11 files changed, 0 insertions, 893 deletions
diff --git a/runsc/test/root/BUILD b/runsc/test/root/BUILD
deleted file mode 100644
index 500ef7b8e..000000000
--- a/runsc/test/root/BUILD
+++ /dev/null
@@ -1,33 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-
-package(licenses = ["notice"])
-
-go_library(
-    name = "root",
-    srcs = ["root.go"],
-    importpath = "gvisor.dev/gvisor/runsc/test/root",
-)
-
-go_test(
-    name = "root_test",
-    size = "small",
-    srcs = [
-        "cgroup_test.go",
-        "chroot_test.go",
-        "crictl_test.go",
-    ],
-    embed = [":root"],
-    tags = [
-        # Requires docker and runsc to be configured before the test runs.
-        # Also test only runs as root.
-        "manual",
-        "local",
-    ],
-    deps = [
-        "//runsc/cgroup",
-        "//runsc/specutils",
-        "//runsc/test/root/testdata",
-        "//runsc/test/testutil",
-        "@com_github_syndtr_gocapability//capability:go_default_library",
-    ],
-)
diff --git a/runsc/test/root/cgroup_test.go b/runsc/test/root/cgroup_test.go
deleted file mode 100644
index 5392dc6e0..000000000
--- a/runsc/test/root/cgroup_test.go
+++ /dev/null
@@ -1,237 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package root
-
-import (
-	"bufio"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"testing"
-
-	"gvisor.dev/gvisor/runsc/cgroup"
-	"gvisor.dev/gvisor/runsc/test/testutil"
-)
-
-func verifyPid(pid int, path string) error {
-	f, err := os.Open(path)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	var gots []int
-	scanner := bufio.NewScanner(f)
-	for scanner.Scan() {
-		got, err := strconv.Atoi(scanner.Text())
-		if err != nil {
-			return err
-		}
-		if got == pid {
-			return nil
-		}
-		gots = append(gots, got)
-	}
-	if scanner.Err() != nil {
-		return scanner.Err()
-	}
-	return fmt.Errorf("got: %s, want: %d", gots, pid)
-}
-
-// TestCgroup sets cgroup options and checks that cgroup was properly configured.
-func TestCgroup(t *testing.T) {
-	if err := testutil.Pull("alpine"); err != nil {
-		t.Fatal("docker pull failed:", err)
-	}
-	d := testutil.MakeDocker("cgroup-test")
-
-	attrs := []struct {
-		arg            string
-		ctrl           string
-		file           string
-		want           string
-		skipIfNotFound bool
-	}{
-		{
-			arg:  "--cpu-shares=1000",
-			ctrl: "cpu",
-			file: "cpu.shares",
-			want: "1000",
-		},
-		{
-			arg:  "--cpu-period=2000",
-			ctrl: "cpu",
-			file: "cpu.cfs_period_us",
-			want: "2000",
-		},
-		{
-			arg:  "--cpu-quota=3000",
-			ctrl: "cpu",
-			file: "cpu.cfs_quota_us",
-			want: "3000",
-		},
-		{
-			arg:  "--cpuset-cpus=0",
-			ctrl: "cpuset",
-			file: "cpuset.cpus",
-			want: "0",
-		},
-		{
-			arg:  "--cpuset-mems=0",
-			ctrl: "cpuset",
-			file: "cpuset.mems",
-			want: "0",
-		},
-		{
-			arg:  "--kernel-memory=100MB",
-			ctrl: "memory",
-			file: "memory.kmem.limit_in_bytes",
-			want: "104857600",
-		},
-		{
-			arg:  "--memory=1GB",
-			ctrl: "memory",
-			file: "memory.limit_in_bytes",
-			want: "1073741824",
-		},
-		{
-			arg:  "--memory-reservation=500MB",
-			ctrl: "memory",
-			file: "memory.soft_limit_in_bytes",
-			want: "524288000",
-		},
-		{
-			arg:            "--memory-swap=2GB",
-			ctrl:           "memory",
-			file:           "memory.memsw.limit_in_bytes",
-			want:           "2147483648",
-			skipIfNotFound: true, // swap may be disabled on the machine.
