summaryrefslogtreecommitdiffhomepage
path: root/runsc/test
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2018-10-09 21:06:18 -0700
committerShentubot <shentubot@google.com>2018-10-09 21:07:14 -0700
commit20508bafb88d2037ea3b2c8483b191ce72e7ad7e (patch)
tree7713850d594c45cd8e577dc582cb1771c6d4e6de /runsc/test
parentc36d2ef3733a0619b992f8ddc23b072474b04044 (diff)
Add tests to verify gofer is chroot'ed
PiperOrigin-RevId: 216472439 Change-Id: Ic4cb86c8e0a9cb022d3ceed9dc5615266c307cf9
Diffstat (limited to 'runsc/test')
-rw-r--r--runsc/test/root/chroot_test.go70
-rw-r--r--runsc/test/testutil/docker.go9
2 files changed, 79 insertions, 0 deletions
diff --git a/runsc/test/root/chroot_test.go b/runsc/test/root/chroot_test.go
index 5c59e7451..8831e6a78 100644
--- a/runsc/test/root/chroot_test.go
+++ b/runsc/test/root/chroot_test.go
@@ -24,6 +24,7 @@ import (
"fmt"
"io/ioutil"
"os"
+ "os/exec"
"path/filepath"
"reflect"
"sort"
@@ -91,6 +92,75 @@ func TestChroot(t *testing.T) {
}
}
+func TestChrootGofer(t *testing.T) {
+ d := testutil.MakeDocker("chroot-test")
+ if err := d.Run("alpine", "sleep", "10000"); err != nil {
+ t.Fatalf("docker run failed: %v", err)
+ }
+ defer d.CleanUp()
+
+ // It's tricky to find gofers. Get sandbox PID first, then find parent. From
+ // parent get all immediate children, remove the sandbox, and everything else
+ // are gofers.
+ sandPID, err := d.SandboxPid()
+ if err != nil {
+ t.Fatalf("Docker.SandboxPid(): %v", err)
+ }
+
+ // Find sandbox's parent PID.
+ cmd := fmt.Sprintf("grep PPid /proc/%d/status | awk '{print $2}'", sandPID)
+ parent, err := exec.Command("sh", "-c", cmd).CombinedOutput()
+ if err != nil {
+ t.Fatalf("failed to fetch runsc (%d) parent PID: %v, out:\n%s", sandPID, err, string(parent))
+ }
+ parentPID, err := strconv.Atoi(strings.TrimSpace(string(parent)))
+ if err != nil {
+ t.Fatalf("failed to parse PPID %q: %v", string(parent), err)
+ }
+
+ // Get all children from parent.
+ childrenOut, err := exec.Command("/usr/bin/pgrep", "-P", strconv.Itoa(parentPID)).CombinedOutput()
+ if err != nil {
+ t.Fatalf("failed to fetch containerd-shim children: %v", err)
+ }
+ children := strings.Split(strings.TrimSpace(string(childrenOut)), "\n")
+
+ // This where the root directory is mapped on the host and that's where the
+ // gofer must have chroot'd to.
+ root, err := d.RootDirInHost()
+ if err != nil {
+ t.Fatalf("Docker.RootDirInHost(): %v", err)
+ }
+
+ for _, child := range children {
+ childPID, err := strconv.Atoi(child)
+ if err != nil {
+ t.Fatalf("failed to parse child PID %q: %v", child, err)
+ }
+ if childPID == sandPID {
+ // Skip the sandbox, all other immediate children are gofers.
+ continue
+ }
+
+ // Check that gofer is chroot'ed.
+ chroot, err := filepath.EvalSymlinks(filepath.Join("/proc", child, "root"))
+ if err != nil {
+ t.Fatalf("error resolving /proc/<pid>/root symlink: %v", err)
+ }
+ if root != chroot {
+ t.Errorf("gofer chroot is wrong, want: %q, got: %q", root, chroot)
+ }
+
+ path, err := filepath.EvalSymlinks(filepath.Join("/proc", child, "cwd"))
+ if err != nil {
+ t.Fatalf("error resolving /proc/<pid>/cwd symlink: %v", err)
+ }
+ if root != path {
+ t.Errorf("gofer current dir is wrong, want: %q, got: %q", root, path)
+ }
+ }
+}
+
func TestMain(m *testing.M) {
testutil.EnsureSupportedDockerVersion()
diff --git a/runsc/test/testutil/docker.go b/runsc/test/testutil/docker.go
index cf61f2c10..d70b4377a 100644
--- a/runsc/test/testutil/docker.go
+++ b/runsc/test/testutil/docker.go
@@ -280,6 +280,15 @@ func (d *Docker) SandboxPid() (int, error) {
return pid, nil
}
+// RootDirInHost returns where the root directory is mapped on the host.
+func (d *Docker) RootDirInHost() (string, error) {
+ out, err := do("inspect", "-f={{.GraphDriver.Data.MergedDir}}", d.Name)
+ if err != nil {
+ return "", fmt.Errorf("error retrieving pid: %v", err)
+ }
+ return strings.TrimSuffix(string(out), "\n"), nil
+}
+
// WaitForOutput calls 'docker logs' to retrieve containers output and searches
// for the given pattern.
func (d *Docker) WaitForOutput(pattern string, timeout time.Duration) (string, error) {