containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

replace net_raw with setuid 

podman does not allow setting CAP_NET_RAW

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This commit is contained in:
Lokesh Mandvekar 2020-10-22 12:17:58 -04:00
parent 2cd2359a6d
commit 914bbf5e49
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
test/e2e/run_security_labels.go
View File

@ -94,7 +94,7 @@ var _ = Describe("Podman generate kube", func() {
test1.WaitWithDefaultTimeout()
Expect(test1.ExitCode()).To(BeZero())
commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,net_raw", "test1", "image1"})
commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,setuid", "test1", "image1"})
commit.WaitWithDefaultTimeout()
Expect(commit.ExitCode()).To(BeZero())
@ -108,7 +108,7 @@ var _ = Describe("Podman generate kube", func() {
ctr := inspect.InspectContainerToJSON()
caps := strings.Join(ctr[0].EffectiveCaps, ",")
Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_NET_RAW"))
Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_SETUID"))
})