Fix check condition

Signed-off-by: zawazawa0316 <37421794+zawazawa0316@users.noreply.github.com>
2025-06-20 13:49:08 +00:00 · 2020-03-05 01:17:13 +09:00 · 2020-03-05 01:17:13 +09:00 · 02f4f06d48
commit 02f4f06d48
parent 11da147df9
1 changed files with 3 additions and 3 deletions
--- a/tests/5_container_runtime.sh
+++ b/tests/5_container_runtime.sh
@ -40,7 +40,7 @@ check_5_1() {
  for c in $containers; do
    policy=$(docker inspect --format 'AppArmorProfile={{ .AppArmorProfile }}' "$c")

-    if [ "$policy" = "AppArmorProfile=" ] || [ "$policy" = "AppArmorProfile=[]" ] || [ "$policy" = "AppArmorProfile=<no value>" ]; then
+    if [ "$policy" = "AppArmorProfile=" ] || [ "$policy" = "AppArmorProfile=[]" ] || [ "$policy" = "AppArmorProfile=<no value>" ] || [ "$policy" = "AppArmorProfile=unconfined" ]; then
      # If it's the first container, fail the test
      if [ $fail -eq 0 ]; then
        warn "$check_5_1"
@ -227,7 +227,7 @@ check_5_5() {
    # Go over each directory in sensitive dir and see if they exist in the volumes
    for v in $sensitive_dirs; do
      sensitive=0
-      if echo "$volumes" | grep -e "{.*\s$v\s.*true\s}" 2>/tmp/null 1>&2; then
+      if echo "$volumes" | grep -e "{.*\s$v\s.*true\s.*}" 2>/tmp/null 1>&2; then
        sensitive=1
      fi
      if [ $sensitive -eq 1 ]; then
@ -1247,7 +1247,7 @@ check_5_31() {
  fail=0
  docker_sock_containers=""
  for c in $containers; do
-    if docker inspect --format '{{ .Mounts }}' "$c" 2>/dev/null | grep 'docker.sock' >/dev/null 2>&1; then
+    if docker inspect --format '{{ .Mounts }}' "$c" 2>/dev/null | grep -e '.*bind\s\s/\s.*' -e '.*bind\s\s/var\s.*' -e '.*bind\s\s/var/run\s.*' -e '.*bind\s\s/var/run/docker.sock\s.*' >/dev/null 2>&1; then
      # If it's the first container, fail the test
      if [ $fail -eq 0 ]; then
        warn "$check_5_31"