Exemplo n.º 1
0
func TestSuiteLinuxGidMappings() string {
	addTestUser()
	linuxSpec.Spec.Process.Args = []string{"/bin/bash", "-c", "cat /proc/1/gid_map"}
	//get uid&gid of test account
	testuser, _ := user.Lookup("uidgidtest")
	testuidInt, _ := strconv.ParseInt(testuser.Uid, 10, 32)
	testgidInt, _ := strconv.ParseInt(testuser.Uid, 10, 32)
	//change owner of rootfs
	gopath := os.Getenv("GOPATH")
	if gopath == "" {
		log.Fatalf("utils.setBind error GOPATH == nil")
	}
	rootfspath := gopath + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/rootfs"
	utils.SetRight(rootfspath, int32(testuidInt), int32(testgidInt))
	var uid specs.IDMapping = specs.IDMapping{
		HostID:      int32(testuidInt),
		ContainerID: 0,
		Size:        10,
	}
	var gid specs.IDMapping = specs.IDMapping{
		HostID:      int32(testgidInt),
		ContainerID: 0,
		Size:        10,
	}
	failinfo := "mapping from Host GID to Container GID failed"
	linuxSpec = setIDmappings(uid, gid)
	result, err := testIDmappings(&linuxSpec, true, failinfo)
	var testResult manager.TestResult
	testResult.Set("TestSuiteLinuxGidMappings", gid, err, result)
	cleanTestUser()
	return testResult.Marshal()

}
Exemplo n.º 2
0
func TestSuiteLinuxSeccompGetcwd() string {
	// copy the testbin into container
	var se specs.Seccomp = specs.Seccomp{
		DefaultAction: "SCMP_ACT_ALLOW",
		Syscalls: []*specs.Syscall{
			{
				Name:   "getcwd",
				Action: "SCMP_ACT_ERRNO",
			},
		},
	}
	linuxSpec = setSeccomp(se)

	result := os.Getenv("GOPATH")
	if result == "" {
		log.Fatalf("utils.setBind error GOPATH == nil")
	}
	resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
	utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
	linuxSpec.Spec.Process.Args = []string{"/testtool/linuxseccomp"}
	testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
	linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
	info := ",Name=" + se.Syscalls[0].Name + ", Action=" + string(se.Syscalls[0].Action)
	result, errout := testSeccomp(&linuxSpec, info)
	var testResult manager.TestResult
	testResult.Set("TestSuiteLinuxSeccompGetcwd", se, errout, result)
	return testResult.Marshal()
}
Exemplo n.º 3
0
func testRootfsPropagationHost(linuxSpec *specs.LinuxSpec, guestfilename string) (string, error) {
	//
	configFile := "./config.json"
	propagationmode := linuxSpec.Linux.RootfsPropagation

	cmd := exec.Command("bash", "-c", "touch  rootfs/fspropagationtest/fromhost.txt")
	_, err := cmd.Output()
	if err != nil {
		log.Fatalf("[Specstest] linux rootfs propagation test : touch test file in host error, %v", err)
	}
	// set the config parameters relative to this case
	result := os.Getenv("GOPATH")
	if result == "" {
		log.Fatalf("utils.setBind error GOPATH == nil")
	}
	resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
	utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
	linuxSpec.Spec.Process.Args = []string{"/bin/bash", "-c", "/testtool/" + guestfilename}
	testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
	linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
	linuxSpec.Linux.Capabilities = []string{"AUDIT_WRITE", "KILL", "NET_BIND_SERVICE", "SYS_ADMIN"}
	linuxSpec.Spec.Root.Readonly = false

	err = configconvert.LinuxSpecToConfig(configFile, linuxSpec)
	out_container, err := adaptor.StartRunc(configFile)
	cmd = exec.Command("/bin/bash", "-c", "ls rootfs/fspropagationtest")
	out_host, err := cmd.Output()
	if err != nil {
		log.Fatalf("[Specstest] linux rootfs propagation test : read test file from container (in host) error, %v", err)
		return manager.UNKNOWNERR, err
	}
	var flag_container, flag_host bool
	if strings.Contains(strings.TrimSpace(out_container), "fromhost.txt") {
		flag_container = true
	} else {
		flag_container = false
	}
	if strings.Contains(strings.TrimSpace(string(out_host)), "fromcontainer.txt") {
		flag_host = true
	} else {
		flag_container = false
	}
	switch propagationmode {
	case "slave":
		if flag_container == true && flag_host == false {
			return manager.PASSED, nil
		}
	case "private":
		if flag_container == false && flag_host == false {
			return manager.PASSED, nil
		}
	case "share":
		if flag_container && flag_host {
			return manager.PASSED, nil
		}
	}
	return manager.FAILED, errors.New("RootfsPropagationmode:" + propagationmode + "failed")
}
Exemplo n.º 4
0
func setCapability(capabilityname string) specs.LinuxSpec {
	linuxSpec.Linux.Capabilities = []string{capabilityname}
	result := os.Getenv("GOPATH")
	if result == "" {
		log.Fatalf("utils.setBind error GOPATH == nil")
	}
	resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
	utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
	testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
	linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
	linuxSpec.Process.Cwd = "/testtool"
	return linuxSpec
}
Exemplo n.º 5
0
func setProcess(process specs.Process) specs.LinuxSpec {
	linuxSpec.Spec.Process = process
	//linuxSpec.Spec.Process.Args = append(linuxSpec.Spec.Process.Args, "/specprocess")
	//linuxSpec.Spec.Process.Args[0] = "./specprocess"

	result := os.Getenv("GOPATH")
	if result == "" {
		log.Fatalf("utils.setBind error GOPATH == nil")
	}
	resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
	utils.SetRight(resource, process.User.UID, process.User.GID)
	//linuxSpec.Spec.Mounts[0].Source = resource
	utils.SetBind(&linuxSpec, resource)

	return linuxSpec
}
Exemplo n.º 6
0
func TestSuiteLinuxDevicesFull() string {
	// copy the testbin into container
	var device specs.Device = specs.Device{
		Type:        99,
		Path:        "/dev/full",
		Major:       1,
		Minor:       7,
		Permissions: "rwm",
		FileMode:    438,
		UID:         0,
		GID:         0,
	}
	linuxSpec = setDevices(device)
	gopath := os.Getenv("GOPATH")
	if gopath == "" {
		log.Fatalf("utils.setBind error GOPATH == nil")
	}
	resource := gopath + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
	utils.SetRight(resource, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
	testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
	linuxSpec.Spec.Mounts = append(linuxSpec.Spec.Mounts, testtoolfolder)
	linuxSpec.Spec.Process.Args[0] = "/testtool/linuxdevicesfull"
	configFile := "./config.json"
	err := configconvert.LinuxSpecToConfig(configFile, &linuxSpec)
	out, err := adaptor.StartRunc(configFile)
	var result string
	var errout error
	if err != nil {
		result = manager.UNSPPORTED
		errout = errors.New("StartRunc error :" + out + ", " + err.Error())
	} else if strings.Contains(strings.TrimSpace(out), "echo: write error: No space left on device") {
		result = manager.PASSED
		errout = nil
	} else {
		result = manager.FAILED
		errout = errors.New("device /dev/full is NOT effective")
	}
	var testResult manager.TestResult
	testResult.Set("TestSuiteLinuxDevicesFull", device, errout, result)
	return testResult.Marshal()
}