summaryrefslogtreecommitdiff
path: root/test/podman_run_security.bats
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-01-23 17:12:13 +0100
committerAtomic Bot <atomic-devel@projectatomic.io>2018-01-25 04:30:15 +0000
commit50d4cd28682dccb7cdc8576327fcca65d848dff8 (patch)
tree2547ec39fb02ddd6813a895b8dbcc03063ba6fdc /test/podman_run_security.bats
parent12e3d9d8a26d2c33d587dba9b7ea5b0dcfd92eea (diff)
downloadpodman-50d4cd28682dccb7cdc8576327fcca65d848dff8.tar.gz
podman-50d4cd28682dccb7cdc8576327fcca65d848dff8.tar.bz2
podman-50d4cd28682dccb7cdc8576327fcca65d848dff8.zip
Save --privileged state
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #255 Approved by: mheon
Diffstat (limited to 'test/podman_run_security.bats')
-rw-r--r--test/podman_run_security.bats34
1 files changed, 34 insertions, 0 deletions
diff --git a/test/podman_run_security.bats b/test/podman_run_security.bats
new file mode 100644
index 000000000..07dabf44b
--- /dev/null
+++ b/test/podman_run_security.bats
@@ -0,0 +1,34 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function teardown() {
+ cleanup_test
+}
+
+function setup() {
+ copy_images
+}
+
+@test "run privileged test" {
+ cap=$(grep CapEff /proc/self/status | cut -f2 -d":")
+
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --privileged ${ALPINE} grep CapEff /proc/self/status
+ echo $output
+ [ "$status" -eq 0 ]
+ containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+ [ $containercap = $cap ]
+
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} grep CapEff /proc/self/status
+ echo $output
+ [ "$status" -eq 0 ]
+ containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+ [ $containercap = $cap ]
+
+ cap=$(grep CapAmb /proc/self/status | cut -f2 -d":")
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} grep CapEff /proc/self/status
+ echo $output
+ [ "$status" -eq 0 ]
+ containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+ [ $containercap = $cap ]
+}