test/integration: Automate manual selinux test

Signed-off-by: Monika Kairaityte <[email protected]>

Author: mokibit

tests/integration/selinux/docker-compose.yml

@@ -1,14 +1,18 @@
 version: "3"
 services:
-  web1:
+  container1:
     image: busybox
-    command: httpd -f -p 80 -h /var/www/html
+    command: ["busybox", "sleep", "infinity"]
     volumes:
       - type: bind
-        source: ./docker-compose.yml
-        target: /var/www/html/index.html
+        source: ./host_test_text.txt
+        target: /test_text.txt
         bind:
           selinux: z
-    ports:
-      - "8080:80"
-
+  container2:
+    image: busybox
+    command: ["busybox", "sleep", "infinity"]
+    volumes:
+      - type: bind
+        source: ./host_test_text.txt
+        target: /test_text.txt

tests/integration/selinux/test_podman_compose_selinux.py

@@ -0,0 +1,69 @@
+# SPDX-License-Identifier: GPL-2.0
+
+import json
+import os
+import unittest
+
+from tests.integration.test_utils import RunSubprocessMixin
+from tests.integration.test_utils import podman_compose_path
+from tests.integration.test_utils import test_path
+
+
+class TestPodmanCompose(unittest.TestCase, RunSubprocessMixin):
+    def setUp(self):
+        # there must be a source file in the host for volumes type: bind
+        head, tail = os.path.split(podman_compose_path())
+        self.path_to_host_test_file = head + "/host_test_text.txt"
+        self.run_subprocess(["touch", self.path_to_host_test_file])
+
+    def tearDown(self):
+        self.run_subprocess(["rm", self.path_to_host_test_file])
+
+    def test_selinux(self):
+        # test if when using volumes type:bind with selinux:z option, container ackquires a
+        # respective host:source:z mapping in CreateCommand list
+        compose_path = os.path.join(test_path(), "selinux", "docker-compose.yml")
+        try:
+            self.run_subprocess_assert_returncode([
+                podman_compose_path(),
+                "-f",
+                compose_path,
+                "up",
+                "-d",
+                "container1",
+            ])
+            (
+                self.run_subprocess_assert_returncode([
+                    podman_compose_path(),
+                    "-f",
+                    compose_path,
+                    "up",
+                    "-d",
+                    "container2",
+                ]),
+            )
+
+            out, _ = self.run_subprocess_assert_returncode([
+                "podman",
+                "inspect",
+                "selinux_container1_1",
+            ])
+            inspect_out = json.loads(out)
+            create_command_map = inspect_out[0].get("Config", {}).get("CreateCommand", {})
+            self.assertIn('./host_test_text.txt:/test_text.txt:z', create_command_map)
+
+            out, _ = self.run_subprocess_assert_returncode([
+                "podman",
+                "inspect",
+                "selinux_container2_1",
+            ])
+            inspect_out = json.loads(out)
+            create_command_map = inspect_out[0].get("Config", {}).get("CreateCommand", {})
+            self.assertNotIn('./host_test_text.txt:/test_text.txt:z', create_command_map)
+        finally:
+            out, _ = self.run_subprocess_assert_returncode([
+                podman_compose_path(),
+                "-f",
+                compose_path,
+                "down",
+            ])