From 2e5dc6e8dcb54d18af9059a14a677df2705b6478 Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Tue, 23 Jan 2024 16:42:53 -0800 Subject: [PATCH] test: Add a test for mountpoint policy violations Users cannot create a mountpoint on /ostree, make sure that an error is returned when this happens. --- test/test_manifest.py | 45 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/test/test_manifest.py b/test/test_manifest.py index d5d224436..cd2d63f84 100644 --- a/test/test_manifest.py +++ b/test/test_manifest.py @@ -1,4 +1,5 @@ import json +import pathlib import subprocess import pytest @@ -26,3 +27,47 @@ def test_manifest_smoke(build_container, image_type): # just some basic validation assert manifest["version"] == "2" assert manifest["pipelines"][0]["name"] == "build" + + +@pytest.mark.parametrize("image_type", gen_testcases("manifest")) +def test_mount_ostree_error(tmpdir_factory, build_container, image_type): + container_ref = image_type.split(",")[0] + CFG = { + "blueprint": { + "customizations": { + "filesystem": [ + { + "mountpoint": "/", + "minsize": "12GiB" + }, + { + "mountpoint": "/var/log", + "minsize": "1GiB" + }, + { + "mountpoint": "/ostree", + "minsize": "10GiB" + } + ] + }, + }, + } + + output_path = pathlib.Path(tmpdir_factory.mktemp("data")) / "output" + output_path.mkdir(exist_ok=True) + config_json_path = output_path / "config.json" + config_json_path.write_text(json.dumps(CFG), encoding="utf-8") + + try: + subprocess.check_output([ + "podman", "run", "--rm", + "--privileged", + "--security-opt", "label=type:unconfined_t", + "-v", f"{output_path}:/output", + f'--entrypoint=["/usr/bin/bootc-image-builder", "manifest", "{container_ref}"]', + build_container, + "--config", "/output/config.json", + ], stderr=subprocess.PIPE) + assert False, "Did not raise a CalledProcessError when mounting /ostree" + except subprocess.CalledProcessError as err: + assert 'The following custom mountpoints are not supported ["/ostree"]' in err.stderr.decode("utf-8")