clearlinux/dockerfiles
2
0
Fork 0
mirror of https://github.com/clearlinux/dockerfiles.git synced 2026-04-28 19:13:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
dockerfiles/tests/security.bash
Liu,Bijun 1fea660566 Test case naming rules clean up
2020-01-16 10:58:58 +08:00

52 lines
1.7 KiB
Bash
Raw Permalink Blame History

# Defines helper functions used across a variety of tests.
#Start security test
#1191:Test if Linux Kernel Capabilities are restricted within containers (Docker)
Test_1191() {
if [ -n $1 ]; then
local container_id=`docker ps --format "table {{.ID}} {{.Image}}" | grep $1 | awk '{print $1}'`
else
echo "Couldn't get container ID for image $1"
fi
local t1191=`docker ps --quiet --all | xargs docker inspect --format '{{ .Id }}: Privileged={{ .HostConfig.Privileged }}' | grep $container_id`
local t1191_result=`echo $t1191 | awk -F"=" '{print $2}'`
if [ "$t1191_result" == "false" ];then
echo "pass"
else
echo "fail"
fi
}
#1195: Test if SSH is running within containers (Docker)
Test_1195() {
if [ -n $1 ]; then
local container_id=`docker ps --format "table {{.ID}} {{.Image}}" | grep $1 | awk '{print $1}'`
else
echo "Couldn't get container ID for image $1"
fi
t1195=`docker exec $container_id ps -el | grep -i ssh`
if [ "$t1195" == "" ];then
echo "pass"
else
echo "fail"
fi
}
#1215: Verify that containers are restricted from acquiring additional privileges (Docker)
Test_1215() {
if [ -n $1 ]; then
local container_id=`docker ps --format "table {{.ID}} {{.Image}}" | grep $1 | awk '{print $1}'`
else
echo "Couldn't get container ID for image $1"
fi
t1215=`docker ps --quiet --all | xargs docker inspect --format '{{ .Id }}: SecurityOpt={{ .HostConfig.SecurityOpt }}' | grep $container_id`
t1215_result=`echo $t1215 | awk -F"=" '{print $2}'`
if [ "$t1215_result" == "[no-new-privileges]" ];then
echo "pass"
else
echo "fail"
fi
}
Reference in New Issue View Git Blame Copy Permalink