-		},
-		{
-			arg:  "--memory-swappiness=5",
-			ctrl: "memory",
-			file: "memory.swappiness",
-			want: "5",
-		},
-		{
-			arg:  "--blkio-weight=750",
-			ctrl: "blkio",
-			file: "blkio.weight",
-			want: "750",
-		},
-	}
-
-	args := make([]string, 0, len(attrs))
-	for _, attr := range attrs {
-		args = append(args, attr.arg)
-	}
-
-	args = append(args, "alpine", "sleep", "10000")
-	if err := d.Run(args...); err != nil {
-		t.Fatal("docker create failed:", err)
-	}
-	defer d.CleanUp()
-
-	gid, err := d.ID()
-	if err != nil {
-		t.Fatalf("Docker.ID() failed: %v", err)
-	}
-	t.Logf("cgroup ID: %s", gid)
-
-	// Check list of attributes defined above.
-	for _, attr := range attrs {
-		path := filepath.Join("/sys/fs/cgroup", attr.ctrl, "docker", gid, attr.file)
-		out, err := ioutil.ReadFile(path)
-		if err != nil {
-			if os.IsNotExist(err) && attr.skipIfNotFound {
-				t.Logf("skipped %s/%s", attr.ctrl, attr.file)
-				continue
-			}
-			t.Fatalf("failed to read %q: %v", path, err)
-		}
-		if got := strings.TrimSpace(string(out)); got != attr.want {
-			t.Errorf("arg: %q, cgroup attribute %s/%s, got: %q, want: %q", attr.arg, attr.ctrl, attr.file, got, attr.want)
-		}
-	}
-
-	// Check that sandbox is inside cgroup.
-	controllers := []string{
-		"blkio",
-		"cpu",
-		"cpuset",
-		"memory",
-		"net_cls",
-		"net_prio",
-		"devices",
-		"freezer",
-		"perf_event",
-		"pids",
-		"systemd",
-	}
-	pid, err := d.SandboxPid()
-	if err != nil {
-		t.Fatalf("SandboxPid: %v", err)
-	}
-	for _, ctrl := range controllers {
-		path := filepath.Join("/sys/fs/cgroup", ctrl, "docker", gid, "cgroup.procs")
-		if err := verifyPid(pid, path); err != nil {
-			t.Errorf("cgroup control %q processes: %v", ctrl, err)
-		}
-	}
-}
-
-func TestCgroupParent(t *testing.T) {
-	if err := testutil.Pull("alpine"); err != nil {
-		t.Fatal("docker pull failed:", err)
-	}
-	d := testutil.MakeDocker("cgroup-test")
-
-	parent := testutil.RandomName("runsc")
-	if err := d.Run("--cgroup-parent", parent, "alpine", "sleep", "10000"); err != nil {
-		t.Fatal("docker create failed:", err)
-	}
-	defer d.CleanUp()
-	gid, err := d.ID()
-	if err != nil {
-		t.Fatalf("Docker.ID() failed: %v", err)
-	}
-	t.Logf("cgroup ID: %s", gid)
-
-	// Check that sandbox is inside cgroup.
-	pid, err := d.SandboxPid()
-	if err != nil {
-		t.Fatalf("SandboxPid: %v", err)
-	}
-
-	// Finds cgroup for the sandbox's parent process to check that cgroup is
-	// created in the right location relative to the parent.
