ci: Don't run unit tests in a privileged container

The unit tests require some specific Linux capabilities and also to have access to /dev/kvm device. This commit makes sure we enable only what's necessary instead of blindly enable full priviliges with --privileged option. Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2025-01-03 03:15:20 +00:00 · 2020-02-17 16:26:10 +01:00 · 2020-02-17 16:26:10 +01:00 · 7fabca3548
commit 7fabca3548
parent 27247164b5
1 changed files with 3 additions and 2 deletions
--- a/scripts/dev_cli.sh
+++ b/scripts/dev_cli.sh
@ -233,8 +233,9 @@ cmd_tests() {
 	$DOCKER_RUNTIME run \
 	       --workdir "$CTR_CLH_ROOT_DIR" \
 	       --rm \
-	       --privileged \
-	       --volume /dev:/dev \
+	       --device /dev/kvm \
+	       --device /dev/net/tun \
+	       --cap-add net_admin \
 	       --volume "$CLH_ROOT_DIR:$CTR_CLH_ROOT_DIR" \
 	       "$CTR_IMAGE" \
 	       ./scripts/run_unit_tests.sh "$@" || fix_dir_perms $? || exit $?