ci: Don't run unit tests in a privileged container

The unit tests require some specific Linux capabilities and also to have access to /dev/kvm device. This commit makes sure we enable only what's necessary instead of blindly enable full priviliges with --privileged option. Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com> (cherry picked from commit 7fabca35487d2218a5b42eaf6d225ff95a0a6840)
2025-03-07 17:26:14 +00:00 · 2020-02-17 16:26:10 +01:00 · 2020-02-17 16:26:10 +01:00 · 4a62821e07
commit 4a62821e07
parent 548ef43ca2
1 changed files with 3 additions and 2 deletions
--- a/scripts/dev_cli.sh
+++ b/scripts/dev_cli.sh
@ -223,8 +223,9 @@ cmd_tests() {
 	       -ti \
 	       --workdir "$CTR_CLH_ROOT_DIR" \
 	       --rm \
-	       --privileged \
-	       --volume /dev:/dev \
+	       --device /dev/kvm \
+	       --device /dev/net/tun \
+	       --cap-add net_admin \
 	       --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
 	       "$CTR_IMAGE" \
 	       ./scripts/run_unit_tests.sh "$@"