diff options
author | Valentin Rothberg <vrothberg@suse.com> | 2018-10-12 13:18:36 +0200 |
---|---|---|
committer | Valentin Rothberg <vrothberg@suse.com> | 2018-10-24 14:02:43 +0200 |
commit | 606a5cec8fa177fe64cff4ccf7cac05900fbe86c (patch) | |
tree | eaed8639a17fb03e9efb7b0c1d9d2d3be3ecd89b /test | |
parent | cde41c0b84e55a4325937f9c577afa6ccc129b9a (diff) | |
download | podman-606a5cec8fa177fe64cff4ccf7cac05900fbe86c.tar.gz podman-606a5cec8fa177fe64cff4ccf7cac05900fbe86c.tar.bz2 podman-606a5cec8fa177fe64cff4ccf7cac05900fbe86c.zip |
runlabel: run any command
As discussed [1], the runlabel command should execute any command
specified in a label. The reasoning behind is that we cannot restrict
which options are passed to Podman which thereby has full access to the
host (runlabels must be used with care).
With the updated semantics, runlabel will substitute the commands with a
basepath equal to "docker" or "podman" with "/proc/self/exe", and
otherwise leave the command unchanged to execute any other command on
the host.
[1] https://github.com/containers/libpod/pull/1607#issuecomment-428321382
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/e2e/runlabel_test.go | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/test/e2e/runlabel_test.go b/test/e2e/runlabel_test.go new file mode 100644 index 000000000..8d10d3c24 --- /dev/null +++ b/test/e2e/runlabel_test.go @@ -0,0 +1,68 @@ +package integration + +import ( + "fmt" + "os" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var PodmanDockerfile = ` +FROM alpine:latest +LABEL RUN podman --version` + +var LsDockerfile = ` +FROM alpine:latest +LABEL RUN ls -la` + +var _ = Describe("podman container runlabel", func() { + var ( + tempdir string + err error + podmanTest PodmanTest + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanCreate(tempdir) + podmanTest.RestoreAllArtifacts() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds()) + GinkgoWriter.Write([]byte(timedResult)) + + }) + + It("podman container runlabel (podman --version)", func() { + image := "podman-runlabel-test:podman" + podmanTest.BuildImage(PodmanDockerfile, image, "false") + + result := podmanTest.Podman([]string{"container", "runlabel", "RUN", image}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + + result = podmanTest.Podman([]string{"rmi", image}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + }) + + It("podman container runlabel (ls -la)", func() { + image := "podman-runlabel-test:ls" + podmanTest.BuildImage(LsDockerfile, image, "false") + + result := podmanTest.Podman([]string{"container", "runlabel", "RUN", image}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + + result = podmanTest.Podman([]string{"rmi", image}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + }) +}) |