github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-29 12:54:10 +00:00
Code Issues Projects Releases Wiki Activity

tests: k8s-seccomp.bats allow all policy

Browse Source 
Use the "allow all" policy for k8s-seccomp.bats, instead of relying
on the Kata Guest image to use the same policy as its default.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai 2024-04-02 19:37:34 +00:00
parent 543e40b80c
commit 02a050b47e
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tests/integration/kubernetes/k8s-seccomp.bats
View File

@ -10,12 +10,15 @@ load "${BATS_TEST_DIRNAME}/tests_common.sh"
setup() { setup() {
pod_name="seccomp-container" pod_name="seccomp-container"
get_pod_config_dir get_pod_config_dir
yaml_file="${pod_config_dir}/pod-seccomp.yaml"
add_allow_all_policy_to_yaml "${yaml_file}"
} }
@test "Support seccomp runtime/default profile" { @test "Support seccomp runtime/default profile" {
expected_seccomp_mode="2" expected_seccomp_mode="2"
# Create pod # Create pod
kubectl create -f "${pod_config_dir}/pod-seccomp.yaml" kubectl create -f "${yaml_file}"
# Wait it to complete # Wait it to complete
cmd="kubectl get pods ${pod_name} | grep Completed" cmd="kubectl get pods ${pod_name} | grep Completed"
@ -31,5 +34,5 @@ teardown() {
echo "seccomp mode is ${seccomp_mode}, expected $expected_seccomp_mode" echo "seccomp mode is ${seccomp_mode}, expected $expected_seccomp_mode"
kubectl describe "pod/${pod_name}" kubectl describe "pod/${pod_name}"
kubectl delete -f "${pod_config_dir}/pod-seccomp.yaml" || true kubectl delete -f "${yaml_file}" || true
} }