-	cmd := fmt.Sprintf("grep PPid: /proc/%d/status | sed 's/PPid:\\s//'", pid)
-	ppid, err := exec.Command("bash", "-c", cmd).CombinedOutput()
-	if err != nil {
-		t.Fatalf("Executing %q: %v", cmd, err)
-	}
-	cgroups, err := cgroup.LoadPaths(strings.TrimSpace(string(ppid)))
-	if err != nil {
-		t.Fatalf("cgroup.LoadPath(%s): %v", ppid, err)
-	}
-	path := filepath.Join("/sys/fs/cgroup/memory", cgroups["memory"], parent, gid, "cgroup.procs")
-	if err := verifyPid(pid, path); err != nil {
-		t.Errorf("cgroup control %q processes: %v", "memory", err)
-	}
-}
diff --git a/runsc/test/root/chroot_test.go b/runsc/test/root/chroot_test.go
deleted file mode 100644
index d0f236580..000000000
--- a/runsc/test/root/chroot_test.go
+++ /dev/null
@@ -1,161 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package root is used for tests that requires sysadmin privileges run. First,
-// follow the setup instruction in runsc/test/README.md. To run these tests:
-//
-//     bazel build //runsc/test/root:root_test
-//     root_test=$(find -L ./bazel-bin/ -executable -type f -name root_test | grep __main__)
-//     sudo RUNSC_RUNTIME=runsc-test ${root_test}
-package root
-
-import (
-	"fmt"
-	"io/ioutil"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"testing"
-
-	"github.com/syndtr/gocapability/capability"
-	"gvisor.dev/gvisor/runsc/specutils"
-	"gvisor.dev/gvisor/runsc/test/testutil"
-)
-
-// TestChroot verifies that the sandbox is chroot'd and that mounts are cleaned
-// up after the sandbox is destroyed.
-func TestChroot(t *testing.T) {
-	d := testutil.MakeDocker("chroot-test")
-	if err := d.Run("alpine", "sleep", "10000"); err != nil {
-		t.Fatalf("docker run failed: %v", err)
-	}
-	defer d.CleanUp()
-
-	pid, err := d.SandboxPid()
-	if err != nil {
-		t.Fatalf("Docker.SandboxPid(): %v", err)
-	}
-
-	// Check that sandbox is chroot'ed.
-	procRoot := filepath.Join("/proc", strconv.Itoa(pid), "root")
-	chroot, err := filepath.EvalSymlinks(procRoot)
-	if err != nil {
-		t.Fatalf("error resolving /proc/<pid>/root symlink: %v", err)
-	}
-	if chroot != "/" {
-		t.Errorf("sandbox is not chroot'd, it should be inside: /, got: %q", chroot)
-	}
-
-	path, err := filepath.EvalSymlinks(filepath.Join("/proc", strconv.Itoa(pid), "cwd"))
-	if err != nil {
-		t.Fatalf("error resolving /proc/<pid>/cwd symlink: %v", err)
-	}
-	if chroot != path {
-		t.Errorf("sandbox current dir is wrong, want: %q, got: %q", chroot, path)
-	}
-
-	fi, err := ioutil.ReadDir(procRoot)
-	if err != nil {
-		t.Fatalf("error listing %q: %v", chroot, err)
-	}
-	if want, got := 1, len(fi); want != got {
-		t.Fatalf("chroot dir got %d entries, want %d", got, want)
-	}
-
-	// chroot dir is prepared by runsc and should contains only /proc.
-	if fi[0].Name() != "proc" {
-		t.Errorf("chroot got children %v, want %v", fi[0].Name(), "proc")
-	}
-
-	d.CleanUp()
-}
-
-func TestChrootGofer(t *testing.T) {
-	d := testutil.MakeDocker("chroot-test")
-	if err := d.Run("alpine", "sleep", "10000"); err != nil {
-		t.Fatalf("docker run failed: %v", err)
-	}
-	defer d.CleanUp()
-
-	// It's tricky to find gofers. Get sandbox PID first, then find parent. From
-	// parent get all immediate children, remove the sandbox, and everything else
-	// are gofers.
-	sandPID, err := d.SandboxPid()
-	if err != nil {
-		t.Fatalf("Docker.SandboxPid(): %v", err)
-	}
-
-	// Find sandbox's parent PID.
