opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-21 09:05:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

baseline tests: apparmor with --privileged

Browse Source 
https://github.com/containers/libpod/issues/3112 has revealed a
regression in apparmor when running privileged containers where the
profile must not be set or loaded.  Add a simple test to avoid potential
future regressions.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This commit is contained in:
Valentin Rothberg
2019-05-23 13:24:51 +02:00
parent fe928c6b42
commit bcbf5c4894
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
test/test_podman_baseline.sh
View File

@ -504,6 +504,16 @@ EOF
echo "failed" echo "failed"
fi fi
#Expected to pass (as root with --privileged).
#Note that the profile should not be loaded letting the mount succeed.
podman run --privileged docker.io/library/alpine:latest sh -c "mkdir tmp2; mount --bind tmp tmp2"
rc=$?
echo -n "root with specified AppArmor profile but --privileged: "
if [ $rc == 0 ]; then
echo "passed"
else
echo "failed"
fi
#Expected to fail (as rootless) #Expected to fail (as rootless)
sudo -u "#1000" podman run --security-opt apparmor=$aaProfile docker.io/library/alpine:latest echo hello sudo -u "#1000" podman run --security-opt apparmor=$aaProfile docker.io/library/alpine:latest echo hello
rc=$? rc=$?