func TestSuiteLinuxSeccompGetcwd() string {
// copy the testbin into container
var se specs.Seccomp = specs.Seccomp{
DefaultAction: "SCMP_ACT_ALLOW",
Syscalls: []*specs.Syscall{
{
Name: "getcwd",
Action: "SCMP_ACT_ERRNO",
},
},
}
linuxSpec = setSeccomp(se)
result := os.Getenv("GOPATH")
if result == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
linuxSpec.Spec.Process.Args = []string{"/testtool/linuxseccomp"}
testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
info := ",Name=" + se.Syscalls[0].Name + ", Action=" + string(se.Syscalls[0].Action)
result, errout := testSeccomp(&linuxSpec, info)
var testResult manager.TestResult
testResult.Set("TestSuiteLinuxSeccompGetcwd", se, errout, result)
return testResult.Marshal()
}
func TestCpuQuota() string {
var testResourceCPU specs.Resources = specs.Resources{
CPU: specs.CPU{
Shares: 0,
Quota: 20000,
Period: 0,
RealtimeRuntime: 0,
RealtimePeriod: 0,
Cpus: "",
Mems: "",
},
}
linuxspec, linuxruntimespec := setResources(testResourceCPU)
failinfo := "CPU Quota"
c := make(chan bool)
go func() {
testResources(&linuxspec, &linuxruntimespec)
close(c)
}()
result, err := checkConfigurationFromHost("cpu", "cpu.cfs_quota_us", "20000", failinfo)
<-c
var testResult manager.TestResult
testResult.Set("TestMemoryLimit", testResourceCPU.CPU, err, result)
adaptor.DeleteRun()
return testResult.Marshal()
}
func TestBlockIOWeight() string {
var testResourceBlockIO specs.Resources = specs.Resources{
BlockIO: specs.BlockIO{
Weight: 300,
WeightDevice: nil,
ThrottleReadBpsDevice: nil,
ThrottleWriteBpsDevice: nil,
ThrottleReadIOPSDevice: nil,
ThrottleWriteIOPSDevice: nil,
},
}
linuxspec, linuxruntimespec := setResources(testResourceBlockIO)
failinfo := "BlockIO Weight"
c := make(chan bool)
go func() {
testResources(&linuxspec, &linuxruntimespec)
close(c)
}()
result, err := checkConfigurationFromHost("blkio", "blkio.weight", "300", failinfo)
<-c
var testResult manager.TestResult
testResult.Set("TestBlockIOWeight", testResourceBlockIO.BlockIO, err, result)
adaptor.DeleteRun()
return testResult.Marshal()
}
func TestSuiteLinuxGidMappings() string {
addTestUser()
linuxSpec.Spec.Process.Args = []string{"/bin/bash", "-c", "cat /proc/1/gid_map"}
//get uid&gid of test account
testuser, _ := user.Lookup("uidgidtest")
testuidInt, _ := strconv.ParseInt(testuser.Uid, 10, 32)
testgidInt, _ := strconv.ParseInt(testuser.Uid, 10, 32)
//change owner of rootfs
gopath := os.Getenv("GOPATH")
if gopath == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
rootfspath := gopath + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/rootfs"
utils.SetRight(rootfspath, int32(testuidInt), int32(testgidInt))
var uid specs.IDMapping = specs.IDMapping{
HostID: int32(testuidInt),
ContainerID: 0,
Size: 10,
}
var gid specs.IDMapping = specs.IDMapping{
HostID: int32(testgidInt),
ContainerID: 0,
Size: 10,
}
failinfo := "mapping from Host GID to Container GID failed"
linuxSpec = setIDmappings(uid, gid)
result, err := testIDmappings(&linuxSpec, true, failinfo)
var testResult manager.TestResult
testResult.Set("TestSuiteLinuxGidMappings", gid, err, result)
cleanTestUser()
return testResult.Marshal()
}
func TestLinuxCapabilitiesSETFCAP() string {
linuxspec, linuxruntimespec := setCapability("CAP_SETFCAP")
