diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-08-09 16:29:43 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-08-13 10:16:01 -0400 |
commit | 316e51f0a91d24f75a9191e2226928bc0c1c5b91 (patch) | |
tree | 7ab971c3fe4a1eedb291f89e9777dfb77ca90afe /test | |
parent | c48243ee1eb3fe36b54057994d5e908d8a3d7f16 (diff) | |
download | podman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.tar.gz podman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.tar.bz2 podman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.zip |
Add support & documentation to run containers with different file types
Udica is adding new features to allow users to define container process
and file types. This would allow us to setup trusted communications channels
between multiple security domains. ContainerA -> ContainerB -> ContainerC
Add tests to make sure users can change file types
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/e2e/run_selinux_test.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index a2228411e..dfe71531a 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -153,4 +153,16 @@ var _ = Describe("Podman run", func() { Expect(match).Should(BeTrue()) }) + It("podman run selinux file type setup test", func() { + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", "--security-opt", "label=filetype:container_var_lib_t", fedoraMinimal, "ls", "-Z", "/dev"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("container_var_lib_t") + Expect(match).Should(BeTrue()) + + session = podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", "--security-opt", "label=filetype:foobar", fedoraMinimal, "ls", "-Z", "/dev"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(127)) + }) + }) |