diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/run_selinux_test.go | 9 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 8 | ||||
| -rw-r--r-- | test/system/helpers.bash | 14 |
3 files changed, 24 insertions, 7 deletions
diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 358137aa9..8b33a05b2 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -177,4 +177,13 @@ var _ = Describe("Podman run", func() { Expect(session.OutputToString()).To(Equal(session1.OutputToString())) }) + It("podman run --privileged and --security-opt SELinux options", func() { + session := podmanTest.Podman([]string{"run", "-it", "--privileged", "--security-opt", "label=type:spc_t", "--security-opt", "label=level:s0:c1,c2", ALPINE, "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString("spc_t") + Expect(match).To(BeTrue()) + match2, _ := session.GrepString("s0:c1,c2") + Expect(match2).To(BeTrue()) + }) }) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 90179964d..42754bab4 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1039,4 +1039,12 @@ USER mail` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) }) + + It("podman run --privileged and --group-add", func() { + groupName := "kvm" + session := podmanTest.Podman([]string{"run", "-t", "-i", "--group-add", groupName, "--privileged", fedoraMinimal, "groups"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(strings.Contains(session.OutputToString(), groupName)).To(BeTrue()) + }) }) diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 7e6f1c1ca..5301644d6 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -2,12 +2,6 @@ # Podman command to run; may be podman-remote PODMAN=${PODMAN:-podman} -# If it's a relative path, convert to absolute; otherwise tests can't cd out -if [[ "$PODMAN" =~ / ]]; then - if [[ ! "$PODMAN" =~ ^/ ]]; then - PODMAN=$(realpath $PODMAN) - fi -fi # Standard image to use for most tests PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"} @@ -22,6 +16,12 @@ IMAGE=$PODMAN_TEST_IMAGE_FQN # Default timeout for a podman command. PODMAN_TIMEOUT=${PODMAN_TIMEOUT:-60} +# Prompt to display when logging podman commands; distinguish root/rootless +_LOG_PROMPT='$' +if [ $(id -u) -eq 0 ]; then + _LOG_PROMPT='#' +fi + ############################################################################### # BEGIN setup/teardown tools @@ -138,7 +138,7 @@ function run_podman() { esac # stdout is only emitted upon error; this echo is to help a debugger - echo "\$ $PODMAN $*" + echo "$_LOG_PROMPT $PODMAN $*" # BATS hangs if a subprocess remains and keeps FD 3 open; this happens # if podman crashes unexpectedly without cleaning up subprocesses. run timeout --foreground -v --kill=10 $PODMAN_TIMEOUT $PODMAN "$@" 3>/dev/null |