github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/no_pivot.bats

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/no_pivot.bats (about)

     1  #!/usr/bin/env bats
     2  
     3  load helpers
     4  
     5  function setup() {
     6  	setup_busybox
     7  }
     8  
     9  function teardown() {
    10  	teardown_bundle
    11  }
    12  
    13  @test "runc run --no-pivot must not expose bare /proc" {
    14  	requires root
    15  
    16  	update_config '	  .process.args |= ["unshare", "-mrpf", "sh", "-euxc", "mount -t proc none /proc && echo h > /proc/sysrq-trigger"]
    17  			| .process.capabilities.bounding += ["CAP_SETFCAP"]
    18  			| .process.capabilities.permitted += ["CAP_SETFCAP"]'
    19  
    20  	runc run --no-pivot test_no_pivot
    21  	[ "$status" -eq 1 ]
    22  	[[ "$output" == *"mount: permission denied"* ]]
    23  }