tests/integration/no_pivot.bats - third_party/runc - Git at Google

 #!/usr/bin/env bats

 load helpers

 function setup() {
 	setup_busybox
 }

 function teardown() {
 	teardown_bundle
 }

 @test "runc run --no-pivot must not expose bare /proc" {
 	requires root

 	update_config '	  .process.args |= ["unshare", "-mrpf", "sh", "-euxc", "mount -t proc none /proc && echo h > /proc/sysrq-trigger"]
 			| .process.capabilities.bounding += ["CAP_SETFCAP"]
 			| .process.capabilities.permitted += ["CAP_SETFCAP"]'

 	runc run --no-pivot test_no_pivot
 	[ "$status" -eq 1 ]
 	[[ "$output" == *"mount: permission denied"* ]]
 }
	#!/usr/bin/env bats

	load helpers

	function setup() {
	setup_busybox
	}

	function teardown() {
	teardown_bundle
	}

	@test "runc run --no-pivot must not expose bare /proc" {
	requires root

	update_config ' .process.args \|= ["unshare", "-mrpf", "sh", "-euxc", "mount -t proc none /proc && echo h > /proc/sysrq-trigger"]
	\| .process.capabilities.bounding += ["CAP_SETFCAP"]
	\| .process.capabilities.permitted += ["CAP_SETFCAP"]'

	runc run --no-pivot test_no_pivot
	[ "$status" -eq 1 ]
	[[ "$output" == "mount: permission denied" ]]
	}