From 252aec1c9ae7e7ed01a4b72cf208e3c0130eb7e7 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 3 Mar 2021 08:28:29 -0500
Subject: Check for supportsKVM based on basename of the runtime

Fixes: https://github.com/containers/podman/issues/9582

This PR also adds tests to make sure SELinux labels match the runtime,
or if init is specified works with the correct label.

Add tests for selinux kvm/init labels

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 test/e2e/run_selinux_test.go | 49 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

(limited to 'test/e2e')

diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go
index 8c712b1be..6abe152a9 100644
--- a/test/e2e/run_selinux_test.go
+++ b/test/e2e/run_selinux_test.go
@@ -2,6 +2,7 @@ package integration
 
 import (
 	"os"
+	"path/filepath"
 
 	. "github.com/containers/podman/v3/test/utils"
 	. "github.com/onsi/ginkgo"
@@ -294,4 +295,52 @@ var _ = Describe("Podman run", func() {
 		Expect(session.ExitCode()).To(Equal(0))
 		Expect(session.OutputToString()).To(ContainSubstring("container_t"))
 	})
+
+	It("podman test --ipc=net", func() {
+		session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring("container_t"))
+	})
+
+	It("podman test --ipc=net", func() {
+		session := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/proc/self/attr/current"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring("container_t"))
+	})
+
+	It("podman test --runtime=/PATHTO/kata-runtime", func() {
+		runtime := podmanTest.OCIRuntime
+		podmanTest.OCIRuntime = filepath.Join(podmanTest.TempDir, "kata-runtime")
+		err := os.Symlink("/bin/true", podmanTest.OCIRuntime)
+		Expect(err).To(BeNil())
+		if IsRemote() {
+			podmanTest.StopRemoteService()
+			podmanTest.StartRemoteService()
+		}
+		session := podmanTest.Podman([]string{"create", ALPINE})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		cid := session.OutputToString()
+		session = podmanTest.Podman([]string{"inspect", "--format", "{{ .ProcessLabel }}", cid})
+		session.WaitWithDefaultTimeout()
+		Expect(session.OutputToString()).To(ContainSubstring("container_kvm_t"))
+
+		podmanTest.OCIRuntime = runtime
+		if IsRemote() {
+			podmanTest.StopRemoteService()
+			podmanTest.StartRemoteService()
+		}
+	})
+
+	It("podman test init labels", func() {
+		session := podmanTest.Podman([]string{"create", ubi_init, "/sbin/init"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		cid := session.OutputToString()
+		session = podmanTest.Podman([]string{"inspect", "--format", "{{ .ProcessLabel }}", cid})
+		session.WaitWithDefaultTimeout()
+		Expect(session.OutputToString()).To(ContainSubstring("container_init_t"))
+	})
 })
-- 
cgit v1.2.3-54-g00ecf