diff options
| author | Ed Santiago <santiago@redhat.com> | 2021-06-01 15:26:18 -0600 |
|---|---|---|
| committer | Ed Santiago <santiago@redhat.com> | 2021-06-02 05:19:20 -0600 |
| commit | dd83f5c0cd50e775023104a1827f55974f236a9f (patch) | |
| tree | 52cc51e8deeac278b7fe0c6719e05a14cbcc3125 /test | |
| parent | 96c0aa688b54552fa29cdf15923f095c8bd5c2c9 (diff) | |
| download | podman-dd83f5c0cd50e775023104a1827f55974f236a9f.tar.gz podman-dd83f5c0cd50e775023104a1827f55974f236a9f.tar.bz2 podman-dd83f5c0cd50e775023104a1827f55974f236a9f.zip | |
System tests: add :Z to volume mounts
selinux-policy-34.9-1.fc34 breaks a behavior we've relied on
since (at least) January 2020:
- Revert "Add permission open to files_read_inherited_tmp_files()
interface"
That's probably the correct thing to do, but it breaks our
existing tests. Solution: add ':Z' where needed.
Tested on Ed's laptop, which has the offending selinux-policy
as of 2021-05-31. Tests pass root and rootless. (I mention
this because tests will obviously pass in CI, which has a
much older selinux-policy).
Signed-off-by: Ed Santiago <santiago@redhat.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/system/030-run.bats | 4 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats index ccae703e5..55392ea47 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -600,12 +600,12 @@ json-file | f echo "$randomcontent" > $testdir/content # Workdir does not exist on the image but is volume mounted. - run_podman run --rm --workdir /IamNotOnTheImage -v $testdir:/IamNotOnTheImage $IMAGE cat content + run_podman run --rm --workdir /IamNotOnTheImage -v $testdir:/IamNotOnTheImage:Z $IMAGE cat content is "$output" "$randomcontent" "cat random content" # Workdir does not exist on the image but is created by the runtime as it's # a subdir of a volume. - run_podman run --rm --workdir /IamNotOntheImage -v $testdir/content:/IamNotOntheImage/foo $IMAGE cat foo + run_podman run --rm --workdir /IamNotOntheImage -v $testdir/content:/IamNotOntheImage/foo:Z $IMAGE cat foo is "$output" "$randomcontent" "cat random content" # Make sure that running on a read-only rootfs works (#9230). diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 1cec50827..63b9a7c14 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -34,7 +34,7 @@ load helpers # Bind-mount this file with a different name to a container running httpd run_podman run -d --name myweb -p "$HOST_PORT:80" \ --restart always \ - -v $INDEX1:/var/www/index.txt \ + -v $INDEX1:/var/www/index.txt:Z \ -w /var/www \ $IMAGE /bin/busybox-extras httpd -f -p 80 cid=$output @@ -257,7 +257,7 @@ load helpers # Bind-mount this file with a different name to a container running httpd run_podman run -d --name myweb -p "$HOST_PORT:80" \ --network $netname \ - -v $INDEX1:/var/www/index.txt \ + -v $INDEX1:/var/www/index.txt:Z \ -w /var/www \ $IMAGE /bin/busybox-extras httpd -f -p 80 cid=$output |