diff options
Diffstat (limited to 'test/e2e/integration_test.go')
-rw-r--r-- | test/e2e/integration_test.go | 53 |
1 files changed, 50 insertions, 3 deletions
diff --git a/test/e2e/integration_test.go b/test/e2e/integration_test.go index aaffabfd0..49cd74887 100644 --- a/test/e2e/integration_test.go +++ b/test/e2e/integration_test.go @@ -430,11 +430,44 @@ func TestTmpMount(t *testing.T) { } } +// TestSyntheticDirs checks that submounts can be created inside a readonly +// mount even if the target path does not exist. +func TestSyntheticDirs(t *testing.T) { + ctx := context.Background() + d := dockerutil.MakeContainer(ctx, t) + defer d.CleanUp(ctx) + + opts := dockerutil.RunOpts{ + Image: "basic/alpine", + // Make the root read-only to force use of synthetic dirs + // inside the root gofer mount. + ReadOnly: true, + Mounts: []mount.Mount{ + // Mount inside read-only gofer-backed root. + { + Type: mount.TypeTmpfs, + Target: "/foo/bar/baz", + }, + // Mount inside sysfs, which always uses synthetic dirs + // for submounts. + { + Type: mount.TypeTmpfs, + Target: "/sys/foo/bar/baz", + }, + }, + } + // Make sure the directories exist. + if _, err := d.Run(ctx, opts, "ls", "/foo/bar/baz", "/sys/foo/bar/baz"); err != nil { + t.Fatalf("docker run failed: %v", err) + } + +} + // TestHostOverlayfsCopyUp tests that the --overlayfs-stale-read option causes // runsc to hide the incoherence of FDs opened before and after overlayfs // copy-up on the host. func TestHostOverlayfsCopyUp(t *testing.T) { - runIntegrationTest(t, nil, "sh", "-c", "gcc -O2 -o test_copy_up test_copy_up.c && ./test_copy_up") + runIntegrationTest(t, nil, "./test_copy_up") } // TestHostOverlayfsRewindDir tests that rewinddir() "causes the directory @@ -449,14 +482,14 @@ func TestHostOverlayfsCopyUp(t *testing.T) { // automated tests yield newly-added files from readdir() even if the fsgofer // does not explicitly rewinddir(), but overlayfs does not. func TestHostOverlayfsRewindDir(t *testing.T) { - runIntegrationTest(t, nil, "sh", "-c", "gcc -O2 -o test_rewinddir test_rewinddir.c && ./test_rewinddir") + runIntegrationTest(t, nil, "./test_rewinddir") } // Basic test for linkat(2). Syscall tests requires CAP_DAC_READ_SEARCH and it // cannot use tricks like userns as root. For this reason, run a basic link test // to ensure some coverage. func TestLink(t *testing.T) { - runIntegrationTest(t, nil, "sh", "-c", "gcc -O2 -o link_test link_test.c && ./link_test") + runIntegrationTest(t, nil, "./link_test") } // This test ensures we can run ping without errors. @@ -487,6 +520,20 @@ func TestPing6Loopback(t *testing.T) { runIntegrationTest(t, []string{"NET_ADMIN"}, "./ping6.sh") } +// This test checks that the owner of the sticky directory can delete files +// inside it belonging to other users. It also checks that the owner of a file +// can always delete its file when the file is inside a sticky directory owned +// by another user. +func TestStickyDir(t *testing.T) { + if vfs2Used, err := dockerutil.UsingVFS2(); err != nil { + t.Fatalf("failed to read config for runtime %s: %v", dockerutil.Runtime(), err) + } else if !vfs2Used { + t.Skip("sticky bit test fails on VFS1.") + } + + runIntegrationTest(t, nil, "./test_sticky") +} + func runIntegrationTest(t *testing.T, capAdd []string, args ...string) { ctx := context.Background() d := dockerutil.MakeContainer(ctx, t) |