summaryrefslogtreecommitdiff
path: root/test/e2e/run_selinux_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'test/e2e/run_selinux_test.go')
-rw-r--r--test/e2e/run_selinux_test.go87
1 files changed, 44 insertions, 43 deletions
diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go
index 2886f06c1..1a5ef4d5d 100644
--- a/test/e2e/run_selinux_test.go
+++ b/test/e2e/run_selinux_test.go
@@ -7,6 +7,7 @@ import (
. "github.com/containers/podman/v3/test/utils"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
+ . "github.com/onsi/gomega/gexec"
"github.com/opencontainers/selinux/go-selinux"
)
@@ -40,7 +41,7 @@ var _ = Describe("Podman run", func() {
It("podman run selinux", func() {
session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_t")
Expect(match).Should(BeTrue())
})
@@ -48,7 +49,7 @@ var _ = Describe("Podman run", func() {
It("podman run selinux grep test", func() {
session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=level:s0:c1,c2", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("s0:c1,c2")
Expect(match).Should(BeTrue())
})
@@ -56,7 +57,7 @@ var _ = Describe("Podman run", func() {
It("podman run selinux disable test", func() {
session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=disable", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("spc_t")
Expect(match).Should(BeTrue())
})
@@ -64,7 +65,7 @@ var _ = Describe("Podman run", func() {
It("podman run selinux type check test", func() {
session := podmanTest.Podman([]string{"run", "-it", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match1, _ := session.GrepString("container_t")
match2, _ := session.GrepString("svirt_lxc_net_t")
Expect(match1 || match2).Should(BeTrue())
@@ -73,7 +74,7 @@ var _ = Describe("Podman run", func() {
It("podman run selinux type setup test", func() {
session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("spc_t")
Expect(match).Should(BeTrue())
})
@@ -81,7 +82,7 @@ var _ = Describe("Podman run", func() {
It("podman privileged selinux", func() {
session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("spc_t")
Expect(match).Should(BeTrue())
})
@@ -89,7 +90,7 @@ var _ = Describe("Podman run", func() {
It("podman test selinux label resolv.conf", func() {
session := podmanTest.Podman([]string{"run", fedoraMinimal, "ls", "-Z", "/etc/resolv.conf"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_file_t")
Expect(match).Should(BeTrue())
})
@@ -97,7 +98,7 @@ var _ = Describe("Podman run", func() {
It("podman test selinux label hosts", func() {
session := podmanTest.Podman([]string{"run", fedoraMinimal, "ls", "-Z", "/etc/hosts"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_file_t")
Expect(match).Should(BeTrue())
})
@@ -105,7 +106,7 @@ var _ = Describe("Podman run", func() {
It("podman test selinux label hostname", func() {
session := podmanTest.Podman([]string{"run", fedoraMinimal, "ls", "-Z", "/etc/hostname"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_file_t")
Expect(match).Should(BeTrue())
})
@@ -113,7 +114,7 @@ var _ = Describe("Podman run", func() {
It("podman test selinux label /run/secrets", func() {
session := podmanTest.Podman([]string{"run", fedoraMinimal, "ls", "-dZ", "/run/secrets"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_file_t")
Expect(match).Should(BeTrue())
})
@@ -121,7 +122,7 @@ var _ = Describe("Podman run", func() {
It("podman test selinux --privileged label resolv.conf", func() {
session := podmanTest.Podman([]string{"run", "--privileged", fedoraMinimal, "ls", "-Z", "/etc/resolv.conf"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_file_t")
Expect(match).Should(BeTrue())
})
@@ -129,7 +130,7 @@ var _ = Describe("Podman run", func() {
It("podman test selinux --privileged label hosts", func() {
session := podmanTest.Podman([]string{"run", "--privileged", fedoraMinimal, "ls", "-Z", "/etc/hosts"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_file_t")
Expect(match).Should(BeTrue())
})
@@ -137,7 +138,7 @@ var _ = Describe("Podman run", func() {
It("podman test selinux --privileged label hostname", func() {
session := podmanTest.Podman([]string{"run", "--privileged", fedoraMinimal, "ls", "-Z", "/etc/hostname"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_file_t")
Expect(match).Should(BeTrue())
})
@@ -145,7 +146,7 @@ var _ = Describe("Podman run", func() {
It("podman test selinux --privileged label /run/secrets", func() {
session := podmanTest.Podman([]string{"run", "--privileged", fedoraMinimal, "ls", "-dZ", "/run/secrets"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_file_t")
Expect(match).Should(BeTrue())
})
@@ -153,19 +154,19 @@ var _ = Describe("Podman run", func() {
It("podman run selinux file type setup test", func() {
session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", "--security-opt", "label=filetype:container_var_lib_t", fedoraMinimal, "ls", "-Z", "/dev"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("container_var_lib_t")
Expect(match).Should(BeTrue())
session = podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", "--security-opt", "label=filetype:foobar", fedoraMinimal, "ls", "-Z", "/dev"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(126))
