From 50d4cd28682dccb7cdc8576327fcca65d848dff8 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 23 Jan 2018 17:12:13 +0100
Subject: Save --privileged state

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #255
Approved by: mheon
---
 test/podman_run_security.bats | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 test/podman_run_security.bats

(limited to 'test')

diff --git a/test/podman_run_security.bats b/test/podman_run_security.bats
new file mode 100644
index 000000000..07dabf44b
--- /dev/null
+++ b/test/podman_run_security.bats
@@ -0,0 +1,34 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function teardown() {
+    cleanup_test
+}
+
+function setup() {
+    copy_images
+}
+
+@test "run privileged test" {
+    cap=$(grep CapEff /proc/self/status | cut -f2 -d":")
+
+    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --privileged ${ALPINE}  grep CapEff /proc/self/status
+    echo $output
+    [ "$status" -eq 0 ]
+    containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+    [ $containercap = $cap ]
+
+    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-add all ${ALPINE}  grep CapEff /proc/self/status
+    echo $output
+    [ "$status" -eq 0 ]
+    containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+    [ $containercap = $cap ]
+
+    cap=$(grep CapAmb /proc/self/status | cut -f2 -d":")
+    run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run --cap-drop all ${ALPINE}  grep CapEff /proc/self/status
+    echo $output
+    [ "$status" -eq 0 ]
+    containercap=$(echo $output | tr -d '\r'| cut -f2 -d":")
+    [ $containercap = $cap ]
+}
-- 
cgit v1.2.3-54-g00ecf