func setCapability(capabilityname string) (specs.LinuxSpec, specs.LinuxRuntimeSpec) { linuxSpec := specsinit.SetLinuxspecMinimum() linuxRuntimeSpec := specsinit.SetLinuxruntimeMinimum() linuxSpec.Linux.Capabilities = []string{capabilityname} utils.SetBind(&linuxRuntimeSpec, &linuxSpec) return linuxSpec, linuxRuntimeSpec }
func setProcess(process specs.Process) (specs.LinuxSpec, specs.LinuxRuntimeSpec) { linuxSpec := specsinit.SetLinuxspecMinimum() lr := specsinit.SetLinuxruntimeMinimum() //Bind containerend folder to runc container, thus we can get containerend guest programme linuxSpec.Spec.Process = process utils.SetBind(&lr, &linuxSpec) return linuxSpec, lr }
func testRootfsPropagationHost(linuxSpec *specs.LinuxSpec, linuxRuntimeSpec *specs.LinuxRuntimeSpec, guestfilename string) (string, error) { configFile := "./config.json" runtimeFile := "./runtime.json" propagationmode := linuxRuntimeSpec.Linux.RootfsPropagation cmd := exec.Command("bash", "-c", "touch rootfs/fspropagationtest/fromhost.txt") _, err := cmd.Output() if err != nil { log.Fatalf("[Specstest] linux rootfs propagation test : touch test file in host error, %v", err) } // set the config parameters relative to this case utils.SetBind(linuxRuntimeSpec, linuxSpec) linuxSpec.Spec.Process.Args = []string{"/bin/bash", "-c", "/containerend/" + guestfilename} linuxSpec.Linux.Capabilities = []string{"CAP_AUDIT_WRITE", "CAP_KILL", "CAP_NET_BIND_SERVICE", "CAP_SYS_ADMIN"} linuxSpec.Spec.Root.Readonly = false err = configconvert.LinuxSpecToConfig(configFile, linuxSpec) err = configconvert.LinuxRuntimeToConfig(runtimeFile, linuxRuntimeSpec) out_container, err := adaptor.StartRunc(configFile, runtimeFile) cmd = exec.Command("/bin/bash", "-c", "ls rootfs/fspropagationtest") out_host, err := cmd.Output() if err != nil { log.Fatalf("[Specstest] linux rootfs propagation test : read test file from container (in host) error, %v", err) return manager.UNKNOWNERR, err } var flag_container, flag_host bool if strings.Contains(strings.TrimSpace(out_container), "fromhost.txt") { flag_container = true } else { flag_container = false } if strings.Contains(strings.TrimSpace(string(out_host)), "fromcontainer.txt") { flag_host = true } else { flag_container = false } switch propagationmode { case "slave": if flag_container == true && flag_host == false { return manager.PASSED, nil } case "private": if flag_container == false && flag_host == false { return manager.PASSED, nil } case "share": if flag_container && flag_host { return manager.PASSED, nil } } return manager.FAILED, errors.New("RootfsPropagationmode:" + propagationmode + "failed") }
func setProcess(process specs.Process) specs.LinuxSpec { linuxSpec.Spec.Process = process //linuxSpec.Spec.Process.Args = append(linuxSpec.Spec.Process.Args, "/specprocess") //linuxSpec.Spec.Process.Args[0] = "./specprocess" result := os.Getenv("GOPATH") if result == "" { log.Fatalf("utils.setBind error GOPATH == nil") } resource := result + "/src/github.com/huawei-openlab/oct/tools/runtimeValidator/containerend" utils.SetRight(resource, process.User.UID, process.User.GID) //linuxSpec.Spec.Mounts[0].Source = resource utils.SetBind(&linuxSpec, resource) return linuxSpec }
func TestSuiteLinuxSeccompGetcwd() string { // copy the testbin into container var se specs.Seccomp = specs.Seccomp{ DefaultAction: "SCMP_ACT_ALLOW", Syscalls: []*specs.Syscall{ { Name: "getcwd", Action: "SCMP_ACT_ERRNO", }, }, } linuxspec, linuxruntimespec := setSeccomp(se) utils.SetBind(&linuxruntimespec, &linuxspec) linuxspec.Spec.Process.Args = []string{"/bin/bash", "-c", "/containerend/linuxseccomp"} info := ",Name=" + se.Syscalls[0].Name + ", Action=" + string(se.Syscalls[0].Action) result, errout := testSeccomp(&linuxspec, &linuxruntimespec, info) var testResult manager.TestResult testResult.Set("TestSuiteLinuxSeccompGetcwd", se, errout, result) return testResult.Marshal() }
func TestLinuxDevicesFull() string { var device specs.Device = specs.Device{ Type: 99, Path: "/dev/full", Major: 1, Minor: 7, Permissions: "rwm", FileMode: 438, UID: 0, GID: 0, } linuxspec, linuxruntimespec := setDevices(device) utils.SetBind(&linuxruntimespec, &linuxspec) linuxspec.Spec.Process.Args[0] = "/containerend/linuxdevicesfull" configFile := "./config.json" runtimeFile := "./runtime.json" err := configconvert.LinuxSpecToConfig(configFile, &linuxspec) err = configconvert.LinuxRuntimeToConfig(runtimeFile, &linuxruntimespec) out, err := adaptor.StartRunc(configFile, runtimeFile) var result string var errout error if err != nil { result = manager.UNSPPORTED errout = errors.New("StartRunc error :" + out + ", " + err.Error()) } else if strings.Contains(strings.TrimSpace(out), "echo: write error: No space left on device") { result = manager.PASSED errout = nil } else { result = manager.FAILED errout = errors.New("device /dev/full is NOT effective") } var testResult manager.TestResult testResult.Set("TestSuiteLinuxDevicesFull", device, errout, result) return testResult.Marshal() }