Save --privileged state

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #255
Approved by: mheon

1 files changed, 34 insertions, 0 deletions

diff --git a/test/podman_run_security.bats b/test/podman_run_security.bats
new file mode 100644
index 000000000..07dabf44b
--- /dev/null
+++ b/test/podman_run_security.bats
@@ -0,0 +1,34 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function teardown() {
+    cleanup_test
+}
+
+function setup() {
+    copy_images
+}
+
+@test "run privileged test" {
+    cap=$(grep CapEff /proc/self/status | cut -f2 -d":")
+
+    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --privileged ${ALPINE}  grep CapEff /proc/self/status
+    echo $output
+    [ "$status" -eq 0 ]
+    containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+    [ $containercap = $cap ]
+
+    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE}  grep CapEff /proc/self/status
+    echo $output
+    [ "$status" -eq 0 ]
+    containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+    [ $containercap = $cap ]
+
+    cap=$(grep CapAmb /proc/self/status | cut -f2 -d":")
+    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE}  grep CapEff /proc/self/status
+    echo $output
+    [ "$status" -eq 0 ]
+    containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+    [ $containercap = $cap ]
+}