Merge pull request #18208 from SoMuchForSubtlety/info-sec-opts

Add missing security options to /info response

pkg/api/handlers/compat/info.go

@@ -21,6 +21,7 @@ import (
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/google/uuid"
+	"github.com/opencontainers/selinux/go-selinux"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -181,6 +182,13 @@ func getSecOpts(sysInfo *sysinfo.SysInfo) []string {
 		// FIXME: get profile name...
 		secOpts = append(secOpts, fmt.Sprintf("name=seccomp,profile=%s", "default"))
 	}
+	if rootless.IsRootless() {
+		secOpts = append(secOpts, "name=rootless")
+	}
+	if selinux.GetEnabled() {
+		secOpts = append(secOpts, "name=selinux")
+	}
+
 	return secOpts
 }
 

test/apiv2/python/rest_api/test_v2_0_0_system.py

@@ -3,6 +3,7 @@ import unittest
 import uuid
 
 import requests
+import yaml
 from .fixtures import APITestCase
 
 
@@ -16,7 +17,18 @@ class SystemTestCase(APITestCase):
         r = requests.get(self.podman_url + "/v1.40/info")
         self.assertEqual(r.status_code, 200, r.text)
         self.assertIsNotNone(r.content)
-        _ = r.json()
+        response = r.json()
+
+        info_status = yaml.load(self.podman.run("info").stdout, Loader=yaml.FullLoader)
+        if info_status["host"]["security"]["rootless"]:
+            self.assertIn("name=rootless", response["SecurityOptions"])
+        else:
+            self.assertNotIn("name=rootless", response["SecurityOptions"])
+
+        if info_status["host"]["security"]["selinuxEnabled"]:
+            self.assertIn("name=selinux", response["SecurityOptions"])
+        else:
+            self.assertNotIn("name=selinux", response["SecurityOptions"])
 
     def test_events(self):
         r = requests.get(self.uri("/events?stream=false"))