github.com/kata-containers/tests@v0.0.0-20240307153542-772105b56064/integration/kubernetes/k8s-seccomp.bats (about) 1 # 2 # Copyright (c) 2021 Red Hat 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 7 load "${BATS_TEST_DIRNAME}/../../.ci/lib.sh" 8 load "${BATS_TEST_DIRNAME}/tests_common.sh" 9 10 setup() { 11 extract_kata_env 12 13 # Ensure setting seccomp mode is allowed on guest 14 sudo sed -i 's/disable_guest_seccomp=true/disable_guest_seccomp=false/' ${RUNTIME_CONFIG_PATH} 15 16 pod_name="seccomp-container" 17 get_pod_config_dir 18 } 19 20 @test "Support seccomp runtime/default profile" { 21 expected_seccomp_mode="2" 22 # Create pod 23 kubectl create -f "${pod_config_dir}/pod-seccomp.yaml" 24 25 # Wait it to complete 26 cmd="kubectl get pods ${pod_name} | grep Completed" 27 waitForProcess "${wait_time}" "${sleep_time}" "${cmd}" 28 29 # Expect Seccomp on mode 2 (filter) 30 seccomp_mode="$(kubectl logs ${pod_name} | sed 's/Seccomp:\s*\([0-9]\)/\1/')" 31 [ "$seccomp_mode" -eq "$expected_seccomp_mode" ] 32 } 33 34 teardown() { 35 # For debugging purpose 36 echo "seccomp mode is ${seccomp_mode}, expected $expected_seccomp_mode" 37 kubectl describe "pod/${pod_name}" 38 39 kubectl delete -f "${pod_config_dir}/pod-seccomp.yaml" || true 40 sudo sed -i 's/disable_guest_seccomp=false/disable_guest_seccomp=true/'\ 41 ${RUNTIME_CONFIG_PATH} 42 }