Project

General

Profile

Actions
Copy link

action #176850

open

[Containers] Add test for network isolation

Added by ph03nix about 1 month ago. Updated about 1 hour ago.

Status:
In Progress
Priority:
Normal
Assignee:
rbranco
Target version:
-
Start date:
2025-02-10
Due date:
% Done:

0%

Estimated time:
Tags:
containers, beginner-friendly

Description

We should add a test that checks if the network isolation works as expected [1].

We need to perform the following steps

  1. Create a new (bridge) network with the --internal function
  2. Ensure containers in this network can access the host
  3. Ensure containers in this network cannot access the internet
  4. Ensure containers in this network cannot modify the IP routes (e.g. ip route add default HOSTIP)

Acceptance criteria

  • AC1: A test runs that ensure the --internal function of a podman network works as defined above

Weblinks

[1] https://docs.podman.io/en/latest/markdown/podman-network-create.1.html#internal

Actions
Copy link
 #1

Updated by ph03nix about 1 month ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by rbranco 13 days ago

RFC:

We can check whether this is implemented in the upstream tests and submit it here:
https://github.com/containers/podman/blob/main/test/system/500-networking.bats

Actions
Copy link
 #3

Updated by rbranco 8 days ago

  • Assignee set to rbranco
Actions
Copy link
 #4

Updated by rbranco 8 days ago

  • Status changed from Workable to In Progress
Actions
Copy link
 #5

Updated by rbranco 6 days ago

This option is also present in docker. Will make a test that is runtime agnostic.

Actions
Copy link
 #7

Updated by rbranco 3 days ago ยท Edited

Wrt step 2:
Containers created in internal networks can't access the host, and it makes sense.

Actions
Copy link

Also available in: Atom PDF