Exemplo n.º 1
0
func testFsTypeSupport(fstest string) {

	//set file path
	configjsonFilePath := "./../../source/config.json"
	guestProgrammeFileName := ""
	outputFileName := "mount_fstypesupport_out"
	//setup the guest enviroment
	err := hostsetup.SetupEnv(guestProgrammeFileName, outputFileName)
	if err != nil {
		log.Fatalf("[Specstest] mount filesystem support test: hostsetup.SetupEnv error, %v", err)
	}
	fmt.Println("Host enviroment setting up for runc is already!")

	//read the config.json and edit and convert
	var linuxspec *specs.LinuxSpec
	linuxspec, err = configconvert.ConfigToLinuxSpec(configjsonFilePath)
	if err != nil {
		log.Fatalf("[Specstest] mount filesystem support test: reading config error, %v", err)
	}
	linuxspec.Spec.Root.Path = "./rootfs_rootconfig"
	mountsorigin := specs.Mount{"proc", "proc", "/proc", ""}
	mountsadd := specs.Mount{fstest, "/tmp/test", "/testfs", ""}
	mountsnew := []specs.Mount{mountsorigin, mountsadd}
	linuxspec.Mounts = mountsnew
	err = configconvert.LinuxSpecToConfig(configjsonFilePath, linuxspec)
	if err != nil {
		log.Fatalf("[Specstest] mount filesystem support test:writing config error, %v", err)
	}
	fmt.Println("Host enviroment for runc is already!")

}
Exemplo n.º 2
0
func setMount(fsName string, fsType string, fsSrc string, fsDes string, fsOpt []string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) {
	var linuxSpec specs.LinuxSpec = specsinit.SetLinuxspecMinimum()
	var linuxRuntimeSpec specs.LinuxRuntimeSpec = specsinit.SetLinuxruntimeMinimum()
	configMountTest := specs.MountPoint{fsName, fsDes}
	runtimeMountTest := specs.Mount{fsType, fsSrc, fsOpt}
	linuxSpec.Mounts = append(linuxSpec.Mounts, configMountTest)
	linuxRuntimeSpec.Mounts[fsName] = runtimeMountTest
	return linuxSpec, linuxRuntimeSpec
}
Exemplo n.º 3
0
func addBindMounts(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
	for _, b := range context.StringSlice("bind") {
		var source, dest string
		options := "ro"
		bparts := strings.SplitN(b, ":", 3)
		switch len(bparts) {
		case 2:
			source, dest = bparts[0], bparts[1]
		case 3:
			source, dest, options = bparts[0], bparts[1], bparts[2]
		default:
			return fmt.Errorf("--bind should have format src:dest:[options]")
		}
		name := filepath.Base(source)
		mntName := fmt.Sprintf("%sbind", name)
		spec.Mounts = append(spec.Mounts, specs.MountPoint{Name: mntName, Path: dest})
		defaultOptions := []string{"bind"}
		rspec.Mounts[mntName] = specs.Mount{
			Type:    "bind",
			Source:  source,
			Options: append(defaultOptions, options),
		}
	}
	return nil
}
Exemplo n.º 4
0
func addMountPoint(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
	for _, mps := range context.StringSlice("mountpoint-add") {
		mp := strings.Split(mps, ":")
		if len(mp) == 2 {
			newmp := specs.MountPoint{mp[0], mp[1]}
			spec.Mounts = append(spec.Mounts, newmp)
		} else {
			return fmt.Errorf("mountpoint-add error: %s", mps)
		}
	}
	return nil
}
Exemplo n.º 5
0
func addTmpfsMounts(spec *specs.LinuxSpec, context *cli.Context) error {
	for _, dest := range context.StringSlice("tmpfs") {
		mnt := specs.Mount{
			Destination: dest,
			Type:        "tmpfs",
			Source:      "tmpfs",
			Options:     []string{"nosuid", "nodev", "mode=755"},
		}
		spec.Mounts = append(spec.Mounts, mnt)
	}
	return nil
}
Exemplo n.º 6
0
func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
	spec.Root.Path = context.String("rootfs")
	spec.Root.Readonly = context.Bool("read-only")
	spec.Hostname = context.String("hostname")
	spec.Process.User.UID = uint32(context.Int("uid"))
	spec.Process.User.GID = uint32(context.Int("gid"))
	rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")

	args := context.String("args")
	if args != "" {
		spec.Process.Args = []string{args}
	}

	for _, e := range context.StringSlice("env") {
		spec.Process.Env = append(spec.Process.Env, e)
	}

	groups := context.StringSlice("groups")
	if groups != nil {
		for _, g := range groups {
			groupId, err := strconv.Atoi(g)
			if err != nil {
				return err
			}
			spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
		}
	}

	if err := setupCapabilities(spec, rspec, context); err != nil {
		return err
	}
	setupNamespaces(spec, rspec, context)
	if err := addTmpfsMounts(spec, rspec, context); err != nil {
		return err
	}
	if err := mountCgroups(spec, rspec, context); err != nil {
		return err
	}
	if err := addBindMounts(spec, rspec, context); err != nil {
		return err
	}
	if err := addHooks(spec, rspec, context); err != nil {
		return err
	}
	if err := addRootPropagation(spec, rspec, context); err != nil {
		return err
	}

	return nil
}
Exemplo n.º 7
0
func SetBind(linuxRuntime *specs.LinuxRuntimeSpec, linuxSpec *specs.LinuxSpec) {

