diff options
Diffstat (limited to 'runsc')
-rw-r--r-- | runsc/container/container_test.go | 184 | ||||
-rw-r--r-- | runsc/sandbox/sandbox.go | 2 | ||||
-rw-r--r-- | runsc/test/testutil/testutil.go | 28 |
3 files changed, 95 insertions, 119 deletions
diff --git a/runsc/container/container_test.go b/runsc/container/container_test.go index 843b7f6f8..a2da63afd 100644 --- a/runsc/container/container_test.go +++ b/runsc/container/container_test.go @@ -558,17 +558,19 @@ func TestExec(t *testing.T) { // be the next consecutive number after the last number from the checkpointed container. func TestCheckpointRestore(t *testing.T) { // Skip overlay because test requires writing to host file. - for _, conf := range configs(noOverlay...) { + // + // TODO: Skip nonExclusiveFS because $TEST_TMPDIR mount is + // mistakenly marked as RO after revalidation. + for _, conf := range configs(kvm) { t.Logf("Running test with conf: %+v", conf) - dir, err := ioutil.TempDir("", "checkpoint-test") + dir, err := ioutil.TempDir(testutil.TmpDir(), "checkpoint-test") if err != nil { t.Fatalf("ioutil.TempDir failed: %v", err) } if err := os.Chmod(dir, 0777); err != nil { t.Fatalf("error chmoding file: %q, %v", dir, err) } - defer os.RemoveAll(dir) outputPath := filepath.Join(dir, "output") outputFile, err := createWriteableOutputFile(outputPath) @@ -577,14 +579,8 @@ func TestCheckpointRestore(t *testing.T) { } defer outputFile.Close() - script := "for ((i=0; ;i++)); do echo $i >> /tmp2/output; sleep 1; done" + script := fmt.Sprintf("for ((i=0; ;i++)); do echo $i >> %q; sleep 1; done", outputPath) spec := testutil.NewSpecWithArgs("bash", "-c", script) - spec.Mounts = append(spec.Mounts, specs.Mount{ - Type: "bind", - Destination: "/tmp2", - Source: dir, - }) - rootDir, bundleDir, err := testutil.SetupContainer(spec, conf) if err != nil { t.Fatalf("error setting up container: %v", err) @@ -711,53 +707,39 @@ func TestCheckpointRestore(t *testing.T) { // with filesystem Unix Domain Socket use. func TestUnixDomainSockets(t *testing.T) { const ( - output = "uds_output" - goferRoot = "/tmp2" - socket = "uds_socket" + output = "uds_output" + socket = "uds_socket" ) // Skip overlay because test requires writing to host file. - for _, conf := range configs(noOverlay...) { + // + // TODO: Skip nonExclusiveFS because $TEST_TMPDIR mount is + // mistakenly marked as RO after revalidation. + for _, conf := range configs(kvm) { t.Logf("Running test with conf: %+v", conf) - dir, err := ioutil.TempDir("", "uds-test") + dir, err := ioutil.TempDir(testutil.TmpDir(), "uds-test") if err != nil { t.Fatalf("ioutil.TempDir failed: %v", err) } - if err := os.Chmod(dir, 0777); err != nil { - t.Fatalf("error chmoding file: %q, %v", dir, err) - } defer os.RemoveAll(dir) outputPath := filepath.Join(dir, output) - - outputFile, err := createWriteableOutputFile(outputPath) + outputFile, err := os.OpenFile(outputPath, os.O_CREATE|os.O_EXCL|os.O_RDWR, 0666) if err != nil { t.Fatalf("error creating output file: %v", err) } defer outputFile.Close() - // Get file path for corresponding output file in sandbox. - outputFileSandbox := filepath.Join(goferRoot, output) - app, err := testutil.FindFile("runsc/container/uds_test_app") if err != nil { t.Fatal("error finding uds_test_app:", err) } socketPath := filepath.Join(dir, socket) - socketPathSandbox := filepath.Join(goferRoot, socket) defer os.Remove(socketPath) - spec := testutil.NewSpecWithArgs(app, "--file", outputFileSandbox, - "--socket", socketPathSandbox) - - spec.Mounts = append(spec.Mounts, specs.Mount{ - Type: "bind", - Destination: goferRoot, - Source: dir, - }) - + spec := testutil.NewSpecWithArgs(app, "--file", outputPath, "--socket", socketPath) spec.Process.User = specs.User{ UID: uint32(os.Getuid()), GID: uint32(os.Getgid()), @@ -811,7 +793,7 @@ func TestUnixDomainSockets(t *testing.T) { if err := os.Remove(outputPath); err != nil { t.Fatalf("error removing file") } - outputFile2, err := createWriteableOutputFile(outputPath) + outputFile2, err := os.OpenFile(outputPath, os.O_CREATE|os.O_EXCL|os.O_RDWR, 0666) if err != nil { t.Fatalf("error creating output file: %v", err) } @@ -858,20 +840,11 @@ func TestPauseResume(t *testing.T) { const uid = 343 spec := testutil.NewSpecWithArgs("sleep", "20") - dir, err := ioutil.TempDir("", "pause-test") - if err != nil { - t.Fatalf("ioutil.TempDir failed: %v", err) - } - lock, err := ioutil.TempFile(dir, "lock") + lock, err := ioutil.TempFile(testutil.TmpDir(), "lock") if err != nil { t.Fatalf("error creating output file: %v", err) } defer lock.Close() - spec.Mounts = append(spec.Mounts, specs.Mount{ - Type: "bind", - Destination: "/tmp2", - Source: dir, - }) rootDir, bundleDir, err := testutil.SetupContainer(spec, conf) if err != nil { @@ -908,7 +881,7 @@ func TestPauseResume(t *testing.T) { }, } - script := fmt.Sprintf("while [[ -f /tmp2/%s ]]; do sleep 0.1; done", filepath.Base(lock.Name())) + script := fmt.Sprintf("while [[ -f %q ]]; do sleep 0.1; done", lock.Name()) execArgs := control.ExecArgs{ Filename: "/bin/bash", Argv: []string{"bash", "-c", script}, @@ -1040,14 +1013,6 @@ func TestCapabilities(t *testing.T) { t.Logf("Running test with conf: %+v", conf) spec := testutil.NewSpecWithArgs("sleep", "100") - - // We generate files in the host temporary directory. - spec.Mounts = append(spec.Mounts, specs.Mount{ - Destination: os.TempDir(), - Source: os.TempDir(), - Type: "bind", - }) - rootDir, bundleDir, err := testutil.SetupContainer(spec, conf) if err != nil { t.Fatalf("error setting up container: %v", err) @@ -1218,7 +1183,7 @@ func TestRunNonRoot(t *testing.T) { // User that container runs as can't list '$TMP/blocked' and would fail to // mount it. - dir, err := ioutil.TempDir("", "blocked") + dir, err := ioutil.TempDir(testutil.TmpDir(), "blocked") if err != nil { t.Fatalf("ioutil.TempDir() failed: %v", err) } @@ -1230,15 +1195,8 @@ func TestRunNonRoot(t *testing.T) { t.Fatalf("os.MkDir(%q) failed: %v", dir, err) } - // We generate files in the host temporary directory. - spec.Mounts = append(spec.Mounts, specs.Mount{ - Destination: dir, - Source: dir, - Type: "bind", - }) - if err := run(spec, conf); err != nil { - t.Fatalf("error running sadbox: %v", err) + t.Fatalf("error running sandbox: %v", err) } } } @@ -1249,17 +1207,20 @@ func TestMountNewDir(t *testing.T) { for _, conf := range configs(overlay) { t.Logf("Running test with conf: %+v", conf) - srcDir := path.Join(os.TempDir(), "src", "newdir", "anotherdir") + root, err := ioutil.TempDir(testutil.TmpDir(), "root") + if err != nil { + t.Fatal("ioutil.TempDir() failed:", err) + } + if err := os.Chmod(root, 0755); err != nil { + t.Fatalf("os.Chmod(%q) failed: %v", root, err) + } + + srcDir := path.Join(root, "src", "dir", "anotherdir") if err := os.MkdirAll(srcDir, 0755); err != nil { t.Fatalf("os.MkDir(%q) failed: %v", srcDir, err) } - // Attempt to remove dir to ensure it doesn't exist. - mountDir := path.Join(os.TempDir(), "newdir") - if err := os.RemoveAll(mountDir); err != nil { - t.Fatalf("os.RemoveAll(%q) failed: %v", mountDir, err) - } - mountDir = path.Join(mountDir, "anotherdir") + mountDir := path.Join(root, "dir", "anotherdir") spec := testutil.NewSpecWithArgs("/bin/ls", mountDir) spec.Mounts = append(spec.Mounts, specs.Mount{ @@ -1269,7 +1230,7 @@ func TestMountNewDir(t *testing.T) { }) if err := run(spec, conf); err != nil { - t.Fatalf("error running sadbox: %v", err) + t.Fatalf("error running sandbox: %v", err) } } } @@ -1310,13 +1271,13 @@ func TestReadonlyMount(t *testing.T) { for _, conf := range configs(overlay) { t.Logf("Running test with conf: %+v", conf) - spec := testutil.NewSpecWithArgs("/bin/touch", "/foo/file") - dir, err := ioutil.TempDir("", "ro-mount") + dir, err := ioutil.TempDir(testutil.TmpDir(), "ro-mount") + spec := testutil.NewSpecWithArgs("/bin/touch", path.Join(dir, "file")) if err != nil { t.Fatalf("ioutil.TempDir() failed: %v", err) } spec.Mounts = append(spec.Mounts, specs.Mount{ - Destination: "/foo", + Destination: dir, Source: dir, Type: "bind", Options: []string{"ro"}, @@ -1613,17 +1574,14 @@ func TestContainerVolumeContentsShared(t *testing.T) { // the filesystem. spec := testutil.NewSpecWithArgs("sleep", "1000") - // Mount host temp dir inside the sandbox at '/tmp2'. - hostTmpDir, err := ioutil.TempDir("", "root-fs-test") - sandboxTmpDir := "/tmp2" + // TODO: $TEST_TMPDIR mount is mistakenly marked as RO after + // revalidation. Remove when it's fixed. + spec.Root.Readonly = false + + dir, err := ioutil.TempDir(testutil.TmpDir(), "root-fs-test") if err != nil { t.Fatalf("TempDir failed: %v", err) } - spec.Mounts = append(spec.Mounts, specs.Mount{ - Type: "bind", - Destination: sandboxTmpDir, - Source: hostTmpDir, - }) rootDir, bundleDir, err := testutil.SetupContainer(spec, conf) if err != nil { @@ -1643,105 +1601,103 @@ func TestContainerVolumeContentsShared(t *testing.T) { } // File that will be used to check consistency inside/outside sandbox. - hostFilename := filepath.Join(hostTmpDir, "file") - sandboxFilename := filepath.Join(sandboxTmpDir, "file") + filename := filepath.Join(dir, "file") // File does not exist yet. Reading from the sandbox should fail. execArgsTestFile := control.ExecArgs{ Filename: "/usr/bin/test", - Argv: []string{"test", "-f", sandboxFilename}, + Argv: []string{"test", "-f", filename}, } if ws, err := c.Execute(&execArgsTestFile); err != nil { - t.Fatalf("unexpected error testing file %q: %v", sandboxFilename, err) + t.Fatalf("unexpected error testing file %q: %v", filename, err) } else if ws.ExitStatus() == 0 { t.Errorf("test %q exited with code %v, wanted not zero", ws.ExitStatus(), err) } // Create the file from outside of the sandbox. - if err := ioutil.WriteFile(hostFilename, []byte("foobar"), 0777); err != nil { - t.Fatalf("error writing to file %q: %v", hostFilename, err) + if err := ioutil.WriteFile(filename, []byte("foobar"), 0777); err != nil { + t.Fatalf("error writing to file %q: %v", filename, err) } // Now we should be able to test the file from within the sandbox. if ws, err := c.Execute(&execArgsTestFile); err != nil { - t.Fatalf("unexpected error testing file %q: %v", sandboxFilename, err) + t.Fatalf("unexpected error testing file %q: %v", filename, err) } else if ws.ExitStatus() != 0 { - t.Errorf("test %q exited with code %v, wanted zero", sandboxFilename, ws.ExitStatus()) + t.Errorf("test %q exited with code %v, wanted zero", filename, ws.ExitStatus()) } // Rename the file from outside of the sandbox. - newHostFilename := filepath.Join(hostTmpDir, "newfile") - newSandboxFilename := filepath.Join(sandboxTmpDir, "newfile") - if err := os.Rename(hostFilename, newHostFilename); err != nil { - t.Fatalf("os.Rename(%q, %q) failed: %v", hostFilename, newHostFilename, err) + newFilename := filepath.Join(dir, "newfile") + if err := os.Rename(filename, newFilename); err != nil { + t.Fatalf("os.Rename(%q, %q) failed: %v", filename, newFilename, err) } // File should no longer exist at the old path within the sandbox. if ws, err := c.Execute(&execArgsTestFile); err != nil { - t.Fatalf("unexpected error testing file %q: %v", sandboxFilename, err) + t.Fatalf("unexpected error testing file %q: %v", filename, err) } else if ws.ExitStatus() == 0 { - t.Errorf("test %q exited with code %v, wanted not zero", sandboxFilename, ws.ExitStatus()) + t.Errorf("test %q exited with code %v, wanted not zero", filename, ws.ExitStatus()) } // We should be able to test the new filename from within the sandbox. execArgsTestNewFile := control.ExecArgs{ Filename: "/usr/bin/test", - Argv: []string{"test", "-f", newSandboxFilename}, + Argv: []string{"test", "-f", newFilename}, } if ws, err := c.Execute(&execArgsTestNewFile); err != nil { - t.Fatalf("unexpected error testing file %q: %v", newSandboxFilename, err) + t.Fatalf("unexpected error testing file %q: %v", newFilename, err) } else if ws.ExitStatus() != 0 { - t.Errorf("test %q exited with code %v, wanted zero", newSandboxFilename, ws.ExitStatus()) + t.Errorf("test %q exited with code %v, wanted zero", newFilename, ws.ExitStatus()) } // Delete the renamed file from outside of the sandbox. - if err := os.Remove(newHostFilename); err != nil { - t.Fatalf("error removing file %q: %v", hostFilename, err) + if err := os.Remove(newFilename); err != nil { + t.Fatalf("error removing file %q: %v", filename, err) } // Renamed file should no longer exist at the old path within the sandbox. if ws, err := c.Execute(&execArgsTestNewFile); err != nil { - t.Fatalf("unexpected error testing file %q: %v", newSandboxFilename, err) + t.Fatalf("unexpected error testing file %q: %v", newFilename, err) } else if ws.ExitStatus() == 0 { - t.Errorf("test %q exited with code %v, wanted not zero", newSandboxFilename, ws.ExitStatus()) + t.Errorf("test %q exited with code %v, wanted not zero", newFilename, ws.ExitStatus()) } // Now create the file from WITHIN the sandbox. execArgsTouch := control.ExecArgs{ Filename: "/usr/bin/touch", - Argv: []string{"touch", sandboxFilename}, + Argv: []string{"touch", filename}, KUID: auth.KUID(os.Getuid()), KGID: auth.KGID(os.Getgid()), } if ws, err := c.Execute(&execArgsTouch); err != nil { - t.Fatalf("unexpected error touching file %q: %v", sandboxFilename, err) + t.Fatalf("unexpected error touching file %q: %v", filename, err) } else if ws.ExitStatus() != 0 { - t.Errorf("touch %q exited with code %v, wanted zero", sandboxFilename, ws.ExitStatus()) + t.Errorf("touch %q exited with code %v, wanted zero", filename, ws.ExitStatus()) } // File should exist outside the sandbox. - if _, err := os.Stat(hostFilename); err != nil { - t.Errorf("stat %q got error %v, wanted nil", hostFilename, err) + if _, err := os.Stat(filename); err != nil { + t.Errorf("stat %q got error %v, wanted nil", filename, err) } // File should exist outside the sandbox. - if _, err := os.Stat(hostFilename); err != nil { - t.Errorf("stat %q got error %v, wanted nil", hostFilename, err) + if _, err := os.Stat(filename); err != nil { + t.Errorf("stat %q got error %v, wanted nil", filename, err) } // Delete the file from within the sandbox. execArgsRemove := control.ExecArgs{ Filename: "/bin/rm", - Argv: []string{"rm", sandboxFilename}, + Argv: []string{"rm", filename}, } if ws, err := c.Execute(&execArgsRemove); err != nil { - t.Fatalf("unexpected error removing file %q: %v", sandboxFilename, err) + t.Fatalf("unexpected error removing file %q: %v", filename, err) } else if ws.ExitStatus() != 0 { - t.Errorf("remove %q exited with code %v, wanted zero", sandboxFilename, ws.ExitStatus()) + t.Errorf("remove %q exited with code %v, wanted zero", filename, ws.ExitStatus()) } // File should not exist outside the sandbox. - if _, err := os.Stat(hostFilename); !os.IsNotExist(err) { - t.Errorf("stat %q got error %v, wanted ErrNotExist", hostFilename, err) + if _, err := os.Stat(filename); !os.IsNotExist(err) { + t.Errorf("stat %q got error %v, wanted ErrNotExist", filename, err) } } diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go index 83cc94dc4..a10b79856 100644 --- a/runsc/sandbox/sandbox.go +++ b/runsc/sandbox/sandbox.go @@ -377,7 +377,7 @@ func (s *Sandbox) createSandboxProcess(spec *specs.Spec, conf *boot.Config, bund // outside. addr := boot.ControlSocketAddr(s.ID) fd, err := server.CreateSocket(addr) - log.Infof("creating sandbox process with addr: %s", addr) + log.Infof("Creating sandbox process with addr: %s", addr[1:]) // skip "\00". if err != nil { return fmt.Errorf("error creating control server socket for sandbox %q: %v", s.ID, err) } diff --git a/runsc/test/testutil/testutil.go b/runsc/test/testutil/testutil.go index 2553e7453..fc3d61e52 100644 --- a/runsc/test/testutil/testutil.go +++ b/runsc/test/testutil/testutil.go @@ -35,6 +35,16 @@ import ( // RaceEnabled is set to true if it was built with '--race' option. var RaceEnabled = false +// TmpDir returns the absolute path to a writable directory that can be used as +// scratch by the test. +func TmpDir() string { + dir := os.Getenv("TEST_TMPDIR") + if dir == "" { + dir = "/tmp" + } + return dir +} + // ConfigureExePath configures the executable for runsc in the test environment. func ConfigureExePath() error { path, err := FindFile("runsc/runsc") @@ -102,7 +112,7 @@ func TestConfig() *boot.Config { // NewSpecWithArgs creates a simple spec with the given args suitable for use // in tests. func NewSpecWithArgs(args ...string) *specs.Spec { - spec := &specs.Spec{ + return &specs.Spec{ // The host filesystem root is the container root. Root: &specs.Root{ Path: "/", @@ -114,13 +124,23 @@ func NewSpecWithArgs(args ...string) *specs.Spec { "PATH=" + os.Getenv("PATH"), }, }, + Mounts: []specs.Mount{ + // Root is readonly, but many tests want to write to tmpdir. + // This creates a writable mount inside the root. Also, when tmpdir points + // to "/tmp", it makes the the actual /tmp to be mounted and not a tmpfs + // inside the sentry. + specs.Mount{ + Type: "bind", + Destination: TmpDir(), + Source: TmpDir(), + }, + }, } - return spec } // SetupRootDir creates a root directory for containers. func SetupRootDir() (string, error) { - rootDir, err := ioutil.TempDir("", "containers") + rootDir, err := ioutil.TempDir(TmpDir(), "containers") if err != nil { return "", fmt.Errorf("error creating root dir: %v", err) } @@ -141,7 +161,7 @@ func SetupContainer(spec *specs.Spec, conf *boot.Config) (rootDir, bundleDir str // SetupContainerInRoot creates a bundle for the container, generates a test // config, and writes the spec to config.json in the bundle dir. func SetupContainerInRoot(rootDir string, spec *specs.Spec, conf *boot.Config) (bundleDir string, err error) { - bundleDir, err = ioutil.TempDir("", "bundle") + bundleDir, err = ioutil.TempDir(TmpDir(), "bundle") if err != nil { return "", fmt.Errorf("error creating bundle dir: %v", err) } |