diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/e2e/libpod_suite_test.go | 26 | ||||
-rw-r--r-- | test/e2e/run_privileged_test.go | 17 |
2 files changed, 37 insertions, 6 deletions
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index bd117d5f4..ed9694092 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -16,6 +16,7 @@ import ( "github.com/containers/image/transports/alltransports" "github.com/containers/image/types" sstorage "github.com/containers/storage" + "github.com/containers/storage/pkg/parsers/kernel" "github.com/containers/storage/pkg/reexec" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -72,6 +73,10 @@ func TestLibpod(t *testing.T) { if reexec.Init() { os.Exit(1) } + if os.Getenv("NOCACHE") == "1" { + CACHE_IMAGES = []string{} + RESTORE_IMAGES = []string{} + } RegisterFailHandler(Fail) RunSpecs(t, "Libpod Suite") } @@ -480,3 +485,24 @@ func (p *PodmanTest) GetHostDistribution() string { } return "" } + +// IsKernelNewThan compares the current kernel version to one provided. If +// the kernel is equal to or greater, returns true +func IsKernelNewThan(version string) (bool, error) { + inputVersion, err := kernel.ParseRelease(version) + if err != nil { + return false, err + } + kv, err := kernel.GetKernelVersion() + if err == nil { + return false, err + } + // CompareKernelVersion compares two kernel.VersionInfo structs. + // Returns -1 if a < b, 0 if a == b, 1 it a > b + result := kernel.CompareKernelVersion(*kv, *inputVersion) + if result >= 0 { + return true, nil + } + return false, nil + +} diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index 3df90b218..6692c91c7 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -1,12 +1,11 @@ package integration import ( - "fmt" "os" + "strings" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "strings" ) var _ = Describe("Podman privileged container tests", func() { @@ -84,23 +83,29 @@ var _ = Describe("Podman privileged container tests", func() { }) It("run no-new-privileges test", func() { + // Check if our kernel is new enough + k, err := IsKernelNewThan("4.14") + Expect(err).To(BeNil()) + if !k { + Skip("Kernel is not new enough to test this feature") + } + cap := podmanTest.SystemExec("grep", []string{"NoNewPrivs", "/proc/self/status"}) cap.WaitWithDefaultTimeout() if cap.ExitCode() != 0 { - fmt.Println("Can't determine NoNewPrivs") - return + Skip("Can't determine NoNewPrivs") } session := podmanTest.Podman([]string{"run", "busybox", "grep", "NoNewPrivs", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - privs := strings.Split(cap.OutputToString(), ":") + privs := strings.Split(cap.OutputToString(), ":") session = podmanTest.Podman([]string{"run", "--security-opt", "no-new-privileges", "busybox", "grep", "NoNewPrivs", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - noprivs := strings.Split(cap.OutputToString(), ":") + noprivs := strings.Split(cap.OutputToString(), ":") Expect(privs[1]).To(Not(Equal(noprivs[1]))) }) |