	//testtoolfolder := specs.Mount{"bind", resource, "/testtool", "bind"}
	result := os.Getenv("GOPATH")
	if result == "" {
		log.Fatalf("utils.setBind error GOPATH == nil")
	}
	source := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend"
	mountpoint := specs.MountPoint{"bind", "/containerend"}
	linuxSpec.Mounts = append(linuxSpec.Mounts, mountpoint)
	linuxRuntime.Mounts["bind"] = specs.Mount{"bind", source, []string{"bind"}}

	SetRight(source, linuxSpec.Process.User.UID, linuxSpec.Process.User.GID)
}
Exemplo n.º 8
0
func addTmpfsMounts(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
	for _, dest := range context.StringSlice("tmpfs") {
		name := filepath.Base(dest)
		mntName := fmt.Sprintf("%stmpfs", name)
		mnt := specs.MountPoint{Name: mntName, Path: dest}
		spec.Mounts = append(spec.Mounts, mnt)
		rmnt := specs.Mount{
			Type:    "tmpfs",
			Source:  "tmpfs",
			Options: []string{"nosuid", "nodev", "mode=755"},
		}
		rspec.Mounts[mntName] = rmnt
	}
	return nil
}
Exemplo n.º 9
0
func mountCgroups(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
	mountCgroupOption := context.String("mount-cgroups")
	switch mountCgroupOption {
	case "ro":
	case "rw":
	case "no":
		return nil
	default:
		return fmt.Errorf("--mount-cgroups should be one of (ro,rw,no)")
	}

	spec.Mounts = append(spec.Mounts, specs.MountPoint{Name: "cgroup", Path: "/sys/fs/cgroup"})
	rspec.Mounts["cgroup"] = specs.Mount{
		Type:    "cgroup",
		Source:  "cgroup",
		Options: []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption},
	}

	return nil
}
Exemplo n.º 10
0
func mountCgroups(spec *specs.LinuxSpec, context *cli.Context) error {
	mountCgroupOption := context.String("mount-cgroups")
	switch mountCgroupOption {
	case "ro":
	case "rw":
	case "no":
		return nil
	default:
		return fmt.Errorf("--mount-cgroups should be one of (ro,rw,no)")
	}

	mnt := specs.Mount{
		Destination: "/sys/fs/cgroup",
		Type:        "cgroup",
		Source:      "cgroup",
		Options:     []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption},
	}
	spec.Mounts = append(spec.Mounts, mnt)

	return nil
}
Exemplo n.º 11
0
func addBindMounts(spec *specs.LinuxSpec, context *cli.Context) error {
	for _, b := range context.StringSlice("bind") {
		var source, dest string
		options := "ro"
		bparts := strings.SplitN(b, ":", 3)
		switch len(bparts) {
		case 2:
			source, dest = bparts[0], bparts[1]
		case 3:
			source, dest, options = bparts[0], bparts[1], bparts[2]
		default:
			return fmt.Errorf("--bind should have format src:dest:[options]")
		}
		defaultOptions := []string{"bind"}
		mnt := specs.Mount{
			Destination: dest,
			Type:        "bind",
			Source:      source,
			Options:     append(defaultOptions, options),
		}
		spec.Mounts = append(spec.Mounts, mnt)
	}
	return nil
}
Exemplo n.º 12
0
// If systemd is supporting sd_notify protocol, this function will add support
// for sd_notify protocol from within the container.
func setupSdNotify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, notifySocket string) {
	mountName := "sdNotify"
	spec.Mounts = append(spec.Mounts, specs.MountPoint{Name: mountName, Path: notifySocket})
	spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", notifySocket))
	rspec.Mounts[mountName] = specs.Mount{Type: "bind", Source: notifySocket, Options: []string{"bind"}}
}
Exemplo n.º 13
0
// If systemd is supporting sd_notify protocol, this function will add support
// for sd_notify protocol from within the container.
func setupSdNotify(spec *specs.LinuxSpec, notifySocket string) {
	spec.Mounts = append(spec.Mounts, specs.Mount{Destination: notifySocket, Type: "bind", Source: notifySocket, Options: []string{"bind"}})
	spec.Process.Env = append(spec.Process.Env, fmt.Sprintf("NOTIFY_SOCKET=%s", notifySocket))
}
Exemplo n.º 14
0
func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
	spec.Root.Path = context.String("rootfs")
	spec.Root.Readonly = context.Bool("read-only")
	spec.Hostname = context.String("hostname")
	spec.Process.User.UID = uint32(context.Int("uid"))
	spec.Process.User.GID = uint32(context.Int("gid"))
	rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")
	spec.Version = context.String("version")
	spec.Platform.OS = context.String("os")
	spec.Platform.Arch = context.String("arch")
	spec.Process.Cwd = context.String("cwd")
	spec.Process.Terminal = context.Bool("terminal")
	rspec.Linux.CgroupsPath = context.String("cgroupspath")
	rspec.Linux.ApparmorProfile = context.String("apparmor")
	rspec.Linux.Resources.DisableOOMKiller = context.Bool("disableoomiller")
	rspec.Linux.Resources.Pids.Limit = int64(context.Int("pids"))
	rspec.Linux.Resources.Network.ClassID = context.String("networkid")

