Merge pull request #493 from konstruktoid/ISSUE492

if configured with no-new-privileges, pass check 5.25
2025-01-18 16:22:33 +01:00 · 2021-12-16 10:36:23 +01:00 · 2021-12-16 10:36:23 +01:00 · 1ff4a62836
commit 1ff4a62836
parent 3f3ff4fb2d 0d5874877b
1 changed files with 21 additions and 12 deletions
--- a/tests/5_container_runtime.sh
+++ b/tests/5_container_runtime.sh
@ -970,7 +970,14 @@ check_5_25() {
  starttestjson "$id" "$desc"

  fail=0
+  no_priv_config=0
  addprivs_containers=""
+
+  if get_docker_effective_command_line_args '--no-new-privileges' | grep "no-new-privileges" >/dev/null 2>&1; then
+    no_priv_config=1
+  elif get_docker_configuration_file_args 'no-new-privileges' | grep true >/dev/null 2>&1; then
+    no_priv_config=1
+  else
    for c in $containers; do
      if ! docker inspect --format 'SecurityOpt={{.HostConfig.SecurityOpt }}' "$c" | grep 'no-new-privileges' 2>/dev/null 1>&2; then
        # If it's the first container, fail the test
@ -985,8 +992,10 @@ check_5_25() {
        addprivs_containers="$addprivs_containers $c"
      fi
    done
+  fi
+
  # We went through all the containers and found none with capability to acquire additional privileges
-  if [ $fail -eq 0 ]; then
+  if [ $fail -eq 0 ] || [ $no_priv_config -eq 1 ]; then
    pass -s "$check"
    logcheckresult "PASS"
    return