github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/test/e2e/run_seccomp_test.go

github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/test/e2e/run_seccomp_test.go (about)

     1  package integration
     2  
     3  import (
     4  	"os"
     5  
     6  	. "github.com/hanks177/podman/v4/test/utils"
     7  	. "github.com/onsi/ginkgo"
     8  	. "github.com/onsi/gomega"
     9  	. "github.com/onsi/gomega/gexec"
    10  )
    11  
    12  var _ = Describe("Podman run", func() {
    13  	var (
    14  		tempdir    string
    15  		err        error
    16  		podmanTest *PodmanTestIntegration
    17  	)
    18  
    19  	BeforeEach(func() {
    20  		tempdir, err = CreateTempDirInTempDir()
    21  		if err != nil {
    22  			os.Exit(1)
    23  		}
    24  		podmanTest = PodmanTestCreate(tempdir)
    25  		podmanTest.Setup()
    26  	})
    27  
    28  	AfterEach(func() {
    29  		podmanTest.Cleanup()
    30  		f := CurrentGinkgoTestDescription()
    31  		processTestResult(f)
    32  
    33  	})
    34  
    35  	It("podman run --seccomp-policy default", func() {
    36  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "default", alpineSeccomp, "ls"})
    37  		session.WaitWithDefaultTimeout()
    38  		Expect(session).Should(Exit(0))
    39  	})
    40  
    41  	It("podman run --seccomp-policy ''", func() {
    42  		// Empty string is interpreted as "default".
    43  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "", alpineSeccomp, "ls"})
    44  		session.WaitWithDefaultTimeout()
    45  		Expect(session).Should(Exit(0))
    46  	})
    47  
    48  	It("podman run --seccomp-policy invalid", func() {
    49  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "invalid", alpineSeccomp, "ls"})
    50  		session.WaitWithDefaultTimeout()
    51  		Expect(session).To(ExitWithError())
    52  	})
    53  
    54  	It("podman run --seccomp-policy image (block all syscalls)", func() {
    55  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineSeccomp, "ls"})
    56  		session.WaitWithDefaultTimeout()
    57  		// TODO: we're getting a "cannot start a container that has
    58  		//       stopped" error which seems surprising.  Investigate
    59  		//       why that is so.
    60  		Expect(session).To(ExitWithError())
    61  	})
    62  
    63  	It("podman run --seccomp-policy image (bogus profile)", func() {
    64  		session := podmanTest.Podman([]string{"run", "--seccomp-policy", "image", alpineBogusSeccomp, "ls"})
    65  		session.WaitWithDefaultTimeout()
    66  		Expect(session).Should(Exit(125))
    67  	})
    68  })