kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Expand unshare test to include privileged test

Browse source 
This ensures that AppArmor, not other mechanisms used
by Docker or the kernel is restricting the mount.

Signed-off-by: Eric Windisch <eric@windisch.us>
This commit is contained in:
Eric Windisch 2015-05-28 14:55:22 -04:00
parent 3bda841e3e
commit e58161fedc
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
integration-cli/docker_cli_run_test.go
View file

@ -3179,6 +3179,13 @@ func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
if out, _, err := runCommandWithOutput(runCmd); err == nil || !strings.Contains(out, "Permission denied") { if out, _, err := runCommandWithOutput(runCmd); err == nil || !strings.Contains(out, "Permission denied") {
c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err) c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err)
} }
/* Ensure still fails if running privileged with the default policy */
name = "crashoverride"
runCmd = exec.Command(dockerBinary, "run", "--privileged", "--security-opt", "apparmor:docker-default", "--name", name, "jess/unshare", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
if out, _, err := runCommandWithOutput(runCmd); err == nil || !strings.Contains(out, "Permission denied") {
c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err)
}
} }
func (s *DockerSuite) TestRunPublishPort(c *check.C) { func (s *DockerSuite) TestRunPublishPort(c *check.C) {