mirror of
https://github.com/containers/podman
synced 2024-10-20 17:23:30 +00:00
88 lines
2.7 KiB
Go
88 lines
2.7 KiB
Go
|
package integration
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"os"
|
||
|
|
||
|
. "github.com/onsi/ginkgo"
|
||
|
. "github.com/onsi/gomega"
|
||
|
"github.com/opencontainers/selinux/go-selinux"
|
||
|
)
|
||
|
|
||
|
var _ = Describe("Podman run", func() {
|
||
|
var (
|
||
|
tempdir string
|
||
|
err error
|
||
|
podmanTest PodmanTest
|
||
|
)
|
||
|
|
||
|
BeforeEach(func() {
|
||
|
tempdir, err = CreateTempDirInTempDir()
|
||
|
if err != nil {
|
||
|
os.Exit(1)
|
||
|
}
|
||
|
podmanTest = PodmanCreate(tempdir)
|
||
|
podmanTest.RestoreAllArtifacts()
|
||
|
if !selinux.GetEnabled() {
|
||
|
Skip("SELinux not enabled")
|
||
|
}
|
||
|
})
|
||
|
|
||
|
AfterEach(func() {
|
||
|
podmanTest.Cleanup()
|
||
|
f := CurrentGinkgoTestDescription()
|
||
|
timedResult := fmt.Sprintf("Test: %s completed in %f seconds", f.TestText, f.Duration.Seconds())
|
||
|
GinkgoWriter.Write([]byte(timedResult))
|
||
|
})
|
||
|
|
||
|
It("podman run selinux", func() {
|
||
|
session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/proc/self/attr/current"})
|
||
|
session.WaitWithDefaultTimeout()
|
||
|
Expect(session.ExitCode()).To(Equal(0))
|
||
|
match, _ := session.GrepString("container_t")
|
||
|
Expect(match).Should(BeTrue())
|
||
|
})
|
||
|
|
||
|
It("podman run selinux grep test", func() {
|
||
|
session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=level:s0:c1,c2", ALPINE, "cat", "/proc/self/attr/current"})
|
||
|
session.WaitWithDefaultTimeout()
|
||
|
Expect(session.ExitCode()).To(Equal(0))
|
||
|
match, _ := session.GrepString("s0:c1,c2")
|
||
|
Expect(match).Should(BeTrue())
|
||
|
})
|
||
|
|
||
|
It("podman run selinux disable test", func() {
|
||
|
session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=disable", ALPINE, "cat", "/proc/self/attr/current"})
|
||
|
session.WaitWithDefaultTimeout()
|
||
|
Expect(session.ExitCode()).To(Equal(0))
|
||
|
match, _ := session.GrepString("spc_t")
|
||
|
Expect(match).Should(BeTrue())
|
||
|
})
|
||
|
|
||
|
It("podman run selinux type check test", func() {
|
||
|
session := podmanTest.Podman([]string{"run", "-it", ALPINE, "cat", "/proc/self/attr/current"})
|
||
|
session.WaitWithDefaultTimeout()
|
||
|
Expect(session.ExitCode()).To(Equal(0))
|
||
|
match1, _ := session.GrepString("container_t")
|
||
|
match2, _ := session.GrepString("svirt_lxc_net_t")
|
||
|
Expect(match1 || match2).Should(BeTrue())
|
||
|
})
|
||
|
|
||
|
It("podman run selinux type setup test", func() {
|
||
|
session := podmanTest.Podman([]string{"run", "-it", "--security-opt", "label=type:spc_t", ALPINE, "cat", "/proc/self/attr/current"})
|
||
|
session.WaitWithDefaultTimeout()
|
||
|
Expect(session.ExitCode()).To(Equal(0))
|
||
|
match, _ := session.GrepString("spc_t")
|
||
|
Expect(match).Should(BeTrue())
|
||
|
})
|
||
|
|
||
|
It("podman privileged selinux", func() {
|
||
|
session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "cat", "/proc/self/attr/current"})
|
||
|
session.WaitWithDefaultTimeout()
|
||
|
Expect(session.ExitCode()).To(Equal(0))
|
||
|
match, _ := session.GrepString("spc_t")
|
||
|
Expect(match).Should(BeTrue())
|
||
|
})
|
||
|
|
||
|
})
|