linuxspec.Spec.Process.Args = []string{"/sbin/setcap", "CAP_SETFCAP=eip", "/containerend/linuxcapabilities"}
capability := linuxspec.Linux.Capabilities
configFile := "./config.json"
runtimeFile := "./runtime.json"
err := configconvert.LinuxSpecToConfig(configFile, &linuxspec)
err = configconvert.LinuxRuntimeToConfig(runtimeFile, &linuxruntimespec)
out, err := adaptor.StartRunc(configFile, runtimeFile)
var result string
var errout error
if err != nil {
result = manager.UNSPPORTED
errout = errors.New(string(out) + err.Error())
} else if strings.EqualFold(strings.TrimSpace(string(out)), "") {
result = manager.PASSED
errout = nil
} else {
result = manager.FAILED
errout = errors.New("test Capabilities CAP_SETFCAP NOT does''t work")
}
var testResult manager.TestResult
testResult.Set("TestMountTmpfs", capability, errout, result)
return testResult.Marshal()
}
func TestLinuxApparmorProfile() string {
apparmorfile := "testapporprofile"
linuxspec := setApparmorProfile(apparmorfile)
result, err := testApparmorProfile(&linuxspec)
var testResult manager.TestResult
testResult.Set("TestLinuxApparmorProfile", linuxspec.Linux.ApparmorProfile, err, result)
return testResult.Marshal()
}
func TestLinuxSelinuxProcessLabel() string {
labelin := "system_u:system_r:svirt_lxc_net_t:s0:c124,c675"
linuxspec := setSElinuxLabel(labelin)
result, err := testSElinuxLabel(&linuxspec)
var testResult manager.TestResult
testResult.Set("TestLinuxSelinuxProcessLabel", linuxspec.Linux.SelinuxProcessLabel, err, result)
return testResult.Marshal()
}
func TestCgroupspath() string {
cgpath := "/cgroupspathtest/testcontainer"
linuxspec, linuxruntimespec := setCgroupspath(cgpath)
result, err := testCgroupspath(&linuxspec, &linuxruntimespec)
var testResult manager.TestResult
testResult.Set("TestCgroupspath", cgpath, err, result)
return testResult.Marshal()
}
func TestLinuxApparmorProfile() string {
apparmorfile := "testapporprofile"
linuxspec, linuxruntimespec := setApparmorProfile(apparmorfile)
result, err := testApparmorProfile(&linuxspec, &linuxruntimespec)
adaptor.DeleteRun()
var testResult manager.TestResult
testResult.Set("TestLinuxApparmorProfile", linuxRuntimeSpec.Linux.ApparmorProfile, err, result)
return testResult.Marshal()
}
func TestVersionCorrect() string {
linuxspec := setVersion(testValueCorrect)
version := linuxspec.Spec.Version
result, err := testVersion(&linuxspec)
var testResult manager.TestResult
testResult.Set("TestVersionCorrect", version, err, result)
return testResult.Marshal()
}
func TestPathError() string {
linuxspec := setRoot(true, testPathError)
root := linuxspec.Spec.Root
lr := specsinit.SetLinuxruntimeMinimum()
result, err := testRoot(&linuxspec, &lr, true, testPathError)
var testResult manager.TestResult
testResult.Set("TestPathError", root, err, result)
return testResult.Marshal()
}
func TestReadOnlyFalse() string {
linuxspec := setRoot(false, testPathCorrect)
root := linuxspec.Spec.Root
lr := specsinit.SetLinuxruntimeMinimum()
result, err := testRoot(&linuxspec, &lr, false, testPathCorrect)
var testResult manager.TestResult
testResult.Set("TestReadOnlyFalse", root, err, result)
return testResult.Marshal()
}
func TestPlatformCorrect() string {
linuxspec := setPlatform(runtime.GOOS, runtime.GOARCH)
platform := linuxspec.Spec.Platform
lr := specsinit.SetLinuxruntimeMinimum()
