From a0277bf28861e30029a5dcf6511419ae29eccd9f Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 30 Jun 2020 16:35:10 -0700 Subject: [PATCH] Add comments. --- example/privileged.nomad | 2 +- tests/003-test-capabilities.sh | 1 + tests/004-test-privileged.sh | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/example/privileged.nomad b/example/privileged.nomad index aae793f..067845e 100644 --- a/example/privileged.nomad +++ b/example/privileged.nomad @@ -9,7 +9,7 @@ job "privileged" { image = "docker.io/library/ubuntu:16.04" command = "sleep" args = ["600s"] - privileged = true + privileged = true devices = [ "/dev/loop0", "/dev/loop1" diff --git a/tests/003-test-capabilities.sh b/tests/003-test-capabilities.sh index 9c32a5e..3b16310 100755 --- a/tests/003-test-capabilities.sh +++ b/tests/003-test-capabilities.sh @@ -1,5 +1,6 @@ #!/bin/bash +# readonly_rootfs, cap_add and cap_drop flags are tested as part of this test. test_capabilities_nomad_job() { pushd ~/go/src/github.com/Roblox/nomad-driver-containerd/example diff --git a/tests/004-test-privileged.sh b/tests/004-test-privileged.sh index 73fe9a7..5103fea 100755 --- a/tests/004-test-privileged.sh +++ b/tests/004-test-privileged.sh @@ -1,5 +1,6 @@ #!/bin/bash +# privileged mode, devices and mounts are tested as part of this test. test_privileged_nomad_job() { pushd ~/go/src/github.com/Roblox/nomad-driver-containerd/example @@ -29,6 +30,7 @@ test_privileged_nomad_job() { fi # Check if container is running in privileged mode. + echo "INFO: Checking if container is running in privileged mode." expected_capabilities="37" actual_capabilities=$(nomad alloc exec -job privileged capsh --print|grep -i bounding|cut -d '=' -f 2|awk '{split($0,a,","); print a[length(a)]}') if [ "$expected_capabilities" != "$actual_capabilities" ]; then