summaryrefslogtreecommitdiff
path: root/test/podman_run_security.bats
diff options
context:
space:
mode:
Diffstat (limited to 'test/podman_run_security.bats')
-rw-r--r--test/podman_run_security.bats34
1 files changed, 34 insertions, 0 deletions
diff --git a/test/podman_run_security.bats b/test/podman_run_security.bats
new file mode 100644
index 000000000..07dabf44b
--- /dev/null
+++ b/test/podman_run_security.bats
@@ -0,0 +1,34 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function teardown() {
+ cleanup_test
+}
+
+function setup() {
+ copy_images
+}
+
+@test "run privileged test" {
+ cap=$(grep CapEff /proc/self/status | cut -f2 -d":")
+
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --privileged ${ALPINE} grep CapEff /proc/self/status
+ echo $output
+ [ "$status" -eq 0 ]
+ containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+ [ $containercap = $cap ]
+
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE} grep CapEff /proc/self/status
+ echo $output
+ [ "$status" -eq 0 ]
+ containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+ [ $containercap = $cap ]
+
+ cap=$(grep CapAmb /proc/self/status | cut -f2 -d":")
+ run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE} grep CapEff /proc/self/status
+ echo $output
+ [ "$status" -eq 0 ]
+ containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+ [ $containercap = $cap ]
+}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-19 05:51:09 +0000