diff options
Diffstat (limited to 'runsc')
19 files changed, 267 insertions, 26 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go index 4bff0d034..7e95e1f41 100644 --- a/runsc/boot/fs.go +++ b/runsc/boot/fs.go @@ -81,6 +81,19 @@ func addOverlay(ctx context.Context, conf *Config, lower *fs.Inode, name string, if err != nil { return nil, fmt.Errorf("creating tmpfs overlay: %v", err) } + + // Replicate permissions and owner from lower to upper mount point. + attr, err := lower.UnstableAttr(ctx) + if err != nil { + return nil, fmt.Errorf("reading attributes from lower mount point: %v", err) + } + if !upper.InodeOperations.SetPermissions(ctx, upper, attr.Perms) { + return nil, fmt.Errorf("error setting permission to upper mount point") + } + if err := upper.InodeOperations.SetOwner(ctx, upper, attr.Owner); err != nil { + return nil, fmt.Errorf("setting owner to upper mount point: %v", err) + } + return fs.NewOverlayRoot(ctx, upper, lower, upperFlags) } diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index b91553c4c..50cac0433 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -281,6 +281,7 @@ func New(args Args) (*Loader, error) { RootUTSNamespace: kernel.NewUTSNamespace(args.Spec.Hostname, args.Spec.Hostname, creds.UserNamespace), RootIPCNamespace: kernel.NewIPCNamespace(creds.UserNamespace), RootAbstractSocketNamespace: kernel.NewAbstractSocketNamespace(), + PIDNamespace: kernel.NewRootPIDNamespace(creds.UserNamespace), }); err != nil { return nil, fmt.Errorf("initializing kernel: %v", err) } diff --git a/runsc/test/runtimes/BUILD b/runsc/test/runtimes/BUILD index 36d0a761e..ea87029dd 100644 --- a/runsc/test/runtimes/BUILD +++ b/runsc/test/runtimes/BUILD @@ -1,6 +1,6 @@ # These packages are used to run language runtime tests inside gVisor sandboxes. -load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") +load("@io_bazel_rules_go//go:def.bzl", "go_library") load("//runsc/test:build_defs.bzl", "runtime_test") package(licenses = ["notice"]) @@ -23,28 +23,3 @@ runtime_test( ], deps = ["//runsc/test/testutil"], ) - -go_binary( - name = "proctor-go", - srcs = ["proctor-go.go"], -) - -go_binary( - name = "proctor-java", - srcs = ["proctor-java.go"], -) - -go_binary( - name = "proctor-nodejs", - srcs = ["proctor-nodejs.go"], -) - -go_binary( - name = "proctor-php", - srcs = ["proctor-php.go"], -) - -go_binary( - name = "proctor-python", - srcs = ["proctor-python.go"], -) diff --git a/runsc/test/runtimes/README.md b/runsc/test/runtimes/README.md new file mode 100644 index 000000000..4e5a950bc --- /dev/null +++ b/runsc/test/runtimes/README.md @@ -0,0 +1,40 @@ +# Runtimes Tests Dockerfiles + +The Dockerfiles defined under this path are configured to host the execution of +the runtimes language tests. Each Dockerfile can support the language indicated +by its directory. + +The following runtimes are currently supported: + +- Go 1.12 +- Java 11 +- Node.js 12 +- PHP 7.3 +- Python 3.7 + +#### Prerequisites: + +1) [Install and configure Docker](https://docs.docker.com/install/) + +2) Build each Docker container: + +```bash +$ docker build -f $LANG/Dockerfile [-t $NAME] . +``` + +### Testing: + +If the prerequisites have been fulfilled, you can run the tests with the +following command: + +```bash +$ docker run --rm -it $NAME [FLAG] +``` + +Running the command with no flags will cause all the available tests to execute. + +Flags can be added for additional functionality: + +- --list: Print a list of all available tests +- --test <name>: Run a single test from the list of available tests +- --v: Print the language version diff --git a/runsc/test/runtimes/go/BUILD b/runsc/test/runtimes/go/BUILD new file mode 100644 index 000000000..c34f49ea6 --- /dev/null +++ b/runsc/test/runtimes/go/BUILD @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary") + +package(licenses = ["notice"]) + +go_binary( + name = "proctor-go", + srcs = ["proctor-go.go"], +) diff --git a/runsc/test/runtimes/go/Dockerfile