Merge pull request #2899 from giuseppe/prevent-sys-fs-kernel-paths-in-userns

userns: prevent /sys/kernel/* paths in the container
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2019-04-11 08:30:31 -0700
committer: GitHub <noreply@github.com> 2019-04-11 08:30:31 -0700
commit: b281c34b317ff6f84757b590905c5ef5981863e0 (patch)
tree: 1ca9c59c49e42c3b4d1687e0ced9d6639cc83a7c /test
parent: 4596c39655f7ff5e741adbc97aaa49bb3a9d453e (diff)
parent: 2c9c40dc82141d3876d08fa5421f380b975a387b (diff)
download: podman-b281c34b317ff6f84757b590905c5ef5981863e0.tar.gz
podman-b281c34b317ff6f84757b590905c5ef5981863e0.tar.bz2
podman-b281c34b317ff6f84757b590905c5ef5981863e0.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 8ae68f33d..188070550 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -31,4 +31,12 @@ echo $rand        |   0 | $rand
     done < <(parse_table "$tests")
 }
 
+@test "podman run - uidmapping has no /sys/kernel mounts" {
+      run_podman $expected_rc run --uidmapping 0:100:10000 $IMAGE mount | grep /sys/kernel
+      is "$output" "" "podman run $cmd - output"
+
+      run_podman $expected_rc run --net host --uidmapping 0:100:10000 $IMAGE mount | grep /sys/kernel
+      is "$output" "" "podman run $cmd - output"
+}
+
 # vim: filetype=sh
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2019-04-11 08:30:31 -0700
committer	GitHub <noreply@github.com>	2019-04-11 08:30:31 -0700
commit	b281c34b317ff6f84757b590905c5ef5981863e0 (patch)
tree	1ca9c59c49e42c3b4d1687e0ced9d6639cc83a7c /test
parent	4596c39655f7ff5e741adbc97aaa49bb3a9d453e (diff)
parent	2c9c40dc82141d3876d08fa5421f380b975a387b (diff)
download	podman-b281c34b317ff6f84757b590905c5ef5981863e0.tar.gz podman-b281c34b317ff6f84757b590905c5ef5981863e0.tar.bz2 podman-b281c34b317ff6f84757b590905c5ef5981863e0.zip