From 098389dc3e7bbba7c266ad24c909f3a5422e2908 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 3 Nov 2017 14:46:51 +0000
Subject: Parse SecurityOpts

This should turn on handling of SELinux, NoNewPrivs, seccomp and Apparmor

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #15
Approved by: rhatdan
---
 test/kpod_run.bats | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'test')

diff --git a/test/kpod_run.bats b/test/kpod_run.bats
index 4945691a7..d0cac96de 100644
--- a/test/kpod_run.bats
+++ b/test/kpod_run.bats
@@ -18,3 +18,21 @@ ALPINE="docker.io/library/alpine:latest"
     echo "$output"
     [ "$status" -eq 0 ]
 }
+
+@test "run selinux test" {
+
+    if [ ! -e /usr/sbin/selinuxenabled ] || /usr/sbin/selinuxenabled; then
+        skip "SELinux not enabled"
+    fi
+
+    firstLabel=$(${KPOD_BINARY} ${KPOD_OPTIONS} run ${ALPINE} cat /proc/self/attr/current)
+    run ${KPOD_BINARY} ${KPOD_OPTIONS} run ${ALPINE} cat /proc/self/attr/current
+    echo "$output"
+    [ "$status" -eq 0 ]
+    [ "$output" != "${firstLabel}" ]
+
+    run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run --security-opt label:level=s0:c1,c2 ${ALPINE} cat /proc/self/attr/current | grep s0:c1,c2"
+    echo "$output"
+    [ "$status" -eq 0 ]
+
+}
-- 
cgit v1.2.3-54-g00ecf