test: add caps drop test

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-12 18:20:34 +02:00 · 2017-05-12 18:20:34 +02:00 · 9b48e83027
commit 9b48e83027
parent 2d997859de
1 changed files with 17 additions and 0 deletions
--- a/test/ctr.bats
+++ b/test/ctr.bats
@ -556,3 +556,20 @@ function teardown() {
 	cleanup_pods
 	stop_ocid
 }
+
+@test "ctr caps drop" {
+	start_ocid
+	run ocic pod run --config "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+	capsconfig=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["security_context"]["capabilities"] = {u"add_capabilities": [], u"drop_capabilities": [u"mknod", u"kill", u"sys_chroot", u"setuid", u"setgid"]}; json.dump(obj, sys.stdout)')
+	echo "$capsconfig" > "$TESTDIR"/container_config_caps.json
+	run ocic ctr create --config "$TESTDIR"/container_config_caps.json --pod "$pod_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+
+	cleanup_ctrs
+	cleanup_pods
+	stop_ocid
+}