diff --git a/test-cases/tiny-container-system-connectivity-profile.yaml b/test-cases/tiny-container-system-connectivity-profile.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1fd01136484517e6f87d5efa0279615674596215 --- /dev/null +++ b/test-cases/tiny-container-system-connectivity-profile.yaml @@ -0,0 +1,32 @@ +metadata: + name: tiny-container-system-connectivity-profile + format: "Apertis Test Definition 1.0" + image-types: + tiny-lxc: [ armhf-internal, arm64, amd64 ] + image-deployment: + - APT + type: functional + exec-type: automated + priority: medium + maintainer: "Apertis Project" + description: "Test of AppArmor profile for Tiny system-wide privileged container" + + expected: + - "Test command should report \"pass\"." + +install: + git-repos: + - url: https://gitlab.apertis.org/infrastructure/tiny-image-recipes.git + branch: master + +run: + steps: + - "# Enter test directory:" + - cd tiny-image-recipes + - "# Setup the AppArmor profile for container:" + - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-system/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr + - "# Check the basic functionality of container:" + - lavatests/test-connectivity-profile -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-system" + +parse: + pattern: "(?P<test_case_id>.*-*):\\s+(?P<result>(pass|fail))" diff --git a/test-cases/tiny-container-user-connectivity-profile.yaml b/test-cases/tiny-container-user-connectivity-profile.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b09742573d220a4b72713145918f65aeaeb6b2dc --- /dev/null +++ b/test-cases/tiny-container-user-connectivity-profile.yaml @@ -0,0 +1,40 @@ +metadata: + name: tiny-container-user-connectivity-profile + format: "Apertis Test Definition 1.0" + image-types: + tiny-lxc: [ armhf-internal, arm64, amd64 ] + image-deployment: + - APT + type: functional + exec-type: automated + priority: medium + maintainer: "Apertis Project" + description: "Test of AppArmor profile for Tiny unprivileged + container started as user" + + expected: + - "Test command should report \"pass\"." + +install: + git-repos: + - url: https://gitlab.apertis.org/infrastructure/tiny-image-recipes.git + branch: master + +run: + steps: + - "# Enter test directory:" + - cd tiny-image-recipes + - "# Ensure we allow user mapping:" + - sysctl -w kernel.unprivileged_userns_clone=1 + - "# Setup the AppArmor profile for container:" + - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-userns/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr + - "# Make sure user have correct mappings for test:" + - usermod --add-subuids 1000-1000 user + - usermod --add-subuids 100000-165535 user + - usermod --add-subgids 1000-1000 user + - usermod --add-subgids 100000-165535 user + - "# Check AppArmor profile:" + - sudo -u user -H lavatests/test-connectivity-profile -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns" + +parse: + pattern: "(?P<test_case_id>.*-*):\\s+(?P<result>(pass|fail))"