diff options
Diffstat (limited to 'images/basic')
22 files changed, 0 insertions, 476 deletions
diff --git a/images/basic/alpine/Dockerfile b/images/basic/alpine/Dockerfile deleted file mode 100644 index 12b26040a..000000000 --- a/images/basic/alpine/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM alpine:3.11.5 diff --git a/images/basic/busybox/Dockerfile b/images/basic/busybox/Dockerfile deleted file mode 100644 index 79b3f683a..000000000 --- a/images/basic/busybox/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM busybox:1.31.1 diff --git a/images/basic/fsstress/Dockerfile.x86_64 b/images/basic/fsstress/Dockerfile.x86_64 deleted file mode 100644 index 21b86065a..000000000 --- a/images/basic/fsstress/Dockerfile.x86_64 +++ /dev/null @@ -1,17 +0,0 @@ -# Usage: docker run --rm fsstress -d /test -n 10000 -p 100 -X -v -FROM alpine - -RUN apk update && apk add git -RUN git clone https://github.com/linux-test-project/ltp.git --depth 1 - -WORKDIR /ltp -RUN ./travis/alpine.sh -RUN make autotools && ./configure -RUN make -C testcases/kernel/fs/fsstress -RUN cp ./testcases/kernel/fs/fsstress/fsstress /usr/bin -RUN rm -rf /fsstress /tmp - -WORKDIR / -# This is required, otherwise running with -p > 1 prematurelly exits. -COPY run.sh . -ENTRYPOINT ["/run.sh"] diff --git a/images/basic/fsstress/run.sh b/images/basic/fsstress/run.sh deleted file mode 100755 index ebb7a37ad..000000000 --- a/images/basic/fsstress/run.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -# Copyright 2021 The gVisor Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -/usr/bin/fsstress "$@"
\ No newline at end of file diff --git a/images/basic/httpd/Dockerfile b/images/basic/httpd/Dockerfile deleted file mode 100644 index 83bc0ed88..000000000 --- a/images/basic/httpd/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM httpd:2.4.43 diff --git a/images/basic/integrationtest/Dockerfile.x86_64 b/images/basic/integrationtest/Dockerfile.x86_64 deleted file mode 100644 index b9fed05cb..000000000 --- a/images/basic/integrationtest/Dockerfile.x86_64 +++ /dev/null @@ -1,13 +0,0 @@ -FROM ubuntu:bionic - -WORKDIR /root -COPY . . -RUN chmod +x *.sh - -RUN apt-get update && apt-get install -y gcc iputils-ping iproute2 - -# Compilation Steps. -RUN gcc -O2 -o test_copy_up test_copy_up.c -RUN gcc -O2 -o test_rewinddir test_rewinddir.c -RUN gcc -O2 -o link_test link_test.c -RUN gcc -O2 -o test_sticky test_sticky.c diff --git a/images/basic/integrationtest/copy_up_testfile.txt b/images/basic/integrationtest/copy_up_testfile.txt deleted file mode 100644 index e4188c841..000000000 --- a/images/basic/integrationtest/copy_up_testfile.txt +++ /dev/null @@ -1 +0,0 @@ -old data diff --git a/images/basic/integrationtest/link_test.c b/images/basic/integrationtest/link_test.c deleted file mode 100644 index 45ab00abe..000000000 --- a/images/basic/integrationtest/link_test.c +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright 2020 The gVisor Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include <err.h> -#include <fcntl.h> -#include <string.h> -#include <sys/stat.h> -#include <sys/types.h> -#include <unistd.h> - -// Basic test for linkat(2). Syscall tests requires CAP_DAC_READ_SEARCH and it -// cannot use tricks like userns as root. For this reason, run a basic link test -// to ensure some coverage. -int main(int argc, char** argv) { - const char kOldPath[] = "old.txt"; - int fd = open(kOldPath, O_RDWR | O_CREAT | O_TRUNC, 0600); - if (fd < 0) { - errx(1, "open(%s) failed", kOldPath); - } - const char kData[] = "some random content"; - if (write(fd, kData, sizeof(kData)) < 0) { - err(1, "write failed"); - } - close(fd); - - struct stat old_stat; - if (stat(kOldPath, &old_stat)) { - errx(1, "stat(%s) failed", kOldPath); - } - - const char kNewPath[] = "new.txt"; - if (link(kOldPath, kNewPath)) { - errx(1, "link(%s, %s) failed", kOldPath, kNewPath); - } - - struct stat new_stat; - if (stat(kNewPath, &new_stat)) { - errx(1, "stat(%s) failed", kNewPath); - } - - // Check that files are the same. - if (old_stat.st_dev != new_stat.st_dev) { - errx(1, "files