+ Expect(session).Should(Exit(126))
})
It("podman exec selinux check", func() {
setup := podmanTest.RunTopContainer("test1")
setup.WaitWithDefaultTimeout()
- Expect(setup.ExitCode()).To(Equal(0))
+ Expect(setup).Should(Exit(0))
session := podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/1/attr/current"})
session.WaitWithDefaultTimeout()
@@ -177,7 +178,7 @@ var _ = Describe("Podman run", func() {
It("podman run --privileged and --security-opt SELinux options", func() {
session := podmanTest.Podman([]string{"run", "-it", "--privileged", "--security-opt", "label=type:spc_t", "--security-opt", "label=level:s0:c1,c2", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString("spc_t")
Expect(match).To(BeTrue())
match2, _ := session.GrepString("s0:c1,c2")
@@ -187,90 +188,90 @@ var _ = Describe("Podman run", func() {
It("podman pod container share SELinux labels", func() {
session := podmanTest.Podman([]string{"pod", "create"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
podID := session.OutputToString()
session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
label1 := session.OutputToString()
session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Equal(label1))
session = podmanTest.Podman([]string{"pod", "rm", podID, "--force"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
})
It("podman pod container --infra=false doesn't share SELinux labels", func() {
session := podmanTest.Podman([]string{"pod", "create", "--infra=false"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
podID := session.OutputToString()
session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
label1 := session.OutputToString()
session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Not(Equal(label1)))
session = podmanTest.Podman([]string{"pod", "rm", podID, "--force"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
})
It("podman shared IPC NS container share SELinux labels", func() {
session := podmanTest.RunTopContainer("test1")
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
session = podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
label1 := session.OutputToString()
session = podmanTest.Podman([]string{"run", "--ipc", "container:test1", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Equal(label1))
})
It("podman shared PID NS container share SELinux labels", func() {
session := podmanTest.RunTopContainer("test1")
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
session = podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
label1 := session.OutputToString()
session = podmanTest.Podman([]string{"run", "--pid", "container:test1", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Equal(label1))
})
It("podman shared NET NS container doesn't share SELinux labels", func() {
session := podmanTest.RunTopContainer("test1")
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
session = podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
label1 := session.OutputToString()
session = podmanTest.Podman([]string{"run", "--net", "container:test1", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(Not(Equal(label1)))
})
@@ -278,35 +279,35 @@ var _ = Describe("Podman run", func() {
SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
session := podmanTest.Podman([]string{"run", "--pid=host", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("spc_t"))
})
It("podman test --ipc=host", func() {
session := podmanTest.Podman([]string{"run", "--ipc=host", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("spc_t"))
})
It("podman test --ipc=net", func() {
session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("container_t"))
})
It("podman test --ipc=net", func() {
session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("container_t"))
})
It("podman test --ipc=net", func() {
session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("container_t"))
})
@@ -321,7 +322,7 @@ var _ = Describe("Podman run", func() {
}
session := podmanTest.Podman([]string{"create", ALPINE})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
cid := session.OutputToString()
session = podmanTest.Podman([]string{"inspect", "--format", "{{ .ProcessLabel }}", cid})
session.WaitWithDefaultTimeout()
@@ -337,7 +338,7 @@ var _ = Describe("Podman run", func() {
It("podman test init labels", func() {
session := podmanTest.Podman([]string{"create", ubi_init, "/sbin/init"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
cid := session.OutputToString()
session = podmanTest.Podman([]string{"inspect", "--format", "{{ .ProcessLabel }}", cid})
session.WaitWithDefaultTimeout()
@@ -347,7 +348,7 @@ var _ = Describe("Podman run", func() {
It("podman relabels named volume with :Z", func() {
session := podmanTest.Podman([]string{"run", "-v", "testvol:/test1/test:Z", fedoraMinimal, "ls", "-alZ", "/test1"})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ Expect(session).Should(Exit(0))
match, _ := session.GrepString(":s0:")
Expect(match).Should(BeTrue())
})
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-30 10:42:15 +0000