From 0e26dd4ce82a034df95653a0560dc63e13635aca Mon Sep 17 00:00:00 2001
From: Dan Mihai <dmihai@microsoft.com>
Date: Thu, 13 Mar 2025 18:51:19 +0000
Subject: [PATCH] tests: k8s-policy-pod: safer host path volume source

Test using the host path /tmp/k8s-policy-pod-test instead of
/var/lib/kubelet/pods.

/var/lib/kubelet/pods might happen to contain files that CopyFileRequest
would try to send to the Guest before CreateContainerRequest. Such
CopyFileRequest was an unintended side effect of this test.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
---
 tests/integration/kubernetes/k8s-policy-pod.bats | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/integration/kubernetes/k8s-policy-pod.bats b/tests/integration/kubernetes/k8s-policy-pod.bats
index 8d88caab1..b0c38bcd5 100644
--- a/tests/integration/kubernetes/k8s-policy-pod.bats
+++ b/tests/integration/kubernetes/k8s-policy-pod.bats
@@ -154,13 +154,13 @@ test_pod_policy_error() {
 
 @test "Policy failure: unexpected hostPath volume mount" {
 	# Changing the pod spec after generating its policy will cause CreateContainer to be denied.
-  yq -i \
-    '.spec.containers[0].volumeMounts += [{"name": "mountpoint-dir", "mountPath": "/var/lib/kubelet/pods"}]' \
-    "${incorrect_pod_yaml}"
+	yq -i \
+		'.spec.containers[0].volumeMounts += [{"name": "mountpoint-dir", "mountPath": "/hostpath-volume"}]' \
+		"${incorrect_pod_yaml}"
 
-  yq -i \
-    '.spec.volumes += [{"hostPath": {"path": "/var/lib/kubelet/pods", "type": "DirectoryOrCreate"}, "name": "mountpoint-dir"}]' \
-    "${incorrect_pod_yaml}"
+	yq -i \
+		'.spec.volumes += [{"hostPath": {"path": "/tmp/k8s-policy-pod-test", "type": "DirectoryOrCreate"}, "name": "mountpoint-dir"}]' \
+		"${incorrect_pod_yaml}"
 
 	test_pod_policy_error
 }