func TestLinuxCapabilitiesSETFCAP() string {
	// copy the testbin into container
	cmd := exec.Command("/bin/sh", "-c", "cp  cases/linuxcapabilities/capabilitytestbin /tmp/testtool")
	_, err := cmd.Output()
	if err != nil {
		log.Fatalf("[specsValidator] linux Capabilities test : init the testbin file error, %v", err)

	linuxspec := setCapability("SETFCAP")
	linuxspec.Spec.Process.Args = []string{"/sbin/setcap", "CAP_SETFCAP=eip", "/testtool/capabilitytestbin"}
	capability := linuxspec.Linux.Capabilities
	configFile := "./config.json"
	err = configconvert.LinuxSpecToConfig(configFile, &linuxspec)
	out, err := adaptor.StartRunc(configFile)
	var result string
	var errout error
	if err != nil {
		result = manager.UNSPPORTED
		errout = errors.New(string(out) + err.Error())
	} else if strings.EqualFold(strings.TrimSpace(string(out)), "") {
		result = manager.PASSED
		errout = nil
	} else {
		result = manager.FAILED
		errout = nil
	var testResult manager.TestResult
	testResult.Set("TestMountTmpfs", capability, errout, result)
	return testResult.Marshal()
func TestLinuxApparmorProfile() string {
	apparmorfile := "testapporprofile"
	linuxspec := setApparmorProfile(apparmorfile)
	result, err := testApparmorProfile(&linuxspec)
	var testResult manager.TestResult
	testResult.Set("TestLinuxApparmorProfile", linuxspec.Linux.ApparmorProfile, err, result)
	return testResult.Marshal()
Example #3
func TestPathError() string {
	linuxspec := setRoot(true, testPathError)
	root := linuxspec.Spec.Root
	result, err := testRoot(&linuxspec, true, testPathError)
	var testResult manager.TestResult
	testResult.Set("TestPathError", root, err, result)
	return testResult.Marshal()
Example #4
func TestPlatformCorrect() string {
	linuxspec := setPlatform(runtime.GOOS, runtime.GOARCH)
	platform := linuxspec.Spec.Platform
	result, err := testPlatform(&linuxspec, runtime.GOOS, runtime.GOARCH)
	var testResult manager.TestResult
	testResult.Set("TestPlatformCorrect", platform, err, result)
	return testResult.Marshal()
Example #5
func TestMountTmpfs() string {
	linuxspec := setMount("tmpfs", "tmpfs", "/mountTest", "")
	mount := linuxspec.Spec.Mounts
	result, err := testMount(&linuxspec)
	var testResult manager.TestResult
	testResult.Set("TestMountTmpfs", mount, err, result)
	return testResult.Marshal()
Example #6
func TestReadOnlyFalse() string {
	linuxspec := setRoot(false, testPathCorrect)
	root := linuxspec.Spec.Root
	result, err := testRoot(&linuxspec, false, testPathCorrect)
	var testResult manager.TestResult
	testResult.Set("TestReadOnlyFalse", root, err, result)
	return testResult.Marshal()
func TestRootfsPropagationShare() string {
	mode := "share"
	linuxspec := setRootfsPropagation(mode)
	result, err := testRootfsPropagationHost(&linuxspec, "linuxrootfspropagation")
	var testResult manager.TestResult
	testResult.Set("TestRootfsPropagationShare", linuxspec.Linux.RootfsPropagation, err, result)
	return testResult.Marshal()
Example #8
func TestVersionCorrect() string {

