github.com/dmaizel/tests@v0.0.0-20210728163746-cae6a2d9cee8/integration/docker/cap_test.go

github.com/dmaizel/tests@v0.0.0-20210728163746-cae6a2d9cee8/integration/docker/cap_test.go (about)

     1  // Copyright (c) 2018 Intel Corporation
     2  //
     3  // SPDX-License-Identifier: Apache-2.0
     4  
     5  package docker
     6  
     7  import (
     8  	"fmt"
     9  
    10  	. "github.com/onsi/ginkgo"
    11  	. "github.com/onsi/ginkgo/extensions/table"
    12  	. "github.com/onsi/gomega"
    13  )
    14  
    15  func selectCaps(selectOption string) TableEntry {
    16  	return Entry(fmt.Sprintf("cap_%s", selectOption), selectOption)
    17  }
    18  
    19  var _ = Describe("capabilities", func() {
    20  	var (
    21  		args      []string
    22  		id        string
    23  		anotherID string
    24  		stdout    string
    25  		exitCode  int
    26  	)
    27  
    28  	BeforeEach(func() {
    29  		id = randomDockerName()
    30  		anotherID = randomDockerName()
    31  	})
    32  
    33  	AfterEach(func() {
    34  		Expect(ExistDockerContainer(id)).NotTo(BeTrue())
    35  		Expect(ExistDockerContainer(anotherID)).NotTo(BeTrue())
    36  	})
    37  
    38  	DescribeTable("drop and add capabilities",
    39  		func(selectOption string) {
    40  			args = []string{"--name", id, "--rm", "--cap-drop", selectOption, CentosImage, "sh", "-c", "capsh --print"}
    41  			stdout, _, exitCode = dockerRun(args...)
    42  			Expect(exitCode).To(Equal(0))
    43  			Expect(stdout).NotTo(ContainSubstring("cap_" + selectOption))
    44  
    45  			args = []string{"--name", anotherID, "--rm", "--cap-add", selectOption, CentosImage, "sh", "-c", "capsh --print"}
    46  			stdout, _, exitCode = dockerRun(args...)
    47  			Expect(exitCode).To(Equal(0))
    48  			Expect(stdout).To(ContainSubstring("cap_" + selectOption))
    49  		},
    50  		selectCaps("audit_control"),
    51  		selectCaps("audit_write"),
    52  		selectCaps("chown"),
    53  		selectCaps("dac_override"),
    54  		selectCaps("dac_read_search"),
    55  		selectCaps("fowner"),
    56  		selectCaps("fsetid"),
    57  		selectCaps("ipc_lock"),
    58  		selectCaps("ipc_owner"),
    59  		selectCaps("kill"),
    60  		selectCaps("lease"),
    61  		selectCaps("linux_immutable"),
    62  		selectCaps("mac_admin"),
    63  		selectCaps("mac_override"),
    64  		selectCaps("mknod"),
    65  		selectCaps("net_admin"),
    66  		selectCaps("net_bind_service"),
    67  		selectCaps("net_broadcast"),
    68  		selectCaps("net_raw"),
    69  		selectCaps("setgid"),
    70  		selectCaps("setfcap"),
    71  		selectCaps("setuid"),
    72  		selectCaps("setpcap"),
    73  		selectCaps("sys_admin"),
    74  		selectCaps("sys_boot"),
    75  		selectCaps("sys_chroot"),
    76  		selectCaps("sys_nice"),
    77  		selectCaps("sys_pacct"),
    78  		selectCaps("sys_ptrace"),
    79  		selectCaps("sys_rawio"),
    80  		selectCaps("sys_resource"),
    81  		selectCaps("sys_module"),
    82  		selectCaps("sys_time"),
    83  		selectCaps("sys_tty_config"),
    84  		selectCaps("syslog"),
    85  	)
    86  })