mirrors/binctr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revert "update to use containerd seccomp package"

Browse source 
This reverts commit 4f8e065faf055d3f0463a92622297ca3afac07f4.
This commit is contained in:
Jess Frazelle 2018-03-22 09:15:36 -04:00
parent 09243b740c
commit 60f032f6f5
8199 changed files with 1598219 additions and 30742 deletions
Download patch file Download diff file Expand all files Collapse all files

83
vendor/github.com/opencontainers/runc/tests/integration/README.md generated vendored Normal file
View file

@ -0,0 +1,83 @@
# runc Integration Tests
Integration tests provide end-to-end testing of runc.
Note that integration tests do **not** replace unit tests.
As a rule of thumb, code should be tested thoroughly with unit tests.
Integration tests on the other hand are meant to test a specific feature end
to end.
Integration tests are written in *bash* using the
[bats](https://github.com/sstephenson/bats) framework.
## Running integration tests
The easiest way to run integration tests is with Docker:
```
$ make integration
```
Alternatively, you can run integration tests directly on your host through make:
```
$ sudo make localintegration
```
Or you can just run them directly using bats
```
$ sudo bats tests/integration
```
To run a single test bucket:
```
$ make integration TESTFLAGS="/checkpoint.bats"
```
To run them on your host, you will need to setup a development environment plus
[bats](https://github.com/sstephenson/bats#installing-bats-from-source)
For example:
```
$ cd ~/go/src/github.com
$ git clone https://github.com/sstephenson/bats.git
$ cd bats
$ ./install.sh /usr/local
```
> **Note**: There are known issues running the integration tests using
> **devicemapper** as a storage driver, make sure that your docker daemon
> is using **aufs** if you want to successfully run the integration tests.
## Writing integration tests
[helper functions]
(https://github.com/opencontainers/runc/blob/master/test/integration/helpers.bash)
are provided in order to facilitate writing tests.
```sh
#!/usr/bin/env bats
# This will load the helpers.
load helpers
# setup is called at the beginning of every test.
function setup() {
# see functions teardown_hello and setup_hello in helpers.bash, used to
# create a pristine environment for running your tests
teardown_hello
setup_hello
}
# teardown is called at the end of every test.
function teardown() {
teardown_hello
}
@test "this is a simple test" {
runc run containerid
# "The runc macro" automatically populates $status, $output and $lines.
# Please refer to bats documentation to find out more.
[ "$status" -eq 0 ]
# check expected output
[[ "${output}" == *"Hello"* ]]
}
```

127
vendor/github.com/opencontainers/runc/tests/integration/cgroups.bats generated vendored Normal file
View file

@ -0,0 +1,127 @@
#!/usr/bin/env bats
load helpers
function teardown() {
rm -f $BATS_TMPDIR/runc-cgroups-integration-test.json
teardown_running_container test_cgroups_kmem
teardown_running_container test_cgroups_permissions
teardown_busybox
}
function setup() {
teardown
setup_busybox
}
function check_cgroup_value() {
cgroup=$1
source=$2
expected=$3
current=$(cat $cgroup/$source)
echo $cgroup/$source
echo "current" $current "!?" "$expected"
[ "$current" -eq "$expected" ]
}
@test "runc update --kernel-memory (initialized)" {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup
requires cgroups_kmem
set_cgroups_path "$BUSYBOX_BUNDLE"
# Set some initial known values
DATA=$(cat <<-EOF
"memory": {
"kernel": 16777216
},
EOF
)
DATA=$(echo ${DATA} | sed 's/\n/\\n/g')
sed -i "s/\(\"resources\": {\)/\1\n${DATA}/" ${BUSYBOX_BUNDLE}/config.json
# run a detached busybox to work with
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_kmem
[ "$status" -eq 0 ]
# update kernel memory limit
runc update test_cgroups_kmem --kernel-memory 50331648
[ "$status" -eq 0 ]
# check the value
check_cgroup_value $CGROUP_MEMORY "memory.kmem.limit_in_bytes" 50331648
}
@test "runc update --kernel-memory (uninitialized)" {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup
requires cgroups_kmem
set_cgroups_path "$BUSYBOX_BUNDLE"
# run a detached busybox to work with
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_kmem
[ "$status" -eq 0 ]
# update kernel memory limit
runc update test_cgroups_kmem --kernel-memory 50331648
# Since kernel 4.6, we can update kernel memory without initialization
# because it's accounted by default.
if [ "$KERNEL_MAJOR" -lt 4 ] || [ "$KERNEL_MAJOR" -eq 4 -a "$KERNEL_MINOR" -le 5 ]; then
[ ! "$status" -eq 0 ]
else
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_MEMORY "memory.kmem.limit_in_bytes" 50331648
fi
}
@test "runc create (no limits + no cgrouppath + no permission) succeeds" {
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 0 ]
}
@test "runc create (rootless + no limits + cgrouppath + no permission) fails with permission error" {
requires rootless
requires rootless_no_cgroup
set_cgroups_path "$BUSYBOX_BUNDLE"
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 1 ]
[[ ${lines[1]} == *"permission denied"* ]]
}
@test "runc create (rootless + limits + no cgrouppath + no permission) fails with informative error" {
requires rootless
requires rootless_no_cgroup
set_resources_limit "$BUSYBOX_BUNDLE"
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 1 ]
[[ ${lines[1]} == *"cannot set limits on the pids cgroup, as the container has not joined it"* ]]
}
@test "runc create (limits + cgrouppath + permission on the cgroup dir) succeeds" {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup
set_cgroups_path "$BUSYBOX_BUNDLE"
set_resources_limit "$BUSYBOX_BUNDLE"
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 0 ]
}
@test "runc exec (limits + cgrouppath + permission on the cgroup dir) succeeds" {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup
set_cgroups_path "$BUSYBOX_BUNDLE"
set_resources_limit "$BUSYBOX_BUNDLE"
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 0 ]
runc exec test_cgroups_permissions echo "cgroups_exec"
[ "$status" -eq 0 ]
[[ ${lines[0]} == *"cgroups_exec"* ]]
}

232
vendor/github.com/opencontainers/runc/tests/integration/checkpoint.bats generated vendored Normal file
View file

