diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2021-03-30 06:39:49 -0400 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2021-04-16 14:00:29 -0400 |
commit | af5dba34b2a27313dcec57c2223b0e8f83799743 (patch) | |
tree | f2a875190801017d2b2ff7b67b80a39c482a0ae1 /test/system | |
parent | 32f61dbf73538ea97a0cdabb6593c5a2b96f7171 (diff) | |
download | podman-af5dba34b2a27313dcec57c2223b0e8f83799743.tar.gz podman-af5dba34b2a27313dcec57c2223b0e8f83799743.tar.bz2 podman-af5dba34b2a27313dcec57c2223b0e8f83799743.zip |
Fix missing podman-remote build options
Fix handling of SecurityOpts
LabelOpts
SeccompProfilePath
ApparmorProfile
Fix Ulimits
Fixes: https://github.com/containers/podman/issues/9869
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'test/system')
-rw-r--r-- | test/system/070-build.bats | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/test/system/070-build.bats b/test/system/070-build.bats index e5b68a0d8..2e97c93e0 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -712,6 +712,46 @@ EOF run_podman rmi -f build_test } +@test "podman build check_label" { + skip_if_no_selinux + tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir + tmpbuilddir=$tmpdir/build + mkdir -p $tmpbuilddir + dockerfile=$tmpbuilddir/Dockerfile + cat >$dockerfile <<EOF +FROM $IMAGE +RUN cat /proc/self/attr/current +EOF + + run_podman build -t build_test --security-opt label=level:s0:c3,c4 --format=docker $tmpbuilddir + is "$output" ".*s0:c3,c4STEP 3: COMMIT" "label setting level" + + run_podman rmi -f build_test +} + +@test "podman build check_seccomp_ulimits" { + tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir + tmpbuilddir=$tmpdir/build + mkdir -p $tmpbuilddir + dockerfile=$tmpbuilddir/Dockerfile + cat >$dockerfile <<EOF +FROM $IMAGE +RUN grep Seccomp: /proc/self/status |awk '{ print \$1\$2 }' +RUN grep "Max open files" /proc/self/limits |awk '{ print \$4":"\$5 }' +EOF + + run_podman build --ulimit nofile=101:102 -t build_test $tmpbuilddir + is "$output" ".*Seccomp:2" "setting seccomp" + is "$output" ".*101:102" "setting ulimits" + run_podman rmi -f build_test + + run_podman build -t build_test --security-opt seccomp=unconfined $tmpbuilddir + is "$output" ".*Seccomp:0" "setting seccomp" + run_podman rmi -f build_test +} + function teardown() { # A timeout or other error in 'build' can leave behind stale images # that podman can't even see and which will cascade into subsequent |