st_dev is different, want: %lu, got: %lu", old_stat.st_dev, - new_stat.st_dev); - } - if (old_stat.st_ino != new_stat.st_ino) { - errx(1, "files st_ino is different, want: %lu, got: %lu", old_stat.st_ino, - new_stat.st_ino); - } - - // Check that link count is correct. - if (new_stat.st_nlink != old_stat.st_nlink + 1) { - errx(1, "wrong nlink, want: %lu, got: %lu", old_stat.st_nlink + 1, - new_stat.st_nlink); - } - - // Check taht contents are the same. - fd = open(kNewPath, O_RDONLY); - if (fd < 0) { - errx(1, "open(%s) failed", kNewPath); - } - char buf[sizeof(kData)] = {}; - if (read(fd, buf, sizeof(buf)) < 0) { - err(1, "read failed"); - } - close(fd); - - if (strcmp(buf, kData) != 0) { - errx(1, "file content mismatch: %s", buf); - } - - // Cleanup. - if (unlink(kNewPath)) { - errx(1, "unlink(%s) failed", kNewPath); - } - if (unlink(kOldPath)) { - errx(1, "unlink(%s) failed", kOldPath); - } - - // Success! - return 0; -} diff --git a/images/basic/integrationtest/ping4.sh b/images/basic/integrationtest/ping4.sh deleted file mode 100644 index 2a343712a..000000000 --- a/images/basic/integrationtest/ping4.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Copyright 2020 The gVisor Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -euo pipefail - -# The docker API doesn't provide for starting a container, running a command, -# and getting the exit status of the command in one go. The most straightforward -# way to do this is to verify the output of the command, so we output nothing on -# success and an error message on failure. -if ! out=$(ping -c 10 127.0.0.1); then - echo "$out" -fi diff --git a/images/basic/integrationtest/ping6.sh b/images/basic/integrationtest/ping6.sh deleted file mode 100644 index 4268951d0..000000000 --- a/images/basic/integrationtest/ping6.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -# Copyright 2020 The gVisor Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -euo pipefail - -# Enable ipv6 on loopback if it's not already enabled. Runsc doesn't enable ipv6 -# loopback unless an ipv6 address was assigned to the container, which docker -# does not do by default. -if ! [[ $(ip -6 addr show dev lo) ]]; then - ip addr add ::1 dev lo -fi - -# The docker API doesn't provide for starting a container, running a command, -# and getting the exit status of the command in one go. The most straightforward -# way to do this is to verify the output of the command, so we output nothing on -# success and an error message on failure. -if ! out=$(/bin/ping6 -c 10 ::1); then - echo "$out" -fi diff --git a/images/basic/integrationtest/test_copy_up.c b/images/basic/integrationtest/test_copy_up.c deleted file mode 100644 index 010b261dc..000000000 --- a/images/basic/integrationtest/test_copy_up.c +++ /dev/null @@ -1,88 +0,0 @@ -#include <err.h> -#include <fcntl.h> -#include <stdio.h> -#include <string.h> -#include <sys/mman.h> -#include <unistd.h> - -int main(int argc, char** argv) { - const char kTestFilePath[] = "copy_up_testfile.txt"; - const char kOldFileData[] = "old data\n"; - const char kNewFileData[] = "new data\n"; - const size_t kPageSize = sysconf(_SC_PAGE_SIZE); - - // Open a file that already exists in a host overlayfs lower layer. - const int fd_rdonly = open(kTestFilePath, O_RDONLY); - if (fd_rdonly < 0) { - err(1, "open(%s, O_RDONLY)", kTestFilePath); - } - - // Check that the file's initial contents are what we expect when read via - // syscall. - char oldbuf[sizeof(kOldFileData)] = {}; - ssize_t n = pread(fd_rdonly, oldbuf, sizeof(oldbuf), 0); - if (n < 0) { - err(1, "initial pread"); - } - if (n != strlen(kOldFileData)) { - errx(1, "short initial pread (%ld/%lu bytes)", n, strlen(kOldFileData)); - } - if (strcmp(oldbuf, kOldFileData) != 0) { - errx(1, "initial pread returned wrong data: %s", oldbuf); - } - - // Check that the file's initial contents are what we expect when read via - // memory mapping. - void* page = mmap(NULL, kPageSize, PROT_READ, MAP_SHARED, fd_rdonly, 0); - if (page == MAP_FAILED) { - err(1, "mmap"); - } - if (strcmp(page, kOldFileData) != 