@ -0,0 +1,232 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "checkpoint and restore" {
# XXX: currently criu require root containers.
requires criu root
# criu does not work with external terminals so..
# setting terminal and root:readonly: to false
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
for i in `seq 2`; do
# checkpoint the running container
runc --criu "$CRIU" checkpoint --work-path ./work-dir test_busybox
ret=$?
# if you are having problems getting criu to work uncomment the following dump:
#cat /run/opencontainer/containers/test_busybox/criu.work/dump.log
cat ./work-dir/dump.log | grep -B 5 Error || true
[ "$ret" -eq 0 ]
# after checkpoint busybox is no longer running
runc state test_busybox
[ "$status" -ne 0 ]
# restore from checkpoint
runc --criu "$CRIU" restore -d --work-path ./work-dir --console-socket $CONSOLE_SOCKET test_busybox
ret=$?
cat ./work-dir/restore.log | grep -B 5 Error || true
[ "$ret" -eq 0 ]
# busybox should be back up and running
testcontainer test_busybox running
done
}
@test "checkpoint --pre-dump and restore" {
# XXX: currently criu require root containers.
requires criu root
sed -i 's;"terminal": true;"terminal": false;' config.json
sed -i 's;"readonly": true;"readonly": false;' config.json
sed -i 's/"sh"/"sh","-c","for i in `seq 10`; do read xxx || continue; echo ponG $xxx; done"/' config.json
# The following code creates pipes for stdin and stdout.
# CRIU can't handle fifo-s, so we need all these tricks.
fifo=`mktemp -u /tmp/runc-fifo-XXXXXX`
mkfifo $fifo
# stdout
cat $fifo | cat $fifo &
pid=$!
exec 50</proc/$pid/fd/0
exec 51>/proc/$pid/fd/0
# stdin
cat $fifo | cat $fifo &
pid=$!
exec 60</proc/$pid/fd/0
exec 61>/proc/$pid/fd/0
echo -n > $fifo
unlink $fifo
# run busybox (not detached)
__runc run -d test_busybox <&60 >&51 2>&51
[ $? -eq 0 ]
testcontainer test_busybox running
#test checkpoint pre-dump
mkdir parent-dir
runc --criu "$CRIU" checkpoint --pre-dump --image-path ./parent-dir test_busybox
[ "$status" -eq 0 ]
# busybox should still be running
runc state test_busybox
[ "$status" -eq 0 ]
[[ "${output}" == *"running"* ]]
# checkpoint the running container
mkdir image-dir
mkdir work-dir
runc --criu "$CRIU" checkpoint --parent-path ./parent-dir --work-path ./work-dir --image-path ./image-dir test_busybox
cat ./work-dir/dump.log | grep -B 5 Error || true
[ "$status" -eq 0 ]
# after checkpoint busybox is no longer running
runc state test_busybox
[ "$status" -ne 0 ]
# restore from checkpoint
__runc --criu "$CRIU" restore -d --work-path ./work-dir --image-path ./image-dir test_busybox <&60 >&51 2>&51
ret=$?
cat ./work-dir/restore.log | grep -B 5 Error || true
[ $ret -eq 0 ]
# busybox should be back up and running
testcontainer test_busybox running
runc exec --cwd /bin test_busybox echo ok
[ "$status" -eq 0 ]
[[ ${output} == "ok" ]]
echo Ping >&61
exec 61>&-
exec 51>&-
run cat <&50
[ "$status" -eq 0 ]
[[ "${output}" == *"ponG Ping"* ]]
}
@test "checkpoint --lazy-pages and restore" {
# XXX: currently criu require root containers.
requires criu root
# check if lazy-pages is supported
run ${CRIU} check --feature lazy_pages
if [ "$status" -eq 1 ]; then
# this criu does not support lazy migration; skip the test
skip "this criu does not support lazy migration"
fi
sed -i 's;"terminal": true;"terminal": false;' config.json
sed -i 's;"readonly": true;"readonly": false;' config.json
sed -i 's/"sh"/"sh","-c","for i in `seq 10`; do read xxx || continue; echo ponG $xxx; done"/' config.json
# The following code creates pipes for stdin and stdout.
# CRIU can't handle fifo-s, so we need all these tricks.
fifo=`mktemp -u /tmp/runc-fifo-XXXXXX`
mkfifo $fifo
# For lazy migration we need to know when CRIU is ready to serve
# the memory pages via TCP.
lazy_pipe=`mktemp -u /tmp/lazy-pipe-XXXXXX`
mkfifo $lazy_pipe
# TCP port for lazy migration
port=27277
# stdout
cat $fifo | cat $fifo &
pid=$!
exec 50</proc/$pid/fd/0
exec 51>/proc/$pid/fd/0
# stdin
cat $fifo | cat $fifo &
pid=$!
exec 60</proc/$pid/fd/0
exec 61>/proc/$pid/fd/0
echo -n > $fifo
unlink $fifo
# run busybox
__runc run -d test_busybox <&60 >&51 2>&51
[ $? -eq 0 ]
testcontainer test_busybox running
# checkpoint the running container
mkdir image-dir
mkdir work-dir
# Double fork taken from helpers.bats
# We need to start 'runc checkpoint --lazy-pages' in the background,
# so we double fork in the shell.
(runc --criu "$CRIU" checkpoint --lazy-pages --page-server 0.0.0.0:${port} --status-fd ${lazy_pipe} --work-path ./work-dir --image-path ./image-dir test_busybox & ) &
# Sleeping here. This is ugly, but not sure how else to handle it.
# The return code of the in the background running runc is needed, if
# there is some basic error. If the lazy migration is ready can
# be handled by $lazy_pipe. Which probably will always be ready
# after sleeping two seconds.
sleep 2
# Check if inventory.img was written
[ -e image-dir/inventory.img ]
# If the inventory.img exists criu checkpointed some things, let's see
# if there were other errors in the log file.
run grep -B 5 Error ./work-dir/dump.log -q
[ "$status" -eq 1 ]
# This will block until CRIU is ready to serve memory pages
cat $lazy_pipe
[ "$status" -eq 1 ]
unlink $lazy_pipe
# Double fork taken from helpers.bats
# We need to start 'criu lazy-pages' in the background,
# so we double fork in the shell.
# Start CRIU in lazy-daemon mode
$(${CRIU} lazy-pages --page-server --address 127.0.0.1 --port ${port} -D image-dir &) &
# Restore lazily from checkpoint.
# The restored container needs a different name as the checkpointed
# container is not yet destroyed. It is only destroyed at that point
# in time when the last page is lazily transferred to the destination.
# Killing the CRIU on the checkpoint side will let the container
# continue to run if the migration failed at some point.
__runc --criu "$CRIU" restore -d --work-path ./image-dir --image-path ./image-dir --lazy-pages test_busybox_restore <&60 >&51 2>&51
ret=$?
[ $ret -eq 0 ]
run grep -B 5 Error ./work-dir/dump.log -q
[ "$status" -eq 1 ]
# busybox should be back up and running
testcontainer test_busybox_restore running
runc exec --cwd /bin test_busybox_restore echo ok
[ "$status" -eq 0 ]
[[ ${output} == "ok" ]]
echo Ping >&61
exec 61>&-
exec 51>&-
run cat <&50
[ "$status" -eq 0 ]
[[ "${output}" == *"ponG Ping"* ]]
}

89
vendor/github.com/opencontainers/runc/tests/integration/create.bats generated vendored Normal file
View file

@ -0,0 +1,89 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "runc create" {
runc create --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox created
# start the command
runc start test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
}
@test "runc create exec" {
runc create --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox created
runc exec test_busybox true
[ "$status" -eq 0 ]
testcontainer test_busybox created
# start the command
runc start test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
}
@test "runc create --pid-file" {
runc create --pid-file pid.txt --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox created
# check pid.txt was generated
[ -e pid.txt ]
run cat pid.txt
[ "$status" -eq 0 ]
[[ ${lines[0]} == $(__runc state test_busybox | jq '.pid') ]]
# start the command
runc start test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
}
@test "runc create --pid-file with new CWD" {
# create pid_file directory as the CWD
run mkdir pid_file
[ "$status" -eq 0 ]
run cd pid_file
[ "$status" -eq 0 ]
runc create --pid-file pid.txt -b $BUSYBOX_BUNDLE --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox created
# check pid.txt was generated
[ -e pid.txt ]
run cat pid.txt
[ "$status" -eq 0 ]
[[ ${lines[0]} == $(__runc state test_busybox | jq '.pid') ]]
# start the command
runc start test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
}

70
vendor/github.com/opencontainers/runc/tests/integration/debug.bats generated vendored Normal file
View file

@ -0,0 +1,70 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_hello
setup_hello
}
function teardown() {
teardown_hello
}
@test "global --debug" {
# run hello-world
runc --debug run test_hello
echo "${output}"
[ "$status" -eq 0 ]
}
@test "global --debug to --log" {
# run hello-world
runc --log log.out --debug run test_hello
[ "$status" -eq 0 ]
# check output does not include debug info
[[ "${output}" != *"level=debug"* ]]
# check log.out was generated
[ -e log.out ]
# check expected debug output was sent to log.out
run cat log.out
[ "$status" -eq 0 ]
[[ "${output}" == *"level=debug"* ]]
}
@test "global --debug to --log --log-format 'text'" {
# run hello-world
runc --log log.out --log-format "text" --debug run test_hello
[ "$status" -eq 0 ]
# check output does not include debug info
[[ "${output}" != *"level=debug"* ]]
# check log.out was generated
[ -e log.out ]
# check expected debug output was sent to log.out
run cat log.out
[ "$status" -eq 0 ]
[[ "${output}" == *"level=debug"* ]]
}
@test "global --debug to --log --log-format 'json'" {
# run hello-world
runc --log log.out --log-format "json" --debug run test_hello
[ "$status" -eq 0 ]
# check output does not include debug info
[[ "${output}" != *"level=debug"* ]]
# check log.out was generated
[ -e log.out ]
# check expected debug output was sent to log.out
run cat log.out
[ "$status" -eq 0 ]
[[ "${output}" == *'"level":"debug"'* ]]
}

53
vendor/github.com/opencontainers/runc/tests/integration/delete.bats generated vendored Normal file
View file

@ -0,0 +1,53 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "runc delete" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
runc kill test_busybox KILL
[ "$status" -eq 0 ]
# wait for busybox to be in the destroyed state
retry 10 1 eval "__runc state test_busybox | grep -q 'stopped'"
# delete test_busybox
runc delete test_busybox
[ "$status" -eq 0 ]
runc state test_busybox
[ "$status" -ne 0 ]
}
@test "runc delete --force" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
# force delete test_busybox
runc delete --force test_busybox
runc state test_busybox
[ "$status" -ne 0 ]
}
@test "runc delete --force ignore not exist" {
runc delete --force notexists
[ "$status" -eq 0 ]
}

109
vendor/github.com/opencontainers/runc/tests/integration/events.bats generated vendored Normal file
View file

