Browse code
integration/container: Make tests runnable on SELinux enabled daemon
Signed-off-by: Ricardo Branco <rbranco@suse.de>
Ricardo Branco authored on 2025/10/19 04:54:13Showing 2 changed files
| ... | ... |
@@ -361,7 +361,7 @@ func TestContainerVolumesMountedAsSlave(t *testing.T) {
|
| 361 | 361 |
topCmd := []string{"top"}
|
| 362 | 362 |
|
| 363 | 363 |
apiClient := testEnv.APIClient() |
| 364 |
- containerID := container.Run(ctx, t, apiClient, container.WithTty(true), container.WithMount(slaveMount), container.WithCmd(topCmd...)) |
|
| 364 |
+ containerID := container.Run(ctx, t, apiClient, container.WithTty(true), container.WithMount(slaveMount), container.WithCmd(topCmd...), container.WithSecurityOpt("label=disable"))
|
|
| 365 | 365 |
|
| 366 | 366 |
// Bind mount tmpDir2/ onto tmpDir1/mnt1. If mount propagates inside |
| 367 | 367 |
// container then contents of tmpDir2/slave-testfile should become |
| ... | ... |
@@ -608,15 +608,15 @@ func TestContainerBindMountRecursivelyReadOnly(t *testing.T) {
|
| 608 | 608 |
apiClient := testEnv.APIClient() |
| 609 | 609 |
|
| 610 | 610 |
containers := []string{
|
| 611 |
- container.Run(ctx, t, apiClient, container.WithMount(ro), container.WithCmd(roVerifier...)), |
|
| 612 |
- container.Run(ctx, t, apiClient, container.WithBindRaw(roAsStr), container.WithCmd(roVerifier...)), |
|
| 611 |
+ container.Run(ctx, t, apiClient, container.WithMount(ro), container.WithCmd(roVerifier...), container.WithSecurityOpt("label=disable")),
|
|
| 612 |
+ container.Run(ctx, t, apiClient, container.WithBindRaw(roAsStr), container.WithCmd(roVerifier...), container.WithSecurityOpt("label=disable")),
|
|
| 613 | 613 |
|
| 614 |
- container.Run(ctx, t, apiClient, container.WithMount(nonRecursive), container.WithCmd(nonRecursiveVerifier...)), |
|
| 614 |
+ container.Run(ctx, t, apiClient, container.WithMount(nonRecursive), container.WithCmd(nonRecursiveVerifier...), container.WithSecurityOpt("label=disable")),
|
|
| 615 | 615 |
} |
| 616 | 616 |
|
| 617 | 617 |
if rroSupported {
|
| 618 | 618 |
containers = append(containers, |
| 619 |
- container.Run(ctx, t, apiClient, container.WithMount(forceRecursive), container.WithCmd(forceRecursiveVerifier...)), |
|
| 619 |
+ container.Run(ctx, t, apiClient, container.WithMount(forceRecursive), container.WithCmd(forceRecursiveVerifier...), container.WithSecurityOpt("label=disable")),
|
|
| 620 | 620 |
) |
| 621 | 621 |
} |
| 622 | 622 |
|
| ... | ... |
@@ -422,13 +422,13 @@ func TestCgroupRW(t *testing.T) {
|
| 422 | 422 |
}, |
| 423 | 423 |
{
|
| 424 | 424 |
name: "writable", |
| 425 |
- ops: []func(*container.TestContainerConfig){container.WithSecurityOpt("writable-cgroups")},
|
|
| 425 |
+ ops: []func(*container.TestContainerConfig){container.WithSecurityOpt("writable-cgroups"), container.WithSecurityOpt("label=disable")},
|
|
| 426 | 426 |
// no err msg, because this is correct key=bool |
| 427 | 427 |
expectedExitCode: 0, |
| 428 | 428 |
}, |
| 429 | 429 |
{
|
| 430 | 430 |
name: "writable=true", |
| 431 |
- ops: []func(*container.TestContainerConfig){container.WithSecurityOpt("writable-cgroups=true")},
|
|
| 431 |
+ ops: []func(*container.TestContainerConfig){container.WithSecurityOpt("writable-cgroups=true"), container.WithSecurityOpt("label=disable")},
|
|
| 432 | 432 |
// no err msg, because this is correct key=value |
| 433 | 433 |
expectedExitCode: 0, |
| 434 | 434 |
}, |
| ... | ... |
@@ -445,7 +445,7 @@ func TestCgroupRW(t *testing.T) {
|
| 445 | 445 |
}, |
| 446 | 446 |
{
|
| 447 | 447 |
name: "writable=1", |
| 448 |
- ops: []func(*container.TestContainerConfig){container.WithSecurityOpt("writable-cgroups=1")},
|
|
| 448 |
+ ops: []func(*container.TestContainerConfig){container.WithSecurityOpt("writable-cgroups=1"), container.WithSecurityOpt("label=disable")},
|
|
| 449 | 449 |
expectedErrMsg: `Error response from daemon: invalid --security-opt 2: "writable-cgroups=1"`, |
| 450 | 450 |
}, |
| 451 | 451 |
{
|