func TestSuiteLinuxGidMappings() string {
addTestUser()
linuxSpec.Spec.Process.Args = []string{"/bin/bash", "-c", "cat /proc/1/gid_map"}
//get uid&gid of test account
testuser, _ := user.Lookup("uidgidtest")
testuidInt, _ := strconv.ParseInt(testuser.Uid, 10, 32)
testgidInt, _ := strconv.ParseInt(testuser.Uid, 10, 32)
//change owner of rootfs
gopath := os.Getenv("GOPATH")
if gopath == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
rootfspath := gopath + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/rootfs"
utils.SetRight(rootfspath, int32(testuidInt), int32(testgidInt))
var uid specs.IDMapping = specs.IDMapping{
HostID: int32(testuidInt),
ContainerID: 0,
Size: 10,
}
var gid specs.IDMapping = specs.IDMapping{
HostID: int32(testgidInt),
ContainerID: 0,
Size: 10,
}
failinfo := "mapping from Host GID to Container GID failed"
linuxSpec = setIDmappings(uid, gid)
result, err := testIDmappings(&linuxSpec, true, failinfo)
var testResult manager.TestResult
testResult.Set("TestSuiteLinuxGidMappings", gid, err, result)
cleanTestUser()
return testResult.Marshal()
}
func TestSuiteLinuxSeccompGetcwd() string {
// copy the testbin into container
var se specs.Seccomp = specs.Seccomp{
DefaultAction: "SCMP_ACT_ALLOW",
Syscalls: []*specs.Syscall{
{
Name: "getcwd",
Action: "SCMP_ACT_ERRNO",
},
},
}
linuxSpec = setSeccomp(se)
result := os.Getenv("GOPATH")
if result == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
linuxSpec.Spec.Process.Args = []string{"/testtool/linuxseccomp"}
testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
info := ",Name=" + se.Syscalls[0].Name + ", Action=" + string(se.Syscalls[0].Action)
result, errout := testSeccomp(&linuxSpec, info)
var testResult manager.TestResult
testResult.Set("TestSuiteLinuxSeccompGetcwd", se, errout, result)
return testResult.Marshal()
}
func testRootfsPropagationHost(linuxSpec *specs.LinuxSpec, guestfilename string) (string, error) {
//
configFile := "./config.json"
propagationmode := linuxSpec.Linux.RootfsPropagation
cmd := exec.Command("bash", "-c", "touch rootfs/fspropagationtest/fromhost.txt")
_, err := cmd.Output()
if err != nil {
log.Fatalf("[Specstest] linux rootfs propagation test : touch test file in host error, %v", err)
}
// set the config parameters relative to this case
result := os.Getenv("GOPATH")
if result == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
linuxSpec.Spec.Process.Args = []string{"/bin/bash", "-c", "/testtool/" + guestfilename}
testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
linuxSpec.Linux.Capabilities = []string{"AUDIT_WRITE", "KILL", "NET_BIND_SERVICE", "SYS_ADMIN"}
linuxSpec.Spec.Root.Readonly = false
err = configconvert.LinuxSpecToConfig(configFile, linuxSpec)
out_container, err := adaptor.StartRunc(configFile)
cmd = exec.Command("/bin/bash", "-c", "ls rootfs/fspropagationtest")
out_host, err := cmd.Output()
if err != nil {
log.Fatalf("[Specstest] linux rootfs propagation test : read test file from container (in host) error, %v", err)
return manager.UNKNOWNERR, err
}
var flag_container, flag_host bool
if strings.Contains(strings.TrimSpace(out_container), "fromhost.txt") {
flag_container = true
} else {
flag_container = false
}
if strings.Contains(strings.TrimSpace(string(out_host)), "fromcontainer.txt") {
flag_host = true
} else {
flag_container = false
}
switch propagationmode {
case "slave":
if flag_container == true && flag_host == false {
return manager.PASSED, nil
}
case "private":
if flag_container == false && flag_host == false {
return manager.PASSED, nil
}
case "share":
if flag_container && flag_host {
return manager.PASSED, nil
}
}
return manager.FAILED, errors.New("RootfsPropagationmode:" + propagationmode + "failed")
}
func setCapability(capabilityname string) specs.LinuxSpec {
linuxSpec.Linux.Capabilities = []string{capabilityname}
result := os.Getenv("GOPATH")
if result == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
linuxSpec.Process.Cwd = "/testtool"
return linuxSpec
}
func setProcess(process specs.Process) specs.LinuxSpec {
linuxSpec.Spec.Process = process
//linuxSpec.Spec.Process.Args = append(linuxSpec.Spec.Process.Args, "/specprocess")
//linuxSpec.Spec.Process.Args[0] = "./specprocess"
result := os.Getenv("GOPATH")
if result == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
utils.SetRight(resource, process.User.UID, process.User.GID)
//linuxSpec.Spec.Mounts[0].Source = resource
utils.SetBind(&linuxSpec, resource)
return linuxSpec
}
func TestSuiteLinuxDevicesFull() string {
// copy the testbin into container
var device specs.Device = specs.Device{
Type: 99,
Path: "/dev/full",
Major: 1,
Minor: 7,
Permissions: "rwm",
FileMode: 438,
UID: 0,
GID: 0,
}
linuxSpec = setDevices(device)
gopath := os.Getenv("GOPATH")
if gopath == "" {
log.Fatalf("utils.setBind error GOPATH == nil")
}
resource := gopath + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
linuxSpec.Spec.Process.Args[0] = "/testtool/linuxdevicesfull"
configFile := "./config.json"
err := configconvert.LinuxSpecToConfig(configFile, &linuxSpec)
out, err := adaptor.StartRunc(configFile)
var result string
var errout error
if err != nil {
result = manager.UNSPPORTED
errout = errors.New("StartRunc error :" + out + ", " + err.Error())
} else if strings.Contains(strings.TrimSpace(out), "echo: write error: No space left on device") {
result = manager.PASSED
errout = nil
} else {
result = manager.FAILED
errout = errors.New("device /dev/full is NOT effective")
}
var testResult manager.TestResult
testResult.Set("TestSuiteLinuxDevicesFull", device, errout, result)
return testResult.Marshal()
}