/run/test", "/proc/self/mountinfo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ found, matches := session.GrepString("/run/test")
+ Expect(found).Should(BeTrue())
+ Expect(matches[0]).To(Not(ContainSubstring("noexec")))
+ Expect(matches[0]).To(Not(ContainSubstring("nodev")))
+ Expect(matches[0]).To(Not(ContainSubstring("nosuid")))
+
+ session = podmanTest.Podman([]string{"run", "--rm", "--tmpfs", "/run/test:suid,dev,exec", ALPINE, "grep", "/run/test", "/proc/self/mountinfo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ found, matches = session.GrepString("/run/test")
+ Expect(found).Should(BeTrue())
+ Expect(matches[0]).To(Not(ContainSubstring("noexec")))
+ Expect(matches[0]).To(Not(ContainSubstring("nodev")))
+ Expect(matches[0]).To(Not(ContainSubstring("nosuid")))
+ })
+
+ It("podman run with noexec can't exec", func() {
+ session := podmanTest.Podman([]string{"run", "--rm", "-v", "/bin:/hostbin:noexec", ALPINE, "/hostbin/ls", "/"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+ })
})