@ -0,0 +1,109 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "events --stats" {
# XXX: currently cgroups require root containers.
requires root
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# generate stats
runc events --stats test_busybox
[ "$status" -eq 0 ]
[[ "${lines[0]}" == [\{]"\"type\""[:]"\"stats\""[,]"\"id\""[:]"\"test_busybox\""[,]* ]]
[[ "${lines[0]}" == *"data"* ]]
}
@test "events --interval default " {
# XXX: currently cgroups require root containers.
requires root
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# spawn two sub processes (shells)
# the first sub process is an event logger that sends stats events to events.log
# the second sub process waits for an event that incudes test_busybox then
# kills the test_busybox container which causes the event logger to exit
(__runc events test_busybox > events.log) &
(
retry 10 1 eval "grep -q 'test_busybox' events.log"
teardown_running_container test_busybox
) &
wait # wait for the above sub shells to finish
[ -e events.log ]
run cat events.log
[ "$status" -eq 0 ]
[[ "${lines[0]}" == [\{]"\"type\""[:]"\"stats\""[,]"\"id\""[:]"\"test_busybox\""[,]* ]]
[[ "${lines[0]}" == *"data"* ]]
}
@test "events --interval 1s " {
# XXX: currently cgroups require root containers.
requires root
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# spawn two sub processes (shells)
# the first sub process is an event logger that sends stats events to events.log once a second
# the second sub process tries 3 times for an event that incudes test_busybox
# pausing 1s between each attempt then kills the test_busybox container which
# causes the event logger to exit
(__runc events --interval 1s test_busybox > events.log) &
(
retry 3 1 eval "grep -q 'test_busybox' events.log"
teardown_running_container test_busybox
) &
wait # wait for the above sub shells to finish
[ -e events.log ]
run eval "grep -q 'test_busybox' events.log"
[ "$status" -eq 0 ]
}
@test "events --interval 100ms " {
# XXX: currently cgroups require root containers.
requires root
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
#prove there is no carry over of events.log from a prior test
[ ! -e events.log ]
# spawn two sub processes (shells)
# the first sub process is an event logger that sends stats events to events.log once every 100ms
# the second sub process tries 3 times for an event that incudes test_busybox
# pausing 100s between each attempt then kills the test_busybox container which
# causes the event logger to exit
(__runc events --interval 100ms test_busybox > events.log) &
(
retry 3 0.100 eval "grep -q 'test_busybox' events.log"
teardown_running_container test_busybox
) &
wait # wait for the above sub shells to finish
[ -e events.log ]
run eval "grep -q 'test_busybox' events.log"
[ "$status" -eq 0 ]
}

129
vendor/github.com/opencontainers/runc/tests/integration/exec.bats generated vendored Normal file
View file

@ -0,0 +1,129 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "runc exec" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec test_busybox echo Hello from exec
[ "$status" -eq 0 ]
echo text echoed = "'""${output}""'"
[[ "${output}" == *"Hello from exec"* ]]
}
@test "runc exec --pid-file" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec --pid-file pid.txt test_busybox echo Hello from exec
[ "$status" -eq 0 ]
echo text echoed = "'""${output}""'"
[[ "${output}" == *"Hello from exec"* ]]
# check pid.txt was generated
[ -e pid.txt ]
run cat pid.txt
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ [0-9]+ ]]
[[ ${lines[0]} != $(__runc state test_busybox | jq '.pid') ]]
}
@test "runc exec --pid-file with new CWD" {
# create pid_file directory as the CWD
run mkdir pid_file
[ "$status" -eq 0 ]
run cd pid_file
[ "$status" -eq 0 ]
# run busybox detached
runc run -d -b $BUSYBOX_BUNDLE --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec --pid-file pid.txt test_busybox echo Hello from exec
[ "$status" -eq 0 ]
echo text echoed = "'""${output}""'"
[[ "${output}" == *"Hello from exec"* ]]
# check pid.txt was generated
[ -e pid.txt ]
run cat pid.txt
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ [0-9]+ ]]
[[ ${lines[0]} != $(__runc state test_busybox | jq '.pid') ]]
}
@test "runc exec ls -la" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec test_busybox ls -la
[ "$status" -eq 0 ]
[[ ${lines[0]} == *"total"* ]]
[[ ${lines[1]} == *"."* ]]
[[ ${lines[2]} == *".."* ]]
}
@test "runc exec ls -la with --cwd" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec --cwd /bin test_busybox pwd
[ "$status" -eq 0 ]
[[ ${output} == "/bin"* ]]
}
@test "runc exec --env" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec --env RUNC_EXEC_TEST=true test_busybox env
[ "$status" -eq 0 ]
[[ ${output} == *"RUNC_EXEC_TEST=true"* ]]
}
@test "runc exec --user" {
# --user can't work in rootless containers that don't have idmap.
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec --user 1000:1000 test_busybox id
[ "$status" -eq 0 ]
[[ "${output}" == "uid=1000 gid=1000"* ]]
}
@test "runc exec --additional-gids" {
requires root
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
wait_for_container 15 1 test_busybox
runc exec --user 1000:1000 --additional-gids 100 --additional-gids 99 test_busybox id
[ "$status" -eq 0 ]
[[ ${output} == "uid=1000 gid=1000 groups=99(nogroup),100(users)" ]]
}

87
vendor/github.com/opencontainers/runc/tests/integration/help.bats generated vendored Normal file
View file

@ -0,0 +1,87 @@
#!/usr/bin/env bats
load helpers
@test "runc -h" {
runc -h
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ NAME:+ ]]
[[ ${lines[1]} =~ runc\ '-'\ Open\ Container\ Initiative\ runtime+ ]]
runc --help
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ NAME:+ ]]
[[ ${lines[1]} =~ runc\ '-'\ Open\ Container\ Initiative\ runtime+ ]]
}
@test "runc command -h" {
runc checkpoint -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ checkpoint+ ]]
runc delete -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ delete+ ]]
runc events -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ events+ ]]
runc exec -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ exec+ ]]
runc kill -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ kill+ ]]
runc list -h
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ NAME:+ ]]
[[ ${lines[1]} =~ runc\ list+ ]]
runc list --help
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ NAME:+ ]]
[[ ${lines[1]} =~ runc\ list+ ]]
runc pause -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ pause+ ]]
runc restore -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ restore+ ]]
runc resume -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ resume+ ]]
# We don't use runc_spec here, because we're just testing the help page.
runc spec -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ spec+ ]]
runc start -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ start+ ]]
runc run -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ run+ ]]
runc state -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ state+ ]]
runc update -h
[ "$status" -eq 0 ]
[[ ${lines[1]} =~ runc\ update+ ]]
}
@test "runc foo -h" {
runc foo -h
[ "$status" -ne 0 ]
[[ "${output}" == *"No help topic for 'foo'"* ]]
}

330
vendor/github.com/opencontainers/runc/tests/integration/helpers.bash generated vendored Normal file
View file

