mirror of
https://github.com/containers/podman-compose.git
synced 2025-05-17 20:50:53 +02:00
41 lines
1.4 KiB
Python
41 lines
1.4 KiB
Python
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
import os
|
|
import unittest
|
|
|
|
from tests.integration.test_utils import RunSubprocessMixin
|
|
from tests.integration.test_utils import podman_compose_path
|
|
from tests.integration.test_utils import test_path
|
|
|
|
|
|
def compose_yaml_path():
|
|
return os.path.join(os.path.join(test_path(), "seccomp"), "docker-compose.yml")
|
|
|
|
|
|
class TestComposeSeccomp(unittest.TestCase, RunSubprocessMixin):
|
|
@unittest.skip(
|
|
"Skip till security_opt seccomp from 'docker-compose.yml' will be able to accept a "
|
|
"relative path of 'default.json' file. Now test works as expected but only with the "
|
|
"absolute path."
|
|
)
|
|
# test if seccomp uses custom seccomp profile file 'default.json' where command mkdir is not
|
|
# allowed
|
|
def test_seccomp(self):
|
|
try:
|
|
output, _, return_code = self.run_subprocess(
|
|
[podman_compose_path(), "-f", compose_yaml_path(), "run", "--rm", "web1"],
|
|
)
|
|
self.assertEqual(return_code, 1)
|
|
self.assertIn(
|
|
b"mkdir: can't create directory '/tmp_test': Operation not permitted", output
|
|
)
|
|
finally:
|
|
self.run_subprocess_assert_returncode([
|
|
podman_compose_path(),
|
|
"-f",
|
|
compose_yaml_path(),
|
|
"down",
|
|
"-t",
|
|
"0",
|
|
])
|