github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-27 11:31:05 +00:00
Code Issues Projects Releases Wiki Activity

tests: k8s-policy-pod: safer host path volume source

Browse Source 
Test using the host path /tmp/k8s-policy-pod-test instead of
/var/lib/kubelet/pods.

/var/lib/kubelet/pods might happen to contain files that CopyFileRequest
would try to send to the Guest before CreateContainerRequest. Such
CopyFileRequest was an unintended side effect of this test.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai 2025-03-13 18:51:19 +00:00
parent 1c406e9c1d
commit 0e26dd4ce8
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tests/integration/kubernetes/k8s-policy-pod.bats
View File

@ -154,13 +154,13 @@ test_pod_policy_error() {
@test "Policy failure: unexpected hostPath volume mount" {
# Changing the pod spec after generating its policy will cause CreateContainer to be denied.
yq -i \
'.spec.containers[0].volumeMounts += [{"name": "mountpoint-dir", "mountPath": "/var/lib/kubelet/pods"}]' \
"${incorrect_pod_yaml}"
yq -i \
'.spec.containers[0].volumeMounts += [{"name": "mountpoint-dir", "mountPath": "/hostpath-volume"}]' \
"${incorrect_pod_yaml}"
yq -i \
'.spec.volumes += [{"hostPath": {"path": "/var/lib/kubelet/pods", "type": "DirectoryOrCreate"}, "name": "mountpoint-dir"}]' \
"${incorrect_pod_yaml}"
yq -i \
'.spec.volumes += [{"hostPath": {"path": "/tmp/k8s-policy-pod-test", "type": "DirectoryOrCreate"}, "name": "mountpoint-dir"}]' \
"${incorrect_pod_yaml}"
test_pod_policy_error
}