0) { - errx(1, "mapping contains wrong initial data: %s", (const char*)page); - } - - // Open the same file writably, causing host overlayfs to copy it up, and - // replace its contents. - const int fd_rdwr = open(kTestFilePath, O_RDWR); - if (fd_rdwr < 0) { - err(1, "open(%s, O_RDWR)", kTestFilePath); - } - n = write(fd_rdwr, kNewFileData, strlen(kNewFileData)); - if (n < 0) { - err(1, "write"); - } - if (n != strlen(kNewFileData)) { - errx(1, "short write (%ld/%lu bytes)", n, strlen(kNewFileData)); - } - if (ftruncate(fd_rdwr, strlen(kNewFileData)) < 0) { - err(1, "truncate"); - } - - int failed = 0; - - // Check that syscalls on the old FD return updated contents. (Before Linux - // 4.18, this requires that runsc use a post-copy-up FD to service the read.) - char newbuf[sizeof(kNewFileData)] = {}; - n = pread(fd_rdonly, newbuf, sizeof(newbuf), 0); - if (n < 0) { - err(1, "final pread"); - } - if (n != strlen(kNewFileData)) { - warnx("short final pread (%ld/%lu bytes)", n, strlen(kNewFileData)); - failed = 1; - } else if (strcmp(newbuf, kNewFileData) != 0) { - warnx("final pread returned wrong data: %s", newbuf); - failed = 1; - } - - // Check that the memory mapping of the old FD has been updated. (Linux - // overlayfs does not do this, so regardless of kernel version this requires - // that runsc replace existing memory mappings with mappings of a - // post-copy-up FD.) - if (strcmp(page, kNewFileData) != 0) { - warnx("mapping contains wrong final data: %s", (const char*)page); - failed = 1; - } - - return failed; -} diff --git a/images/basic/integrationtest/test_rewinddir.c b/images/basic/integrationtest/test_rewinddir.c deleted file mode 100644 index f1a4085e1..000000000 --- a/images/basic/integrationtest/test_rewinddir.c +++ /dev/null @@ -1,78 +0,0 @@ -#include <dirent.h> -#include <err.h> -#include <errno.h> -#include <stdlib.h> -#include <string.h> -#include <sys/stat.h> -#include <sys/types.h> - -int main(int argc, char** argv) { - const char kDirPath[] = "rewinddir_test_dir"; - const char kFileBasename[] = "rewinddir_test_file"; - - // Create the test directory. - if (mkdir(kDirPath, 0755) < 0) { - err(1, "mkdir(%s)", kDirPath); - } - - // The test directory should initially be empty. - DIR* dir = opendir(kDirPath); - if (!dir) { - err(1, "opendir(%s)", kDirPath); - } - int failed = 0; - while (1) { - errno = 0; - struct dirent* d = readdir(dir); - if (!d) { - if (errno != 0) { - err(1, "readdir"); - } - break; - } - if (strcmp(d->d_name, ".") != 0 && strcmp(d->d_name, "..") != 0) { - warnx("unexpected file %s in new directory", d->d_name); - failed = 1; - } - } - - // Create a file in the test directory. - char* file_path = malloc(strlen(kDirPath) + 1 + strlen(kFileBasename)); - if (!file_path) { - errx(1, "malloc"); - } - strcpy(file_path, kDirPath); - file_path[strlen(kDirPath)] = '/'; - strcpy(file_path + strlen(kDirPath) + 1, kFileBasename); - if (mknod(file_path, 0644, 0) < 0) { - err(1, "mknod(%s)", file_path); - } - - // After rewinddir(), re-reading the directory stream should yield the new - // file. - rewinddir(dir); - size_t found_file = 0; - while (1) { - errno = 0; - struct dirent* d = readdir(dir); - if (!d) { - if (errno != 0) { - err(1, "readdir"); - } - break; - } - if (strcmp(d->d_name, kFileBasename) == 0) { - found_file++; - } else if (strcmp(d->d_name, ".") != 0 && strcmp(d->d_name, "..") != 0) { - warnx("unexpected file %s in new directory", d->d_name); - failed = 1; - } - } - if (found_file != 1) { - warnx("readdir returned file %s %zu times, wanted 1", kFileBasename, - found_file); - failed = 1; - } - - return failed; -} diff --git a/images/basic/integrationtest/test_sticky.c b/images/basic/integrationtest/test_sticky.c deleted file mode 100644 index 58dcf91d3..000000000 --- a/images/basic/integrationtest/test_sticky.c +++ /dev/null @@ -1,96 +0,0 @@ -#include <err.h> -#include <errno.h> -#include <fcntl.h> -#include <stdlib.h> -#include <sys/stat.h> -#include <sys/types.h> -#include <sys/wait.h> -#include <unistd.h> - -void createFile(const char* path) { - int fd = open(path, O_WRONLY | O_CREAT, 0777); - if (fd < 0) { - err(1, "open(%s)", path); - exit(1); - } else { - close(fd); - } -} - -void waitAndCheckStatus(pid_t child) { - int status; - if (waitpid(child, &status, 0) == -1) { - err(1, "waitpid() failed"); - exit(1); - } - - if (WIFEXITED(status)) { - int es = WEXITSTATUS(status); - if (es) { - err(1, "child exit status %d", es); - exit(1); - } - } else { - err(1, "child did not exit normally"); - exit(1); - } -} - -void deleteFile(uid_t user, const char* path) { - pid_t child = fork(); - if (child == 0) { - if (setuid(user)) { - err(1, "setuid(%d)", user); - exit(1); - } - - if (unlink(path)) { - err(1, "unlink(%s)", path); - exit(1); - } - exit(0); - } - waitAndCheckStatus(child); -} - -int main(int argc, char** argv) { - const char kUser1Dir[] = "/user1dir"; - const char kUser2File[] = "/user1dir/user2file"; - const char kUser2File2[] = "/user1dir/user2file2"; - - const uid_t user1 = 6666; - const uid_t user2 = 6667; - - if (mkdir(kUser1Dir, 0755) != 0) { - err(1, "mkdir(%s)", kUser1Dir); - exit(1); - } - // Enable sticky bit for user1dir. - if (chmod(kUser1Dir, 01777) != 0) { - err(1, "chmod(%s)", kUser1Dir); - exit(1); - } - createFile(kUser2File); - createFile(kUser2File2); - - if (chown(kUser1Dir, user1, getegid())) { - err(1, "chown(%s)", kUser1Dir); - exit(1); - } - if (chown(kUser2File, user2, getegid())) { - err(1, "chown(%s)", kUser2File); - exit(1); - } - if (chown(kUser2File2, user2, getegid())) { - err(1, "chown(%s)", kUser2File2); - exit(1); - } - - // User1 should be able to delete any file inside user1dir, even files of - // other users due to the sticky bit. - deleteFile(user1, kUser2File); - - // User2 should naturally be able to delete its own file even if the file is - // inside a sticky dir owned by someone else. - deleteFile(user2, kUser2File2); -} diff --git a/images/basic/mysql/Dockerfile b/images/basic/mysql/Dockerfile deleted file mode 100644 index d87bfe55b..000000000 --- a/images/basic/mysql/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM mysql/mysql-server:8.0.19 diff --git a/images/basic/nginx/Dockerfile b/images/basic/nginx/Dockerfile deleted file mode 100644 index af2e62526..000000000 --- a/images/basic/nginx/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM nginx:1.17.9 diff --git a/images/basic/python/Dockerfile b/images/basic/python/Dockerfile deleted file mode 100644 index acf07cca9..000000000 --- a/images/basic/python/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM python:3 -ENTRYPOINT ["python", "-m", "http.server", "8080"] diff --git a/images/basic/resolv/Dockerfile b/images/basic/resolv/Dockerfile deleted file mode 100644 index 13665bdaf..000000000 --- a/images/basic/resolv/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM k8s.gcr.io/busybox:latest diff --git a/images/basic/ruby/Dockerfile b/images/basic/ruby/Dockerfile deleted file mode 100644 index d290418fb..000000000 --- a/images/basic/ruby/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM ruby:2.7.1 diff --git a/images/basic/tmpfile/Dockerfile b/images/basic/tmpfile/Dockerfile deleted file mode 100644 index e3816c8cb..000000000 --- a/images/basic/tmpfile/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -# Create file under /tmp to ensure files inside '/tmp' are not overridden. -FROM alpine:3.11.5 -RUN mkdir -p /tmp/foo \ - && echo 123 > /tmp/foo/file.txt diff --git a/images/basic/tomcat/Dockerfile b/images/basic/tomcat/Dockerfile deleted file mode 100644 index c7db39a36..000000000 --- a/images/basic/tomcat/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM tomcat:8.0 diff --git a/images/basic/tomcat/Dockerfile.aarch64 b/images/basic/tomcat/Dockerfile.aarch64 deleted file mode 100644 index ed4096de9..000000000 --- a/images/basic/tomcat/Dockerfile.aarch64 +++ /dev/null @@ -1 +0,0 @@ -FROM arm64v8/tomcat:8.0 diff --git a/images/basic/ubuntu/Dockerfile b/images/basic/ubuntu/Dockerfile deleted file mode 100644 index 331b71343..000000000 --- a/images/basic/ubuntu/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM ubuntu:trusty |