diff options
| author | Ed Santiago <santiago@redhat.com> | 2021-01-25 13:27:15 -0700 |
|---|---|---|
| committer | Ed Santiago <santiago@redhat.com> | 2021-01-25 13:34:26 -0700 |
| commit | 33179c281e83ebd397e0aca046a3655580aee8f7 (patch) | |
| tree | e726e866048f5ca502e3812c02b9c646363140a1 /test/system/400-unprivileged-access.bats | |
| parent | 23b879d72f9e2cf2b2d3924399605e0edebaa977 (diff) | |
| download | podman-33179c281e83ebd397e0aca046a3655580aee8f7.tar.gz podman-33179c281e83ebd397e0aca046a3655580aee8f7.tar.bz2 podman-33179c281e83ebd397e0aca046a3655580aee8f7.zip | |
System tests: cover gaps from the last month
- stop: test --all and --ignore (#9051)
- build: test /run/secrets (#8679, but see below)
- sensitive mount points: deal with 'stat' failures
- selinux: confirm useful diagnostics on unknown labels (#8946)
The 'build' test is intended as a fix for #8679, in which
'podman build' does not mount secrets from mounts.conf.
Unfortunately, as of this writing, 'podman build' does
not pass the --default-mounts-file option to buildah,
so there's no reasonable way to test this path. Still,
we can at least confirm /run/secrets on 'podman run'.
The /sys thing is related to #8949: RHEL8, rootless, cgroups v1.
It's just a workaround to get gating tests to pass on RHEL.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Diffstat (limited to 'test/system/400-unprivileged-access.bats')
| -rw-r--r-- | test/system/400-unprivileged-access.bats | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index 6a89247e6..f26c97d1e 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -132,7 +132,11 @@ EOF # Run 'stat' on all the files, plus /dev/null. Get path, file type, # number of links, major, and minor (see below for why). Do it all # in one go, to avoid multiple podman-runs - run_podman run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]} + run_podman '?' run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]} + if [[ $status -gt 1 ]]; then + die "Unexpected exit status $status: expected 0 or 1" + fi + local devnull= for result in "${lines[@]}"; do # e.g. /proc/acpi:character special file:1:3:1 @@ -161,6 +165,11 @@ EOF # If you can think of a better way to do this check, # please feel free to fix it. is "$nlinks" "2" "$path: directory link count" + elif [[ $result =~ stat:.*No.such.file.or.directory ]]; then + # No matter what the path is, this is OK. It has to do with #8949 + # and RHEL8 and rootless and cgroups v1. Bottom line, what we care + # about is that the path not be available inside the container. + : else die "$path: Unknown file type '$type'" fi |