diff --git a/tests/contest/contest/src/main.rs b/tests/contest/contest/src/main.rs index bb1825d39d..b39a851256 100644 --- a/tests/contest/contest/src/main.rs +++ b/tests/contest/contest/src/main.rs @@ -8,6 +8,7 @@ use crate::tests::hostname::get_hostname_test; use crate::tests::intel_rdt::get_intel_rdt_test; use crate::tests::io_priority::get_io_priority_test; use crate::tests::lifecycle::{ContainerCreate, ContainerLifecycle}; +use crate::tests::linux_mount_label::get_linux_mount_label_test; use crate::tests::linux_ns_itype::get_ns_itype_tests; use crate::tests::mounts_recursive::get_mounts_recursive_test; use crate::tests::pidfile::get_pidfile_test; @@ -109,6 +110,7 @@ fn main() -> Result<()> { let sysctl = get_sysctl_test(); let scheduler = get_scheduler_test(); let io_priority_test = get_io_priority_test(); + let linux_mount_label = get_linux_mount_label_test(); tm.add_test_group(Box::new(cl)); tm.add_test_group(Box::new(cc)); @@ -126,6 +128,7 @@ fn main() -> Result<()> { tm.add_test_group(Box::new(seccomp_notify)); tm.add_test_group(Box::new(ro_paths)); tm.add_test_group(Box::new(hostname)); + tm.add_test_group(Box::new(linux_mount_label)); tm.add_test_group(Box::new(mounts_recursive)); tm.add_test_group(Box::new(domainname)); tm.add_test_group(Box::new(intel_rdt)); diff --git a/tests/contest/contest/src/tests/linux_mount_label/linux_mount_label_test.rs b/tests/contest/contest/src/tests/linux_mount_label/linux_mount_label_test.rs new file mode 100644 index 0000000000..d0b5ff4dc7 --- /dev/null +++ b/tests/contest/contest/src/tests/linux_mount_label/linux_mount_label_test.rs @@ -0,0 +1,40 @@ +use test_framework::{Test, TestGroup, TestResult}; +use oci_spec::runtime::{LinuxBuilder, ProcessBuilder, Spec, SpecBuilder}; +use crate::utils::test_inside_container; + +fn create_spec(linux_mount_label: &str) -> Spec { + SpecBuilder::default() + .linux( + // Need to reset the read-only paths + LinuxBuilder::default() + .mount_label(linux_mount_label) + .readonly_paths(vec![]) + .build() + .expect("error in building linux config"), + ) + .process( + ProcessBuilder::default() + .build() + .expect("error in creating process config"), + ) + .build() + .unwrap() +} + +// here we have to manually create and manage the container +// as the test_inside container does not provide a way to set the pid file argument +fn test_linux_mount_label() -> TestResult { + let spec = create_spec("system_u:object_r:svirt_sandbox_file_t:s0:c715,c811"); + test_inside_container(spec, &|_| { + // As long as the container is created, we expect the hostname to be determined + // by the spec, so nothing to prepare prior. + Ok(()) + }) +} + +pub fn get_linux_mount_label_test() -> TestGroup { + let linux_mount_label = Test::new("linux_mount_label", Box::new(test_linux_mount_label)); + let mut tg = TestGroup::new("linux_mount_label"); + tg.add(vec![Box::new(linux_mount_label)]); + tg +} diff --git a/tests/contest/contest/src/tests/linux_mount_label/mod.rs b/tests/contest/contest/src/tests/linux_mount_label/mod.rs new file mode 100644 index 0000000000..bf9758d39c --- /dev/null +++ b/tests/contest/contest/src/tests/linux_mount_label/mod.rs @@ -0,0 +1,2 @@ +mod linux_mount_label_test; +pub use linux_mount_label_test::get_linux_mount_label_test; diff --git a/tests/contest/contest/src/tests/mod.rs b/tests/contest/contest/src/tests/mod.rs index 5847f6f8ed..579e8b75cb 100644 --- a/tests/contest/contest/src/tests/mod.rs +++ b/tests/contest/contest/src/tests/mod.rs @@ -6,6 +6,7 @@ pub mod hostname; pub mod intel_rdt; pub mod io_priority; pub mod lifecycle; +pub mod linux_mount_label; pub mod linux_ns_itype; pub mod mounts_recursive; pub mod pidfile;