From 5ba3fa6b53b4c6491252864ae4a70849fe5418d8 Mon Sep 17 00:00:00 2001 From: Mai Bui Date: Wed, 5 Jul 2023 17:22:18 +0000 Subject: [PATCH] make test generic Signed-off-by: Mai Bui --- .../test_container_hardening.py | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tests/container_hardening/test_container_hardening.py b/tests/container_hardening/test_container_hardening.py index 33b1b274bd7..8e9678668cb 100644 --- a/tests/container_hardening/test_container_hardening.py +++ b/tests/container_hardening/test_container_hardening.py @@ -9,15 +9,17 @@ logger = logging.getLogger(__name__) -def test_bgp_dev(duthost): +def test_container_privileged(duthost): """ - Test bgp container has no access to /dev/vda* or /dev/sda* + Test container without --privileged flag has no access to /dev/vda* or /dev/sda* """ - cmd = duthost.shell("docker exec bgp bash -c 'df -h | grep /etc/hosts' | awk '{print $1}'") - rc, device = cmd['rc'], cmd['stdout'] - if rc != 0: - pytest_assert(False, 'Failed to get the device name.') - if not device.startswith('/dev/'): - pytest_assert(False, 'Invalid device {}.'.format(device)) - output = duthost.shell("docker exec bgp bash -c 'ls {}'".format(device), module_ignore_errors=True)['stdout'] - pytest_assert(not output, 'The partition {} exists.'.format(device)) + container_names = duthost.shell(r'docker ps -a --format \{\{.Names\}\}')['stdout_lines'] + for container_name in container_names: + if container_name == 'bgp': + docker_exec_cmd = 'docker exec {} bash -c '.format(container_name) + cmd = duthost.shell(docker_exec_cmd + "'df -h | grep /etc/hosts' | awk '{print $1}'") + rc, device = cmd['rc'], cmd['stdout'] + pytest_assert(rc == 0, 'Failed to get the device name.') + pytest_assert(device.startswith('/dev/'), 'Invalid device {}.'.format(device)) + output = duthost.shell(docker_exec_cmd + "'ls {}'".format(device), module_ignore_errors=True)['stdout'] + pytest_assert(not output, 'The partition {} exists.'.format(device))