diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-09-22 19:03:15 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-22 19:03:15 +0200 |
| commit | 08993516a939576fa009db6e7ed32524026a822d (patch) | |
| tree | 05fd47ec0708f53e095004af48b853cd41316d57 /test | |
| parent | 8bf3535447fe9f482b329e962e173ade26456e6d (diff) | |
| parent | 5a2405ae1b3a51a7fb1f01de89bd6b2c60416f08 (diff) | |
| download | podman-08993516a939576fa009db6e7ed32524026a822d.tar.gz podman-08993516a939576fa009db6e7ed32524026a822d.tar.bz2 podman-08993516a939576fa009db6e7ed32524026a822d.zip | |
Merge pull request #15895 from dcermak/don-expose-dev-for-privileged
Don't mount /dev/ inside privileged containers running systemd
Diffstat (limited to 'test')
| -rw-r--r-- | test/system/030-run.bats | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 2abf749a1..65a1150a3 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -901,4 +901,22 @@ $IMAGE--c_ok" \ run_podman rm $ctr_name } +@test "podman run --privileged as root with systemd will not mount /dev/tty" { + skip_if_rootless "this test only makes sense as root" + + ctr_name="container-$(random_string 5)" + run_podman run --rm -d --privileged --systemd=always --name "$ctr_name" "$IMAGE" /home/podman/pause + + TTYs=$(ls /dev/tty*|sed '/^\/dev\/tty$/d') + + if [[ $TTYs = "" ]]; then + die "Did not find any /dev/ttyN devices on local host" + else + run_podman exec "$ctr_name" ls /dev/ + assert "$(grep tty <<<$output)" = "tty" "There must be no /dev/ttyN devices in the container" + fi + + run_podman stop "$ctr_name" +} + # vim: filetype=sh |