@ -0,0 +1,330 @@
#!/bin/bash
# Root directory of integration tests.
INTEGRATION_ROOT=$(dirname "$(readlink -f "$BASH_SOURCE")")
. ${INTEGRATION_ROOT}/multi-arch.bash
RUNC="${INTEGRATION_ROOT}/../../runc"
RECVTTY="${INTEGRATION_ROOT}/../../contrib/cmd/recvtty/recvtty"
GOPATH="$(mktemp -d --tmpdir runc-integration-gopath.XXXXXX)"
# Test data path.
TESTDATA="${INTEGRATION_ROOT}/testdata"
# Busybox image
BUSYBOX_IMAGE="$BATS_TMPDIR/busybox.tar"
BUSYBOX_BUNDLE="$BATS_TMPDIR/busyboxtest"
# hello-world in tar format
HELLO_FILE=`get_hello`
HELLO_IMAGE="$TESTDATA/$HELLO_FILE"
HELLO_BUNDLE="$BATS_TMPDIR/hello-world"
# CRIU PATH
CRIU="$(which criu || true)"
# Kernel version
KERNEL_VERSION="$(uname -r)"
KERNEL_MAJOR="${KERNEL_VERSION%%.*}"
KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}"
KERNEL_MINOR="${KERNEL_MINOR%%.*}"
# Root state path.
ROOT=$(mktemp -d "$BATS_TMPDIR/runc.XXXXXX")
# Path to console socket.
CONSOLE_SOCKET="$BATS_TMPDIR/console.sock"
# Cgroup paths
CGROUP_MEMORY_BASE_PATH=$(grep "cgroup" /proc/self/mountinfo | gawk 'toupper($NF) ~ /\<MEMORY\>/ { print $5; exit }')
CGROUP_CPU_BASE_PATH=$(grep "cgroup" /proc/self/mountinfo | gawk 'toupper($NF) ~ /\<CPU\>/ { print $5; exit }')
CGROUPS_PATH="/runc-cgroups-integration-test/test-cgroup"
CGROUP_MEMORY="${CGROUP_MEMORY_BASE_PATH}${CGROUPS_PATH}"
# CONFIG_MEMCG_KMEM support
KMEM="${CGROUP_MEMORY_BASE_PATH}/memory.kmem.limit_in_bytes"
RT_PERIOD="${CGROUP_CPU_BASE_PATH}/cpu.rt_period_us"
# Check if we're in rootless mode.
ROOTLESS=$(id -u)
# Wrapper for runc.
function runc() {
run __runc "$@"
# Some debug information to make life easier. bats will only print it if the
# test failed, in which case the output is useful.
echo "runc $@ (status=$status):" >&2
echo "$output" >&2
}
# Raw wrapper for runc.
function __runc() {
"$RUNC" --log /proc/self/fd/2 --root "$ROOT" "$@"
}
# Wrapper for runc spec, which takes only one argument (the bundle path).
function runc_spec() {
! [[ "$#" > 1 ]]
local args=()
local bundle=""
if [ "$ROOTLESS" -ne 0 ]; then
args+=("--rootless")
fi
if [ "$#" -ne 0 ]; then
bundle="$1"
args+=("--bundle" "$bundle")
fi
runc spec "${args[@]}"
# Always add additional mappings if we have idmaps.
if [[ "$ROOTLESS" -ne 0 ]] && [[ "$ROOTLESS_FEATURES" == *"idmap"* ]]; then
runc_rootless_idmap "$bundle"
fi
# Ensure config.json contains linux.resources
if [[ "$ROOTLESS" -ne 0 ]] && [[ "$ROOTLESS_FEATURES" == *"cgroup"* ]]; then
runc_rootless_cgroup "$bundle"
fi
}
# Shortcut to add additional uids and gids, based on the values set as part of
# a rootless configuration.
function runc_rootless_idmap() {
bundle="${1:-.}"
cat "$bundle/config.json" \
| jq '.mounts |= map((select(.type == "devpts") | .options += ["gid=5"]) // .)' \
| jq '.linux.uidMappings |= .+ [{"hostID": '"$ROOTLESS_UIDMAP_START"', "containerID": 1000, "size": '"$ROOTLESS_UIDMAP_LENGTH"'}]' \
| jq '.linux.gidMappings |= .+ [{"hostID": '"$ROOTLESS_GIDMAP_START"', "containerID": 100, "size": 1}]' \
| jq '.linux.gidMappings |= .+ [{"hostID": '"$(($ROOTLESS_GIDMAP_START+10))"', "containerID": 1, "size": 20}]' \
| jq '.linux.gidMappings |= .+ [{"hostID": '"$(($ROOTLESS_GIDMAP_START+100))"', "containerID": 1000, "size": '"$(($ROOTLESS_GIDMAP_LENGTH-1000))"'}]' \
>"$bundle/config.json.tmp"
mv "$bundle/config.json"{.tmp,}
}
# Shortcut to add empty resources as part of a rootless configuration.
function runc_rootless_cgroup() {
bundle="${1:-.}"
cat "$bundle/config.json" \
| jq '.linux.resources |= .+ {"memory":{},"cpu":{},"blockio":{},"pids":{}}' \
>"$bundle/config.json.tmp"
mv "$bundle/config.json"{.tmp,}
}
# Helper function to set cgroupsPath to the value of $CGROUPS_PATH
function set_cgroups_path() {
bundle="${1:-.}"
sed -i 's/\("linux": {\)/\1\n "cgroupsPath": "\/runc-cgroups-integration-test\/test-cgroup",/' "$bundle/config.json"
}
# Helper function to set a resouces limit
function set_resources_limit() {
bundle="${1:-.}"
sed -i 's/\("linux": {\)/\1\n "resources": { "pids": { "limit": 100 } },/' "$bundle/config.json"
}
# Fails the current test, providing the error given.
function fail() {
echo "$@" >&2
exit 1
}
# Allows a test to specify what things it requires. If the environment can't
# support it, the test is skipped with a message.
function requires() {
for var in "$@"; do
case $var in
criu)
if [ ! -e "$CRIU" ]; then
skip "test requires ${var}"
fi
;;
root)
if [ "$ROOTLESS" -ne 0 ]; then
skip "test requires ${var}"
fi
;;
rootless)
if [ "$ROOTLESS" -eq 0 ]; then
skip "test requires ${var}"
fi
;;
rootless_idmap)
if [[ "$ROOTLESS_FEATURES" != *"idmap"* ]]; then
skip "test requires ${var}"
fi
;;
rootless_cgroup)
if [[ "$ROOTLESS_FEATURES" != *"cgroup"* ]]; then
skip "test requires ${var}"
fi
;;
rootless_no_cgroup)
if [[ "$ROOTLESS_FEATURES" == *"cgroup"* ]]; then
skip "test requires ${var}"
fi
;;
cgroups_kmem)
if [ ! -e "$KMEM" ]; then
skip "Test requires ${var}"
fi
;;
cgroups_rt)
if [ ! -e "$RT_PERIOD" ]; then
skip "Test requires ${var}"
fi
;;
*)
fail "BUG: Invalid requires ${var}."
;;
esac
done
}
# Retry a command $1 times until it succeeds. Wait $2 seconds between retries.
function retry() {
local attempts=$1
shift
local delay=$1
shift
local i
for ((i = 0; i < attempts; i++)); do
run "$@"
if [[ "$status" -eq 0 ]]; then
return 0
fi
sleep $delay
done
echo "Command \"$@\" failed $attempts times. Output: $output"
false
}
# retry until the given container has state
function wait_for_container() {
local attempts=$1
local delay=$2
local cid=$3
local i
for ((i = 0; i < attempts; i++)); do
runc state $cid
if [[ "$status" -eq 0 ]]; then
return 0
fi
sleep $delay
done
echo "runc state failed to return state $statecheck $attempts times. Output: $output"
false
}
# retry until the given container has state
function wait_for_container_inroot() {
local attempts=$1
local delay=$2
local cid=$3
local i
for ((i = 0; i < attempts; i++)); do
ROOT=$4 runc state $cid
if [[ "$status" -eq 0 ]]; then
return 0
fi
sleep $delay
done
echo "runc state failed to return state $statecheck $attempts times. Output: $output"
false
}
function testcontainer() {
# test state of container
runc state $1
[ "$status" -eq 0 ]
[[ "${output}" == *"$2"* ]]
}
function setup_recvtty() {
# We need to start recvtty in the background, so we double fork in the shell.
("$RECVTTY" --pid-file "$BATS_TMPDIR/recvtty.pid" --mode null "$CONSOLE_SOCKET" &) &
}
function teardown_recvtty() {
# When we kill recvtty, the container will also be killed.
if [ -f "$BATS_TMPDIR/recvtty.pid" ]; then
kill -9 $(cat "$BATS_TMPDIR/recvtty.pid")
fi
# Clean up the files that might be left over.
rm -f "$BATS_TMPDIR/recvtty.pid"
rm -f "$CONSOLE_SOCKET"
}
function setup_busybox() {
setup_recvtty
run mkdir "$BUSYBOX_BUNDLE"
run mkdir "$BUSYBOX_BUNDLE"/rootfs
if [ -e "/testdata/busybox.tar" ]; then
BUSYBOX_IMAGE="/testdata/busybox.tar"
fi
if [ ! -e $BUSYBOX_IMAGE ]; then
curl -o $BUSYBOX_IMAGE -sSL `get_busybox`
fi
tar --exclude './dev/*' -C "$BUSYBOX_BUNDLE"/rootfs -xf "$BUSYBOX_IMAGE"
cd "$BUSYBOX_BUNDLE"
runc_spec
}
function setup_hello() {
setup_recvtty
run mkdir "$HELLO_BUNDLE"
run mkdir "$HELLO_BUNDLE"/rootfs
tar --exclude './dev/*' -C "$HELLO_BUNDLE"/rootfs -xf "$HELLO_IMAGE"
cd "$HELLO_BUNDLE"
runc_spec
sed -i 's;"sh";"/hello";' config.json
}
function teardown_running_container() {
runc list
# $1 should be a container name such as "test_busybox"
# here we detect "test_busybox "(with one extra blank) to avoid conflict prefix
# e.g. "test_busybox" and "test_busybox_update"
if [[ "${output}" == *"$1 "* ]]; then
runc kill $1 KILL
retry 10 1 eval "__runc state '$1' | grep -q 'stopped'"
runc delete $1
fi
}
function teardown_running_container_inroot() {
ROOT=$2 runc list
# $1 should be a container name such as "test_busybox"
# here we detect "test_busybox "(with one extra blank) to avoid conflict prefix
# e.g. "test_busybox" and "test_busybox_update"
if [[ "${output}" == *"$1 "* ]]; then
ROOT=$2 runc kill $1 KILL
retry 10 1 eval "ROOT='$2' __runc state '$1' | grep -q 'stopped'"
ROOT=$2 runc delete $1
fi
}
function teardown_busybox() {
cd "$INTEGRATION_ROOT"
teardown_recvtty
teardown_running_container test_busybox
run rm -f -r "$BUSYBOX_BUNDLE"
}
function teardown_hello() {
cd "$INTEGRATION_ROOT"
teardown_recvtty
teardown_running_container test_hello
run rm -f -r "$HELLO_BUNDLE"
}

30
vendor/github.com/opencontainers/runc/tests/integration/kill.bats generated vendored Normal file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "kill detached busybox" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
runc kill test_busybox KILL
[ "$status" -eq 0 ]
retry 10 1 eval "__runc state test_busybox | grep -q 'stopped'"
runc delete test_busybox
[ "$status" -eq 0 ]
}

56
vendor/github.com/opencontainers/runc/tests/integration/list.bats generated vendored Normal file
View file

