opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-27 21:50:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add support & documentation to run containers with different file types

Browse Source 
Udica is adding new features to allow users to define container process
and file types. This would allow us to setup trusted communications channels
between multiple security domains.  ContainerA -> ContainerB -> ContainerC

Add tests to make sure users can change file types

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2019-08-09 16:29:43 -04:00
parent c48243ee1e
commit 316e51f0a9
10 changed files with 83 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
test/e2e/run_selinux_test.go
View File

@ -153,4 +153,16 @@ var _ = Describe("Podman run", func() {
Expect(match).Should(BeTrue())
})
It("podman run selinux file type setup test", func() {
session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", "--security-opt", "label=filetype:container_var_lib_t", fedoraMinimal, "ls", "-Z", "/dev"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
match, _ := session.GrepString("container_var_lib_t")
Expect(match).Should(BeTrue())
session = podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", "--security-opt", "label=filetype:foobar", fedoraMinimal, "ls", "-Z", "/dev"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(127))
})
})