opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-24 19:42:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7849 from baude/f33tests

Browse Source 
misc fixes for f33 integration tests
This commit is contained in:
OpenShift Merge Robot
2020-10-01 16:35:29 -04:00
committed by GitHub
parent 5d22eb02f9 df532ee8c1
commit 6a2c7d8831
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/e2e/run_security_labels.go
View File

@ -130,7 +130,7 @@ var _ = Describe("Podman generate kube", func() {
SkipIfRemote("runlabel not supported on podman-remote") SkipIfRemote("runlabel not supported on podman-remote")
PodmanDockerfile := ` PodmanDockerfile := `
FROM alpine:latest FROM alpine:latest
LABEL io.containers.capabilities=chown,mknod` LABEL io.containers.capabilities=chown,kill`
image := "podman-caps:podman" image := "podman-caps:podman"
podmanTest.BuildImage(PodmanDockerfile, image, "false") podmanTest.BuildImage(PodmanDockerfile, image, "false")
@ -145,7 +145,7 @@ LABEL io.containers.capabilities=chown,mknod`
ctr := inspect.InspectContainerToJSON() ctr := inspect.InspectContainerToJSON()
caps := strings.Join(ctr[0].EffectiveCaps, ",") caps := strings.Join(ctr[0].EffectiveCaps, ",")
Expect(caps).To(Equal("CAP_CHOWN,CAP_MKNOD")) Expect(caps).To(Equal("CAP_CHOWN,CAP_KILL"))
}) })
}) })

6
test/e2e/run_test.go
View File

@ -261,6 +261,8 @@ var _ = Describe("Podman run", func() {
}) })
It("podman run user capabilities test", func() { It("podman run user capabilities test", func() {
// We need to ignore the containers.conf on the test distribution for this test
os.Setenv("CONTAINERS_CONF", "/dev/null")
session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", ALPINE, "grep", "CapBnd", "/proc/self/status"}) session := podmanTest.Podman([]string{"run", "--rm", "--user", "bin", ALPINE, "grep", "CapBnd", "/proc/self/status"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0)) Expect(session.ExitCode()).To(Equal(0))
@ -293,6 +295,8 @@ var _ = Describe("Podman run", func() {
}) })
It("podman run user capabilities test with image", func() { It("podman run user capabilities test with image", func() {
// We need to ignore the containers.conf on the test distribution for this test
os.Setenv("CONTAINERS_CONF", "/dev/null")
SkipIfRemote("FIXME This should work on podman-remote") SkipIfRemote("FIXME This should work on podman-remote")
dockerfile := `FROM busybox dockerfile := `FROM busybox
USER bin` USER bin`
@ -1134,7 +1138,7 @@ USER mail`
It("podman run --device-cgroup-rule", func() { It("podman run --device-cgroup-rule", func() {
SkipIfRootless("rootless users are not allowed to mknod") SkipIfRootless("rootless users are not allowed to mknod")
deviceCgroupRule := "c 42:* rwm" deviceCgroupRule := "c 42:* rwm"
session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) session := podmanTest.Podman([]string{"run", "--cap-add", "mknod", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0)) Expect(session.ExitCode()).To(Equal(0))
session = podmanTest.Podman([]string{"exec", "test", "mknod", "newDev", "c", "42", "1"}) session = podmanTest.Podman([]string{"exec", "test", "mknod", "newDev", "c", "42", "1"})