summaryrefslogtreecommitdiff
path: root/test/system
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2021-03-30 06:39:49 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2021-04-02 09:19:03 -0400
commit052732857aa163f5f9d1dd65f9936f2787a953c6 (patch)
treefc60ac9ea3cdc5c03dd2f08de453d2a3d9bcfa44 /test/system
parent1db9053add6501f2c234a6f63bb1e74b5eb89cb0 (diff)
downloadpodman-052732857aa163f5f9d1dd65f9936f2787a953c6.tar.gz
podman-052732857aa163f5f9d1dd65f9936f2787a953c6.tar.bz2
podman-052732857aa163f5f9d1dd65f9936f2787a953c6.zip
Fix missing podman-remote build options
Fix handling of SecurityOpts LabelOpts SeccompProfilePath ApparmorProfile Fix Ulimits Fixes: https://github.com/containers/podman/issues/9869 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'test/system')
-rw-r--r--test/system/070-build.bats40
1 files changed, 40 insertions, 0 deletions
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index e5b68a0d8..2e97c93e0 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -712,6 +712,46 @@ EOF
run_podman rmi -f build_test
}
+@test "podman build check_label" {
+ skip_if_no_selinux
+ tmpdir=$PODMAN_TMPDIR/build-test
+ mkdir -p $tmpdir
+ tmpbuilddir=$tmpdir/build
+ mkdir -p $tmpbuilddir
+ dockerfile=$tmpbuilddir/Dockerfile
+ cat >$dockerfile <<EOF
+FROM $IMAGE
+RUN cat /proc/self/attr/current
+EOF
+
+ run_podman build -t build_test --security-opt label=level:s0:c3,c4 --format=docker $tmpbuilddir
+ is "$output" ".*s0:c3,c4STEP 3: COMMIT" "label setting level"
+
+ run_podman rmi -f build_test
+}
+
+@test "podman build check_seccomp_ulimits" {
+ tmpdir=$PODMAN_TMPDIR/build-test
+ mkdir -p $tmpdir
+ tmpbuilddir=$tmpdir/build
+ mkdir -p $tmpbuilddir
+ dockerfile=$tmpbuilddir/Dockerfile
+ cat >$dockerfile <<EOF
+FROM $IMAGE
+RUN grep Seccomp: /proc/self/status |awk '{ print \$1\$2 }'
+RUN grep "Max open files" /proc/self/limits |awk '{ print \$4":"\$5 }'
+EOF
+
+ run_podman build --ulimit nofile=101:102 -t build_test $tmpbuilddir
+ is "$output" ".*Seccomp:2" "setting seccomp"
+ is "$output" ".*101:102" "setting ulimits"
+ run_podman rmi -f build_test
+
+ run_podman build -t build_test --security-opt seccomp=unconfined $tmpbuilddir
+ is "$output" ".*Seccomp:0" "setting seccomp"
+ run_podman rmi -f build_test
+}
+
function teardown() {
# A timeout or other error in 'build' can leave behind stale images
# that podman can't even see and which will cascade into subsequent