diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-12-09 19:25:24 +0100 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2020-12-09 19:26:23 +0100 |
commit | 176be90e0a94c7b073b1b4e0da5903b0440748d6 (patch) | |
tree | 8b2ea766440058bdaba6c0f12ecb85ae086b4ba8 /test/e2e | |
parent | b875c5c27c503108f1984256833a9a2da4d0c5d1 (diff) | |
download | podman-176be90e0a94c7b073b1b4e0da5903b0440748d6.tar.gz podman-176be90e0a94c7b073b1b4e0da5903b0440748d6.tar.bz2 podman-176be90e0a94c7b073b1b4e0da5903b0440748d6.zip |
security: honor systempaths=unconfined for ro paths
we must honor systempaths=unconfined also for read-only paths, as
Docker does:
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test/e2e')
-rw-r--r-- | test/e2e/run_test.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index f73a15633..dbdd6a072 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -272,6 +272,13 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.OutputToString()).To(Not(BeEmpty())) Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "-d", "--name=maskCtr5", "--security-opt", "systempaths=unconfined", ALPINE, "grep", "/proc", "/proc/self/mounts"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + stdoutLines := session.OutputToStringArray() + Expect(stdoutLines).Should(HaveLen(1)) + }) It("podman run seccomp test", func() { |