system tests: add pod, inspect testing

Followup to #6761: confirm that 'podman ps' shows the ports
on a running container in a pod created with -p (not to
be confused with the container itself running with -p,
tested in 500-networking.bats).

While we're at it, test that the port handling itself works,
by sending random text to the container and making sure the
container receives it.

Followup to #6752: 'podman inspect' should show multiple
security opts

Signed-off-by: Ed Santiago <santiago@redhat.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index 8a0477eff..1769730f0 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -63,4 +63,23 @@ function check_label() {
     check_label "--security-opt label=level:s0:c1,c2" "container_t" "s0:c1,c2"
 }
 
+# pr #6752
+@test "podman selinux: inspect multiple labels" {
+    if [ ! -e /usr/sbin/selinuxenabled ] || ! /usr/sbin/selinuxenabled; then
+        skip "selinux disabled or not available"
+    fi
+
+    run_podman run -d --name myc \
+               --security-opt seccomp=unconfined \
+               --security-opt label=type:spc_t \
+               --security-opt label=level:s0 \
+               $IMAGE sh -c 'while test ! -e /stop; do sleep 0.1; done'
+    run_podman inspect --format='{{ .HostConfig.SecurityOpt }}' myc
+    is "$output" "\[label=type:spc_t,label=level:s0 seccomp=unconfined]" \
+      "'podman inspect' preserves all --security-opts"
+
+    run_podman exec myc touch /stop
+    run_podman rm -f myc
+}
+
 # vim: filetype=sh