@ -0,0 +1,56 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_running_container_inroot test_box1 $HELLO_BUNDLE
teardown_running_container_inroot test_box2 $HELLO_BUNDLE
teardown_running_container_inroot test_box3 $HELLO_BUNDLE
teardown_busybox
setup_busybox
}
function teardown() {
teardown_running_container_inroot test_box1 $HELLO_BUNDLE
teardown_running_container_inroot test_box2 $HELLO_BUNDLE
teardown_running_container_inroot test_box3 $HELLO_BUNDLE
teardown_busybox
}
@test "list" {
# run a few busyboxes detached
ROOT=$HELLO_BUNDLE runc run -d --console-socket $CONSOLE_SOCKET test_box1
[ "$status" -eq 0 ]
ROOT=$HELLO_BUNDLE runc run -d --console-socket $CONSOLE_SOCKET test_box2
[ "$status" -eq 0 ]
ROOT=$HELLO_BUNDLE runc run -d --console-socket $CONSOLE_SOCKET test_box3
[ "$status" -eq 0 ]
ROOT=$HELLO_BUNDLE runc list
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ ID\ +PID\ +STATUS\ +BUNDLE\ +CREATED+ ]]
[[ "${lines[1]}" == *"test_box1"*[0-9]*"running"*$BUSYBOX_BUNDLE*[0-9]* ]]
[[ "${lines[2]}" == *"test_box2"*[0-9]*"running"*$BUSYBOX_BUNDLE*[0-9]* ]]
[[ "${lines[3]}" == *"test_box3"*[0-9]*"running"*$BUSYBOX_BUNDLE*[0-9]* ]]
ROOT=$HELLO_BUNDLE runc list -q
[ "$status" -eq 0 ]
[[ "${lines[0]}" == "test_box1" ]]
[[ "${lines[1]}" == "test_box2" ]]
[[ "${lines[2]}" == "test_box3" ]]
ROOT=$HELLO_BUNDLE runc list --format table
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ ID\ +PID\ +STATUS\ +BUNDLE\ +CREATED+ ]]
[[ "${lines[1]}" == *"test_box1"*[0-9]*"running"*$BUSYBOX_BUNDLE*[0-9]* ]]
[[ "${lines[2]}" == *"test_box2"*[0-9]*"running"*$BUSYBOX_BUNDLE*[0-9]* ]]
[[ "${lines[3]}" == *"test_box3"*[0-9]*"running"*$BUSYBOX_BUNDLE*[0-9]* ]]
ROOT=$HELLO_BUNDLE runc list --format json
[ "$status" -eq 0 ]
[[ "${lines[0]}" == [\[][\{]"\"ociVersion\""[:]"\""*[0-9][\.]*[0-9][\.]*[0-9]*"\""[,]"\"id\""[:]"\"test_box1\""[,]"\"pid\""[:]*[0-9][,]"\"status\""[:]*"\"running\""[,]"\"bundle\""[:]*$BUSYBOX_BUNDLE*[,]"\"rootfs\""[:]"\""*"\""[,]"\"created\""[:]*[0-9]*[\}]* ]]
[[ "${lines[0]}" == *[,][\{]"\"ociVersion\""[:]"\""*[0-9][\.]*[0-9][\.]*[0-9]*"\""[,]"\"id\""[:]"\"test_box2\""[,]"\"pid\""[:]*[0-9][,]"\"status\""[:]*"\"running\""[,]"\"bundle\""[:]*$BUSYBOX_BUNDLE*[,]"\"rootfs\""[:]"\""*"\""[,]"\"created\""[:]*[0-9]*[\}]* ]]
[[ "${lines[0]}" == *[,][\{]"\"ociVersion\""[:]"\""*[0-9][\.]*[0-9][\.]*[0-9]*"\""[,]"\"id\""[:]"\"test_box3\""[,]"\"pid\""[:]*[0-9][,]"\"status\""[:]*"\"running\""[,]"\"bundle\""[:]*$BUSYBOX_BUNDLE*[,]"\"rootfs\""[:]"\""*"\""[,]"\"created\""[:]*[0-9]*[\}][\]] ]]
}

59
vendor/github.com/opencontainers/runc/tests/integration/mask.bats generated vendored Normal file
View file

@ -0,0 +1,59 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
# Create fake rootfs.
mkdir rootfs/testdir
echo "Forbidden information!" > rootfs/testfile
# add extra masked paths
sed -i 's;"maskedPaths": \[;"maskedPaths": \["/testdir","/testfile",;g' config.json
}
function teardown() {
teardown_busybox
}
@test "mask paths [file]" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec test_busybox cat /testfile
[ "$status" -eq 0 ]
[[ "${output}" == "" ]]
runc exec test_busybox rm -f /testfile
[ "$status" -eq 1 ]
[[ "${output}" == *"Read-only file system"* ]]
runc exec test_busybox umount /testfile
[ "$status" -eq 1 ]
[[ "${output}" == *"Operation not permitted"* ]]
}
@test "mask paths [directory]" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc exec test_busybox ls /testdir
[ "$status" -eq 0 ]
[[ "${output}" == "" ]]
runc exec test_busybox touch /testdir/foo
[ "$status" -eq 1 ]
[[ "${output}" == *"Read-only file system"* ]]
runc exec test_busybox rm -rf /testdir
[ "$status" -eq 1 ]
[[ "${output}" == *"Read-only file system"* ]]
runc exec test_busybox umount /testdir
[ "$status" -eq 1 ]
[[ "${output}" == *"Operation not permitted"* ]]
}

22
vendor/github.com/opencontainers/runc/tests/integration/multi-arch.bash generated vendored Normal file
View file

@ -0,0 +1,22 @@
#!/bin/bash
get_busybox(){
case $(go env GOARCH) in
arm64)
echo 'https://github.com/docker-library/busybox/raw/23fbd9c43e0f4bec7605091bfba23db278c367ac/glibc/busybox.tar.xz'
;;
*)
echo 'https://github.com/docker-library/busybox/raw/a0558a9006ce0dd6f6ec5d56cfd3f32ebeeb815f/glibc/busybox.tar.xz'
;;
esac
}
get_hello(){
case $(go env GOARCH) in
arm64)
echo 'hello-world-aarch64.tar'
;;
*)
echo 'hello-world.tar'
;;
esac
}

72
vendor/github.com/opencontainers/runc/tests/integration/pause.bats generated vendored Normal file
View file

@ -0,0 +1,72 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "runc pause and resume" {
# XXX: currently cgroups require root containers.
requires root
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
# pause busybox
runc pause test_busybox
[ "$status" -eq 0 ]
# test state of busybox is paused
testcontainer test_busybox paused
# resume busybox
runc resume test_busybox
[ "$status" -eq 0 ]
# test state of busybox is back to running
testcontainer test_busybox running
}
@test "runc pause and resume with nonexist container" {
# XXX: currently cgroups require root containers.
requires root
# run test_busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
# pause test_busybox and nonexistent container
runc pause test_busybox
[ "$status" -eq 0 ]
runc pause nonexistent
[ "$status" -ne 0 ]
# test state of test_busybox is paused
testcontainer test_busybox paused
# resume test_busybox and nonexistent container
runc resume test_busybox
[ "$status" -eq 0 ]
runc resume nonexistent
[ "$status" -ne 0 ]
# test state of test_busybox is back to running
testcontainer test_busybox running
# delete test_busybox
runc delete --force test_busybox
runc state test_busybox
[ "$status" -ne 0 ]
}

62
vendor/github.com/opencontainers/runc/tests/integration/ps.bats generated vendored Normal file
View file

@ -0,0 +1,62 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "ps" {
# ps is not supported, it requires cgroups
requires root
# start busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
runc ps test_busybox
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ UID\ +PID\ +PPID\ +C\ +STIME\ +TTY\ +TIME\ +CMD+ ]]
[[ "${lines[1]}" == *"$(id -un 2>/dev/null)"*[0-9]* ]]
}
@test "ps -f json" {
# ps is not supported, it requires cgroups
requires root
# start busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
runc ps -f json test_busybox
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ [0-9]+ ]]
}
@test "ps -e -x" {
# ps is not supported, it requires cgroups
requires root
# start busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
runc ps test_busybox -e -x
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ \ +PID\ +TTY\ +STAT\ +TIME\ +COMMAND+ ]]
[[ "${lines[1]}" =~ [0-9]+ ]]
}

50
vendor/github.com/opencontainers/runc/tests/integration/root.bats generated vendored Normal file
View file

@ -0,0 +1,50 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_running_container_inroot test_dotbox $HELLO_BUNDLE
teardown_busybox
setup_busybox
}
function teardown() {
teardown_running_container_inroot test_dotbox $HELLO_BUNDLE
teardown_busybox
}
@test "global --root" {
# run busybox detached using $HELLO_BUNDLE for state
ROOT=$HELLO_BUNDLE runc run -d --console-socket $CONSOLE_SOCKET test_dotbox
[ "$status" -eq 0 ]
# run busybox detached in default root
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
runc state test_busybox
[ "$status" -eq 0 ]
[[ "${output}" == *"running"* ]]
ROOT=$HELLO_BUNDLE runc state test_dotbox
[ "$status" -eq 0 ]
[[ "${output}" == *"running"* ]]
ROOT=$HELLO_BUNDLE runc state test_busybox
[ "$status" -ne 0 ]
runc state test_dotbox
[ "$status" -ne 0 ]
runc kill test_busybox KILL
[ "$status" -eq 0 ]
retry 10 1 eval "__runc state test_busybox | grep -q 'stopped'"
runc delete test_busybox
[ "$status" -eq 0 ]
ROOT=$HELLO_BUNDLE runc kill test_dotbox KILL
[ "$status" -eq 0 ]
retry 10 1 eval "ROOT='$HELLO_BUNDLE' __runc state test_dotbox | grep -q 'stopped'"
ROOT=$HELLO_BUNDLE runc delete test_dotbox
[ "$status" -eq 0 ]
}

96
vendor/github.com/opencontainers/runc/tests/integration/spec.bats generated vendored Normal file
View file

