Skip to content

Commit

Permalink
test: cap-add difference capability for different kernal
Browse files Browse the repository at this point in the history
  • Loading branch information
@spencercjh
spencercjh committed Jan 3, 2025
1 parent ebc5112 commit d9ac045
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 3 deletions.
17 changes: 16 additions & 1 deletion .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,14 +157,29 @@ jobs:
- name: Test CAP_BPF privilege check
uses: cilium/little-vm-helper@97c89f004bd0ab4caeacfe92ebc956e13e362e6b # v0.0.19
if: ${{ !contains(fromJSON('["4.19-20240912.022020", "5.4-20240912.022020"]'), matrix.kernel) }}
with:
provision: 'false'
cmd: |
set -euxo pipefail
uname -a
cat /etc/issue
pushd /host
bash /host/testdata/run_cap_bpf_test.sh ""
bash /host/testdata/run_cap_bpf_test.sh "" "CAP_BPF"
popd
- name: Test CAP_SYS_ADMIN privilege check
uses: cilium/little-vm-helper@97c89f004bd0ab4caeacfe92ebc956e13e362e6b # v0.0.19
if: contains(fromJSON('["4.19-20240912.022020", "5.4-20240912.022020"]'), matrix.kernel)
with:
provision: 'false'
cmd: |
set -euxo pipefail
uname -a
cat /etc/issue
pushd /host
bash /host/testdata/run_cap_bpf_test.sh "" "CAP_SYS_ADMIN"
popd
- name: Test filter by comm
Expand Down
5 changes: 3 additions & 2 deletions testdata/run_cap_bpf_test.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@ if [ -n "$DOCKER_REGISTRY" ]; then
else
echo "DOCKER_REGISTRY is missing."
fi
CAP_TO_ADD="$2"

sudo docker run -d --cap-add CAP_BPF --name alpine $DOCKER_REGISTRY'alpine' sh -c 'sleep 120' || true
sudo docker run -d --ulimit memlock=100000000000:100000000000 --cap-add=$CAP_TO_ADD --name alpine $DOCKER_REGISTRY'alpine' sh -c 'sleep 120' || true
sudo docker cp /host/kyanos/kyanos alpine:/
sudo docker cp ./testdata/test_add_cap_bpf.sh alpine:/
sudo docker exec alpine sh -c 'sh /test_add_cap_bpf.sh "/kyanos"'
sudo docker stop alpine && sudo docker rm alpine

sudo docker run -d --name alpine $DOCKER_REGISTRY'alpine' sh -c 'sleep 120' || true
sudo docker run -d --ulimit memlock=100000000000:100000000000 --name alpine $DOCKER_REGISTRY'alpine' sh -c 'sleep 120' || true
sudo docker cp /host/kyanos/kyanos alpine:/
sudo docker cp ./testdata/test_not_add_cap_bpf.sh alpine:/
sudo docker exec alpine sh -c 'sh /test_not_add_cap_bpf.sh "/kyanos"'
Expand Down

0 comments on commit d9ac045

Please sign in to comment.