Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test root readonly #2976

Merged
merged 31 commits into from
Nov 26, 2024
Merged
Show file tree
Hide file tree
Changes from 26 commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
df448c0
add test root readonly true
sat0ken Oct 24, 2024
acf161b
fix test group name
sat0ken Nov 4, 2024
87d1d26
fix format
sat0ken Nov 4, 2024
69e88a2
remove blank line
sat0ken Nov 4, 2024
f6ae143
Merge branch 'main' into add-test-root-readonly
sat0ken Nov 4, 2024
e08b84a
remove unused import
sat0ken Nov 4, 2024
8f667f2
fix format err
sat0ken Nov 4, 2024
acc437c
remove unnecessary return
sat0ken Nov 4, 2024
2175df7
separate test root readonly true and false
sat0ken Nov 10, 2024
e73746a
fix format err
sat0ken Nov 10, 2024
d582912
change test_dir_write_access to pub fn to use test
sat0ken Nov 10, 2024
944c7d4
check root readonly to use test_dir_write_access
sat0ken Nov 10, 2024
f1aeaea
fix format err
sat0ken Nov 10, 2024
903e415
fix format err
sat0ken Nov 10, 2024
a49ca55
remove blank line
sat0ken Nov 12, 2024
81d6128
separate two tests to root_readonly_true and root_readonly_false
sat0ken Nov 12, 2024
da0ccbb
change test_dir_read_access to pub fn to use test
sat0ken Nov 12, 2024
c3c62fb
fix debug message and add check read access
sat0ken Nov 12, 2024
820fa1e
Merge branch 'main' into add-test-root-readonly
sat0ken Nov 12, 2024
80d2bc8
fix format err
sat0ken Nov 12, 2024
b8ea96d
Merge branch 'add-test-root-readonly' of github.com:sat0ken/youki int…
sat0ken Nov 12, 2024
08bdd7a
Merge branch 'main' into add-test-root-readonly
sat0ken Nov 14, 2024
faf60dc
add root_readonly test to main
sat0ken Nov 14, 2024
db6dc3c
Merge branch 'main' of github.com:sat0ken/youki into add-test-root-re…
sat0ken Nov 24, 2024
6171950
add read access test when root readonly is false
sat0ken Nov 24, 2024
6b762f7
fox type err
sat0ken Nov 24, 2024
7361277
remove code err to raw os err
sat0ken Nov 25, 2024
27dc56c
Merge branch 'main' into add-test-root-readonly
sat0ken Nov 25, 2024
881a75a
merge main
sat0ken Nov 25, 2024
397a8c5
Merge branch 'add-test-root-readonly' of github.com:sat0ken/youki int…
sat0ken Nov 25, 2024
c5cc238
add CreateOptions
sat0ken Nov 25, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions tests/contest/contest/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ use crate::tests::process_oom_score_adj::get_process_oom_score_adj_test;
use crate::tests::process_rlimits::get_process_rlimits_test;
use crate::tests::process_user::get_process_user_test;
use crate::tests::readonly_paths::get_ro_paths_test;
use crate::tests::root_readonly_true::get_root_readonly_test;
use crate::tests::scheduler::get_scheduler_test;
use crate::tests::seccomp::get_seccomp_test;
use crate::tests::seccomp_notify::get_seccomp_notify_test;
Expand Down Expand Up @@ -117,6 +118,7 @@ fn main() -> Result<()> {
let scheduler = get_scheduler_test();
let io_priority_test = get_io_priority_test();
let devices = get_devices_test();
let root_readonly = get_root_readonly_test();
let process_user = get_process_user_test();
let process_rlimtis = get_process_rlimits_test();
let no_pivot = get_no_pivot_test();
Expand Down Expand Up @@ -144,6 +146,7 @@ fn main() -> Result<()> {
tm.add_test_group(Box::new(sysctl));
tm.add_test_group(Box::new(scheduler));
tm.add_test_group(Box::new(devices));
tm.add_test_group(Box::new(root_readonly));
tm.add_test_group(Box::new(process_user));
tm.add_test_group(Box::new(process_rlimtis));
tm.add_test_group(Box::new(no_pivot));
Expand Down
1 change: 1 addition & 0 deletions tests/contest/contest/src/tests/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ pub mod process_oom_score_adj;
pub mod process_rlimits;
pub mod process_user;
pub mod readonly_paths;
pub mod root_readonly_true;
pub mod scheduler;
pub mod seccomp;
pub mod seccomp_notify;
Expand Down
2 changes: 2 additions & 0 deletions tests/contest/contest/src/tests/root_readonly_true/mod.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
mod root_readonly_tests;
pub use root_readonly_tests::get_root_readonly_test;
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
use anyhow::{Context, Ok, Result};
use oci_spec::runtime::{ProcessBuilder, RootBuilder, Spec, SpecBuilder};
use test_framework::{test_result, Test, TestGroup, TestResult};

use crate::utils::test_inside_container;

fn create_spec(readonly: bool) -> Result<Spec> {
let spec = SpecBuilder::default()
.root(RootBuilder::default().readonly(readonly).build().unwrap())
.process(
ProcessBuilder::default()
.args(vec!["runtimetest".to_string(), "root_readonly".to_string()])
.build()
.expect("error in creating config"),
)
.build()
.context("failed to build spec")?;

