ci: Don't run unit tests in a privileged container

The unit tests require some specific Linux capabilities and also to have
access to /dev/kvm device. This commit makes sure we enable only what's
necessary instead of blindly enable full priviliges with --privileged
option.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
(cherry picked from commit 7fabca3548)
This commit is contained in:
Sebastien Boeuf 2020-02-17 16:26:10 +01:00 committed by Rob Bradford
parent 548ef43ca2
commit 4a62821e07

View File

@ -223,8 +223,9 @@ cmd_tests() {
-ti \ -ti \
--workdir "$CTR_CLH_ROOT_DIR" \ --workdir "$CTR_CLH_ROOT_DIR" \
--rm \ --rm \
--privileged \ --device /dev/kvm \
--volume /dev:/dev \ --device /dev/net/tun \
--cap-add net_admin \
--volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \ --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
"$CTR_IMAGE" \ "$CTR_IMAGE" \
./scripts/run_unit_tests.sh "$@" ./scripts/run_unit_tests.sh "$@"