func setCapability(capabilityname string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	linuxSpec.Linux.Capabilities = []string{capabilityname}
	utils.SetBind(&linuxRuntimeSpec, &linuxSpec)
	return linuxSpec, linuxRuntimeSpec
}
Beispiel #2
0
// Set input value of spec.Version to specs.LinuxSpec obj
func setVersion(testValue string) specs.LinuxSpec {
	// Get smallest set of specs.LinuxSpec
	ls := specsinit.SetLinuxspecMinimum()
	// Set value
	ls.Version = testValue
	return ls
}
Beispiel #3
0
func setMount(fsName string, fsType string, fsSrc string, fsDes string, fsOpt []string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	var linuxSpec specs.LinuxSpec = specsinit.SetLinuxspecMinimum()
	var linuxRuntimeSpec specs.LinuxRuntimeSpec = specsinit.SetLinuxruntimeMinimum()
	configMountTest := specs.MountPoint{fsName, fsDes}
	runtimeMountTest := specs.Mount{fsType, fsSrc, fsOpt}
	linuxSpec.Mounts = append(linuxSpec.Mounts, configMountTest)
	linuxRuntimeSpec.Mounts[fsName] = runtimeMountTest
	return linuxSpec, linuxRuntimeSpec
}
Beispiel #4
0
func setHooks(thooks []specs.Hook, isPre bool) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	if isPre {
		linuxRuntimeSpec.RuntimeSpec.Hooks.Prestart = thooks
	} else {
		linuxRuntimeSpec.RuntimeSpec.Hooks.Prestart = thooks
	}

	return linuxSpec, linuxRuntimeSpec
}
Beispiel #5
0
func setProcess(process specs.Process) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {

	linuxSpec := specsinit.SetLinuxspecMinimum()
	lr := specsinit.SetLinuxruntimeMinimum()

	//Bind containerend folder to runc container, thus we can get containerend guest programme
	linuxSpec.Spec.Process = process
	utils.SetBind(&lr, &linuxSpec)

	return linuxSpec, lr
}
func setCgroupspath(path string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	linuxRuntimeSpec.Linux.CgroupsPath = path
	// temporary add cgroup filesystem for test
	configMountTest := specs.MountPoint{"cgroup", "/sys/fs/cgroup"}
	runtimeMountTest := specs.Mount{"cgroup", "cgroup", []string{""}}
	linuxSpec.Mounts = append(linuxSpec.Mounts, configMountTest)
	linuxRuntimeSpec.Mounts["cgroup"] = runtimeMountTest

	return linuxSpec, linuxRuntimeSpec
}
func setRootfsPropagation(mode string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	var initdevice specs.Device = specs.Device{
		Type:        99,
		Path:        "/dev/null",
		Major:       1,
		Minor:       3,
		Permissions: "rwm",
		FileMode:    438,
		UID:         0,
		GID:         0,
	}
	linuxRuntimeSpec.Linux.Devices = []specs.Device{initdevice}
	linuxRuntimeSpec.Linux.RootfsPropagation = mode
	return linuxSpec, linuxRuntimeSpec
}
Beispiel #8
0
func setDevices(testdevices specs.Device) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	var initdevice specs.Device = specs.Device{
		Type:        99,
		Path:        "/dev/null",
		Major:       1,
		Minor:       3,
		Permissions: "rwm",
		FileMode:    438,
		UID:         0,
		GID:         0,
	}
	linuxRuntimeSpec.Linux.Devices = []specs.Device{initdevice}
	linuxRuntimeSpec.Linux.Devices = append(linuxRuntimeSpec.Linux.Devices, testdevices)
	return linuxSpec, linuxRuntimeSpec
}
Beispiel #9
0
func setPlatform(osValue string, archValue string) specs.LinuxSpec {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxSpec.Platform.OS = osValue
	linuxSpec.Platform.Arch = archValue
	return linuxSpec
}
Beispiel #10
0
func setRlimits(testrlimits specs.Rlimit) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	linuxRuntimeSpec.Linux.Rlimits = []specs.Rlimit{testrlimits}
	return linuxSpec, linuxRuntimeSpec
}
Beispiel #11
0
func setResources(resources specs.Resources) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	linuxRuntimeSpec.Linux.Resources = &resources
	return linuxSpec, linuxRuntimeSpec
}
package linuxapparmorprofile

import (
	"errors"
	"github.com/huawei-openlab/oct/tools/runtimeValidator/adaptor"
	"github.com/huawei-openlab/oct/tools/runtimeValidator/manager"
	"github.com/huawei-openlab/oct/tools/runtimeValidator/utils/configconvert"
	"github.com/huawei-openlab/oct/tools/runtimeValidator/utils/specsinit"
	"github.com/opencontainers/specs"
	"os/exec"
	"strings"
	"time"
)

var linuxSpec specs.LinuxSpec = specsinit.SetLinuxspecMinimum()
var linuxRuntimeSpec specs.LinuxRuntimeSpec = specsinit.SetLinuxruntimeMinimum()

var TestSuiteLinuxApparmorProfile manager.TestSuite = manager.TestSuite{Name: "LinuxSpec.Linux.ApparmorProfile"}

func init() {
	TestSuiteLinuxApparmorProfile.AddTestCase("TestLinuxApparmorProfile", TestLinuxApparmorProfile)
	manager.Manager.AddTestSuite(TestSuiteLinuxApparmorProfile)
}

func setApparmorProfile(profilename string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxRuntimeSpec.Linux.ApparmorProfile = profilename
	linuxSpec.Spec.Process.Args = []string{"/bin/bash", "-c", "sleep 3s"}
	return linuxSpec, linuxRuntimeSpec
}
Beispiel #13
0
func setSeccomp(sec specs.Seccomp) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	linuxRuntimeSpec.Linux.Seccomp = sec
	return linuxSpec, linuxRuntimeSpec
}
Beispiel #14
0
func setRoot(readonlyValue bool, path string) specs.LinuxSpec {
	ls := specsinit.SetLinuxspecMinimum()
	ls.Root.Readonly = readonlyValue
	ls.Root.Path = path
	return ls
}
func setSElinuxLabel(label string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	linuxSpec := specsinit.SetLinuxspecMinimum()
	linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
	linuxRuntimeSpec.Linux.SelinuxProcessLabel = label
	return linuxSpec, linuxRuntimeSpec
}