summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorChris Evich <cevich@redhat.com>2021-08-02 16:22:59 -0400
committerChris Evich <cevich@redhat.com>2021-08-17 16:16:25 -0400
commit37b22af331d445e7d20a4a0d71dd32d7d042d1c6 (patch)
tree420d15dd8d511215f6e3799625bfebb2a691d2b1 /test
parentdaa311db397eea0e9180cfc85d226ea0675b9cd7 (diff)
downloadpodman-37b22af331d445e7d20a4a0d71dd32d7d042d1c6.tar.gz
podman-37b22af331d445e7d20a4a0d71dd32d7d042d1c6.tar.bz2
podman-37b22af331d445e7d20a4a0d71dd32d7d042d1c6.zip
Fix AVC denials in tests of volume mounts
This becomes a problem on hosts with upgraded policies. Ref: https://github.com/containers/podman/issues/10522 Also, made a small change to compose-test setup to reduce runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to 'test')
-rw-r--r--test/compose/mount_and_label/docker-compose.yml2
-rw-r--r--test/e2e/login_logout_test.go11
-rw-r--r--test/e2e/run_test.go2
3 files changed, 10 insertions, 5 deletions
diff --git a/test/compose/mount_and_label/docker-compose.yml b/test/compose/mount_and_label/docker-compose.yml
index 112d7e134..81fda2512 100644
--- a/test/compose/mount_and_label/docker-compose.yml
+++ b/test/compose/mount_and_label/docker-compose.yml
@@ -6,5 +6,7 @@ services:
- '5000:5000'
volumes:
- /tmp/data:/data:ro
+ security_opt:
+ - label=disable
labels:
- "io.podman=the_best"
diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go
index 7ad1fc1f2..d8ca9cbd9 100644
--- a/test/e2e/login_logout_test.go
+++ b/test/e2e/login_logout_test.go
@@ -79,9 +79,9 @@ var _ = Describe("Podman login and logout", func() {
session = podmanTest.Podman([]string{"run", "-d", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"),
"-e", strings.Join([]string{"REGISTRY_HTTP_ADDR=0.0.0.0", strconv.Itoa(port)}, ":"), "--name", "registry", "-v",
- strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
+ strings.Join([]string{authPath, "/auth:Z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
- "-v", strings.Join([]string{certPath, "/certs"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
+ "-v", strings.Join([]string{certPath, "/certs:Z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
@@ -235,10 +235,13 @@ var _ = Describe("Podman login and logout", func() {
setup.WaitWithDefaultTimeout()
defer os.RemoveAll(certDir)
+ // N/B: This second registry container shares the same auth and cert dirs
+ // as the registry started from BeforeEach(). Since this one starts
+ // second, re-labeling the volumes should keep SELinux happy.
session := podmanTest.Podman([]string{"run", "-d", "-p", "9001:9001", "-e", "REGISTRY_HTTP_ADDR=0.0.0.0:9001", "--name", "registry1", "-v",
- strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
+ strings.Join([]string{authPath, "/auth:z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
- "-v", strings.Join([]string{certPath, "/certs"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
+ "-v", strings.Join([]string{certPath, "/certs:z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 3c65c02d1..57d57554c 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -946,7 +946,7 @@ USER mail`, BB)
Expect(err).To(BeNil())
mountpoint := "/myvol/"
- session := podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint, ALPINE, "cat", mountpoint + filename})
+ session := podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint + ":z", ALPINE, "cat", mountpoint + filename})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
ctrID := session.OutputToString()