From a0204f1dd01be75b25922c43a96bf34b5867ebe1 Mon Sep 17 00:00:00 2001 From: Jakob Ahrer Date: Fri, 14 Apr 2023 19:31:21 +0200 Subject: [PATCH] Add missing security options to /info response Signed-off-by: Jakob Ahrer --- pkg/api/handlers/compat/info.go | 8 ++++++++ test/apiv2/python/rest_api/test_v2_0_0_system.py | 14 +++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/pkg/api/handlers/compat/info.go b/pkg/api/handlers/compat/info.go index 60bbd40fe7..f7aa9fc362 100644 --- a/pkg/api/handlers/compat/info.go +++ b/pkg/api/handlers/compat/info.go @@ -21,6 +21,7 @@ import ( "github.com/docker/docker/api/types/registry" "github.com/docker/docker/api/types/swarm" "github.com/google/uuid" + "github.com/opencontainers/selinux/go-selinux" log "github.com/sirupsen/logrus" ) @@ -181,6 +182,13 @@ func getSecOpts(sysInfo *sysinfo.SysInfo) []string { // FIXME: get profile name... secOpts = append(secOpts, fmt.Sprintf("name=seccomp,profile=%s", "default")) } + if rootless.IsRootless() { + secOpts = append(secOpts, "name=rootless") + } + if selinux.GetEnabled() { + secOpts = append(secOpts, "name=selinux") + } + return secOpts } diff --git a/test/apiv2/python/rest_api/test_v2_0_0_system.py b/test/apiv2/python/rest_api/test_v2_0_0_system.py index 1140d09cfa..39b17fd229 100644 --- a/test/apiv2/python/rest_api/test_v2_0_0_system.py +++ b/test/apiv2/python/rest_api/test_v2_0_0_system.py @@ -3,6 +3,7 @@ import unittest import uuid import requests +import yaml from .fixtures import APITestCase @@ -16,7 +17,18 @@ class SystemTestCase(APITestCase): r = requests.get(self.podman_url + "/v1.40/info") self.assertEqual(r.status_code, 200, r.text) self.assertIsNotNone(r.content) - _ = r.json() + response = r.json() + + info_status = yaml.load(self.podman.run("info").stdout, Loader=yaml.FullLoader) + if info_status["host"]["security"]["rootless"]: + self.assertIn("name=rootless", response["SecurityOptions"]) + else: + self.assertNotIn("name=rootless", response["SecurityOptions"]) + + if info_status["host"]["security"]["selinuxEnabled"]: + self.assertIn("name=selinux", response["SecurityOptions"]) + else: + self.assertNotIn("name=selinux", response["SecurityOptions"]) def test_events(self): r = requests.get(self.uri("/events?stream=false"))