From 57eaea9539bb18d683cbac28a6a1b1b09e744944 Mon Sep 17 00:00:00 2001
From: Matthew Heon <matthew.heon@pm.me>
Date: Wed, 23 Oct 2019 12:08:32 -0400
Subject: Image volumes should not be mounted noexec

This matches Docker more closely, but retains the more important
protections of nosuid/nodev.

Fixes #4318

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
---
 test/e2e/run_volume_test.go | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'test/e2e/run_volume_test.go')

diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index d04eb07b3..c96059787 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -357,4 +357,11 @@ var _ = Describe("Podman run with volumes", func() {
 		Expect(len(arr2)).To(Equal(1))
 		Expect(arr2[0]).To(Equal(volName))
 	})
+
+	It("podman run image volume is not noexec", func() {
+		session := podmanTest.Podman([]string{"run", "--rm", redis, "grep", "/data", "/proc/self/mountinfo"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Not(ContainSubstring("noexec")))
+	})
 })
-- 
cgit v1.2.3-54-g00ecf