From d6b676ae6ac6ab6f3520d6d2663b9d71c29a3788 Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Sat, 25 Jul 2020 01:03:02 -0700 Subject: test/syscall: run each test case in a separate network namespace ... when it is possible. The guitar gVisorKernel*Workflow-s runs test with the local execution_method. In this case, blaze runs test cases locally without sandboxes. This means that all tests run in the same network namespace. We have a few tests which use hard-coded network ports and they can fail if one of these port will be used by someone else or by another test cases. PiperOrigin-RevId: 323137254 --- test/runner/BUILD | 1 + test/runner/runner.go | 8 ++++++++ 2 files changed, 9 insertions(+) (limited to 'test') diff --git a/test/runner/BUILD b/test/runner/BUILD index 1f45a6922..63c7ec83a 100644 --- a/test/runner/BUILD +++ b/test/runner/BUILD @@ -17,6 +17,7 @@ go_binary( "//test/runner/gtest", "//test/uds", "@com_github_opencontainers_runtime_spec//specs-go:go_default_library", + "@com_github_syndtr_gocapability//capability:go_default_library", "@org_golang_x_sys//unix:go_default_library", ], ) diff --git a/test/runner/runner.go b/test/runner/runner.go index 2296f3a46..bc4b39cbb 100644 --- a/test/runner/runner.go +++ b/test/runner/runner.go @@ -30,6 +30,7 @@ import ( "time" specs "github.com/opencontainers/runtime-spec/specs-go" + "github.com/syndtr/gocapability/capability" "golang.org/x/sys/unix" "gvisor.dev/gvisor/pkg/log" "gvisor.dev/gvisor/pkg/test/testutil" @@ -105,6 +106,13 @@ func runTestCaseNative(testBin string, tc gtest.TestCase, t *testing.T) { cmd.Env = env cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr + + if specutils.HasCapabilities(capability.CAP_NET_ADMIN) { + cmd.SysProcAttr = &syscall.SysProcAttr{ + Cloneflags: syscall.CLONE_NEWNET, + } + } + if err := cmd.Run(); err != nil { ws := err.(*exec.ExitError).Sys().(syscall.WaitStatus) t.Errorf("test %q exited with status %d, want 0", tc.FullName(), ws.ExitStatus()) -- cgit v1.2.3