-	cmd := fmt.Sprintf("grep PPid /proc/%d/status | awk '{print $2}'", sandPID)
-	parent, err := exec.Command("sh", "-c", cmd).CombinedOutput()
-	if err != nil {
-		t.Fatalf("failed to fetch runsc (%d) parent PID: %v, out:\n%s", sandPID, err, string(parent))
-	}
-	parentPID, err := strconv.Atoi(strings.TrimSpace(string(parent)))
-	if err != nil {
-		t.Fatalf("failed to parse PPID %q: %v", string(parent), err)
-	}
-
-	// Get all children from parent.
-	childrenOut, err := exec.Command("/usr/bin/pgrep", "-P", strconv.Itoa(parentPID)).CombinedOutput()
-	if err != nil {
-		t.Fatalf("failed to fetch containerd-shim children: %v", err)
-	}
-	children := strings.Split(strings.TrimSpace(string(childrenOut)), "\n")
-
-	// This where the root directory is mapped on the host and that's where the
-	// gofer must have chroot'd to.
-	root := "/root"
-
-	for _, child := range children {
-		childPID, err := strconv.Atoi(child)
-		if err != nil {
-			t.Fatalf("failed to parse child PID %q: %v", child, err)
-		}
-		if childPID == sandPID {
-			// Skip the sandbox, all other immediate children are gofers.
-			continue
-		}
-
-		// Check that gofer is chroot'ed.
-		chroot, err := filepath.EvalSymlinks(filepath.Join("/proc", child, "root"))
-		if err != nil {
-			t.Fatalf("error resolving /proc/<pid>/root symlink: %v", err)
-		}
-		if root != chroot {
-			t.Errorf("gofer chroot is wrong, want: %q, got: %q", root, chroot)
-		}
-
-		path, err := filepath.EvalSymlinks(filepath.Join("/proc", child, "cwd"))
-		if err != nil {
-			t.Fatalf("error resolving /proc/<pid>/cwd symlink: %v", err)
-		}
-		if root != path {
-			t.Errorf("gofer current dir is wrong, want: %q, got: %q", root, path)
-		}
-	}
-}
-
-func TestMain(m *testing.M) {
-	testutil.EnsureSupportedDockerVersion()
-
-	if !specutils.HasCapabilities(capability.CAP_SYS_ADMIN, capability.CAP_DAC_OVERRIDE) {
-		fmt.Println("Test requires sysadmin privileges to run. Try again with sudo.")
-		os.Exit(1)
-	}
-
-	os.Exit(m.Run())
-}
diff --git a/runsc/test/root/crictl_test.go b/runsc/test/root/crictl_test.go
deleted file mode 100644
index 515ae2df1..000000000
--- a/runsc/test/root/crictl_test.go
+++ /dev/null
@@ -1,242 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package root
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-	"net/http"
-	"os"
-	"os/exec"
-	"path"
-	"path/filepath"
-	"strings"
-	"testing"
-	"time"
-
-	"gvisor.dev/gvisor/runsc/specutils"
-	"gvisor.dev/gvisor/runsc/test/root/testdata"
-	"gvisor.dev/gvisor/runsc/test/testutil"
-)
-
-// Tests for crictl have to be run as root (rather than in a user namespace)
-// because crictl creates named network namespaces in /var/run/netns/.
-
-func TestCrictlSanity(t *testing.T) {
-	// Setup containerd and crictl.
-	crictl, cleanup, err := setup(t)
-	if err != nil {
-		t.Fatalf("failed to setup crictl: %v", err)
-	}
-	defer cleanup()
-	podID, contID, err := crictl.StartPodAndContainer("httpd", testdata.Sandbox, testdata.Httpd)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// Look for the httpd page.
-	if err = httpGet(crictl, podID, "index.html"); err != nil {
-		t.Fatalf("failed to get page: %v", err)
-	}
-
-	// Stop everything.
-	if err := crictl.StopPodAndContainer(podID, contID); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestMountPaths(t *testing.T) {
-	// Setup containerd and crictl.
-	crictl, cleanup, err := setup(t)
-	if err != nil {
-		t.Fatalf("failed to setup crictl: %v", err)
-	}
-	defer cleanup()
-	podID, contID, err := crictl.StartPodAndContainer("httpd", testdata.Sandbox, testdata.HttpdMountPaths)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// Look for the directory available at /test.
