Add cases for Tiny container seccomp testing

Test that the custom seccomp profile is applied and works for Tiny containers. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Add cases for Tiny container seccomp testing
Test that the custom seccomp profile is applied and works for Tiny containers. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
31e2acc7 · Denis Pynkin · Denis Pynkin · 4cc61e83 · 31e2acc7 · 31e2acc7
Commit 31e2acc7 authored 6 years ago by Denis Pynkin Committed by Denis Pynkin 6 years ago
--- a/test-cases/tiny-container-system-seccomp.yaml
+++ b/test-cases/tiny-container-system-seccomp.yaml
+metadata:
+  name: tiny-container-system-seccomp
+  format: "Apertis Test Definition 1.0"
+  image-types:
+    tiny-lxc: [ armhf-internal, arm64, amd64 ]
+  image-deployment:
+    - APT
+  type: functional
+  exec-type: automated
+  priority: medium
+  maintainer: "Apertis Project"
+  description: "Test that the custom seccomp profile could be applied for system-wide
+                privileged container"
+  expected:
+    - "Test command should report \"pass\"."
+install:
+  git-repos:
+    - url: https://gitlab.apertis.org/infrastructure/tiny-image-recipes.git
+      branch: apertis/v2019dev0
+run:
+  steps:
+    - "# Enter test directory:"
+    - cd tiny-image-recipes
+    - "# Setup the AppArmor profile for container:"
+    - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-system/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
+    - "# Check that the simple seccomp profile for the container is loaded and works"
+    - lavatests/test-seccomp-policy -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns" -p "--seccomp $PWD/lavatests/test-minimal-policy.seccomp"
+parse:
+  pattern: "(?P<test_case_id>.*-*):\\s+(?P<result>(pass|fail))"
--- a/test-cases/tiny-container-user-seccomp.yaml
+++ b/test-cases/tiny-container-user-seccomp.yaml
+metadata:
+  name: tiny-container-user-seccomp
+  format: "Apertis Test Definition 1.0"
+  image-types:
+    tiny-lxc: [ armhf-internal, arm64, amd64 ]
+  image-deployment:
+    - APT
+  type: functional
+  exec-type: automated
+  priority: medium
+  maintainer: "Apertis Project"
+  description: "Test that the custom seccomp profile could be applied for
+                unprivileged container started as user"
+  expected:
+    - "Test command should report \"pass\"."
+install:
+  git-repos:
+    - url: https://gitlab.apertis.org/infrastructure/tiny-image-recipes.git
+      branch: apertis/v2019dev0
+run:
+  steps:
+    - "# Enter test directory:"
+    - cd tiny-image-recipes
+    - "# Ensure we allow user mapping:"
+    - sysctl -w kernel.unprivileged_userns_clone=1
+    - "# Setup the AppArmor profile for container:"
+    - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-userns/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
+    - "# Make sure user have correct mappings for test:"
+    - usermod --add-subuids 1000-1000 user
+    - usermod --add-subuids 100000-165535 user
+    - usermod --add-subgids 1000-1000 user
+    - usermod --add-subgids 100000-165535 user
+    - "# Check that the simple seccomp profile for the container is loaded and works"
+    - sudo -u user -H lavatests/test-seccomp-policy -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns" -p "--seccomp $PWD/lavatests/test-minimal-policy.seccomp"
+parse:
+  pattern: "(?P<test_case_id>.*-*):\\s+(?P<result>(pass|fail))"