burble/nomad-driver-containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add checks for cap_add and cap_drop.

Browse Source
This commit is contained in:
Shishir Mahajan 2020-06-30 08:33:12 -07:00
parent ad2a01dbb5
commit b6bfe4d949
No known key found for this signature in database
GPG Key ID: D41782E7688DEC4A
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tests/003-test-capabilities.sh
View File

@ -37,6 +37,24 @@ test_capabilities_nomad_job() {
fi
cleanup "$outfile"
# Check if CAP_SYS_ADMIN was added.
echo "INFO: Checking if CAP_SYS_ADMIN is added."
nomad alloc exec -job capabilities capsh --print|grep cap_sys_admin 2>&1 >/dev/null
rc=$?
if [ $rc -ne 0 ]; then
echo "ERROR: CAP_SYS_ADMIN was not added to the capabilities set."
exit 1
fi
# Check if CAP_CHOWN was dropped.
echo "INFO: Checking if CAP_CHOWN is dropped."
nomad alloc exec -job capabilities capsh --print|grep cap_chown 2>&1 >/dev/null
rc=$?
if [ $rc -eq 0 ]; then
echo "ERROR: CAP_CHOWN was not dropped from the capabilities set."
exit 1
fi
echo "INFO: Stopping nomad capabilities job."
nomad job stop capabilities
cap_status=$(nomad job status -short capabilities|grep Status|awk '{split($0,a,"="); print a[2]}'|tr -d ' ')