diff options
Diffstat (limited to 'test/system/410-selinux.bats')
-rw-r--r-- | test/system/410-selinux.bats | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 7482d3e55..215b2832e 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -39,17 +39,17 @@ function check_label() { } @test "podman selinux: container with label=disable" { - skip_if_rootless - check_label "--security-opt label=disable" "spc_t" } @test "podman selinux: privileged container" { - skip_if_rootless - check_label "--privileged --userns=host" "spc_t" } +@test "podman selinux: init container" { + check_label "--systemd=always" "container_init_t" +} + @test "podman selinux: pid=host" { # FIXME FIXME FIXME: Remove these lines once all VMs have >= 2.146.0 # (this is ugly, but better than an unconditional skip) @@ -74,6 +74,18 @@ function check_label() { check_label "--security-opt label=level:s0:c1,c2" "container_t" "s0:c1,c2" } +@test "podman selinux: inspect kvm labels" { + skip_if_no_selinux + skip_if_remote "runtime flag is not passed over remote" + if [ ! -e /usr/bin/kata-runtime ]; then + skip "kata-runtime not available" + fi + + run_podman create --runtime=kata --name myc $IMAGE + run_podman inspect --format='{{ .ProcessLabel }}' myc + is "$output" ".*container_kvm_t.*" +} + # pr #6752 @test "podman selinux: inspect multiple labels" { skip_if_no_selinux |