Skip to content

Commit

Permalink
Add a test for CVE-2022-27651
Browse files Browse the repository at this point in the history 
Check that the inheritable capabilities are set to 0, even when we
explicitly try to add capabilities.

Signed-off-by: Nalin Dahyabhai <[email protected]>
  • Loading branch information
@nalind
nalind committed Sep 19, 2022
1 parent 4aca8fd commit 77fdaa4
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions tests/run.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -608,3 +608,16 @@ _EOF
uncolored="$output"
[ "$colored" != "$uncolored" ]
}

@test "run-inheritable-capabilities" {
skip_if_no_runtime

_prefetch alpine

run_buildah from --quiet --pull=false --signature-policy ${TESTSDIR}/policy.json alpine
cid=$output
run_buildah run $cid grep ^CapInh: /proc/self/status
expect_output "CapInh: 0000000000000000"
run_buildah run --cap-add=ALL $cid grep ^CapInh: /proc/self/status
expect_output "CapInh: 0000000000000000"
}

0 comments on commit 77fdaa4

Please sign in to comment.