From a8cac24bea8c4fe1ae1c49d8f3841974c2448413 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Thu, 25 Jun 2020 09:58:31 +0200 Subject: [PATCH] e2e inspect: HostConfig.SecurityOpt Make sure that all specified security options are displayed in a container's inspect data. Signed-off-by: Valentin Rothberg --- test/e2e/inspect_test.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index 2fad38a36c..ed7876d8a2 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -7,6 +7,7 @@ import ( . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + "github.com/opencontainers/selinux/go-selinux" ) var _ = Describe("Podman inspect", func() { @@ -263,4 +264,29 @@ var _ = Describe("Podman inspect", func() { Expect(len(baseJSON)).To(Equal(1)) Expect(baseJSON[0].Name).To(Equal(ctrName)) }) + + It("podman inspect - HostConfig.SecurityOpt ", func() { + if !selinux.GetEnabled() { + Skip("SELinux not enabled") + } + + ctrName := "hugo" + create := podmanTest.PodmanNoCache([]string{ + "create", "--name", ctrName, + "--security-opt", "seccomp=unconfined", + "--security-opt", "label=type:spc_t", + "--security-opt", "label=level:s0", + ALPINE, "sh"}) + + create.WaitWithDefaultTimeout() + Expect(create.ExitCode()).To(Equal(0)) + + baseInspect := podmanTest.Podman([]string{"inspect", ctrName}) + baseInspect.WaitWithDefaultTimeout() + Expect(baseInspect.ExitCode()).To(Equal(0)) + baseJSON := baseInspect.InspectContainerToJSON() + Expect(len(baseJSON)).To(Equal(1)) + Expect(baseJSON[0].HostConfig.SecurityOpt).To(Equal([]string{"label=type:spc_t,label=level:s0", "seccomp=unconfined"})) + }) + })