result, err := testPlatform(&linuxspec, &lr, runtime.GOOS, runtime.GOARCH)
var testResult manager.TestResult
testResult.Set("TestPlatformCorrect", platform, err, result)
return testResult.Marshal()
}
func TestVersionError() string {
ls := setVersion(testVauleError)
lr := specsinit.SetLinuxruntimeMinimum()
version := ls.Spec.Version
result, err := testVersion(&ls, &lr, false)
var testResult manager.TestResult
testResult.Set("TestVersionError", version, err, result)
return testResult.Marshal()
}
func TestSysctlNetIpv4IpForward() string {
sysctlInput := make(map[string]string)
sysctlInput["net.ipv4.ip_forward"] = "4"
failinfo := " set net.ipv4.ip_forward failed"
var testResult manager.TestResult
linuxspec, linuxruntimespec := setSysctls(sysctlInput)
result, err := testSysctls(&linuxspec, &linuxruntimespec, failinfo)
testResult.Set("TestSysctlNetIpv4IpForward", sysctlInput, err, result)
return testResult.Marshal()
}
func TestMountSysfs() string {
opts := []string{}
linuxspec, linuxruntimespec := setMount("sysfs", "sysfs", "sysfs", "/mountTest", opts)
mount := linuxspec.Spec.Mounts
failinfo := "Sysfs failed"
result, err := testMount(&linuxspec, &linuxruntimespec, failinfo)
var testResult manager.TestResult
testResult.Set("TestMountSysfs", mount, err, result)
return testResult.Marshal()
}
func TestMountCgroup() string {
opts := []string{"nosuid", "noexec", "nodev", "relatime", "ro"}
linuxspec, linuxruntimespec := setMount("cgroup", "cgroup", "cgroup", "/mountTest", opts)
mount := linuxspec.Spec.Mounts
failinfo := "Cgroup failed"
result, err := testMount(&linuxspec, &linuxruntimespec, failinfo)
var testResult manager.TestResult
testResult.Set("TestMountCgroup", mount, err, result)
return testResult.Marshal()
}
func TestSysctlNetCoreSomaxconn() string {
sysctlInput := make(map[string]string)
sysctlInput["net.core.somaxconn"] = "192"
failinfo := " set net.core.somaxconn"
var testResult manager.TestResult
linuxspec, linuxruntimespec := setSysctls(sysctlInput)
result, err := testSysctls(&linuxspec, &linuxruntimespec, failinfo)
testResult.Set("TestSysctlNetCoreSomaxconn", sysctlInput, err, result)
return testResult.Marshal()
}
func TestRootfsPropagationShare() string {
mkdir()
mode := "share"
linuxspec := setRootfsPropagation(mode)
result, err := testRootfsPropagationHost(&linuxspec, "linuxrootfspropagation")
var testResult manager.TestResult
testResult.Set("TestRootfsPropagationShare", linuxspec.Linux.RootfsPropagation, err, result)
rmdir()
return testResult.Marshal()
}
func TestRlimitNOFILESoft() string {
var rlimitstest specs.Rlimit = specs.Rlimit{
Type: syscall.RLIMIT_NOFILE,
Soft: uint64(2048),
Hard: uint64(4096),
}
var testResult manager.TestResult
linuxspec := setRlimits(rlimitstest)
result, err := testRlimits(&linuxspec, "-n", strconv.FormatUint(rlimitstest.Soft, 10), true)
testResult.Set("TestRlimitNOFILESoft", rlimitstest.Soft, err, result)
return testResult.Marshal()
}
func TestNetPathEmpty() string {
ns := specs.Namespace{Type: "network",
Path: ""}
ls := setNetSpec(ns)
result, err := TestPathEmpty(&ls, "/proc/*/ns/net")
var testResult manager.TestResult
testResult.Set("TestNetPathEmpty", ns, err, result)
return testResult.Marshal()
}
func TestIpcPathUnempty() string {
ns := specs.Namespace{Type: "ipc",
Path: "/proc/1/ns/ipc"}
ls := setIpcSpec(ns)
result, err := TestPathUnEmpty(&ls, ns.Path)
