From 239bd57662162e9754421a31db9cf529cee8d701 Mon Sep 17 00:00:00 2001 From: Urvashi Mohnani Date: Mon, 7 Dec 2020 10:57:46 -0500 Subject: Add systempaths=unconfined option Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani --- test/e2e/run_test.go | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'test/e2e/run_test.go') diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index efc125d2b..7534030af 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -264,6 +264,14 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.OutputToString()).To(BeEmpty()) Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "-d", "--name=maskCtr4", "--security-opt", "systempaths=unconfined", ALPINE, "sleep", "200"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"exec", "maskCtr4", "ls", "/sys/firmware"}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(Not(BeEmpty())) + Expect(session.ExitCode()).To(Equal(0)) }) It("podman run seccomp test", func() { -- cgit v1.2.3-54-g00ecf