kola/docker: make selinux optional

`selinux` support is going to be disabled on the next shipped Docker. To keep compatibility with current releases, selinux is made optional: we just assert that at least `seccomp`, `selinux` or both are enabled. this commit will be reverted once SELinux will be back on Flatcar Signed-off-by: Mathieu Tortuyaux <mathieu@kinvolk.io>
flatcar · Jun 15, 2021 · 9101e70 · 9101e70
1 parent 5a60b1d
commit 9101e70
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/kola/tests/docker/docker.go b/kola/tests/docker/docker.go
@@ -19,7 +19,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"reflect"
 	"sort"
 	"strings"
 	"time"
@@ -181,6 +180,7 @@ systemd:
       [Service]
       Type=notify
       EnvironmentFile=-/run/flannel/flannel_docker_opts.env
+      Environment=DOCKER_OPTS=--selinux-enabled=false
 
       # the default is not to use systemd for cgroups because the delegate issues still
       # exists and systemd currently does not support the cgroup feature set required
@@ -586,7 +586,7 @@ func testDockerInfo(expectedFs string, c cluster.TestCluster) {
 	}
 
 	// Validations shared by all versions currently
-	if !reflect.DeepEqual(info.SecurityOptions, []string{"seccomp", "selinux"}) {
+	if !hasSecurityOptions(info.SecurityOptions) {
 		c.Errorf("unexpected security options: %+v", info.SecurityOptions)
 	}
 
@@ -610,3 +610,17 @@ func testDockerInfo(expectedFs string, c cluster.TestCluster) {
 		c.Errorf("runc was not in runtimes: %+v", info.Runtimes)
 	}
 }
+
+// hasSecurityOptions strictly checks that at least one of
+// the Docker security option is enabled (seccomp, selinux).
+func hasSecurityOptions(opts []string) bool {
+	for _, opt := range opts {
+		switch opt {
+		case "selinux", "seccomp":
+		default:
+			return false
+		}
+	}
+
+	return true
+}