var testResult manager.TestResult
testResult.Set("TestIpcPathUnempty", ns, err, result)
return testResult.Marshal()
}
func TestRlimitNOFILEHard() string {
var rlimitstest specs.Rlimit = specs.Rlimit{
Type: "RLIMIT_NOFILE",
Soft: uint64(1024),
Hard: uint64(20480),
}
var testResult manager.TestResult
linuxspec, linuxruntimespec := setRlimits(rlimitstest)
result, err := testRlimits(&linuxspec, &linuxruntimespec, "-n", strconv.FormatUint(rlimitstest.Hard, 10), false)
testResult.Set("TestRlimitNOFILEHard", rlimitstest.Hard, err, result)
return testResult.Marshal()
}
func TestPidPathEmpty() string {
ns := specs.Namespace{Type: "pid",
Path: ""}
ls, lrs := setPidSpec(ns)
result, err := TestPathEmpty(&ls, &lrs, "/proc/*/ns/pid")
var testResult manager.TestResult
testResult.Set("TestPidPathEmpty", ns, err, result)
return testResult.Marshal()
}
func TestPlatformErr() string {
osErr := "osErr"
archErr := "archErr"
linuxspec := setPlatform(osErr, archErr)
platform := linuxspec.Spec.Platform
lr := specsinit.SetLinuxruntimeMinimum()
result, err := testPlatform(&linuxspec, &lr, osErr, archErr)
var testResult manager.TestResult
testResult.Set("TestPlatformErr", platform, err, result)
return testResult.Marshal()
}
func TestMntPathEmpty() string {
ns := specs.Namespace{Type: "mount",
Path: ""}
ls := linuxSpec
ls.Process.Args = append(ls.Process.Args, "/bin/readlink", "/proc/self/ns/mnt")
result, err := TestPathEmpty(&ls, "/proc/*/ns/mnt")
var testResult manager.TestResult
testResult.Set("TestMntPathEmpty", ns, err, result)
return testResult.Marshal()
}
func TestUtsPathUnempty() string {
ns := specs.Namespace{Type: "uts",
Path: "/proc/1/ns/uts"}
ls, lrs := setUtsSpec(ns)
result, err := TestPathUnEmpty(&ls, &lrs, ns.Path)
var testResult manager.TestResult
testResult.Set("TestUtsPathUnempty", ns, err, result)
return testResult.Marshal()
}
func TestLinuxHooksPrestart() string {
var pre []specs.Hook = []specs.Hook{
{
Path: "/bin/bash",
Args: []string{"-c", "touch /testHooksPrestart.txt"},
Env: []string{""},
},
}
var testResult manager.TestResult
linuxspec, linuxruntimespec := setHooks(pre, true)
info := "may be not support"
result, err := testHooks(&linuxspec, &linuxruntimespec, "testHooksPrestart.txt", info)
testResult.Set("TestSuiteLinuxHooksPrestart", pre, err, result)
return testResult.Marshal()
}
func TestSuiteLinuxHooksPrestart() string {
var pre []specs.Hook = []specs.Hook{
{
Path: "/bin/bash",
Args: []string{"-c", "touch /testHooksPrestart.txt"},
Env: []string{""},
},
}
var testResult manager.TestResult
linuxspec := setHooks(pre, true)
info := " :Prestart Path=" + pre[0].Path
result, err := testHooks(&linuxspec, "testHooksPrestart.txt", info)
testResult.Set("TestSuiteLinuxHooksPrestart", linuxspec.Hooks.Prestart, err, result)
return testResult.Marshal()
}
// The test func for TestCase TestVersionCorrect
func TestVersionCorrect() string {
// Set result to spec.Version, and get specs.LinuxSpec obj
ls := setVersion(testValueCorrect)
// Get smallest specs.LinuxRuntimeSpec obj
lr := specsinit.SetLinuxruntimeMinimum()
version := ls.Spec.Version
// Do test
result, err := testVersion(&ls, &lr, true)
var testResult manager.TestResult
// Set reusult to TestResult
testResult.Set("TestVersionCorrect", version, err, result)
return testResult.Marshal()
}