opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-25 02:04:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add systempaths=unconfined option

Browse Source 
Add the systempaths=unconfined option to --security-opt
to match the docker options for unmasking all the paths
that are masked by default.
Add the mask and unmask options to the podman create doc.

Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This commit is contained in:
Urvashi Mohnani
2020-12-07 10:57:46 -05:00
parent e6f80fa61a
commit 239bd57662
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
test/e2e/run_test.go
View File

@ -264,6 +264,14 @@ var _ = Describe("Podman run", func() {
session.WaitWithDefaultTimeout()
Expect(session.OutputToString()).To(BeEmpty())
Expect(session.ExitCode()).To(Equal(0))
session = podmanTest.Podman([]string{"run", "-d", "--name=maskCtr4", "--security-opt", "systempaths=unconfined", ALPINE, "sleep", "200"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
session = podmanTest.Podman([]string{"exec", "maskCtr4", "ls", "/sys/firmware"})
session.WaitWithDefaultTimeout()
Expect(session.OutputToString()).To(Not(BeEmpty()))
Expect(session.ExitCode()).To(Equal(0))
})
It("podman run seccomp test", func() {