github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Test to ensure nosuid,nodev,noexec are set on /etc/reolv.conf mount.

Browse Source 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
This commit is contained in:
Vinayak Goyal 2023-03-29 18:36:01 +00:00
parent ae4dbb60d5
commit 990199a021
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/cri/server/sandbox_run_linux_test.go
View File

@ -91,6 +91,14 @@ func getRunPodSandboxTestData() (*runtime.PodSandboxConfig, *imagespec.ImageConf
assert.NotEqual(t, "", spec.Process.SelinuxLabel) assert.NotEqual(t, "", spec.Process.SelinuxLabel)
assert.NotEqual(t, "", spec.Linux.MountLabel) assert.NotEqual(t, "", spec.Linux.MountLabel)
} }
assert.Contains(t, spec.Mounts, runtimespec.Mount{
Source: "/test/root/sandboxes/test-id/resolv.conf",
Destination: resolvConfPath,
Type: "bind",
Options: []string{"rbind", "ro", "nosuid", "nodev", "noexec"},
})
} }
return config, imageConfig, specCheck return config, imageConfig, specCheck
} }