|
@@ -3144,6 +3144,13 @@ func (s *DockerSuite) TestRunUnshareProc(c *check.C) {
|
|
|
if out, _, err := runCommandWithOutput(runCmd); err == nil || !strings.Contains(out, "Permission denied") {
|
|
if out, _, err := runCommandWithOutput(runCmd); err == nil || !strings.Contains(out, "Permission denied") {
|
|
|
c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err)
|
|
c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err)
|
|
|
}
|
|
}
|
|
|
|
|
+
|
|
|
|
|
+ /* Ensure still fails if running privileged with the default policy */
|
|
|
|
|
+ name = "crashoverride"
|
|
|
|
|
+ runCmd = exec.Command(dockerBinary, "run", "--privileged", "--security-opt", "apparmor:docker-default", "--name", name, "jess/unshare", "unshare", "-p", "-m", "-f", "-r", "mount", "-t", "proc", "none", "/proc")
|
|
|
|
|
+ if out, _, err := runCommandWithOutput(runCmd); err == nil || !strings.Contains(out, "Permission denied") {
|
|
|
|
|
+ c.Fatalf("unshare should have failed with permission denied, got: %s, %v", out, err)
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func (s *DockerSuite) TestRunPublishPort(c *check.C) {
|
|
func (s *DockerSuite) TestRunPublishPort(c *check.C) {
|
Phil Estes