summaryrefslogtreecommitdiff
path: root/test/system/410-selinux.bats
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2021-09-30 09:55:59 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2021-09-30 13:58:47 +0200
commit788106dad12dd83763bb6ab1f1e4e57c75f73a14 (patch)
treeeae02dc67abbf52069f0375efe3a12c5bf85c866 /test/system/410-selinux.bats
parentcd10304dca72ef030b64142885518e6dc0d3e4af (diff)
downloadpodman-788106dad12dd83763bb6ab1f1e4e57c75f73a14.tar.gz
podman-788106dad12dd83763bb6ab1f1e4e57c75f73a14.tar.bz2
podman-788106dad12dd83763bb6ab1f1e4e57c75f73a14.zip
test: skip test on rootless cgroupsv1
skip the test "podman selinux: shared context in (some) namespaces" on cgroupsv1 when running as rootless since the tests requires --pid=container:. If the container runtime cannot use cgroupsv1 and the container has no pid namespace. then it is not possible to correctly terminate the container. Without a cgroup or a pid namespace, the runtime has no control on what processes are in the container. Closes: https://github.com/containers/podman/issues/11785 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test/system/410-selinux.bats')
-rw-r--r--test/system/410-selinux.bats4
1 files changed, 4 insertions, 0 deletions
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
index 5ee0e0715..0f7c35c65 100644
--- a/test/system/410-selinux.bats
+++ b/test/system/410-selinux.bats
@@ -113,6 +113,10 @@ function check_label() {
@test "podman selinux: shared context in (some) namespaces" {
skip_if_no_selinux
+ # rootless users have no usable cgroups with cgroupsv1, so containers
+ # must use a pid namespace and not join an existing one.
+ skip_if_rootless_cgroupsv1
+
run_podman run -d --name myctr $IMAGE top
run_podman exec myctr cat -v /proc/self/attr/current
context_c1="$output"