@ -0,0 +1,96 @@
#!/usr/bin/env bats
load helpers
function setup() {
# initial cleanup in case a prior test exited and did not cleanup
cd "$INTEGRATION_ROOT"
run rm -f -r "$HELLO_BUNDLE"
# setup hello-world for spec generation testing
run mkdir "$HELLO_BUNDLE"
run mkdir "$HELLO_BUNDLE"/rootfs
run tar -C "$HELLO_BUNDLE"/rootfs -xf "$HELLO_IMAGE"
}
function teardown() {
cd "$INTEGRATION_ROOT"
run rm -f -r "$HELLO_BUNDLE"
}
@test "spec generation cwd" {
cd "$HELLO_BUNDLE"
# note this test runs from the bundle not the integration root
# test that config.json does not exist after the above partial setup
[ ! -e config.json ]
# test generation of spec does not return an error
runc_spec
[ "$status" -eq 0 ]
# test generation of spec created our config.json (spec)
[ -e config.json ]
# test existence of required args parameter in the generated config.json
run bash -c "grep -A2 'args' config.json | grep 'sh'"
[[ "${output}" == *"sh"* ]]
# change the default args parameter from sh to hello
sed -i 's;"sh";"/hello";' config.json
# ensure the generated spec works by running hello-world
runc run test_hello
[ "$status" -eq 0 ]
}
@test "spec generation --bundle" {
# note this test runs from the integration root not the bundle
# test that config.json does not exist after the above partial setup
[ ! -e "$HELLO_BUNDLE"/config.json ]
# test generation of spec does not return an error
runc_spec "$HELLO_BUNDLE"
[ "$status" -eq 0 ]
# test generation of spec created our config.json (spec)
[ -e "$HELLO_BUNDLE"/config.json ]
# change the default args parameter from sh to hello
sed -i 's;"sh";"/hello";' "$HELLO_BUNDLE"/config.json
# ensure the generated spec works by running hello-world
runc run --bundle "$HELLO_BUNDLE" test_hello
[ "$status" -eq 0 ]
}
@test "spec validator" {
TESTDIR=$(pwd)
cd "$HELLO_BUNDLE"
run git clone https://github.com/opencontainers/runtime-spec.git src/runtime-spec
[ "$status" -eq 0 ]
SPEC_COMMIT=$(grep '^github.com/opencontainers/runtime-spec' ${TESTDIR}/../../vendor.conf | cut -d ' ' -f 2)
run git -C src/runtime-spec reset --hard "${SPEC_COMMIT}"
[ "$status" -eq 0 ]
[ -e src/runtime-spec/schema/config-schema.json ]
run bash -c "GOPATH='$GOPATH' go get github.com/xeipuuv/gojsonschema"
[ "$status" -eq 0 ]
run git -C "${GOPATH}/src/github.com/xeipuuv/gojsonschema" reset --hard 6637feb73ee44cd4640bb3def285c29774234c7f
[ "$status" -eq 0 ]
GOPATH="$GOPATH" go build src/runtime-spec/schema/validate.go
[ -e ./validate ]
runc spec
[ -e config.json ]
run ./validate src/runtime-spec/schema/config-schema.json config.json
[ "$status" -eq 0 ]
[[ "${lines[0]}" == *"The document is valid"* ]]
}

31
vendor/github.com/opencontainers/runc/tests/integration/start.bats generated vendored Normal file
View file

@ -0,0 +1,31 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "runc start" {
runc create --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox created
# start container test_busybox
runc start test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
# delete test_busybox
runc delete --force test_busybox
runc state test_busybox
[ "$status" -ne 0 ]
}

76
vendor/github.com/opencontainers/runc/tests/integration/start_detached.bats generated vendored Normal file
View file

@ -0,0 +1,76 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "runc run detached" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
}
@test "runc run detached ({u,g}id != 0)" {
# cannot start containers as another user in rootless setup without idmap
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap
# replace "uid": 0 with "uid": 1000
# and do a similar thing for gid.
sed -i 's;"uid": 0;"uid": 1000;g' config.json
sed -i 's;"gid": 0;"gid": 100;g' config.json
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
}
@test "runc run detached --pid-file" {
# run busybox detached
runc run --pid-file pid.txt -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
# check pid.txt was generated
[ -e pid.txt ]
run cat pid.txt
[ "$status" -eq 0 ]
[[ ${lines[0]} == $(__runc state test_busybox | jq '.pid') ]]
}
@test "runc run detached --pid-file with new CWD" {
# create pid_file directory as the CWD
run mkdir pid_file
[ "$status" -eq 0 ]
run cd pid_file
[ "$status" -eq 0 ]
# run busybox detached
runc run --pid-file pid.txt -d -b $BUSYBOX_BUNDLE --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
# check pid.txt was generated
[ -e pid.txt ]
run cat pid.txt
[ "$status" -eq 0 ]
[[ ${lines[0]} == $(__runc state test_busybox | jq '.pid') ]]
}

64
vendor/github.com/opencontainers/runc/tests/integration/start_hello.bats generated vendored Normal file
View file

@ -0,0 +1,64 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_hello
setup_hello
}
function teardown() {
teardown_hello
}
@test "runc run" {
# run hello-world
runc run test_hello
[ "$status" -eq 0 ]
# check expected output
[[ "${output}" == *"Hello"* ]]
}
@test "runc run ({u,g}id != 0)" {
# cannot start containers as another user in rootless setup without idmap
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap
# replace "uid": 0 with "uid": 1000
# and do a similar thing for gid.
sed -i 's;"uid": 0;"uid": 1000;g' config.json
sed -i 's;"gid": 0;"gid": 100;g' config.json
# run hello-world
runc run test_hello
[ "$status" -eq 0 ]
# check expected output
[[ "${output}" == *"Hello"* ]]
}
@test "runc run with rootfs set to ." {
cp config.json rootfs/.
rm config.json
cd rootfs
sed -i 's;"rootfs";".";' config.json
# run hello-world
runc run test_hello
[ "$status" -eq 0 ]
[[ "${output}" == *"Hello"* ]]
}
@test "runc run --pid-file" {
# run hello-world
runc run --pid-file pid.txt test_hello
[ "$status" -eq 0 ]
[[ "${output}" == *"Hello"* ]]
# check pid.txt was generated
[ -e pid.txt ]
run cat pid.txt
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ [0-9]+ ]]
}

66
vendor/github.com/opencontainers/runc/tests/integration/state.bats generated vendored Normal file
View file

@ -0,0 +1,66 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "state (kill + delete)" {
runc state test_busybox
[ "$status" -ne 0 ]
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
runc kill test_busybox KILL
[ "$status" -eq 0 ]
# wait for busybox to be in the destroyed state
retry 10 1 eval "__runc state test_busybox | grep -q 'stopped'"
# delete test_busybox
runc delete test_busybox
[ "$status" -eq 0 ]
runc state test_busybox
[ "$status" -ne 0 ]
}
@test "state (pause + resume)" {
# XXX: pause and resume require cgroups.
requires root
runc state test_busybox
[ "$status" -ne 0 ]
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# check state
testcontainer test_busybox running
# pause busybox
runc pause test_busybox
[ "$status" -eq 0 ]
# test state of busybox is paused
testcontainer test_busybox paused
# resume busybox
runc resume test_busybox
[ "$status" -eq 0 ]
# test state of busybox is back to running
testcontainer test_busybox running
}

230
vendor/github.com/opencontainers/runc/tests/integration/tty.bats generated vendored Normal file
View file

