github.com/kata-containers/tests@v0.0.0-20240307153542-772105b56064/integration/kubernetes/k8s-seccomp.bats (about)

     1  #
     2  # Copyright (c) 2021 Red Hat
     3  #
     4  # SPDX-License-Identifier: Apache-2.0
     5  #
     6  
     7  load "${BATS_TEST_DIRNAME}/../../.ci/lib.sh"
     8  load "${BATS_TEST_DIRNAME}/tests_common.sh"
     9  
    10  setup() {
    11  	extract_kata_env
    12  
    13  	# Ensure setting seccomp mode is allowed on guest
    14  	sudo sed -i 's/disable_guest_seccomp=true/disable_guest_seccomp=false/' ${RUNTIME_CONFIG_PATH}
    15  
    16  	pod_name="seccomp-container"
    17  	get_pod_config_dir
    18  }
    19  
    20  @test "Support seccomp runtime/default profile" {
    21  	expected_seccomp_mode="2"
    22  	# Create pod
    23  	kubectl create -f "${pod_config_dir}/pod-seccomp.yaml"
    24  
    25  	# Wait it to complete
    26  	cmd="kubectl get pods ${pod_name} | grep Completed"
    27  	waitForProcess "${wait_time}" "${sleep_time}" "${cmd}"
    28  
    29  	# Expect Seccomp on mode 2 (filter)
    30  	seccomp_mode="$(kubectl logs ${pod_name} | sed 's/Seccomp:\s*\([0-9]\)/\1/')"
    31  	[ "$seccomp_mode" -eq "$expected_seccomp_mode" ]
    32  }
    33  
    34  teardown() {
    35  	# For debugging purpose
    36  	echo "seccomp mode is ${seccomp_mode}, expected $expected_seccomp_mode"
    37  	kubectl describe "pod/${pod_name}"
    38  
    39  	kubectl delete -f "${pod_config_dir}/pod-seccomp.yaml" || true
    40  	sudo sed -i 's/disable_guest_seccomp=false/disable_guest_seccomp=true/'\
    41  		${RUNTIME_CONFIG_PATH}
    42  }