diff options
author | Fabricio Voznika <fvoznika@google.com> | 2018-05-08 10:33:20 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-05-08 10:34:11 -0700 |
commit | e1b412d6609c848ff09356ead133b51cd0589731 (patch) | |
tree | 8c0000adbed2cd25ba9a9f787fe1e03b144e734c /runsc/sandbox/sandbox_test.go | |
parent | fea624b37a90c0e1efc0c1e7ae7dda7b2d1a0050 (diff) |
Error if container requires AppArmor, SELinux or seccomp
Closes #35
PiperOrigin-RevId: 195840128
Change-Id: I31c1ad9b51ec53abb6f0b485d35622d4e9764b29
Diffstat (limited to 'runsc/sandbox/sandbox_test.go')
-rw-r--r-- | runsc/sandbox/sandbox_test.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/runsc/sandbox/sandbox_test.go b/runsc/sandbox/sandbox_test.go index a46212173..1fac38a29 100644 --- a/runsc/sandbox/sandbox_test.go +++ b/runsc/sandbox/sandbox_test.go @@ -567,6 +567,28 @@ func TestConsoleSocket(t *testing.T) { } } +func TestSpecUnsupported(t *testing.T) { + spec := newSpecWithArgs("/bin/true") + spec.Process.SelinuxLabel = "somelabel" + + // These are normally set by docker and will just cause warnings to be logged. + spec.Process.ApparmorProfile = "someprofile" + spec.Linux = &specs.Linux{Seccomp: &specs.LinuxSeccomp{}} + + rootDir, bundleDir, conf, err := setupSandbox(spec) + if err != nil { + t.Fatalf("error setting up sandbox: %v", err) + } + defer os.RemoveAll(rootDir) + defer os.RemoveAll(bundleDir) + + id := uniqueSandboxID() + _, err = sandbox.Create(id, spec, conf, bundleDir, "", "", nil) + if err == nil || !strings.Contains(err.Error(), "is not supported") { + t.Errorf("sandbox.Create() wrong error, got: %v, want: *is not supported, spec.Process: %+v", err, spec.Process) + } +} + // procListsEqual is used to check whether 2 Process lists are equal for all // implemented fields. func procListsEqual(got, want []*control.Process) bool { |