func setCapability(capabilityname string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
linuxSpec.Linux.Capabilities = []string{capabilityname}
utils.SetBind(&linuxRuntimeSpec, &linuxSpec)
return linuxSpec, linuxRuntimeSpec
}
func TestPathError() string {
linuxspec := setRoot(true, testPathError)
root := linuxspec.Spec.Root
lr := specsinit.SetLinuxruntimeMinimum()
result, err := testRoot(&linuxspec, &lr, true, testPathError)
var testResult manager.TestResult
testResult.Set("TestPathError", root, err, result)
return testResult.Marshal()
}
func TestReadOnlyFalse() string {
linuxspec := setRoot(false, testPathCorrect)
root := linuxspec.Spec.Root
lr := specsinit.SetLinuxruntimeMinimum()
result, err := testRoot(&linuxspec, &lr, false, testPathCorrect)
var testResult manager.TestResult
testResult.Set("TestReadOnlyFalse", root, err, result)
return testResult.Marshal()
}
func setMount(fsName string, fsType string, fsSrc string, fsDes string, fsOpt []string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
var linuxSpec specs.LinuxSpec = specsinit.SetLinuxspecMinimum()
var linuxRuntimeSpec specs.LinuxRuntimeSpec = specsinit.SetLinuxruntimeMinimum()
configMountTest := specs.MountPoint{fsName, fsDes}
runtimeMountTest := specs.Mount{fsType, fsSrc, fsOpt}
linuxSpec.Mounts = append(linuxSpec.Mounts, configMountTest)
linuxRuntimeSpec.Mounts[fsName] = runtimeMountTest
return linuxSpec, linuxRuntimeSpec
}
func TestVersionError() string {
ls := setVersion(testVauleError)
lr := specsinit.SetLinuxruntimeMinimum()
version := ls.Spec.Version
result, err := testVersion(&ls, &lr, false)
var testResult manager.TestResult
testResult.Set("TestVersionError", version, err, result)
return testResult.Marshal()
}
func TestPlatformCorrect() string {
linuxspec := setPlatform(runtime.GOOS, runtime.GOARCH)
platform := linuxspec.Spec.Platform
lr := specsinit.SetLinuxruntimeMinimum()
result, err := testPlatform(&linuxspec, &lr, runtime.GOOS, runtime.GOARCH)
var testResult manager.TestResult
testResult.Set("TestPlatformCorrect", platform, err, result)
return testResult.Marshal()
}
func setProcess(process specs.Process) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
lr := specsinit.SetLinuxruntimeMinimum()
//Bind containerend folder to runc container, thus we can get containerend guest programme
linuxSpec.Spec.Process = process
utils.SetBind(&lr, &linuxSpec)
return linuxSpec, lr
}
func setHooks(thooks []specs.Hook, isPre bool) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
if isPre {
linuxRuntimeSpec.RuntimeSpec.Hooks.Prestart = thooks
} else {
linuxRuntimeSpec.RuntimeSpec.Hooks.Prestart = thooks
}
return linuxSpec, linuxRuntimeSpec
}
func TestPlatformErr() string {
osErr := "osErr"
archErr := "archErr"
linuxspec := setPlatform(osErr, archErr)
platform := linuxspec.Spec.Platform
lr := specsinit.SetLinuxruntimeMinimum()
result, err := testPlatform(&linuxspec, &lr, osErr, archErr)
var testResult manager.TestResult
testResult.Set("TestPlatformErr", platform, err, result)
return testResult.Marshal()
}
func setCgroupspath(path string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
linuxRuntimeSpec.Linux.CgroupsPath = path
// temporary add cgroup filesystem for test
configMountTest := specs.MountPoint{"cgroup", "/sys/fs/cgroup"}
runtimeMountTest := specs.Mount{"cgroup", "cgroup", []string{""}}
linuxSpec.Mounts = append(linuxSpec.Mounts, configMountTest)
