mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 02:35:43 +08:00 
			
		
		
		
	 4fd1965ab4
			
		
	
	4fd1965ab4
	
	
	
		
			
			Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
		
			
				
	
	
		
			29 lines
		
	
	
		
			677 B
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			29 lines
		
	
	
		
			677 B
		
	
	
	
		
			Go
		
	
	
	
	
	
| package generate
 | |
| 
 | |
| import (
 | |
| 	"testing"
 | |
| 
 | |
| 	"github.com/stretchr/testify/assert"
 | |
| )
 | |
| 
 | |
| func TestShouldMask(t *testing.T) {
 | |
| 	tests := []struct {
 | |
| 		mask       string
 | |
| 		unmask     []string
 | |
| 		shouldMask bool
 | |
| 	}{
 | |
| 		{"/proc/foo", []string{"all"}, false},
 | |
| 		{"/proc/foo", []string{"ALL"}, false},
 | |
| 		{"/proc/foo", []string{"/proc/foo"}, false},
 | |
| 		{"/proc/foo", []string{"/proc/*"}, false},
 | |
| 		{"/proc/foo", []string{"/proc/bar", "all"}, false},
 | |
| 		{"/proc/foo", []string{"/proc/f*"}, false},
 | |
| 		{"/proc/foo", []string{"/proc/b*"}, true},
 | |
| 		{"/proc/foo", []string{}, true},
 | |
| 	}
 | |
| 	for _, test := range tests {
 | |
| 		val := shouldMask(test.mask, test.unmask)
 | |
| 		assert.Equal(t, val, test.shouldMask)
 | |
| 	}
 | |
| }
 |