diff --git a/test/e2e/windows/security_context.go b/test/e2e/windows/security_context.go index a793859fa72..ebb62dbbaa0 100644 --- a/test/e2e/windows/security_context.go +++ b/test/e2e/windows/security_context.go @@ -136,7 +136,7 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() e2eoutput.TestContainerOutput(ctx, f, "check pod SecurityContext username", pod, 1, []string{"ContainerAdministrator"}) }) - ginkgo.It("should ignore SELinux Specific SecurityContext if set", func(ctx context.Context) { + ginkgo.It("should ignore Linux Specific SecurityContext if set", func(ctx context.Context) { ginkgo.By("Creating a pod with SELinux options") // It is sufficient to show that the pod comes up here. Since we're stripping the SELinux and other linux // security contexts in apiserver and not updating the pod object in the apiserver, we cannot validate the @@ -160,30 +160,6 @@ var _ = sigDescribe(feature.Windows, "SecurityContext", skipUnlessWindows(func() f.Namespace.Name), "failed to wait for pod %s to be running", windowsPodWithSELinux.Name) }) - ginkgo.It("should ignore ProcMount Specific SecurityContext if set", func(ctx context.Context) { - ginkgo.By("Creating a pod with ProcMount options") - // It is sufficient to show that the pod comes up here. Since we're stripping the SELinux and other linux - // security contexts in apiserver and not updating the pod object in the apiserver, we cannot validate the - // pod object to not have those security contexts. However the pod coming to running state is a sufficient - // enough condition for us to validate since prior to https://github.com/kubernetes/kubernetes/pull/93475 - // the pod would have failed to come up. - windowsPodWithSELinux := createTestPod(f, imageutils.GetE2EImage(imageutils.Agnhost), windowsOS) - windowsPodWithSELinux.Spec.Containers[0].Args = []string{"test-webserver-with-selinux"} - windowsPodWithSELinux.Spec.SecurityContext = &v1.PodSecurityContext{} - pmt := v1.UnmaskedProcMount - containerUserName := "ContainerAdministrator" - windowsPodWithSELinux.Spec.Containers[0].SecurityContext = &v1.SecurityContext{ - ProcMount: &pmt, - WindowsOptions: &v1.WindowsSecurityContextOptions{RunAsUserName: &containerUserName}} - windowsPodWithSELinux.Spec.Tolerations = []v1.Toleration{{Key: "os", Value: "Windows"}} - windowsPodWithSELinux, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx, - windowsPodWithSELinux, metav1.CreateOptions{}) - framework.ExpectNoError(err) - framework.Logf("Created pod %v", windowsPodWithSELinux) - framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(ctx, f.ClientSet, windowsPodWithSELinux.Name, - f.Namespace.Name), "failed to wait for pod %s to be running", windowsPodWithSELinux.Name) - }) - ginkgo.It("should not be able to create pods with containers running as ContainerAdministrator when runAsNonRoot is true", func(ctx context.Context) { ginkgo.By("Creating a pod")