-	if err = httpGet(crictl, podID, "test"); err != nil {
-		t.Fatalf("failed to get page: %v", err)
-	}
-
-	// Stop everything.
-	if err := crictl.StopPodAndContainer(podID, contID); err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestMountOverSymlinks(t *testing.T) {
-	// Setup containerd and crictl.
-	crictl, cleanup, err := setup(t)
-	if err != nil {
-		t.Fatalf("failed to setup crictl: %v", err)
-	}
-	defer cleanup()
-	podID, contID, err := crictl.StartPodAndContainer("k8s.gcr.io/busybox", testdata.Sandbox, testdata.MountOverSymlink)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	out, err := crictl.Exec(contID, "readlink", "/etc/resolv.conf")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if want := "/tmp/resolv.conf"; !strings.Contains(string(out), want) {
-		t.Fatalf("/etc/resolv.conf is not pointing to %q: %q", want, string(out))
-	}
-
-	etc, err := crictl.Exec(contID, "cat", "/etc/resolv.conf")
-	if err != nil {
-		t.Fatal(err)
-	}
-	tmp, err := crictl.Exec(contID, "cat", "/tmp/resolv.conf")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if tmp != etc {
-		t.Fatalf("file content doesn't match:\n\t/etc/resolv.conf: %s\n\t/tmp/resolv.conf: %s", string(etc), string(tmp))
-	}
-
-	// Stop everything.
-	if err := crictl.StopPodAndContainer(podID, contID); err != nil {
-		t.Fatal(err)
-	}
-}
-
-// setup sets up before a test. Specifically it:
-// * Creates directories and a socket for containerd to utilize.
-// * Runs containerd and waits for it to reach a "ready" state for testing.
-// * Returns a cleanup function that should be called at the end of the test.
-func setup(t *testing.T) (*testutil.Crictl, func(), error) {
-	var cleanups []func()
-	cleanupFunc := func() {
-		for i := len(cleanups) - 1; i >= 0; i-- {
-			cleanups[i]()
-		}
-	}
-	cleanup := specutils.MakeCleanup(cleanupFunc)
-	defer cleanup.Clean()
-
-	// Create temporary containerd root and state directories, and a socket
-	// via which crictl and containerd communicate.
-	containerdRoot, err := ioutil.TempDir(testutil.TmpDir(), "containerd-root")
-	if err != nil {
-		t.Fatalf("failed to create containerd root: %v", err)
-	}
-	cleanups = append(cleanups, func() { os.RemoveAll(containerdRoot) })
-	containerdState, err := ioutil.TempDir(testutil.TmpDir(), "containerd-state")
-	if err != nil {
-		t.Fatalf("failed to create containerd state: %v", err)
-	}
-	cleanups = append(cleanups, func() { os.RemoveAll(containerdState) })
-	sockAddr := filepath.Join(testutil.TmpDir(), "containerd-test.sock")
-
-	// Start containerd.
-	config, err := testutil.WriteTmpFile("containerd-config", testdata.ContainerdConfig(getRunsc()))
-	if err != nil {
-		t.Fatalf("failed to write containerd config")
-	}
-	cleanups = append(cleanups, func() { os.RemoveAll(config) })
-	containerd := exec.Command(getContainerd(),
-		"--config", config,
-		"--log-level", "debug",
-		"--root", containerdRoot,
-		"--state", containerdState,
-		"--address", sockAddr)
-	cleanups = append(cleanups, func() {
-		if err := testutil.KillCommand(containerd); err != nil {
-			log.Printf("error killing containerd: %v", err)
-		}
-	})
-	containerdStderr, err := containerd.StderrPipe()
-	if err != nil {
-		t.Fatalf("failed to get containerd stderr: %v", err)
-	}
-	containerdStdout, err := containerd.StdoutPipe()
-	if err != nil {
-		t.Fatalf("failed to get containerd stdout: %v", err)
-	}
-	if err := containerd.Start(); err != nil {
-		t.Fatalf("failed running containerd: %v", err)
-	}
-
-	// Wait for containerd to boot. Then put all containerd output into a
-	// buffer to be logged at the end of the test.