@ -0,0 +1,230 @@
#!/usr/bin/env bats
load helpers
function setup() {
teardown_busybox
setup_busybox
}
function teardown() {
teardown_busybox
}
@test "runc run [tty ptsname]" {
# Replace sh script with readlink.
sed -i 's|"sh"|"sh", "-c", "for file in /proc/self/fd/[012]; do readlink $file; done"|' config.json
# run busybox
runc run test_busybox
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ /dev/pts/+ ]]
[[ ${lines[1]} =~ /dev/pts/+ ]]
[[ ${lines[2]} =~ /dev/pts/+ ]]
}
@test "runc run [tty owner]" {
# tty chmod is not doable in rootless containers without idmap.
# TODO: this can be made as a change to the gid test.
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap
# Replace sh script with stat.
sed -i 's/"sh"/"sh", "-c", "stat -c %u:%g $(tty) | tr : \\\\\\\\n"/' config.json
# run busybox
runc run test_busybox
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ 0 ]]
# This is set by the default config.json (it corresponds to the standard tty group).
[[ ${lines[1]} =~ 5 ]]
}
@test "runc run [tty owner] ({u,g}id != 0)" {
# tty chmod is not doable in rootless containers without idmap.
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap
# replace "uid": 0 with "uid": 1000
# and do a similar thing for gid.
sed -i 's;"uid": 0;"uid": 1000;g' config.json
sed -i 's;"gid": 0;"gid": 100;g' config.json
# Replace sh script with stat.
sed -i 's/"sh"/"sh", "-c", "stat -c %u:%g $(tty) | tr : \\\\\\\\n"/' config.json
# run busybox
runc run test_busybox
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ 1000 ]]
# This is set by the default config.json (it corresponds to the standard tty group).
[[ ${lines[1]} =~ 5 ]]
}
@test "runc exec [tty ptsname]" {
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# make sure we're running
testcontainer test_busybox running
# run the exec
runc exec test_busybox sh -c 'for file in /proc/self/fd/[012]; do readlink $file; done'
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ /dev/pts/+ ]]
[[ ${lines[1]} =~ /dev/pts/+ ]]
[[ ${lines[2]} =~ /dev/pts/+ ]]
}
@test "runc exec [tty owner]" {
# tty chmod is not doable in rootless containers without idmap.
# TODO: this can be made as a change to the gid test.
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# make sure we're running
testcontainer test_busybox running
# run the exec
runc exec test_busybox sh -c 'stat -c %u:%g $(tty) | tr : \\n'
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ 0 ]]
[[ ${lines[1]} =~ 5 ]]
}
@test "runc exec [tty owner] ({u,g}id != 0)" {
# tty chmod is not doable in rootless containers without idmap.
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap
# replace "uid": 0 with "uid": 1000
# and do a similar thing for gid.
sed -i 's;"uid": 0;"uid": 1000;g' config.json
sed -i 's;"gid": 0;"gid": 100;g' config.json
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# make sure we're running
testcontainer test_busybox running
# run the exec
runc exec test_busybox sh -c 'stat -c %u:%g $(tty) | tr : \\n'
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ 1000 ]]
[[ ${lines[1]} =~ 5 ]]
}
@test "runc exec [tty consolesize]" {
# allow writing to filesystem
sed -i 's/"readonly": true/"readonly": false/' config.json
# run busybox detached
runc run -d --console-socket $CONSOLE_SOCKET test_busybox
[ "$status" -eq 0 ]
# make sure we're running
testcontainer test_busybox running
tty_info_with_consize_size=$( cat <<EOF
{
"terminal": true,
"consoleSize": {
"height": 10,
"width": 110
},
"args": [
"/bin/sh",
"-c",
"/bin/stty -a > /tmp/tty-info"
],
"cwd": "/"
}
EOF
)
# run the exec
runc exec --pid-file pid.txt -d --console-socket $CONSOLE_SOCKET -p <( echo $tty_info_with_consize_size ) test_busybox
[ "$status" -eq 0 ]
# check the pid was generated
[ -e pid.txt ]
#wait user process to finish
timeout 1 tail --pid=$(head -n 1 pid.txt) -f /dev/null
tty_info=$( cat <<EOF
{
"args": [
"/bin/cat",
"/tmp/tty-info"
],
"cwd": "/"
}
EOF
)
# run the exec
runc exec -p <( echo $tty_info ) test_busybox
[ "$status" -eq 0 ]
# test tty width and height against original process.json
[[ ${lines[0]} =~ "rows 10; columns 110" ]]
}
@test "runc create [terminal=false]" {
# Disable terminal creation.
sed -i 's|"terminal": true,|"terminal": false,|g' config.json
# Replace sh script with sleep.
sed -i 's|"sh"|"sleep", "1000s"|' config.json
# Make sure that the handling of detached IO is done properly. See #1354.
__runc create test_busybox
# Start the command.
runc start test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
# Kill the container.
runc kill test_busybox KILL
[ "$status" -eq 0 ]
}
@test "runc run [terminal=false]" {
# Disable terminal creation.
sed -i 's|"terminal": true,|"terminal": false,|g' config.json
# Replace sh script with sleep.
sed -i 's|"sh"|"sleep", "1000s"|' config.json
# Make sure that the handling of non-detached IO is done properly. See #1354.
(
__runc run test_busybox
) &
wait_for_container 15 1 test_busybox
testcontainer test_busybox running
# Kill the container.
runc kill test_busybox KILL
[ "$status" -eq 0 ]
}
@test "runc run -d [terminal=false]" {
# Disable terminal creation.
sed -i 's|"terminal": true,|"terminal": false,|g' config.json
# Replace sh script with sleep.
sed -i 's|"sh"|"sleep", "1000s"|' config.json
# Make sure that the handling of detached IO is done properly. See #1354.
__runc run -d test_busybox
testcontainer test_busybox running
# Kill the container.
runc kill test_busybox KILL
[ "$status" -eq 0 ]
}

287
vendor/github.com/opencontainers/runc/tests/integration/update.bats generated vendored Normal file
View file

@ -0,0 +1,287 @@
#!/usr/bin/env bats
load helpers
function teardown() {
rm -f $BATS_TMPDIR/runc-cgroups-integration-test.json
teardown_running_container test_update
teardown_running_container test_update_rt
teardown_busybox
}
function setup() {
teardown
setup_busybox
set_cgroups_path "$BUSYBOX_BUNDLE"
# Set some initial known values
DATA=$(cat <<EOF
"memory": {
"limit": 33554432,
"reservation": 25165824,
"kernel": 16777216,
"kernelTCP": 11534336
},
"cpu": {
"shares": 100,
"quota": 500000,
"period": 1000000,
"cpus": "0"
},
"blockio": {
"weight": 1000
},
"pids": {
"limit": 20
},
EOF
)
DATA=$(echo ${DATA} | sed 's/\n/\\n/g')
sed -i "s/\(\"resources\": {\)/\1\n${DATA}/" ${BUSYBOX_BUNDLE}/config.json
}
function check_cgroup_value() {
cgroup=$1
source=$2
expected=$3
current=$(cat $cgroup/$source)
[ "$current" == "$expected" ]
}
# TODO: test rt cgroup updating
@test "update" {
# XXX: Also, this test should be split into separate sections so that we
# can skip kmem without skipping update tests overall.
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup
requires cgroups_kmem
# run a few busyboxes detached
runc run -d --console-socket $CONSOLE_SOCKET test_update
[ "$status" -eq 0 ]
# get the cgroup paths
for g in MEMORY CPUSET CPU BLKIO PIDS; do
base_path=$(grep "cgroup" /proc/self/mountinfo | gawk 'toupper($NF) ~ /\<'${g}'\>/ { print $5; exit }')
eval CGROUP_${g}="${base_path}${CGROUPS_PATH}"
done
CGROUP_SYSTEM_MEMORY=$(grep "cgroup" /proc/self/mountinfo | gawk 'toupper($NF) ~ /\<'MEMORY'\>/ { print $5; exit }')
# check that initial values were properly set
check_cgroup_value $CGROUP_BLKIO "blkio.weight" 1000
check_cgroup_value $CGROUP_CPU "cpu.cfs_period_us" 1000000
check_cgroup_value $CGROUP_CPU "cpu.cfs_quota_us" 500000
check_cgroup_value $CGROUP_CPU "cpu.shares" 100
check_cgroup_value $CGROUP_CPUSET "cpuset.cpus" 0
check_cgroup_value $CGROUP_MEMORY "memory.kmem.limit_in_bytes" 16777216
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
check_cgroup_value $CGROUP_PIDS "pids.max" 20
# update blkio-weight
runc update test_update --blkio-weight 500
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_BLKIO "blkio.weight" 500
# update cpu-period
runc update test_update --cpu-period 900000
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_CPU "cpu.cfs_period_us" 900000
# update cpu-quota
runc update test_update --cpu-quota 600000
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_CPU "cpu.cfs_quota_us" 600000
# update cpu-shares
runc update test_update --cpu-share 200
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_CPU "cpu.shares" 200
# update cpuset if supported (i.e. we're running on a multicore cpu)
cpu_count=$(grep '^processor' /proc/cpuinfo | wc -l)
if [ $cpu_count -gt 1 ]; then
runc update test_update --cpuset-cpus "1"
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_CPUSET "cpuset.cpus" 1
fi
# update memory limit
runc update test_update --memory 67108864
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 67108864
runc update test_update --memory 50M
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 52428800
# update memory soft limit
runc update test_update --memory-reservation 33554432
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 33554432
# Run swap memory tests if swap is avaialble
if [ -f "$CGROUP_MEMORY/memory.memsw.limit_in_bytes" ]; then
# try to remove memory swap limit
runc update test_update --memory-swap -1
[ "$status" -eq 0 ]
# Get System memory swap limit
SYSTEM_MEMORY_SW=$(cat "${CGROUP_SYSTEM_MEMORY}/memory.memsw.limit_in_bytes")
check_cgroup_value $CGROUP_MEMORY "memory.memsw.limit_in_bytes" ${SYSTEM_MEMORY_SW}
# update memory swap
runc update test_update --memory-swap 96468992
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_MEMORY "memory.memsw.limit_in_bytes" 96468992
fi;
# try to remove memory limit
runc update test_update --memory -1
[ "$status" -eq 0 ]
# Get System memory limit
SYSTEM_MEMORY=$(cat "${CGROUP_SYSTEM_MEMORY}/memory.limit_in_bytes")
# check memory limited is gone
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" ${SYSTEM_MEMORY}
# check swap memory limited is gone
if [ -f "$CGROUP_MEMORY/memory.memsw.limit_in_bytes" ]; then
check_cgroup_value $CGROUP_MEMORY "memory.memsw.limit_in_bytes" ${SYSTEM_MEMORY}
fi
# update kernel memory limit
runc update test_update --kernel-memory 50331648
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_MEMORY "memory.kmem.limit_in_bytes" 50331648
# update kernel memory tcp limit
runc update test_update --kernel-memory-tcp 41943040
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 41943040
# update pids limit
runc update test_update --pids-limit 10
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_PIDS "pids.max" 10
# Revert to the test initial value via json on stding
runc update -r - test_update <<EOF
{
"memory": {
"limit": 33554432,
"reservation": 25165824,
"kernel": 16777216,
"kernelTCP": 11534336
},
"cpu": {
"shares": 100,
"quota": 500000,
"period": 1000000,
"cpus": "0"
},
"blockIO": {
"weight": 1000
},
"pids": {
"limit": 20
}
}
EOF
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_BLKIO "blkio.weight" 1000
check_cgroup_value $CGROUP_CPU "cpu.cfs_period_us" 1000000
check_cgroup_value $CGROUP_CPU "cpu.cfs_quota_us" 500000
check_cgroup_value $CGROUP_CPU "cpu.shares" 100
check_cgroup_value $CGROUP_CPUSET "cpuset.cpus" 0
check_cgroup_value $CGROUP_MEMORY "memory.kmem.limit_in_bytes" 16777216
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
check_cgroup_value $CGROUP_PIDS "pids.max" 20
# redo all the changes at once
runc update test_update --blkio-weight 500 \
--cpu-period 900000 --cpu-quota 600000 --cpu-share 200 --memory 67108864 \
--memory-reservation 33554432 --kernel-memory 50331648 --kernel-memory-tcp 41943040 \
--pids-limit 10
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_BLKIO "blkio.weight" 500
check_cgroup_value $CGROUP_CPU "cpu.cfs_period_us" 900000
check_cgroup_value $CGROUP_CPU "cpu.cfs_quota_us" 600000
check_cgroup_value $CGROUP_CPU "cpu.shares" 200
check_cgroup_value $CGROUP_MEMORY "memory.kmem.limit_in_bytes" 50331648
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 41943040
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 67108864
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 33554432
check_cgroup_value $CGROUP_PIDS "pids.max" 10
# reset to initial test value via json file
DATA=$(cat <<"EOF"
{
"memory": {
"limit": 33554432,
"reservation": 25165824,
"kernel": 16777216,
"kernelTCP": 11534336
},
"cpu": {
"shares": 100,
"quota": 500000,
"period": 1000000,
"cpus": "0"
},
"blockIO": {
"weight": 1000
},
"pids": {
"limit": 20
}
}
EOF
)
echo $DATA > $BATS_TMPDIR/runc-cgroups-integration-test.json
runc update -r $BATS_TMPDIR/runc-cgroups-integration-test.json test_update
[ "$status" -eq 0 ]
check_cgroup_value $CGROUP_BLKIO "blkio.weight" 1000
check_cgroup_value $CGROUP_CPU "cpu.cfs_period_us" 1000000
check_cgroup_value $CGROUP_CPU "cpu.cfs_quota_us" 500000
check_cgroup_value $CGROUP_CPU "cpu.shares" 100
check_cgroup_value $CGROUP_CPUSET "cpuset.cpus" 0
check_cgroup_value $CGROUP_MEMORY "memory.kmem.limit_in_bytes" 16777216
check_cgroup_value $CGROUP_MEMORY "memory.kmem.tcp.limit_in_bytes" 11534336
check_cgroup_value $CGROUP_MEMORY "memory.limit_in_bytes" 33554432
check_cgroup_value $CGROUP_MEMORY "memory.soft_limit_in_bytes" 25165824
check_cgroup_value $CGROUP_PIDS "pids.max" 20
}
@test "update rt period and runtime" {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup
requires cgroups_kmem cgroups_rt
# run a detached busybox
runc run -d --console-socket $CONSOLE_SOCKET test_update_rt
[ "$status" -eq 0 ]
# get the cgroup paths
eval CGROUP_CPU="${CGROUP_CPU_BASE_PATH}${CGROUPS_PATH}"
runc update -r - test_update_rt <<EOF
{
"cpu": {
"realtimePeriod": 800001,
"realtimeRuntime": 500001
}
}
EOF
check_cgroup_value $CGROUP_CPU "cpu.rt_period_us" 800001
check_cgroup_value $CGROUP_CPU "cpu.rt_runtime_us" 500001
runc update test_update_rt --cpu-rt-period 900001 --cpu-rt-runtime 600001
check_cgroup_value $CGROUP_CPU "cpu.rt_period_us" 900001
check_cgroup_value $CGROUP_CPU "cpu.rt_runtime_us" 600001
}

