From c13a52cfdebf57028f014f24ccd889d6b5acd643 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Mon, 26 Aug 2019 09:56:03 -0400 Subject: Add a test for the new suid/exec/dev options Signed-off-by: Matthew Heon --- test/e2e/run_volume_test.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index abb93a149..0441dad1c 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -162,4 +162,26 @@ var _ = Describe("Podman run with volumes", func() { Expect(session.OutputToString()).To(ContainSubstring("/testvol1")) Expect(session.OutputToString()).To(ContainSubstring("/testvol2")) }) + + It("podman run with volumes and suid/dev/exec options", func() { + mountPath := filepath.Join(podmanTest.TempDir, "secrets") + os.Mkdir(mountPath, 0755) + session := podmanTest.Podman([]string{"run", "--rm", "-v", fmt.Sprintf("%s:/run/test:suid,dev,exec", mountPath), ALPINE, "grep", "/run/test", "/proc/self/mountinfo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + found, matches := session.GrepString("/run/test") + Expect(found).Should(BeTrue()) + Expect(matches[0]).To(Not(ContainSubstring("noexec"))) + Expect(matches[0]).To(Not(ContainSubstring("nodev"))) + Expect(matches[0]).To(Not(ContainSubstring("nosuid"))) + + session = podmanTest.Podman([]string{"run", "--rm", "--tmpfs", "/run/test:suid,dev,exec", ALPINE, "grep", "/run/test", "/proc/self/mountinfo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + found, matches = session.GrepString("/run/test") + Expect(found).Should(BeTrue()) + Expect(matches[0]).To(Not(ContainSubstring("noexec"))) + Expect(matches[0]).To(Not(ContainSubstring("nodev"))) + Expect(matches[0]).To(Not(ContainSubstring("nosuid"))) + }) }) -- cgit v1.2.3-54-g00ecf