summaryrefslogtreecommitdiff
path: root/test/system/410-selinux.bats
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-03-04 14:54:53 -0500
committerGitHub <noreply@github.com>2021-03-04 14:54:53 -0500
commita26b15265e6361647a99876ca698986b25296179 (patch)
tree93ca389b07a569b8e196682471b8365c41eeba56 /test/system/410-selinux.bats
parente65bcc166c3bc7e039ff0909c2cac919ce0122ad (diff)
parent252aec1c9ae7e7ed01a4b72cf208e3c0130eb7e7 (diff)
downloadpodman-a26b15265e6361647a99876ca698986b25296179.tar.gz
podman-a26b15265e6361647a99876ca698986b25296179.tar.bz2
podman-a26b15265e6361647a99876ca698986b25296179.zip
Merge pull request #9598 from rhatdan/kvm
Check for supportsKVM based on basename of the runtime
Diffstat (limited to 'test/system/410-selinux.bats')
-rw-r--r--test/system/410-selinux.bats20
1 files changed, 16 insertions, 4 deletions
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index 7482d3e55..215b2832e 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -39,17 +39,17 @@ function check_label() {
}
@test "podman selinux: container with label=disable" {
- skip_if_rootless
-
check_label "--security-opt label=disable" "spc_t"
}
@test "podman selinux: privileged container" {
- skip_if_rootless
-
check_label "--privileged --userns=host" "spc_t"
}
+@test "podman selinux: init container" {
+ check_label "--systemd=always" "container_init_t"
+}
+
@test "podman selinux: pid=host" {
# FIXME FIXME FIXME: Remove these lines once all VMs have >= 2.146.0
# (this is ugly, but better than an unconditional skip)
@@ -74,6 +74,18 @@ function check_label() {
check_label "--security-opt label=level:s0:c1,c2" "container_t" "s0:c1,c2"
}
+@test "podman selinux: inspect kvm labels" {
+ skip_if_no_selinux
+ skip_if_remote "runtime flag is not passed over remote"
+ if [ ! -e /usr/bin/kata-runtime ]; then
+ skip "kata-runtime not available"
+ fi
+
+ run_podman create --runtime=kata --name myc $IMAGE
+ run_podman inspect --format='{{ .ProcessLabel }}' myc
+ is "$output" ".*container_kvm_t.*"
+}
+
# pr #6752
@test "podman selinux: inspect multiple labels" {
skip_if_no_selinux