diff options
Diffstat (limited to 'runsc/test')
| -rw-r--r-- | runsc/test/BUILD | 0 | ||||
| -rw-r--r-- | runsc/test/build_defs.bzl | 19 | ||||
| -rw-r--r-- | runsc/test/image/BUILD | 7 | ||||
| -rw-r--r-- | runsc/test/image/image_test.go | 9 | ||||
| -rw-r--r-- | runsc/test/integration/BUILD | 7 | ||||
| -rw-r--r-- | runsc/test/integration/exec_test.go | 4 | ||||
| -rw-r--r-- | runsc/test/integration/integration_test.go | 12 | ||||
| -rw-r--r-- | runsc/test/integration/regression_test.go | 2 | ||||
| -rw-r--r-- | runsc/test/root/BUILD | 2 | ||||
| -rw-r--r-- | runsc/test/root/cgroup_test.go | 4 | ||||
| -rw-r--r-- | runsc/test/root/chroot_test.go | 4 | ||||
| -rw-r--r-- | runsc/test/root/crictl_test.go | 6 | ||||
| -rw-r--r-- | runsc/test/root/testdata/BUILD | 2 | ||||
| -rw-r--r-- | runsc/test/testutil/BUILD | 3 | ||||
| -rw-r--r-- | runsc/test/testutil/docker.go | 10 | ||||
| -rw-r--r-- | runsc/test/testutil/testutil.go | 55 |
16 files changed, 64 insertions, 82 deletions
diff --git a/runsc/test/BUILD b/runsc/test/BUILD new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/runsc/test/BUILD diff --git a/runsc/test/build_defs.bzl b/runsc/test/build_defs.bzl new file mode 100644 index 000000000..ac28cc037 --- /dev/null +++ b/runsc/test/build_defs.bzl @@ -0,0 +1,19 @@ +"""Defines a rule for runsc test targets.""" + +load("@io_bazel_rules_go//go:def.bzl", _go_test = "go_test") + +# runtime_test is a macro that will create targets to run the given test target +# with different runtime options. +def runtime_test(**kwargs): + """Runs the given test target with different runtime options.""" + name = kwargs["name"] + _go_test(**kwargs) + kwargs["name"] = name + "_hostnet" + kwargs["args"] = ["--runtime-type=hostnet"] + _go_test(**kwargs) + kwargs["name"] = name + "_kvm" + kwargs["args"] = ["--runtime-type=kvm"] + _go_test(**kwargs) + kwargs["name"] = name + "_overlay" + kwargs["args"] = ["--runtime-type=overlay"] + _go_test(**kwargs) diff --git a/runsc/test/image/BUILD b/runsc/test/image/BUILD index e8b629c6a..58758fde5 100644 --- a/runsc/test/image/BUILD +++ b/runsc/test/image/BUILD @@ -1,8 +1,9 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("//runsc/test:build_defs.bzl", "runtime_test") package(licenses = ["notice"]) -go_test( +runtime_test( name = "image_test", size = "large", srcs = [ @@ -26,5 +27,5 @@ go_test( go_library( name = "image", srcs = ["image.go"], - importpath = "gvisor.googlesource.com/gvisor/runsc/test/image", + importpath = "gvisor.dev/gvisor/runsc/test/image", ) diff --git a/runsc/test/image/image_test.go b/runsc/test/image/image_test.go index b969731b0..ddaa2c13b 100644 --- a/runsc/test/image/image_test.go +++ b/runsc/test/image/image_test.go @@ -32,7 +32,7 @@ import ( "testing" "time" - "gvisor.googlesource.com/gvisor/runsc/test/testutil" + "gvisor.dev/gvisor/runsc/test/testutil" ) func TestHelloWorld(t *testing.T) { @@ -209,11 +209,14 @@ func TestMysql(t *testing.T) { } func TestPythonHello(t *testing.T) { - if err := testutil.Pull("google/python-hello"); err != nil { + // TODO(b/136503277): Once we have more complete python runtime tests, + // we can drop this one. + const img = "gcr.io/gvisor-presubmit/python-hello" + if err := testutil.Pull(img); err != nil { t.Fatalf("docker pull failed: %v", err) } d := testutil.MakeDocker("python-hello-test") - if err := d.Run("-p", "8080", "google/python-hello"); err != nil { + if err := d.Run("-p", "8080", img); err != nil { t.Fatalf("docker run failed: %v", err) } defer d.CleanUp() diff --git a/runsc/test/integration/BUILD b/runsc/test/integration/BUILD index 04ed885c6..12065617c 100644 --- a/runsc/test/integration/BUILD +++ b/runsc/test/integration/BUILD @@ -1,8 +1,9 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("//runsc/test:build_defs.bzl", "runtime_test") package(licenses = ["notice"]) -go_test( +runtime_test( name = "integration_test", size = "large", srcs = [ @@ -25,5 +26,5 @@ go_test( go_library( name = "integration", srcs = ["integration.go"], - importpath = "gvisor.googlesource.com/gvisor/runsc/test/integration", + importpath = "gvisor.dev/gvisor/runsc/test/integration", ) diff --git a/runsc/test/integration/exec_test.go b/runsc/test/integration/exec_test.go index 7c0e61ac3..993136f96 100644 --- a/runsc/test/integration/exec_test.go +++ b/runsc/test/integration/exec_test.go @@ -34,8 +34,8 @@ import ( "testing" "time" - "gvisor.googlesource.com/gvisor/pkg/abi/linux" - "gvisor.googlesource.com/gvisor/runsc/test/testutil" + "gvisor.dev/gvisor/pkg/abi/linux" + "gvisor.dev/gvisor/runsc/test/testutil" ) func TestExecCapabilities(t *testing.T) { diff --git a/runsc/test/integration/integration_test.go b/runsc/test/integration/integration_test.go index c51cab3ae..7cef4b9dd 100644 --- a/runsc/test/integration/integration_test.go +++ b/runsc/test/integration/integration_test.go @@ -32,7 +32,7 @@ import ( "testing" "time" - "gvisor.googlesource.com/gvisor/runsc/test/testutil" + "gvisor.dev/gvisor/runsc/test/testutil" ) // httpRequestSucceeds sends a request to a given url and checks that the status is OK. @@ -86,16 +86,17 @@ func TestLifeCycle(t *testing.T) { } func TestPauseResume(t *testing.T) { + const img = "gcr.io/gvisor-presubmit/python-hello" if !testutil.IsPauseResumeSupported() { t.Log("Pause/resume is not supported, skipping test.") return } - if err := testutil.Pull("google/python-hello"); err != nil { + if err := testutil.Pull(img); err != nil { t.Fatal("docker pull failed:", err) } d := testutil.MakeDocker("pause-resume-test") - if err := d.Run("-p", "8080", "google/python-hello"); err != nil { + if err := d.Run("-p", "8080", img); err != nil { t.Fatalf("docker run failed: %v", err) } defer d.CleanUp() @@ -149,15 +150,16 @@ func TestPauseResume(t *testing.T) { } func TestCheckpointRestore(t *testing.T) { + const img = "gcr.io/gvisor-presubmit/python-hello" if !testutil.IsPauseResumeSupported() { t.Log("Pause/resume is not supported, skipping test.") return } - if err := testutil.Pull("google/python-hello"); err != nil { + if err := testutil.Pull(img); err != nil { t.Fatal("docker pull failed:", err) } d := testutil.MakeDocker("save-restore-test") - if err := d.Run("-p", "8080", "google/python-hello"); err != nil { + if err := d.Run("-p", "8080", img); err != nil { t.Fatalf("docker run failed: %v", err) } defer d.CleanUp() diff --git a/runsc/test/integration/regression_test.go b/runsc/test/integration/regression_test.go index 80bae9970..39b30e757 100644 --- a/runsc/test/integration/regression_test.go +++ b/runsc/test/integration/regression_test.go @@ -18,7 +18,7 @@ import ( "strings" "testing" - "gvisor.googlesource.com/gvisor/runsc/test/testutil" + "gvisor.dev/gvisor/runsc/test/testutil" ) // Test that UDS can be created using overlay when parent directory is