Add Tiny containers AppArmor test

Add the test of AppArmor profile for Tiny containers. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Add Tiny containers AppArmor test
Add the test of AppArmor profile for Tiny containers. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
06ce3119 · Denis Pynkin · Denis Pynkin · 6f1814e1 · 06ce3119 · 06ce3119
Commit 06ce3119 authored 6 years ago by Denis Pynkin Committed by Denis Pynkin 6 years ago
--- a/test-cases/tiny-container-system-connectivity-profile.yaml
+++ b/test-cases/tiny-container-system-connectivity-profile.yaml
+metadata:
+  name: tiny-container-system-connectivity-profile
+  format: "Apertis Test Definition 1.0"
+  image-types:
+    tiny-lxc: [ armhf-internal, arm64, amd64 ]
+  image-deployment:
+    - APT
+  type: functional
+  exec-type: automated
+  priority: medium
+  maintainer: "Apertis Project"
+  description: "Test of AppArmor profile for Tiny system-wide privileged container"
+
+  expected:
+    - "Test command should report \"pass\"."
+
+install:
+  git-repos:
+    - url: https://gitlab.apertis.org/infrastructure/tiny-image-recipes.git
+      branch: master
+
+run:
+  steps:
+    - "# Enter test directory:"
+    - cd tiny-image-recipes
+    - "# Setup the AppArmor profile for container:"
+    - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-system/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
+    - "# Check the basic functionality of container:"
+    - lavatests/test-connectivity-profile -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-system"
+
+parse:
+  pattern: "(?P<test_case_id>.*-*):\\s+(?P<result>(pass|fail))"
--- a/test-cases/tiny-container-user-connectivity-profile.yaml
+++ b/test-cases/tiny-container-user-connectivity-profile.yaml
+metadata:
+  name: tiny-container-user-connectivity-profile
+  format: "Apertis Test Definition 1.0"
+  image-types:
+    tiny-lxc: [ armhf-internal, arm64, amd64 ]
+  image-deployment:
+    - APT
+  type: functional
+  exec-type: automated
+  priority: medium
+  maintainer: "Apertis Project"
+  description: "Test of AppArmor profile for Tiny unprivileged
+                container started as user"
+
+  expected:
+    - "Test command should report \"pass\"."
+
+install:
+  git-repos:
+    - url: https://gitlab.apertis.org/infrastructure/tiny-image-recipes.git
+      branch: master
+
+run:
+  steps:
+    - "# Enter test directory:"
+    - cd tiny-image-recipes
+    - "# Ensure we allow user mapping:"
+    - sysctl -w kernel.unprivileged_userns_clone=1
+    - "# Setup the AppArmor profile for container:"
+    - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-userns/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
+    - "# Make sure user have correct mappings for test:"
+    - usermod --add-subuids 1000-1000 user
+    - usermod --add-subuids 100000-165535 user
+    - usermod --add-subgids 1000-1000 user
+    - usermod --add-subgids 100000-165535 user
+    - "# Check AppArmor profile:"
+    - sudo -u user -H lavatests/test-connectivity-profile -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns"
+
+parse:
+  pattern: "(?P<test_case_id>.*-*):\\s+(?P<result>(pass|fail))"