github.com/containers/libpod@v1.9.4-0.20220419124438-4284fd425507/test/e2e/run_seccomp.go

github.com/containers/libpod@v1.9.4-0.20220419124438-4284fd425507/test/e2e/run_seccomp.go (about)

     1  // +build !remoteclient
     2  
     3  package integration
     4  
     5  import (
     6  	"os"
     7  
     8  	. "github.com/containers/libpod/test/utils"
     9  	. "github.com/onsi/ginkgo"
    10  	. "github.com/onsi/gomega"
    11  )
    12  
    13  var _ = Describe("Podman run", func() {
    14  	var (
    15  		tempdir    string
    16  		err        error
    17  		podmanTest *PodmanTestIntegration
    18  	)
    19  
    20  	BeforeEach(func() {
    21  		tempdir, err = CreateTempDirInTempDir()
    22  		if err != nil {
    23  			os.Exit(1)
    24  		}
    25  		podmanTest = PodmanTestCreate(tempdir)
    26  		podmanTest.Setup()
    27  		podmanTest.SeedImages()
    28  	})
    29  
    30  	AfterEach(func() {
    31  		podmanTest.Cleanup()
    32  		f := CurrentGinkgoTestDescription()
    33  		processTestResult(f)
    34  
    35  	})
    36  
    37  	It("podman run --seccomp-policy default", func() {
    38  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "default", alpineSeccomp, "ls"})
    39  		session.WaitWithDefaultTimeout()
    40  		Expect(session.ExitCode()).To(Equal(0))
    41  	})
    42  
    43  	It("podman run --seccomp-policy ''", func() {
    44  		// Empty string is interpreted as "default".
    45  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "", alpineSeccomp, "ls"})
    46  		session.WaitWithDefaultTimeout()
    47  		Expect(session.ExitCode()).To(Equal(0))
    48  	})
    49  
    50  	It("podman run --seccomp-policy invalid", func() {
    51  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "invalid", alpineSeccomp, "ls"})
    52  		session.WaitWithDefaultTimeout()
    53  		Expect(session.ExitCode()).ToNot(Equal(0))
    54  	})
    55  
    56  	It("podman run --seccomp-policy image (block all syscalls)", func() {
    57  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineSeccomp, "ls"})
    58  		session.WaitWithDefaultTimeout()
    59  		// TODO: we're getting a "cannot start a container that has
    60  		//       stopped" error which seems surprising.  Investigate
    61  		//       why that is so.
    62  		Expect(session.ExitCode()).ToNot(Equal(0))
    63  	})
    64  
    65  	It("podman run --seccomp-policy image (bogus profile)", func() {
    66  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineBogusSeccomp, "ls"})
    67  		session.WaitWithDefaultTimeout()
    68  		Expect(session.ExitCode()).To(Equal(125))
    69  	})
    70  })