Merge pull request #21153 from chuanchang/test_coverage_for_RHEL-14469

test/system: add test for mounting issue in the init container
containers · Jan 5, 2024 · a275f65 · a275f65
2 parents 8df25d7 + 260f814
commit a275f65
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
@@ -1382,4 +1382,16 @@ search               | $IMAGE           |
     run_podman container rm $cname
 }
 
+# https://issues.redhat.com/browse/RHEL-14469
+@test "podman run - /run must not be world-writable in systemd containers" {
+    run_podman run -d --rm $SYSTEMD_IMAGE /usr/sbin/init
+    cid=$output
+
+    # runc has always been 755; crun < 1.11 was 777
+    run_podman exec $cid stat -c '%a' /run
+    assert "$output" = "755" "stat /run"
+
+    run_podman rm -f -t0 $cid
+}
+
 # vim: filetype=sh