opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-09 23:27:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add support for kube securityContext\.procMount

Browse Source 
Fixes: https://github.com/containers/podman/issues/19881

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2023-09-06 16:49:38 -04:00
parent c17c190f89
commit b83485022d
5 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
test/system/710-kube.bats
View File

@@ -74,6 +74,21 @@ status | = | null
run_podman rm $cname
}
@test "podman kube generate unmasked" {
KUBE=$PODMAN_TMPDIR/kube.yaml
run_podman create --name test --security-opt unmask=all $IMAGE
run_podman inspect --format '{{ .HostConfig.SecurityOpt }}' test
is "$output" "[unmask=all]" "Inspect should see unmask all"
run_podman kube generate test -f $KUBE
assert "$(< $KUBE)" =~ "procMount: Unmasked" "Generated kube yaml should have procMount unmasked"
run_podman kube play $KUBE
run_podman inspect --format '{{ .HostConfig.SecurityOpt }}' test-pod-test
is "$output" "[unmask=all]" "Inspect kube play container should see unmask all"
run_podman kube down $KUBE
run_podman pod rm -a
run_podman rm -a
}
@test "podman kube generate - pod" {
local pname=p$(random_string 15)
local cname1=c1$(random_string 15)