opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-05 12:52:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4781 from haircommander/seccomp-profile-root

Browse Source 
play kube: make seccomp handling better conform to k8s
This commit is contained in:
OpenShift Merge Robot
2020-01-07 22:13:03 +01:00
committed by GitHub
parent bd3d8f4e28 b6792b61de
commit c41fd09a8d
6 changed files with 31 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
test/e2e/play_kube_test.go
View File

@@ -358,10 +358,11 @@ var _ = Describe("Podman generate kube", func() {
ctrAnnotation := "container.seccomp.security.alpha.kubernetes.io/" + defaultCtrName
ctr := getCtr(withCmd([]string{"pwd"}))
err = generateKubeYaml(getPod(withCtr(ctr), withAnnotation(ctrAnnotation, "localhost:"+jsonFile)), kubeYaml)
err = generateKubeYaml(getPod(withCtr(ctr), withAnnotation(ctrAnnotation, "localhost/"+filepath.Base(jsonFile))), kubeYaml)
Expect(err).To(BeNil())
kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
// CreateSeccompJson will put the profile into podmanTest.TempDir. Use --seccomp-profile-root to tell play kube where to look
kube := podmanTest.Podman([]string{"play", "kube", "--seccomp-profile-root", podmanTest.TempDir, kubeYaml})
kube.WaitWithDefaultTimeout()
Expect(kube.ExitCode()).To(Equal(0))
@@ -378,13 +379,15 @@ var _ = Describe("Podman generate kube", func() {
fmt.Println(err)
Skip("Failed to prepare seccomp.json for test.")
}
defer os.Remove(jsonFile)
ctr := getCtr(withCmd([]string{"pwd"}))
err = generateKubeYaml(getPod(withCtr(ctr), withAnnotation("seccomp.security.alpha.kubernetes.io/pod", "localhost:"+jsonFile)), kubeYaml)
err = generateKubeYaml(getPod(withCtr(ctr), withAnnotation("seccomp.security.alpha.kubernetes.io/pod", "localhost/"+filepath.Base(jsonFile))), kubeYaml)
Expect(err).To(BeNil())
kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
// CreateSeccompJson will put the profile into podmanTest.TempDir. Use --seccomp-profile-root to tell play kube where to look
kube := podmanTest.Podman([]string{"play", "kube", "--seccomp-profile-root", podmanTest.TempDir, kubeYaml})
kube.WaitWithDefaultTimeout()
Expect(kube.ExitCode()).To(Equal(0))