search

google / gvisor-containerd-shim

containerd shim for gVisor
https://gvisor.dev
Apache License 2.0
80 stars 28 forks source link

critest: privilege escalation #24

Open zhuangqh opened 5 years ago

zhuangqh commented 5 years ago

Problem

critest v1.12

should allow privilege escalation when false

• Failure in Spec Teardown (AfterEach) [4.790 seconds]
[k8s.io] Security Context
/root/go/src/github.com/kubernetes-sigs/cri-tools/pkg/framework/framework.go:72
  NoNewPrivs
  /root/go/src/github.com/kubernetes-sigs/cri-tools/pkg/validate/security_context.go:673
    should allow privilege escalation when false [AfterEach]
    /root/go/src/github.com/kubernetes-sigs/cri-tools/pkg/validate/security_context.go:709

    expected log "Effective uid: 0\n" (stream="stdout") not found in logs [{timestamp:{wall:531788930 ext:63688680097 loc:0x145e220} stream:stdout log:Effective uid: 1000
    }]
    Expected
        <bool>: false
    to be true

    /root/go/src/github.com/kubernetes-sigs/cri-tools/pkg/validate/container.go:544

Version

containerd 1.2 + containerd-shim-runsc-v1 runsc commit 0b768871