From 260f814bd325864fbb6074be748837716ecfcc0a Mon Sep 17 00:00:00 2001
From: Alex Jia <chuanchang.jia@gmail.com>
Date: Fri, 5 Jan 2024 09:56:32 +0800
Subject: [PATCH] test/system: add test for mounting issue in the init
 container

Test coverage: https://issues.redhat.com/browse/RHEL-14469

Signed-off-by: Alex Jia <chuanchang.jia@gmail.com>
---
 test/system/030-run.bats | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 30949e390d..ad5e16ac24 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -1382,4 +1382,16 @@ search               | $IMAGE           |
     run_podman container rm $cname
 }
 
+# https://issues.redhat.com/browse/RHEL-14469
+@test "podman run - /run must not be world-writable in systemd containers" {
+    run_podman run -d --rm $SYSTEMD_IMAGE /usr/sbin/init
+    cid=$output
+
+    # runc has always been 755; crun < 1.11 was 777
+    run_podman exec $cid stat -c '%a' /run
+    assert "$output" = "755" "stat /run"
+
+    run_podman rm -f -t0 $cid
+}
+
 # vim: filetype=sh