	for i, a := range context.StringSlice("args") {
		if i == 0 {
			//Replace "sh" from getDefaultTemplate()
			spec.Process.Args[0] = a
		} else {
			spec.Process.Args = append(spec.Process.Args, a)
		}
	}

	for _, e := range context.StringSlice("env") {

		spec.Process.Env = append(spec.Process.Env, e)
	}

	groups := context.StringSlice("groups")
	if groups != nil {
		for _, g := range groups {
			groupId, err := strconv.Atoi(g)
			if err != nil {
				return err
			}
			spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
		}
	}
	if err := setupCapabilities(spec, rspec, context); err != nil {
		return err
	}
	setupNamespaces(spec, rspec, context)
	if err := addTmpfsMounts(spec, rspec, context); err != nil {
		return err
	}
	if err := mountCgroups(spec, rspec, context); err != nil {
		return err
	}
	if err := addBindMounts(spec, rspec, context); err != nil {
		return err
	}
	if err := addHooks(spec, rspec, context); err != nil {
		return err
	}
	if err := addRootPropagation(spec, rspec, context); err != nil {
		return err
	}
	if err := addMountPoint(spec, rspec, context); err != nil {
		return err
	}
	if err := setUIDMappings(spec, rspec, context); err != nil {
		return err
	}
	if err := setGIDMappings(spec, rspec, context); err != nil {
		return err
	}
	if err := setRlimits(spec, rspec, context); err != nil {
		return err
	}
	if err := setSysctl(spec, rspec, context); err != nil {
		return err
	}
	if err := addDevice(spec, rspec, context); err != nil {
		return err
	}
	if err := setSeccompDefaultAction(spec, rspec, context); err != nil {
		return err
	}
	if err := addSeccompArchitectures(spec, rspec, context); err != nil {
		return err
	}
	if err := addSeccompSyscalls(spec, rspec, context); err != nil {
		return err
	}
	if err := addHugepageLimit(spec, rspec, context); err != nil {
		return err
	}
	if err := addNetworkPriority(spec, rspec, context); err != nil {
		return err
	}
	if err := addMounts(spec, rspec, context); err != nil {
		return err
	}
	if err := addBlockIO(spec, rspec, context); err != nil {
		return err
	}
	if err := setResourceMemory(spec, rspec, context); err != nil {
		return err
	}
	if err := setResourceCPU(spec, rspec, context); err != nil {
		return err
	}
	return nil
}
Exemplo n.º 15
0
func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
	spec.Root.Path = context.String("rootfs")
	spec.Root.Readonly = context.Bool("read-only")
	spec.Hostname = context.String("hostname")
	spec.Process.User.UID = uint32(context.Int("uid"))
	spec.Process.User.GID = uint32(context.Int("gid"))
	rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")
	spec.Platform.OS = context.String("os")
	spec.Platform.Arch = context.String("arch")
	spec.Process.Cwd = context.String("cwd")

	for i, a := range context.StringSlice("args") {
		if a != "" {
			if i == 0 {
				//Replace "sh" from getDefaultTemplate()
				spec.Process.Args[0] = a
			} else {
				spec.Process.Args = append(spec.Process.Args, a)
			}
		}
	}

	for _, e := range context.StringSlice("env") {
		spec.Process.Env = append(spec.Process.Env, e)
	}

	groups := context.StringSlice("groups")
	if groups != nil {
		for _, g := range groups {
			groupId, err := strconv.Atoi(g)
			if err != nil {
				return err
			}
			spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
		}
	}

	if err := setupCapabilities(spec, rspec, context); err != nil {
		return err
	}
	setupNamespaces(spec, rspec, context)
	if err := addTmpfsMounts(spec, rspec, context); err != nil {
		return err
	}
	if err := mountCgroups(spec, rspec, context); err != nil {
		return err
	}
	if err := addBindMounts(spec, rspec, context); err != nil {
		return err
	}
	if err := addHooks(spec, rspec, context); err != nil {
		return err
	}
	if err := addRootPropagation(spec, rspec, context); err != nil {
		return err
	}
	if err := addIDMappings(spec, rspec, context); err != nil {
		return err
	}

	return nil
}