From bcbf5c48940e543b39385bc1e137ca7b5d5ad9dd Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <rothberg@redhat.com>
Date: Thu, 23 May 2019 13:24:51 +0200
Subject: baseline tests: apparmor with --privileged

https://github.com/containers/libpod/issues/3112 has revealed a
regression in apparmor when running privileged containers where the
profile must not be set or loaded.  Add a simple test to avoid potential
future regressions.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
---
 test/test_podman_baseline.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'test')

diff --git a/test/test_podman_baseline.sh b/test/test_podman_baseline.sh
index 5c24229bb..92bc8e20c 100755
--- a/test/test_podman_baseline.sh
+++ b/test/test_podman_baseline.sh
@@ -504,6 +504,16 @@ EOF
         echo "failed"
     fi
 
+    #Expected to pass (as root with --privileged).
+    #Note that the profile should not be loaded letting the mount succeed.
+    podman run --privileged docker.io/library/alpine:latest sh -c "mkdir tmp2; mount --bind tmp tmp2"
+    rc=$?
+    echo -n "root with specified AppArmor profile but --privileged: "
+    if [ $rc == 0 ]; then
+        echo "passed"
+    else
+        echo "failed"
+    fi
     #Expected to fail (as rootless)
     sudo -u "#1000" podman run --security-opt apparmor=$aaProfile docker.io/library/alpine:latest echo hello
     rc=$?
-- 
cgit v1.2.3-54-g00ecf