b/runsc/test/runtimes/go/Dockerfile new file mode 100644 index 000000000..cd55608cd --- /dev/null +++ b/runsc/test/runtimes/go/Dockerfile @@ -0,0 +1,31 @@ +FROM ubuntu:bionic +ENV LANG_VER=1.12.5 +ENV LANG_NAME=Go + +RUN apt-get update && apt-get install -y \ + curl \ + gcc \ + git + +WORKDIR /root + +# Download Go 1.4 to use as a bootstrap for building Go from the source. +RUN curl -o go1.4.linux-amd64.tar.gz https://dl.google.com/go/go1.4.linux-amd64.tar.gz +RUN curl -LJO https://github.com/golang/go/archive/go${LANG_VER}.tar.gz +RUN mkdir bootstr +RUN tar -C bootstr -xzf go1.4.linux-amd64.tar.gz +RUN tar -xzf go-go${LANG_VER}.tar.gz +RUN mv go-go${LANG_VER} go + +ENV GOROOT=/root/go +ENV GOROOT_BOOTSTRAP=/root/bootstr/go +ENV LANG_DIR=${GOROOT} + +WORKDIR ${LANG_DIR}/src +RUN ./make.bash + +WORKDIR ${LANG_DIR} + +COPY proctor-go.go ${LANG_DIR} + +ENTRYPOINT ["/root/go/bin/go", "run", "proctor-go.go"] diff --git a/runsc/test/runtimes/proctor-go.go b/runsc/test/runtimes/go/proctor-go.go index c5387e21d..c5387e21d 100644 --- a/runsc/test/runtimes/proctor-go.go +++ b/runsc/test/runtimes/go/proctor-go.go diff --git a/runsc/test/runtimes/java/BUILD b/runsc/test/runtimes/java/BUILD new file mode 100644 index 000000000..7e2808ece --- /dev/null +++ b/runsc/test/runtimes/java/BUILD @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary") + +package(licenses = ["notice"]) + +go_binary( + name = "proctor-java", + srcs = ["proctor-java.go"], +) diff --git a/runsc/test/runtimes/java/Dockerfile b/runsc/test/runtimes/java/Dockerfile new file mode 100644 index 000000000..e162d7218 --- /dev/null +++ b/runsc/test/runtimes/java/Dockerfile @@ -0,0 +1,52 @@ +FROM ubuntu:bionic +# This hash is associated with a specific JDK release and needed for ensuring +# the same version is downloaded every time. +ENV LANG_HASH=af47e0398606 +ENV LANG_VER=11u-dev +ENV LANG_NAME=Java + +RUN apt-get update && apt-get install -y \ + autoconf \ + build-essential \ + curl\ + file \ + libasound2-dev \ + libcups2-dev \ + libfontconfig1-dev \ + libx11-dev \ + libxext-dev \ + libxrandr-dev \ + libxrender-dev \ + libxt-dev \ + libxtst-dev \ + make \ + unzip \ + zip + +WORKDIR /root +RUN curl -o go.tar.gz https://dl.google.com/go/go1.12.6.linux-amd64.tar.gz +RUN tar -zxf go.tar.gz + +# Use curl instead of ADD to prevent redownload every time. +RUN curl -o jdk.tar.gz http://hg.openjdk.java.net/jdk-updates/jdk${LANG_VER}/archive/${LANG_HASH}.tar.gz +# Download Java version N-1 to be used as the Boot JDK to build Java version N. +RUN curl -o bootjdk.tar.gz https://download.java.net/openjdk/jdk10/ri/openjdk-10+44_linux-x64_bin_ri.tar.gz + +RUN tar -zxf jdk.tar.gz +RUN tar -zxf bootjdk.tar.gz + +# Specify the JDK to be used by jtreg. +ENV JT_JAVA=/root/jdk${LANG_VER}-${LANG_HASH}/build/linux-x86_64-normal-server-release/jdk +ENV LANG_DIR=/root/jdk${LANG_VER}-${LANG_HASH} + +WORKDIR ${LANG_DIR} + +RUN curl -o jtreg.tar.gz https://ci.adoptopenjdk.net/view/Dependencies/job/jtreg/lastSuccessfulBuild/artifact/jtreg-4.2.0-tip.tar.gz +RUN tar -xzf jtreg.tar.gz +RUN bash configure --with-boot-jdk=/root/jdk-10 --with-jtreg=${LANG_DIR}/jtreg +RUN make clean +RUN make images + +COPY proctor-java.go ${LANG_DIR} + +ENTRYPOINT ["/root/go/bin/go", "run", "proctor-java.go"] diff --git a/runsc/test/runtimes/proctor-java.go b/runsc/test/runtimes/java/proctor-java.go index 0177f421d..0177f421d 100644 --- a/runsc/test/runtimes/proctor-java.go +++ b/runsc/test/runtimes/java/proctor-java.go diff --git a/runsc/test/runtimes/nodejs/BUILD b/runsc/test/runtimes/nodejs/BUILD new file mode 100644 index 000000000..0fe5ff83e --- /dev/null +++ b/runsc/test/runtimes/nodejs/BUILD @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary") + +package(licenses = ["notice"]) + +go_binary( + name = "proctor-nodejs", + srcs = ["proctor-nodejs.go"], +) diff --git a/runsc/test/runtimes/nodejs/Dockerfile b/runsc/test/runtimes/nodejs/Dockerfile new file mode 100644 index 000000000..b2416cce8 --- /dev/null +++ b/runsc/test/runtimes/nodejs/Dockerfile @@ -0,0 +1,29 @@ +FROM ubuntu:bionic +ENV LANG_VER=12.4.0 +ENV LANG_NAME=Node + +RUN apt-get update && apt-get install -y \ + curl \ + dumb-init \ + g++ \ + make \ + python + +WORKDIR /root +RUN curl -o go.tar.gz https://dl.google.com/go/go1.12.6.linux-amd64.tar.gz +RUN tar -zxf go.tar.gz + +RUN curl -o node-v${LANG_VER}.tar.gz https://nodejs.org/dist/v${LANG_VER}/node-v${LANG_VER}.tar.gz +RUN tar -zxf node-v${LANG_VER}.tar.gz +ENV LANG_DIR=/root/node-v${LANG_VER} + +WORKDIR ${LANG_DIR} +RUN ./configure +RUN make +RUN make test-build + +COPY proctor-nodejs.go ${LANG_DIR} + +# Including dumb-init emulates the Linux "init" process, preventing the failure +# of tests involving worker processes. +ENTRYPOINT ["/usr/bin/dumb-init", "/root/go/bin/go", "run", "proctor-nodejs.go"] diff --git a/runsc/test/runtimes/proctor-nodejs.go b/runsc/test/runtimes/nodejs/proctor-nodejs.go index 8ddfb67fe..8ddfb67fe 100644 --- a/runsc/test/runtimes/proctor-nodejs.go +++ b/runsc/test/runtimes/nodejs/proctor-nodejs.go diff --git a/runsc/test/runtimes/php/BUILD b/runsc/test/runtimes/php/BUILD new file mode 100644 index 000000000..22aef7ba4 --- /dev/null +++ b/runsc/test/runtimes/php/BUILD @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary") + +package(licenses = ["notice"]) + +go_binary( + name = "proctor-php", + srcs = ["proctor-php.go"], +) diff --git a/runsc/test/runtimes/php/Dockerfile b/runsc/test/runtimes/php/Dockerfile new file mode 100644 index 000000000..1f8959b50 --- /dev/null +++ b/runsc/test/runtimes/php/Dockerfile @@ -0,0 +1,29 @@ +FROM ubuntu:bionic +ENV LANG_VER=7.3.6 +ENV LANG_NAME=PHP + +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + bison \ + build-essential \ + curl \ + libtool \ + libxml2-dev \ + re2c + +WORKDIR /root +RUN curl -o go.tar.gz https://dl.google.com/go/go1.12.6.linux-amd64.tar.gz +RUN tar -zxf go.tar.gz + +RUN curl -o php-${LANG_VER}.tar.gz https://www.php.net/distributions/php-${LANG_VER}.tar.gz +RUN tar -zxf php-${LANG_VER}.tar.gz +ENV LANG_DIR=/root/php-${LANG_VER} + +WORKDIR ${LANG_DIR} +RUN ./configure +RUN make + +COPY proctor-php.go ${LANG_DIR} + +ENTRYPOINT ["/root/go/bin/go", "run", "proctor-php.go"] diff --git a/runsc/test/runtimes/proctor-php.go b/runsc/test/runtimes/php/proctor-php.go index 9dfb33b04..9dfb33b04 100644 --- a/runsc/test/runtimes/proctor-php.go +++ b/runsc/test/runtimes/php/proctor-php.go diff --git a/runsc/test/runtimes/python/BUILD b/runsc/test/runtimes/python/BUILD new file mode 100644 index 000000000..501f77d63 --- /dev/null +++ b/runsc/test/runtimes/python/BUILD @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary") + +package(licenses = ["notice"]) + +go_binary( + name = "proctor-python", + srcs = ["proctor-python.go"], +) diff --git a/runsc/test/runtimes/python/Dockerfile b/runsc/test/runtimes/python/Dockerfile new file mode 100644 index 000000000..811f48f8a --- /dev/null +++ b/runsc/test/runtimes/python/Dockerfile @@ -0,0 +1,31 @@ +FROM ubuntu:bionic +ENV LANG_VER=3.7.3 +ENV LANG_NAME=Python + +RUN apt-get update && apt-get install -y \ + curl \ + gcc \ + libbz2-dev \ + libffi-dev \ + liblzma-dev \ + libreadline-dev \ + libssl-dev \ + make \ + zlib1g-dev + +WORKDIR /root +RUN curl -o go.tar.gz https://dl.google.com/go/go1.12.6.linux-amd64.tar.gz +RUN tar -zxf go.tar.gz + +# Use flags -LJO to follow the html redirect and download .tar.gz. +RUN curl -LJO https://github.com/python/cpython/archive/v${LANG_VER}.tar.gz +RUN tar -zxf cpython-${LANG_VER}.tar.gz +ENV LANG_DIR=/root/cpython-${LANG_VER} + +WORKDIR ${LANG_DIR} +RUN ./configure --with-pydebug +RUN make -s -j2 + +COPY proctor-python.go ${LANG_DIR} + +ENTRYPOINT ["/root/go/bin/go", "run", "proctor-python.go"] diff --git a/runsc/test/runtimes/proctor-python.go b/runsc/test/runtimes/python/proctor-python.go index 73c8deb49..73c8deb49 100644 --- a/runsc/test/runtimes/proctor-python.go +++ b/runsc/test/runtimes/python/proctor-python.go |