Ok(spec)
}

fn root_readonly_true_test() -> TestResult {
let spec_true = test_result!(create_spec(true));
test_inside_container(spec_true, &|_| Ok(()))
}

fn root_readonly_false_test() -> TestResult {
let spec_false = test_result!(create_spec(false));
test_inside_container(spec_false, &|_| Ok(()))
}

pub fn get_root_readonly_test() -> TestGroup {
let mut root_readonly_test_group = TestGroup::new("root_readonly");

let test_true = Test::new("root_readonly_true_test", Box::new(root_readonly_true_test));
let test_false = Test::new(
"root_readonly_false_test",
Box::new(root_readonly_false_test),
);
root_readonly_test_group.add(vec![Box::new(test_true), Box::new(test_false)]);

root_readonly_test_group
}
1 change: 1 addition & 0 deletions tests/contest/runtimetest/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ fn main() {
"io_priority_class_be" => tests::test_io_priority_class(&spec, IoprioClassBe),
"io_priority_class_idle" => tests::test_io_priority_class(&spec, IoprioClassIdle),
"devices" => tests::validate_devices(&spec),
"root_readonly" => tests::test_validate_root_readonly(&spec),
"process_user" => tests::validate_process_user(&spec),
"process_rlimits" => tests::validate_process_rlimits(&spec),
"no_pivot" => tests::validate_rootfs(),
Expand Down
49 changes: 48 additions & 1 deletion tests/contest/runtimetest/src/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ use oci_spec::runtime::{
LinuxDevice, LinuxDeviceType, LinuxSchedulerPolicy, PosixRlimit, PosixRlimitType, Spec,
};

use crate::utils::{self, test_read_access, test_write_access};
use crate::utils::{
self, test_dir_read_access, test_dir_write_access, test_read_access, test_write_access,
};

////////// ANCHOR: example_hello_world
pub fn hello_world(_spec: &Spec) {
Expand Down Expand Up @@ -550,6 +552,51 @@ pub fn test_io_priority_class(spec: &Spec, io_priority_class: IOPriorityClass) {
}
}

pub fn test_validate_root_readonly(spec: &Spec) {
let root = spec.root().as_ref().unwrap();
if root.readonly().unwrap() {
if let Err(e) = test_dir_write_access("/") {
let errno = Errno::from_raw(e.raw_os_error().unwrap());
if errno == Errno::EROFS {
/* This is expected */
} else {
eprintln!(
"readonly root filesystem, error in testing write access for path /, error: {}",
errno
);
}
}
if let Err(e) = test_dir_read_access("/") {
if let Some(errno_code) = e.raw_os_error() {
let errno = Errno::from_raw(errno_code);
eprintln!(
"readonly root filesystem, but error in testing read access for path /, error: {}",
errno
);
}
}
} else {
YJDoc2 marked this conversation as resolved.
Show resolved Hide resolved
if let Err(e) = test_dir_write_access("/") {
if let Some(errno_code) = e.raw_os_error() {
let errno = Errno::from_raw(errno_code);
eprintln!(
"readonly root filesystem is false, but error in testing write access for path /, error: {}",
errno
);
}
}
if let Err(e) = test_dir_read_access("/") {
if let Some(errno_code) = e.raw_os_error() {
let errno = Errno::from_raw(errno_code);
eprintln!(
"readonly root filesystem is false, but error in testing read access for path /, error: {}",
errno
);
}
}
}
}

pub fn validate_process_user(spec: &Spec) {
let process = spec.process().as_ref().unwrap();
let expected_uid = Uid::from(process.user().uid());
Expand Down
4 changes: 2 additions & 2 deletions tests/contest/runtimetest/src/utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ fn test_file_read_access(path: &str) -> Result<(), std::io::Error> {
Ok(())
}

fn test_dir_read_access(path: &str) -> Result<(), std::io::Error> {
pub fn test_dir_read_access(path: &str) -> Result<(), std::io::Error> {
let _ = std::fs::read_dir(path)?;
Ok(())
}
Expand Down Expand Up @@ -51,7 +51,7 @@ fn test_file_write_access(path: &str) -> Result<(), std::io::Error> {
Ok(())
}

fn test_dir_write_access(path: &str) -> Result<(), std::io::Error> {
pub fn test_dir_write_access(path: &str) -> Result<(), std::io::Error> {
let _ = std::fs::OpenOptions::new()
.create(true)
.truncate(true)
Expand Down
Loading