-	testutil.WaitUntilRead(containerdStderr, "Start streaming server", nil, 10*time.Second)
-	stdoutBuf := &bytes.Buffer{}
-	stderrBuf := &bytes.Buffer{}
-	go func() { io.Copy(stdoutBuf, containerdStdout) }()
-	go func() { io.Copy(stderrBuf, containerdStderr) }()
-	cleanups = append(cleanups, func() {
-		t.Logf("containerd stdout: %s", string(stdoutBuf.Bytes()))
-		t.Logf("containerd stderr: %s", string(stderrBuf.Bytes()))
-	})
-
-	cleanup.Release()
-	return testutil.NewCrictl(20*time.Second, sockAddr), cleanupFunc, nil
-}
-
-// httpGet GETs the contents of a file served from a pod on port 80.
-func httpGet(crictl *testutil.Crictl, podID, filePath string) error {
-	// Get the IP of the httpd server.
-	ip, err := crictl.PodIP(podID)
-	if err != nil {
-		return fmt.Errorf("failed to get IP from pod %q: %v", podID, err)
-	}
-
-	// GET the page. We may be waiting for the server to start, so retry
-	// with a timeout.
-	var resp *http.Response
-	cb := func() error {
-		r, err := http.Get(fmt.Sprintf("http://%s", path.Join(ip, filePath)))
-		resp = r
-		return err
-	}
-	if err := testutil.Poll(cb, 20*time.Second); err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != 200 {
-		return fmt.Errorf("bad status returned: %d", resp.StatusCode)
-	}
-	return nil
-}
-
-func getContainerd() string {
-	// Bazel doesn't pass PATH through, assume the location of containerd
-	// unless specified by environment variable.
-	c := os.Getenv("CONTAINERD_PATH")
-	if c == "" {
-		return "/usr/local/bin/containerd"
-	}
-	return c
-}
-
-func getRunsc() string {
-	// Bazel doesn't pass PATH through, assume the location of runsc unless
-	// specified by environment variable.
-	c := os.Getenv("RUNSC_EXEC")
-	if c == "" {
-		return "/tmp/runsc-test/runsc"
-	}
-	return c
-}
diff --git a/runsc/test/root/root.go b/runsc/test/root/root.go
deleted file mode 100644
index 349c752cc..000000000
--- a/runsc/test/root/root.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package root is empty. See chroot_test.go for description.
-package root
diff --git a/runsc/test/root/testdata/BUILD b/runsc/test/root/testdata/BUILD
deleted file mode 100644
index 80dc5f214..000000000
--- a/runsc/test/root/testdata/BUILD
+++ /dev/null
@@ -1,18 +0,0 @@
-load("@io_bazel_rules_go//go:def.bzl", "go_library")
-
-package(licenses = ["notice"])
-
-go_library(
-    name = "testdata",
-    srcs = [
-        "busybox.go",
-        "containerd_config.go",
-        "httpd.go",
-        "httpd_mount_paths.go",
-        "sandbox.go",
-    ],
-    importpath = "gvisor.dev/gvisor/runsc/test/root/testdata",
-    visibility = [
-        "//visibility:public",
-    ],
-)
diff --git a/runsc/test/root/testdata/busybox.go b/runsc/test/root/testdata/busybox.go
deleted file mode 100644
index e4dbd2843..000000000
--- a/runsc/test/root/testdata/busybox.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package testdata
-
-// MountOverSymlink is a JSON config for a container that /etc/resolv.conf is a
-// symlink to /tmp/resolv.conf.