	linuxspec := setVersion(testValueCorrect)
	version := linuxspec.Spec.Version
	result, err := testVersion(&linuxspec)
	var testResult manager.TestResult
	testResult.Set("TestVersionCorrect", version, err, result)
	return testResult.Marshal()
Example #9
func TestLinuxSelinuxProcessLabel() string {
	labelin := "system_u:system_r:svirt_lxc_net_t:s0:c124,c675"
	linuxspec := setSElinuxLabel(labelin)
	go testSElinuxLabel(&linuxspec)
	result, err := checkProcessLableFromHost(labelin)
	var testResult manager.TestResult
	testResult.Set("TestLinuxSelinuxProcessLabel", linuxspec.Linux.SelinuxProcessLabel, err, result)
	return testResult.Marshal()
Example #10
func TestPlatformErr() string {
	osErr := "osErr"
	archErr := "archErr"
	linuxspec := setPlatform(osErr, archErr)
	platform := linuxspec.Spec.Platform
	result, err := testPlatform(&linuxspec, osErr, archErr)
	var testResult manager.TestResult
	testResult.Set("TestPlatformErr", platform, err, result)
	return testResult.Marshal()
func TestRlimitNOFILEHard() string {
	var rlimitstest specs.Rlimit = specs.Rlimit{
		Type: syscall.RLIMIT_NOFILE,
		Soft: uint64(1024),
		Hard: uint64(20480),
	var testResult manager.TestResult
	linuxspec := setRlimits(rlimitstest)
	result, err := testRlimits(&linuxspec, "-n", strconv.FormatUint(rlimitstest.Hard, 10), false)
	testResult.Set("TestRlimitNOFILEHard", rlimitstest.Hard, err, result)
	return testResult.Marshal()
Example #12
File: uts.go Project: Issacpeng/oct
func TestUtsPathEmpty() string {

	ns := specs.Namespace{Type: "uts",
		Path: ""}

	ls := setUtsSpec(ns)
	result, err := TestPathEmpty(&ls, "/proc/*/ns/uts")

	var testResult manager.TestResult
	testResult.Set("TestUtsPathEmpty", ns, err, result)
	return testResult.Marshal()
Example #13
File: ipc.go Project: Issacpeng/oct
func TestIpcPathUnempty() string {

	ns := specs.Namespace{Type: "ipc",
		Path: "/proc/1/ns/ipc"}

	ls := setIpcSpec(ns)
	result, err := TestPathUnEmpty(&ls, ns.Path)

	var testResult manager.TestResult
	testResult.Set("TestIpcPathUnempty", ns, err, result)
	return testResult.Marshal()
Example #14
func TestMntPathEmpty() string {

	ns := specs.Namespace{Type: "mount",
		Path: ""}

	ls := linuxSpec
	ls.Process.Args = append(ls.Process.Args, "/bin/readlink", "/proc/self/ns/mnt")
	result, err := TestPathEmpty(&ls, "/proc/*/ns/mnt")

	var testResult manager.TestResult
	testResult.Set("TestMntPathEmpty", ns, err, result)
	return testResult.Marshal()
Example #15
func TestBase() string {
	var process specs.Process = specs.Process{
		Terminal: false,
		User: specs.User{
			UID:            0,
			GID:            0,
			AdditionalGids: []int32{},
		Args: []string{"./specprocess"},
		Env:  nil,
		Cwd:  "/containerend",

	linuxspec := setProcess(process)
	newProcess := linuxspec.Spec.Process
	result, err := testProcess(&linuxspec, true)
	var testResult manager.TestResult
	testResult.Set("TestBase", newProcess, err, result)
	return testResult.Marshal()
func TestMemoryLimit() string {
	var testResourceseMemory specs.Resources = specs.Resources{
		Memory: specs.Memory{
			Limit:       204800,
			Reservation: 0,
			Swap:        0,
			Kernel:      0,
			Swappiness:  -1,
	linuxspec := setResources(testResourceseMemory)
	go testResources(&linuxspec)
	time.Sleep(time.Second * 3)
	// defer cleanCgroup()
	defer adaptor.CleanRunc()
	result, err := checkConfigurationFromHost("memory.limit_in_bytes", "204800")
	var testResult manager.TestResult
	testResult.Set("TestMemoryLimit", testResourceseMemory.Memory, err, result)
	return testResult.Marshal()