opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-25 03:52:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add FIPS mode secret

Browse Source 
If the host is in FIPS mode and /etc/system-fips exists
/run/secrets/system-fips is created in the container so that
the container can run in FIPS mode as well.

Signed-off-by: umohnani8 <umohnani@redhat.com>
This commit is contained in:
umohnani8
2018-04-19 10:25:01 -04:00
parent 8493dba23c
commit 57afb7514d
3 changed files with 91 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
test/e2e/run_test.go
View File

@ -302,6 +302,20 @@ var _ = Describe("Podman run", func() {
Expect(err).To(BeNil())
})
It("podman run with FIPS mode secrets", func() {
fipsFile := "/etc/system-fips"
err = ioutil.WriteFile(fipsFile, []byte{}, 0755)
Expect(err).To(BeNil())
session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "ls", "/run/secrets"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring("system-fips"))
err = os.Remove(fipsFile)
Expect(err).To(BeNil())
})
It("podman run without group-add", func() {
session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"})
session.WaitWithDefaultTimeout()