-var MountOverSymlink = `
-{
-        "metadata": {
-                "name": "busybox"
-        },
-        "image": {
-                "image": "k8s.gcr.io/busybox"
-        },
-        "command": [
-                "sleep",
-                "1000"
-        ]
-}
-`
diff --git a/runsc/test/root/testdata/containerd_config.go b/runsc/test/root/testdata/containerd_config.go
deleted file mode 100644
index e12f1ec88..000000000
--- a/runsc/test/root/testdata/containerd_config.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package testdata contains data required for root tests.
-package testdata
-
-import "fmt"
-
-// containerdConfigTemplate is a .toml config for containerd. It contains a
-// formatting verb so the runtime field can be set via fmt.Sprintf.
-const containerdConfigTemplate = `
-disabled_plugins = ["restart"]
-[plugins.linux]
-  runtime = "%s"
-  runtime_root = "/tmp/test-containerd/runsc"
-  shim = "/usr/local/bin/gvisor-containerd-shim"
-  shim_debug = true
-
-[plugins.cri.containerd.runtimes.runsc]
-  runtime_type = "io.containerd.runtime.v1.linux"
-  runtime_engine = "%s"
-`
-
-// ContainerdConfig returns a containerd config file with the specified
-// runtime.
-func ContainerdConfig(runtime string) string {
-	return fmt.Sprintf(containerdConfigTemplate, runtime, runtime)
-}
diff --git a/runsc/test/root/testdata/httpd.go b/runsc/test/root/testdata/httpd.go
deleted file mode 100644
index 45d5e33d4..000000000
--- a/runsc/test/root/testdata/httpd.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package testdata
-
-// Httpd is a JSON config for an httpd container.
-const Httpd = `
-{
-  "metadata": {
-    "name": "httpd"
-  },
-  "image":{
-    "image": "httpd"
-  },
-  "mounts": [
-  ],
-  "linux": {
-  },
-  "log_path": "httpd.log"
-}
-`
diff --git a/runsc/test/root/testdata/httpd_mount_paths.go b/runsc/test/root/testdata/httpd_mount_paths.go
deleted file mode 100644
index ac3f4446a..000000000
--- a/runsc/test/root/testdata/httpd_mount_paths.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package testdata
-
-// HttpdMountPaths is a JSON config for an httpd container with additional
-// mounts.
-const HttpdMountPaths = `
-{
-  "metadata": {
-    "name": "httpd"
-  },
-  "image":{
-    "image": "httpd"
-  },
-  "mounts": [
-      {
-        "container_path": "/var/run/secrets/kubernetes.io/serviceaccount",
-        "host_path": "/var/lib/kubelet/pods/82bae206-cdf5-11e8-b245-8cdcd43ac064/volumes/kubernetes.io~secret/default-token-2rpfx",
-        "readonly": true
-      },
-      {
-        "container_path": "/etc/hosts",
-        "host_path": "/var/lib/kubelet/pods/82bae206-cdf5-11e8-b245-8cdcd43ac064/etc-hosts",
-        "readonly": false
-      },
-      {
-        "container_path": "/dev/termination-log",
-        "host_path": "/var/lib/kubelet/pods/82bae206-cdf5-11e8-b245-8cdcd43ac064/containers/httpd/d1709580",
-        "readonly": false
-      },
-      {
-        "container_path": "/usr/local/apache2/htdocs/test",
-        "host_path": "/var/lib/kubelet/pods/82bae206-cdf5-11e8-b245-8cdcd43ac064",
-        "readonly": true
-      }
-  ],
-  "linux": {
-  },
-  "log_path": "httpd.log"
-}
-`
diff --git a/runsc/test/root/testdata/sandbox.go b/runsc/test/root/testdata/sandbox.go
deleted file mode 100644
index 0db210370..000000000
--- a/runsc/test/root/testdata/sandbox.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package testdata
-
-// Sandbox is a default JSON config for a sandbox.
-const Sandbox = `
-{
-    "metadata": {
-        "name": "default-sandbox",
-        "namespace": "default",
-        "attempt": 1,
-        "uid": "hdishd83djaidwnduwk28bcsb"
-    },
-    "linux": {
-    },
-    "log_directory": "/tmp"
-}
-`