diff options
| author | Hironori Shiina <shiina.hironori@jp.fujitsu.com> | 2022-03-03 21:39:14 -0500 |
|---|---|---|
| committer | Hironori Shiina <shiina.hironori@jp.fujitsu.com> | 2022-03-07 18:12:17 -0500 |
| commit | d2f77c256836e8a1a562d56eed7d92fdb18a2f76 (patch) | |
| tree | 0236f36d71cb52bb342da22abce030a84152f546 /test | |
| parent | 4a242b1327fb34e6cac6c1686afb3370901180d3 (diff) | |
| download | podman-d2f77c256836e8a1a562d56eed7d92fdb18a2f76.tar.gz podman-d2f77c256836e8a1a562d56eed7d92fdb18a2f76.tar.bz2 podman-d2f77c256836e8a1a562d56eed7d92fdb18a2f76.zip | |
Set default rule at the head of device configuration
The default rule should be set at the head of device configuration.
Otherwise, rules for user devices are overridden by the default rule so
that any access to the user devices are denied.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/run_device_test.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/e2e/run_device_test.go b/test/e2e/run_device_test.go index b8bdc84f8..479837dda 100644 --- a/test/e2e/run_device_test.go +++ b/test/e2e/run_device_test.go @@ -44,6 +44,11 @@ var _ = Describe("Podman run device", func() { session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "test", "-c", "/dev/kmsg"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) + if !isRootless() { + session = podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", "--cap-add", "SYS_ADMIN", ALPINE, "head", "-n", "1", "/dev/kmsg"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + } }) It("podman run device rename test", func() { |