From a1eedac6cbb67eca4e720ea5bccbc4114d1b3d63 Mon Sep 17 00:00:00 2001
From: Steve Kuznetsov <skuznets@redhat.com>
Date: Tue, 7 Feb 2017 14:06:16 -0500
Subject: [PATCH] Use privileged containers for statefulset e2e tests

Test containers need to run as spc_t in order to interact with the host
filesystem under /tmp, as the tests for StatefulSet are doing. Docker
will transition the container into this domain when running the container
as privileged.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
---
 test/e2e/statefulset.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/test/e2e/statefulset.go b/test/e2e/statefulset.go
index e5a7222e474..7f72ab7e1c4 100644
--- a/test/e2e/statefulset.go
+++ b/test/e2e/statefulset.go
@@ -722,7 +722,7 @@ func (s *statefulSetTester) createStatefulSet(manifestPath, ns string) *apps.Sta
 func (s *statefulSetTester) checkMount(ss *apps.StatefulSet, mountPath string) error {
 	for _, cmd := range []string{
 		// Print inode, size etc
-		fmt.Sprintf("ls -idlh %v", mountPath),
+		fmt.Sprintf("ls -idlhZ %v", mountPath),
 		// Print subdirs
 		fmt.Sprintf("find %v", mountPath),
 		// Try writing
@@ -1118,6 +1118,8 @@ func newStatefulSet(name, ns, governingSvcName string, replicas int32, statefulP
 		})
 	}
 
+	privileged := true
+
 	return &apps.StatefulSet{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "StatefulSet",
@@ -1143,6 +1145,9 @@ func newStatefulSet(name, ns, governingSvcName string, replicas int32, statefulP
 							Name:         "nginx",
 							Image:        nginxImage,
 							VolumeMounts: mounts,
+							SecurityContext: &v1.SecurityContext{
+								Privileged: &privileged,
+							},
 						},
 					},
 					Volumes: vols,