in lower diff --git a/runsc/test/root/BUILD b/runsc/test/root/BUILD index 7ded78baa..500ef7b8e 100644 --- a/runsc/test/root/BUILD +++ b/runsc/test/root/BUILD @@ -5,7 +5,7 @@ package(licenses = ["notice"]) go_library( name = "root", srcs = ["root.go"], - importpath = "gvisor.googlesource.com/gvisor/runsc/test/root", + importpath = "gvisor.dev/gvisor/runsc/test/root", ) go_test( diff --git a/runsc/test/root/cgroup_test.go b/runsc/test/root/cgroup_test.go index edb6dee1d..5392dc6e0 100644 --- a/runsc/test/root/cgroup_test.go +++ b/runsc/test/root/cgroup_test.go @@ -25,8 +25,8 @@ import ( "strings" "testing" - "gvisor.googlesource.com/gvisor/runsc/cgroup" - "gvisor.googlesource.com/gvisor/runsc/test/testutil" + "gvisor.dev/gvisor/runsc/cgroup" + "gvisor.dev/gvisor/runsc/test/testutil" ) func verifyPid(pid int, path string) error { diff --git a/runsc/test/root/chroot_test.go b/runsc/test/root/chroot_test.go index da2f473b9..d0f236580 100644 --- a/runsc/test/root/chroot_test.go +++ b/runsc/test/root/chroot_test.go @@ -31,8 +31,8 @@ import ( "testing" "github.com/syndtr/gocapability/capability" - "gvisor.googlesource.com/gvisor/runsc/specutils" - "gvisor.googlesource.com/gvisor/runsc/test/testutil" + "gvisor.dev/gvisor/runsc/specutils" + "gvisor.dev/gvisor/runsc/test/testutil" ) // TestChroot verifies that the sandbox is chroot'd and that mounts are cleaned diff --git a/runsc/test/root/crictl_test.go b/runsc/test/root/crictl_test.go index 3cc176104..515ae2df1 100644 --- a/runsc/test/root/crictl_test.go +++ b/runsc/test/root/crictl_test.go @@ -29,9 +29,9 @@ import ( "testing" "time" - "gvisor.googlesource.com/gvisor/runsc/specutils" - "gvisor.googlesource.com/gvisor/runsc/test/root/testdata" - "gvisor.googlesource.com/gvisor/runsc/test/testutil" + "gvisor.dev/gvisor/runsc/specutils" + "gvisor.dev/gvisor/runsc/test/root/testdata" + "gvisor.dev/gvisor/runsc/test/testutil" ) // Tests for crictl have to be run as root (rather than in a user namespace) diff --git a/runsc/test/root/testdata/BUILD b/runsc/test/root/testdata/BUILD index 7f272dcd3..80dc5f214 100644 --- a/runsc/test/root/testdata/BUILD +++ b/runsc/test/root/testdata/BUILD @@ -11,7 +11,7 @@ go_library( "httpd_mount_paths.go", "sandbox.go", ], - importpath = "gvisor.googlesource.com/gvisor/runsc/test/root/testdata", + importpath = "gvisor.dev/gvisor/runsc/test/root/testdata", visibility = [ "//visibility:public", ], diff --git a/runsc/test/testutil/BUILD b/runsc/test/testutil/BUILD index ddec81444..327e7ca4d 100644 --- a/runsc/test/testutil/BUILD +++ b/runsc/test/testutil/BUILD @@ -10,7 +10,7 @@ go_library( "testutil.go", "testutil_race.go", ], - importpath = "gvisor.googlesource.com/gvisor/runsc/test/testutil", + importpath = "gvisor.dev/gvisor/runsc/test/testutil", visibility = ["//:sandbox"], deps = [ "//runsc/boot", @@ -18,6 +18,5 @@ go_library( "@com_github_cenkalti_backoff//:go_default_library", "@com_github_kr_pty//:go_default_library", "@com_github_opencontainers_runtime-spec//specs-go:go_default_library", - "@com_github_syndtr_gocapability//capability:go_default_library", ], ) diff --git a/runsc/test/testutil/docker.go b/runsc/test/testutil/docker.go index 81f5a9ef0..3f3e191b0 100644 --- a/runsc/test/testutil/docker.go +++ b/runsc/test/testutil/docker.go @@ -15,6 +15,7 @@ package testutil import ( + "flag" "fmt" "io/ioutil" "log" @@ -30,10 +31,15 @@ import ( "github.com/kr/pty" ) +var runtimeType = flag.String("runtime-type", "", "specify which runtime to use: kvm, hostnet, overlay") + func getRuntime() string { r, ok := os.LookupEnv("RUNSC_RUNTIME") if !ok { - return "runsc-test" + r = "runsc-test" + } + if *runtimeType != "" { + r += "-" + *runtimeType } return r } @@ -197,7 +203,7 @@ func (d *Docker) Stop() error { } // Run calls 'docker run' with the arguments provided. The container starts -// running in the backgroud and the call returns immediately. +// running in the background and the call returns immediately. func (d *Docker) Run(args ...string) error { a := []string{"run", "--runtime", d.Runtime, "--name", d.Name, "-d"} a = append(a, args...) diff --git a/runsc/test/testutil/testutil.go b/runsc/test/testutil/testutil.go index 727b648a6..a98675bfc 100644 --- a/runsc/test/testutil/testutil.go +++ b/runsc/test/testutil/testutil.go @@ -30,7 +30,6 @@ import ( "os/exec" "os/signal" "path/filepath" - "runtime" "strings" "sync" "sync/atomic" @@ -39,9 +38,8 @@ import ( "github.com/cenkalti/backoff" specs "github.com/opencontainers/runtime-spec/specs-go" - "github.com/syndtr/gocapability/capability" - "gvisor.googlesource.com/gvisor/runsc/boot" - "gvisor.googlesource.com/gvisor/runsc/specutils" + "gvisor.dev/gvisor/runsc/boot" + "gvisor.dev/gvisor/runsc/specutils" ) func init() { @@ -134,6 +132,7 @@ func TestConfig() *boot.Config { LogPackets: true, Network: boot.NetworkNone, Strace: true, + Platform: "ptrace", FileAccess: boot.FileAccessExclusive, TestOnlyAllowRunAsCurrentUserWithoutChroot: true, NumNetworkChannels: 1, @@ -284,54 +283,6 @@ func WaitForHTTP(port int, timeout time.Duration) error { return Poll(cb, timeout) } -// RunAsRoot ensures the test runs with CAP_SYS_ADMIN and CAP_SYS_CHROOT. If -// needed it will create a new user namespace and re-execute the test as root -// inside of the namespace. This function returns when it's running as root. If -// it needs to create another process, it will exit from there and not return. -func RunAsRoot() { - if specutils.HasCapabilities(capability.CAP_SYS_ADMIN, capability.CAP_SYS_CHROOT) { - return - } - - fmt.Println("*** Re-running test as root in new user namespace ***") - - // Current process doesn't have CAP_SYS_ADMIN, create user namespace and run - // as root inside that namespace to get it. - runtime.LockOSThread() - defer runtime.UnlockOSThread() - - cmd := exec.Command("/proc/self/exe", os.Args[1:]...) - cmd.SysProcAttr = &syscall.SysProcAttr{ - Cloneflags: syscall.CLONE_NEWUSER | syscall.CLONE_NEWNS, - // Set current user/group as root inside the namespace. - UidMappings: []syscall.SysProcIDMap{ - {ContainerID: 0, HostID: os.Getuid(), Size: 1}, - }, - GidMappings: []syscall.SysProcIDMap{ - {ContainerID: 0, HostID: os.Getgid(), Size: 1}, - }, - GidMappingsEnableSetgroups: false, - Credential: &syscall.Credential{ - Uid: 0, - Gid: 0, - }, - } - cmd.Env = os.Environ() - cmd.Stdin = os.Stdin - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - if err := cmd.Run(); err != nil { - if exit, ok := err.(*exec.ExitError); ok { - if ws, ok := exit.Sys().(syscall.WaitStatus); ok { - os.Exit(ws.ExitStatus()) - } - os.Exit(-1) - } - panic(fmt.Sprint("error running child process:", err.Error())) - } - os.Exit(0) -} - // Reaper reaps child processes. type Reaper struct { // mu protects ch, which will be nil if the reaper is not running. |