github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Support NoNewPrivileges

Browse Source 
fixes #117

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
This commit is contained in:
Yanqiang Miao
2017-08-23 09:45:44 +08:00
parent 810ffbb9b6
commit 1aec120d5f
3 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/server/container_create_test.go
View File

@@ -90,6 +90,7 @@ func getCreateContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandbox
DropCapabilities: []string{"CHOWN"},
},
SupplementalGroups: []int64{1111, 2222},
NoNewPrivs: true,
},
},
}
@@ -146,6 +147,9 @@ func getCreateContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandbox
assert.Contains(t, spec.Process.User.AdditionalGids, uint32(1111))
assert.Contains(t, spec.Process.User.AdditionalGids, uint32(2222))
t.Logf("Check no_new_privs")
assert.Equal(t, spec.Process.NoNewPrivileges, true)
t.Logf("Check cgroup path")
assert.Equal(t, getCgroupsPath("/test/cgroup/parent", id), spec.Linux.CgroupsPath)