diff options
Diffstat (limited to 'test/e2e')
| -rw-r--r-- | test/e2e/config.go | 9 | ||||
| -rw-r--r-- | test/e2e/healthcheck_run_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/mount_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/run_seccomp.go | 70 | ||||
| -rw-r--r-- | test/e2e/run_signal_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/save_test.go | 2 |
6 files changed, 83 insertions, 4 deletions
diff --git a/test/e2e/config.go b/test/e2e/config.go index aeb7affee..12d0e545e 100644 --- a/test/e2e/config.go +++ b/test/e2e/config.go @@ -14,4 +14,13 @@ var ( BB = "docker.io/library/busybox:latest" healthcheck = "docker.io/libpod/alpine_healthcheck:latest" ImageCacheDir = "/tmp/podman/imagecachedir" + + // This image has seccomp profiles that blocks all syscalls. + // The intention behind blocking all syscalls is to prevent + // regressions in the future. The required syscalls can vary + // depending on which runtime we're using. + alpineSeccomp = "docker.io/libpod/alpine-with-seccomp:latest" + // This image has a bogus/invalid seccomp profile which should + // yield a json error when being read. + alpineBogusSeccomp = "docker.io/libpod/alpine-with-bogus-seccomp:latest" ) diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go index 4acea06eb..7633261e3 100644 --- a/test/e2e/healthcheck_run_test.go +++ b/test/e2e/healthcheck_run_test.go @@ -42,7 +42,7 @@ var _ = Describe("Podman healthcheck run", func() { }) It("podman healthcheck on valid container", func() { - Skip("Extremely consistent flake - reenable on debugging") + Skip("Extremely consistent flake - re-enable on debugging") session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", healthcheck}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index dda83ba31..ac52d8c7e 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -205,7 +205,7 @@ var _ = Describe("Podman mount", func() { Expect(lmount.OutputToString()).To(Equal("")) }) - It("podman list mulitple mounted containers", func() { + It("podman list multiple mounted containers", func() { SkipIfRootless() setup := podmanTest.Podman([]string{"create", ALPINE, "ls"}) diff --git a/test/e2e/run_seccomp.go b/test/e2e/run_seccomp.go new file mode 100644 index 000000000..dcf938ad6 --- /dev/null +++ b/test/e2e/run_seccomp.go @@ -0,0 +1,70 @@ +// +build !remoteclient + +package integration + +import ( + "os" + + . "github.com/containers/libpod/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman run --seccomp-policy default", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "default", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + + It("podman run --seccomp-policy ''", func() { + // Empty string is interpreted as "default". + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + + It("podman run --seccomp-policy invalid", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "invalid", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(Equal(0)) + }) + + It("podman run --seccomp-policy image (block all syscalls)", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + // TODO: we're getting a "cannot start a container that has + // stopped" error which seems surprising. Investigate + // why that is so. + Expect(session.ExitCode()).ToNot(Equal(0)) + }) + + It("podman run --seccomp-policy image (bogus profile)", func() { + session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineBogusSeccomp, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + }) +}) diff --git a/test/e2e/run_signal_test.go b/test/e2e/run_signal_test.go index 1d57e6211..eee7c14fb 100644 --- a/test/e2e/run_signal_test.go +++ b/test/e2e/run_signal_test.go @@ -47,7 +47,7 @@ var _ = Describe("Podman run with --sig-proxy", func() { Specify("signals are forwarded to container using sig-proxy", func() { if podmanTest.Host.Arch == "ppc64le" { - Skip("Doesnt work on ppc64le") + Skip("Doesn't work on ppc64le") } signal := syscall.SIGFPE // Set up a socket for communication diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index 52dab923b..60825f975 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -51,7 +51,7 @@ var _ = Describe("Podman save", func() { }) It("podman save with stdout", func() { - Skip("Pipe redirection in ginkgo probably wont work") + Skip("Pipe redirection in ginkgo probably won't work") outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") save := podmanTest.PodmanNoCache([]string{"save", ALPINE, ">", outfile}) |