summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2019-08-09 16:29:43 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2019-08-13 10:16:01 -0400
commit316e51f0a91d24f75a9191e2226928bc0c1c5b91 (patch)
tree7ab971c3fe4a1eedb291f89e9777dfb77ca90afe /test
parentc48243ee1eb3fe36b54057994d5e908d8a3d7f16 (diff)
downloadpodman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.tar.gz
podman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.tar.bz2
podman-316e51f0a91d24f75a9191e2226928bc0c1c5b91.zip
Add support & documentation to run containers with different file types
Udica is adding new features to allow users to define container process and file types. This would allow us to setup trusted communications channels between multiple security domains. ContainerA -> ContainerB -> ContainerC Add tests to make sure users can change file types Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'test')
-rw-r--r--test/e2e/run_selinux_test.go12
1 files changed, 12 insertions, 0 deletions
diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go
index a2228411e..dfe71531a 100644
--- a/test/e2e/run_selinux_test.go
+++ b/test/e2e/run_selinux_test.go
@@ -153,4 +153,16 @@ var _ = Describe("Podman run", func() {
Expect(match).Should(BeTrue())
})
+ It("podman run selinux file type setup test", func() {
+ session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", "--security-opt", "label=filetype:container_var_lib_t", fedoraMinimal, "ls", "-Z", "/dev"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ match, _ := session.GrepString("container_var_lib_t")
+ Expect(match).Should(BeTrue())
+
+ session = podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", "--security-opt", "label=filetype:foobar", fedoraMinimal, "ls", "-Z", "/dev"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(127))
+ })
+
})