diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2017-11-03 14:46:51 +0000 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2017-11-03 20:55:10 +0000 |
| commit | 098389dc3e7bbba7c266ad24c909f3a5422e2908 (patch) | |
| tree | 6b060ab5edc032bf63acb37489241b788c0f9381 /test/kpod_run.bats | |
| parent | 79a26cbd6dc5bff97726c4280db45362ddc83881 (diff) | |
| download | podman-098389dc3e7bbba7c266ad24c909f3a5422e2908.tar.gz podman-098389dc3e7bbba7c266ad24c909f3a5422e2908.tar.bz2 podman-098389dc3e7bbba7c266ad24c909f3a5422e2908.zip | |
Parse SecurityOpts
This should turn on handling of SELinux, NoNewPrivs, seccomp and Apparmor
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #15
Approved by: rhatdan
Diffstat (limited to 'test/kpod_run.bats')
| -rw-r--r-- | test/kpod_run.bats | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/test/kpod_run.bats b/test/kpod_run.bats index 4945691a7..d0cac96de 100644 --- a/test/kpod_run.bats +++ b/test/kpod_run.bats @@ -18,3 +18,21 @@ ALPINE="docker.io/library/alpine:latest" echo "$output" [ "$status" -eq 0 ] } + +@test "run selinux test" { + + if [ ! -e /usr/sbin/selinuxenabled ] || /usr/sbin/selinuxenabled; then + skip "SELinux not enabled" + fi + + firstLabel=$(${KPOD_BINARY} ${KPOD_OPTIONS} run ${ALPINE} cat /proc/self/attr/current) + run ${KPOD_BINARY} ${KPOD_OPTIONS} run ${ALPINE} cat /proc/self/attr/current + echo "$output" + [ "$status" -eq 0 ] + [ "$output" != "${firstLabel}" ] + + run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run --security-opt label:level=s0:c1,c2 ${ALPINE} cat /proc/self/attr/current | grep s0:c1,c2" + echo "$output" + [ "$status" -eq 0 ] + +} |