mirror of
https://github.com/NVIDIA/nvidia-container-toolkit
synced 2024-11-22 16:29:18 +00:00
f50aecb84e
This change renames the nvidia-container-toolkit executable to nvidia-container-runtime-hook. Here nvidia-container-toolkit is created as a symlink to nvidia-container-runtime-hook. Signed-off-by: Evan Lezar <elezar@nvidia.com>
90 lines
1.1 KiB
Go
90 lines
1.1 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestIsPrivileged(t *testing.T) {
|
|
var tests = []struct {
|
|
spec string
|
|
expected bool
|
|
}{
|
|
{
|
|
`
|
|
{
|
|
"ociVersion": "1.0.0",
|
|
"process": {
|
|
"capabilities": {
|
|
"bounding": [ "CAP_SYS_ADMIN" ]
|
|
}
|
|
}
|
|
}
|
|
`,
|
|
true,
|
|
},
|
|
{
|
|
`
|
|
{
|
|
"ociVersion": "1.0.0",
|
|
"process": {
|
|
"capabilities": {
|
|
"bounding": [ "CAP_SYS_OTHER" ]
|
|
}
|
|
}
|
|
}
|
|
`,
|
|
false,
|
|
},
|
|
{
|
|
`
|
|
{
|
|
"ociVersion": "1.0.0",
|
|
"process": {}
|
|
}
|
|
`,
|
|
false,
|
|
},
|
|
{
|
|
`
|
|
{
|
|
"ociVersion": "1.0.0-rc2-dev",
|
|
"process": {
|
|
"capabilities": [ "CAP_SYS_ADMIN" ]
|
|
}
|
|
}
|
|
`,
|
|
true,
|
|
},
|
|
{
|
|
`
|
|
{
|
|
"ociVersion": "1.0.0-rc2-dev",
|
|
"process": {
|
|
"capabilities": [ "CAP_SYS_OTHER" ]
|
|
}
|
|
}
|
|
`,
|
|
false,
|
|
},
|
|
{
|
|
`
|
|
{
|
|
"ociVersion": "1.0.0-rc2-dev",
|
|
"process": {}
|
|
}
|
|
`,
|
|
false,
|
|
},
|
|
}
|
|
for i, tc := range tests {
|
|
var spec Spec
|
|
_ = json.Unmarshal([]byte(tc.spec), &spec)
|
|
privileged := isPrivileged(&spec)
|
|
|
|
require.Equal(t, tc.expected, privileged, "%d: %v", i, tc)
|
|
}
|
|
}
|