Skip to content

Commit

Permalink
Merge pull request #9494 from mheon/sort_caps
Browse files Browse the repository at this point in the history 
Sort CapDrop in inspect to guarantee order
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot authored Feb 24, 2021
2 parents 4846f87 + fc32ec7 commit dec06b1
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
3 changes: 3 additions & 0 deletions libpod/container_inspect.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package libpod

import (
"fmt"
"sort"
"strings"

"github.com/containers/common/pkg/config"
Expand Down Expand Up @@ -698,6 +699,8 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
for cap := range boundingCaps {
capDrop = append(capDrop, cap)
}
// Sort CapDrop so it displays in consistent order (GH #9490)
sort.Strings(capDrop)
}
hostConfig.CapAdd = capAdd
hostConfig.CapDrop = capDrop
Expand Down
18 changes: 18 additions & 0 deletions test/e2e/inspect_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -490,4 +490,22 @@ var _ = Describe("Podman inspect", func() {
}
Expect(found).To(BeTrue())
})

It("Dropped capabilities are sorted", func() {
ctrName := "testCtr"
session := podmanTest.Podman([]string{"run", "-d", "--cap-drop", "CAP_AUDIT_WRITE", "--cap-drop", "CAP_MKNOD", "--cap-drop", "CAP_NET_RAW", "--name", ctrName, ALPINE, "top"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(BeZero())

inspect := podmanTest.Podman([]string{"inspect", ctrName})
inspect.WaitWithDefaultTimeout()
Expect(inspect.ExitCode()).To(BeZero())

data := inspect.InspectContainerToJSON()
Expect(len(data)).To(Equal(1))
Expect(len(data[0].HostConfig.CapDrop)).To(Equal(3))
Expect(data[0].HostConfig.CapDrop[0]).To(Equal("CAP_AUDIT_WRITE"))
Expect(data[0].HostConfig.CapDrop[1]).To(Equal("CAP_MKNOD"))
Expect(data[0].HostConfig.CapDrop[2]).To(Equal("CAP_NET_RAW"))
})
})

0 comments on commit dec06b1

Please sign in to comment.