diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2018-02-15 12:23:36 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-02-24 09:15:47 +0000 |
| commit | 831dc488833e055dce1f1ba4c09f09346c85b67d (patch) | |
| tree | 1bb780fafbe1bd32a85ce32e19a9d4f562669797 /test/e2e | |
| parent | 1d9539337b7140f4631812a24f07a11540523c61 (diff) | |
| download | podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.gz podman-831dc488833e055dce1f1ba4c09f09346c85b67d.tar.bz2 podman-831dc488833e055dce1f1ba4c09f09346c85b67d.zip | |
Add support for --no-new-privs
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #369
Approved by: rhatdan
Diffstat (limited to 'test/e2e')
| -rw-r--r-- | test/e2e/run_privileged_test.go | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index 430698ba1..3df90b218 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" . "github.com/onsi/ginkgo" @@ -81,4 +82,26 @@ var _ = Describe("Podman privileged container tests", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(len(session.OutputToStringArray())).To(BeNumerically(">", 20)) }) + + It("run no-new-privileges test", func() { + cap := podmanTest.SystemExec("grep", []string{"NoNewPrivs", "/proc/self/status"}) + cap.WaitWithDefaultTimeout() + if cap.ExitCode() != 0 { + fmt.Println("Can't determine NoNewPrivs") + return + } + + session := podmanTest.Podman([]string{"run", "busybox", "grep", "NoNewPrivs", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + privs := strings.Split(cap.OutputToString(), ":") + + session = podmanTest.Podman([]string{"run", "--security-opt", "no-new-privileges", "busybox", "grep", "NoNewPrivs", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + noprivs := strings.Split(cap.OutputToString(), ":") + + Expect(privs[1]).To(Not(Equal(noprivs[1]))) + }) + }) |