linuxRuntimeSpec.Mounts["cgroup"] = runtimeMountTest
return linuxSpec, linuxRuntimeSpec
}
func setRootfsPropagation(mode string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
var initdevice specs.Device = specs.Device{
Type: 99,
Path: "/dev/null",
Major: 1,
Minor: 3,
Permissions: "rwm",
FileMode: 438,
UID: 0,
GID: 0,
}
linuxRuntimeSpec.Linux.Devices = []specs.Device{initdevice}
linuxRuntimeSpec.Linux.RootfsPropagation = mode
return linuxSpec, linuxRuntimeSpec
}
func setDevices(testdevices specs.Device) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
var initdevice specs.Device = specs.Device{
Type: 99,
Path: "/dev/null",
Major: 1,
Minor: 3,
Permissions: "rwm",
FileMode: 438,
UID: 0,
GID: 0,
}
linuxRuntimeSpec.Linux.Devices = []specs.Device{initdevice}
linuxRuntimeSpec.Linux.Devices = append(linuxRuntimeSpec.Linux.Devices, testdevices)
return linuxSpec, linuxRuntimeSpec
}
// The test func for TestCase TestVersionCorrect
func TestVersionCorrect() string {
// Set result to spec.Version, and get specs.LinuxSpec obj
ls := setVersion(testValueCorrect)
// Get smallest specs.LinuxRuntimeSpec obj
lr := specsinit.SetLinuxruntimeMinimum()
version := ls.Spec.Version
// Do test
result, err := testVersion(&ls, &lr, true)
var testResult manager.TestResult
// Set reusult to TestResult
testResult.Set("TestVersionCorrect", version, err, result)
return testResult.Marshal()
}
func setResources(resources specs.Resources) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
linuxRuntimeSpec.Linux.Resources = &resources
return linuxSpec, linuxRuntimeSpec
}
func setRlimits(testrlimits specs.Rlimit) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
linuxRuntimeSpec.Linux.Rlimits = []specs.Rlimit{testrlimits}
return linuxSpec, linuxRuntimeSpec
}
func setSeccomp(sec specs.Seccomp) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
linuxRuntimeSpec.Linux.Seccomp = sec
return linuxSpec, linuxRuntimeSpec
}
func setSElinuxLabel(label string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxSpec := specsinit.SetLinuxspecMinimum()
linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum()
linuxRuntimeSpec.Linux.SelinuxProcessLabel = label
return linuxSpec, linuxRuntimeSpec
}
package linuxapparmorprofile
import (
"errors"
"github.com/huawei-openlab/oct/tools/runtimeValidator/adaptor"
"github.com/huawei-openlab/oct/tools/runtimeValidator/manager"
"github.com/huawei-openlab/oct/tools/runtimeValidator/utils/configconvert"
"github.com/huawei-openlab/oct/tools/runtimeValidator/utils/specsinit"
"github.com/opencontainers/specs"
"os/exec"
"strings"
"time"
)
var linuxSpec specs.LinuxSpec = specsinit.SetLinuxspecMinimum()
var linuxRuntimeSpec specs.LinuxRuntimeSpec = specsinit.SetLinuxruntimeMinimum()
var TestSuiteLinuxApparmorProfile manager.TestSuite = manager.TestSuite{Name: "LinuxSpec.Linux.ApparmorProfile"}
func init() {
TestSuiteLinuxApparmorProfile.AddTestCase("TestLinuxApparmorProfile", TestLinuxApparmorProfile)
manager.Manager.AddTestSuite(TestSuiteLinuxApparmorProfile)
}
func setApparmorProfile(profilename string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
linuxRuntimeSpec.Linux.ApparmorProfile = profilename
linuxSpec.Spec.Process.Args = []string{"/bin/bash", "-c", "sleep 3s"}
return linuxSpec, linuxRuntimeSpec
}
func testApparmorProfile(linuxSpec *specs.LinuxSpec, linuxRuntimeSpec *specs.LinuxRuntimeSpec) (string, error) {