summaryrefslogtreecommitdiff
path: root/test/e2e/run_privileged_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'test/e2e/run_privileged_test.go')
-rw-r--r--test/e2e/run_privileged_test.go17
1 files changed, 11 insertions, 6 deletions
diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go
index 3df90b218..6692c91c7 100644
--- a/test/e2e/run_privileged_test.go
+++ b/test/e2e/run_privileged_test.go
@@ -1,12 +1,11 @@
package integration
import (
- "fmt"
"os"
+ "strings"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
- "strings"
)
var _ = Describe("Podman privileged container tests", func() {
@@ -84,23 +83,29 @@ var _ = Describe("Podman privileged container tests", func() {
})
It("run no-new-privileges test", func() {
+ // Check if our kernel is new enough
+ k, err := IsKernelNewThan("4.14")
+ Expect(err).To(BeNil())
+ if !k {
+ Skip("Kernel is not new enough to test this feature")
+ }
+
cap := podmanTest.SystemExec("grep", []string{"NoNewPrivs", "/proc/self/status"})
cap.WaitWithDefaultTimeout()
if cap.ExitCode() != 0 {
- fmt.Println("Can't determine NoNewPrivs")
- return
+ Skip("Can't determine NoNewPrivs")
}
session := podmanTest.Podman([]string{"run", "busybox", "grep", "NoNewPrivs", "/proc/self/status"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- privs := strings.Split(cap.OutputToString(), ":")
+ privs := strings.Split(cap.OutputToString(), ":")
session = podmanTest.Podman([]string{"run", "--security-opt", "no-new-privileges", "busybox", "grep", "NoNewPrivs", "/proc/self/status"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- noprivs := strings.Split(cap.OutputToString(), ":")
+ noprivs := strings.Split(cap.OutputToString(), ":")
Expect(privs[1]).To(Not(Equal(noprivs[1])))
})
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-12 08:35:12 +0000