diff options
Diffstat (limited to 'test/e2e/run_test.go')
-rw-r--r-- | test/e2e/run_test.go | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index a581b36fb..759c292eb 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -62,6 +62,64 @@ var _ = Describe("Podman run", func() { Expect(match).Should(BeTrue()) }) + It("podman run selinux disable test", func() { + if !selinux.GetEnabled() { + Skip("SELinux not enabled") + } + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=disable", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("unconfined_t") + Expect(match).Should(BeTrue()) + }) + + It("podman run selinux type check test", func() { + if !selinux.GetEnabled() { + Skip("SELinux not enabled") + } + session := podmanTest.Podman([]string{"run", "-it", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match1, _ := session.GrepString("container_t") + match2, _ := session.GrepString("svirt_lxc_net_t") + Expect(match1 || match2).Should(BeTrue()) + }) + + It("podman run selinux type setup test", func() { + if !selinux.GetEnabled() { + Skip("SELinux not enabled") + } + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("spc_t") + Expect(match).Should(BeTrue()) + }) + + It("podman run seccomp undefine test", func() { + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "seccomp=unconfined", ALPINE, "echo", "hello"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("hello") + Expect(match).Should(BeTrue()) + }) + + It("podman run seccomp test", func() { + jsonFile := filepath.Join(podmanTest.TempDir, "seccomp.json") + in := []byte(`{"defaultAction":"SCMP_ACT_ALLOW","syscalls":[{"name":"getcwd","action":"SCMP_ACT_ERRNO"}]}`) + err := WriteJsonFile(in, jsonFile) + if err != nil { + fmt.Println(err) + Skip("Failed to prepare seccomp.json for test.") + } + + session := podmanTest.Podman([]string{"run", "-it", "--security-opt", strings.Join([]string{"seccomp=", jsonFile}, ""), ALPINE, "pwd"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + match, _ := session.GrepString("Operation not permitted") + Expect(match).Should(BeTrue()) + }) + It("podman run capabilities test", func() { session := podmanTest.Podman([]string{"run", "--rm", "--cap-add", "all", ALPINE, "cat", "/proc/self/status"}) session.WaitWithDefaultTimeout() |