baseline tests: apparmor with --privileged

https://github.com/containers/libpod/issues/3112 has revealed a regression in apparmor when running privileged containers where the profile must not be set or loaded. Add a simple test to avoid potential future regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2025-05-21 00:56:36 +08:00 · 2019-05-23 13:24:51 +02:00
parent fe928c6b42
commit bcbf5c4894
1 changed files with 10 additions and 0 deletions
--- a/test/test_podman_baseline.sh
+++ b/test/test_podman_baseline.sh
@ -504,6 +504,16 @@ EOF
        echo "failed"
    fi

+    #Expected to pass (as root with --privileged).
+    #Note that the profile should not be loaded letting the mount succeed.
+    podman run --privileged docker.io/library/alpine:latest sh -c "mkdir tmp2; mount --bind tmp tmp2"
+    rc=$?
+    echo -n "root with specified AppArmor profile but --privileged: "
+    if [ $rc == 0 ]; then
+        echo "passed"
+    else
+        echo "failed"
+    fi
    #Expected to fail (as rootless)
    sudo -u "#1000" podman run --security-opt apparmor=$aaProfile docker.io/library/alpine:latest echo hello
    rc=$?