tiny-container-system-seccomp automated

medium

Image Types:
tiny-lxc-armhf-internal / tiny-lxc-armhf / tiny-lxc-arm64 / tiny-lxc-amd64
Image Deployment:
LXC
Type:
functional

Description

Test that the custom seccomp profile could be applied for system-wide privileged container


Pre Conditions

  1. Clone the tests repository from another computer (Note that the branch being tested may change depending on the release, please make sure to clone the correct branch for the release in question):
  2. $ git clone --branch apertis/v2021pre https://gitlab.apertis.org/infrastructure/tiny-image-recipes.git
  3. Copy the test directory tiny-image-recipes to the target device:
  4. $ DUT_IP=<device-ip>
    $ scp -r tiny-image-recipes user@$DUT_IP:
  5. Log into the target device:
  6. $ ssh user@$DUT_IP

Execution Steps

  1. Enter test directory:
  2. $ cd tiny-image-recipes
  3. Setup the AppArmor profile for container:
  4. $ sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-system/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
  5. Check that the simple seccomp profile for the container is loaded and works
  6. $ lavatests/test-seccomp-policy --ospack "$OSPACK" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-system" -p "--seccomp $PWD/lavatests/test-minimal-policy.seccomp"

Expected

Test command should report "pass".