From 3987c529f473178c51feb69d5252c7d5c2a8f697 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Mon, 28 Mar 2022 09:10:14 -0400
Subject: Add support for ipc namespace modes "none, private, sharable"

Fixes: #13265

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 test/system/190-run-ipcns.bats | 70 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 test/system/190-run-ipcns.bats

(limited to 'test')

diff --git a/test/system/190-run-ipcns.bats b/test/system/190-run-ipcns.bats
new file mode 100644
index 000000000..9327d8ec7
--- /dev/null
+++ b/test/system/190-run-ipcns.bats
@@ -0,0 +1,70 @@
+#!/usr/bin/env bats   -*- bats -*-
+# shellcheck disable=SC2096
+#
+# Tests for podman build
+#
+
+load helpers
+
+@test "podman --ipc=host" {
+    run readlink /proc/self/ns/ipc
+    hostipc=$output
+    run_podman run --rm --ipc=host $IMAGE readlink /proc/self/ns/ipc
+    is "$output" "$hostipc" "HostIPC and container IPC should be same"
+}
+
+@test "podman --ipc=none" {
+    run readlink /proc/self/ns/ipc
+    hostipc=$output
+    run_podman run --rm --ipc=none $IMAGE readlink /proc/self/ns/ipc
+    if [[ $output == "$hostipc" ]]; then
+       die "hostipc and containeripc should be different"
+    fi
+    run_podman 1 run --rm --ipc=none $IMAGE ls /dev/shm
+    is "$output" "ls: /dev/shm: No such file or directory" "Should fail with missing /dev/shm"
+}
+
+@test "podman --ipc=private" {
+    run readlink /proc/self/ns/ipc
+    hostipc=$output
+    run_podman run -d --ipc=private --name test $IMAGE sleep 100
+    if [[ $output == "$hostipc" ]]; then
+       die "hostipc and containeripc should be different"
+    fi
+    run_podman 125 run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
+    is "$output" ".*is not allowed: non-shareable IPC (hint: use IpcMode:shareable for the donor container)" "Containers should not share private ipc namespace"
+    run_podman stop -t 0 test
+    run_podman rm test
+}
+
+@test "podman --ipc=shareable" {
+    run readlink /proc/self/ns/ipc
+    hostipc=$output
+    run_podman run -d --ipc=shareable --name test $IMAGE sleep 100
+    if [[ $output == "$hostipc" ]]; then
+       die "hostipc and containeripc should be different"
+    fi
+    run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
+    if [[ $output == "$hostipc" ]]; then
+       die "hostipc and containeripc should be different"
+    fi
+    run_podman stop -t 0 test
+    run_podman rm test
+}
+
+@test "podman --ipc=container@test" {
+    run readlink /proc/self/ns/ipc
+    hostipc=$output
+    run_podman run -d --name test $IMAGE sleep 100
+    run_podman exec test readlink /proc/self/ns/ipc
+    if [[ $output == "$hostipc" ]]; then
+       die "hostipc and containeripc should be different"
+    fi
+    testipc=$output
+    run_podman run --ipc=container:test --rm $IMAGE readlink /proc/self/ns/ipc
+    is "$output" "$testipc" "Containers should share ipc namespace"
+    run_podman stop -t 0 test
+    run_podman rm test
+}
+
+# vim: filetype=sh
-- 
cgit v1.2.3-54-g00ecf