summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2020-12-09 19:25:24 +0100
committerGiuseppe Scrivano <gscrivan@redhat.com>2020-12-09 19:26:23 +0100
commit176be90e0a94c7b073b1b4e0da5903b0440748d6 (patch)
tree8b2ea766440058bdaba6c0f12ecb85ae086b4ba8 /test
parentb875c5c27c503108f1984256833a9a2da4d0c5d1 (diff)
downloadpodman-176be90e0a94c7b073b1b4e0da5903b0440748d6.tar.gz
podman-176be90e0a94c7b073b1b4e0da5903b0440748d6.tar.bz2
podman-176be90e0a94c7b073b1b4e0da5903b0440748d6.zip
security: honor systempaths=unconfined for ro paths
we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'test')
-rw-r--r--test/e2e/run_test.go7
1 files changed, 7 insertions, 0 deletions
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index f73a15633..dbdd6a072 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -272,6 +272,13 @@ var _ = Describe("Podman run", func() {
session.WaitWithDefaultTimeout()
Expect(session.OutputToString()).To(Not(BeEmpty()))
Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "-d", "--name=maskCtr5", "--security-opt", "systempaths=unconfined", ALPINE, "grep", "/proc", "/proc/self/mounts"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ stdoutLines := session.OutputToStringArray()
+ Expect(stdoutLines).Should(HaveLen(1))
+
})
It("podman run seccomp test", func() {