diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2021-03-30 06:39:49 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2021-04-02 09:19:03 -0400 |
commit | 052732857aa163f5f9d1dd65f9936f2787a953c6 (patch) | |
tree | fc60ac9ea3cdc5c03dd2f08de453d2a3d9bcfa44 /test/system | |
parent | 1db9053add6501f2c234a6f63bb1e74b5eb89cb0 (diff) | |
download | podman-052732857aa163f5f9d1dd65f9936f2787a953c6.tar.gz podman-052732857aa163f5f9d1dd65f9936f2787a953c6.tar.bz2 podman-052732857aa163f5f9d1dd65f9936f2787a953c6.zip |
Fix missing podman-remote build options
Fix handling of SecurityOpts
LabelOpts
SeccompProfilePath
ApparmorProfile
Fix Ulimits
Fixes: https://github.com/containers/podman/issues/9869
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'test/system')
-rw-r--r-- | test/system/070-build.bats | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/test/system/070-build.bats b/test/system/070-build.bats index e5b68a0d8..2e97c93e0 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -712,6 +712,46 @@ EOF run_podman rmi -f build_test } +@test "podman build check_label" { + skip_if_no_selinux + tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir + tmpbuilddir=$tmpdir/build + mkdir -p $tmpbuilddir + dockerfile=$tmpbuilddir/Dockerfile + cat >$dockerfile <<EOF +FROM $IMAGE +RUN cat /proc/self/attr/current +EOF + + run_podman build -t build_test --security-opt label=level:s0:c3,c4 --format=docker $tmpbuilddir + is "$output" ".*s0:c3,c4STEP 3: COMMIT" "label setting level" + + run_podman rmi -f build_test +} + +@test "podman build check_seccomp_ulimits" { + tmpdir=$PODMAN_TMPDIR/build-test + mkdir -p $tmpdir + tmpbuilddir=$tmpdir/build + mkdir -p $tmpbuilddir + dockerfile=$tmpbuilddir/Dockerfile + cat >$dockerfile <<EOF +FROM $IMAGE +RUN grep Seccomp: /proc/self/status |awk '{ print \$1\$2 }' +RUN grep "Max open files" /proc/self/limits |awk '{ print \$4":"\$5 }' +EOF + + run_podman build --ulimit nofile=101:102 -t build_test $tmpbuilddir + is "$output" ".*Seccomp:2" "setting seccomp" + is "$output" ".*101:102" "setting ulimits" + run_podman rmi -f build_test + + run_podman build -t build_test --security-opt seccomp=unconfined $tmpbuilddir + is "$output" ".*Seccomp:0" "setting seccomp" + run_podman rmi -f build_test +} + function teardown() { # A timeout or other error in 'build' can leave behind stale images # that podman can't even see and which will cascade into subsequent |