Skip to content

Commit

Permalink
test: Add a test for mountpoint policy violations
Browse files Browse the repository at this point in the history 
Users cannot create a mountpoint on /ostree, make sure that an error is
returned when this happens.
  • Loading branch information
@bcl
bcl committed Feb 28, 2024
1 parent f80ea0f commit 2e5dc6e
Showing 1 changed file with 45 additions and 0 deletions.
45 changes: 45 additions & 0 deletions test/test_manifest.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import json
import pathlib
import subprocess

import pytest
Expand Down Expand Up @@ -26,3 +27,47 @@ def test_manifest_smoke(build_container, image_type):
# just some basic validation
assert manifest["version"] == "2"
assert manifest["pipelines"][0]["name"] == "build"


@pytest.mark.parametrize("image_type", gen_testcases("manifest"))
def test_mount_ostree_error(tmpdir_factory, build_container, image_type):
container_ref = image_type.split(",")[0]
CFG = {
"blueprint": {
"customizations": {
"filesystem": [
{
"mountpoint": "/",
"minsize": "12GiB"
},
{
"mountpoint": "/var/log",
"minsize": "1GiB"
},
{
"mountpoint": "/ostree",
"minsize": "10GiB"
}
]
},
},
}

output_path = pathlib.Path(tmpdir_factory.mktemp("data")) / "output"
output_path.mkdir(exist_ok=True)
config_json_path = output_path / "config.json"
config_json_path.write_text(json.dumps(CFG), encoding="utf-8")

try:
subprocess.check_output([
"podman", "run", "--rm",
"--privileged",
"--security-opt", "label=type:unconfined_t",
"-v", f"{output_path}:/output",
f'--entrypoint=["/usr/bin/bootc-image-builder", "manifest", "{container_ref}"]',
build_container,
"--config", "/output/config.json",
], stderr=subprocess.PIPE)
assert False, "Did not raise a CalledProcessError when mounting /ostree"
except subprocess.CalledProcessError as err:
assert 'The following custom mountpoints are not supported ["/ostree"]' in err.stderr.decode("utf-8")

0 comments on commit 2e5dc6e

Please sign in to comment.