11
vendor/github.com/opencontainers/runc/tests/integration/version.bats generated vendored Normal file
View file

@ -0,0 +1,11 @@
#!/usr/bin/env bats
load helpers
@test "runc version" {
runc -v
[ "$status" -eq 0 ]
[[ ${lines[0]} =~ runc\ version\ [0-9]+\.[0-9]+\.[0-9]+ ]]
[[ ${lines[1]} =~ commit:+ ]]
[[ ${lines[2]} =~ spec:\ [0-9]+\.[0-9]+\.[0-9]+ ]]
}

125
vendor/github.com/opencontainers/runc/tests/rootless.sh generated vendored Executable file
View file

@ -0,0 +1,125 @@
#!/bin/bash
# Copyright (C) 2017 SUSE LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# rootless.sh -- Runner for rootless container tests. The purpose of this
# script is to allow for the addition (and testing) of "opportunistic" features
# to rootless containers while still testing the base features. In order to add
# a new feature, please match the existing style. Add an entry to $ALL_FEATURES,
# and add an enable_* and disable_* hook.
ALL_FEATURES=("idmap" "cgroup")
ROOT="$(readlink -f "$(dirname "${BASH_SOURCE}")/..")"
# FEATURE: Opportunistic new{uid,gid}map support, allowing a rootless container
# to be set up with the usage of helper setuid binaries.
function enable_idmap() {
export ROOTLESS_UIDMAP_START=100000 ROOTLESS_UIDMAP_LENGTH=65536
export ROOTLESS_GIDMAP_START=200000 ROOTLESS_GIDMAP_LENGTH=65536
# Set up sub{uid,gid} mappings.
[ -e /etc/subuid.tmp ] && mv /etc/subuid{.tmp,}
( grep -v '^rootless' /etc/subuid ; echo "rootless:$ROOTLESS_UIDMAP_START:$ROOTLESS_UIDMAP_LENGTH" ) > /etc/subuid.tmp
mv /etc/subuid{.tmp,}
[ -e /etc/subgid.tmp ] && mv /etc/subgid{.tmp,}
( grep -v '^rootless' /etc/subgid ; echo "rootless:$ROOTLESS_GIDMAP_START:$ROOTLESS_GIDMAP_LENGTH" ) > /etc/subgid.tmp
mv /etc/subgid{.tmp,}
# Reactivate new{uid,gid}map helpers if applicable.
[ -e /usr/bin/unused-newuidmap ] && mv /usr/bin/{unused-,}newuidmap
[ -e /usr/bin/unused-newgidmap ] && mv /usr/bin/{unused-,}newgidmap
}
function disable_idmap() {
export ROOTLESS_UIDMAP_START ROOTLESS_UIDMAP_LENGTH
export ROOTLESS_GIDMAP_START ROOTLESS_GIDMAP_LENGTH
# Deactivate sub{uid,gid} mappings.
[ -e /etc/subuid ] && mv /etc/subuid{,.tmp}
[ -e /etc/subgid ] && mv /etc/subgid{,.tmp}
# Deactivate new{uid,gid}map helpers. setuid is preserved with mv(1).
[ -e /usr/bin/newuidmap ] && mv /usr/bin/{,unused-}newuidmap
[ -e /usr/bin/newgidmap ] && mv /usr/bin/{,unused-}newgidmap
}
# FEATURE: Opportunistic cgroups support, allowing a rootless container to set
# resource limits on condition that cgroupsPath is set to a path the
# rootless user has permissions on.
# List of cgroups. We handle name= cgroups as well as combined
# (comma-separated) cgroups and correctly split and/or strip them.
ALL_CGROUPS=( $(cat /proc/self/cgroup | cut -d: -f2 | sed -E '{s/^name=//;s/,/\n/;/^$/D}') )
CGROUP_MOUNT="/sys/fs/cgroup"
CGROUP_PATH="/runc-cgroups-integration-test"
function enable_cgroup() {
# Set up cgroups for use in rootless containers.
for cg in "${ALL_CGROUPS[@]}"
do
mkdir -p "$CGROUP_MOUNT/$cg$CGROUP_PATH"
# We only need to allow write access to {cgroup.procs,tasks} and the
# directory. Rather than changing the owner entirely, we just change
# the group and then allow write access to the group (in order to
# further limit the possible DAC permissions that runc could use).
chown root:rootless "$CGROUP_MOUNT/$cg$CGROUP_PATH/"{,cgroup.procs,tasks}
chmod g+rwx "$CGROUP_MOUNT/$cg$CGROUP_PATH/"{,cgroup.procs,tasks}
# Due to cpuset's semantics we need to give extra permissions to allow
# for runc to set up the hierarchy. XXX: This really shouldn't be
# necessary, and might actually be a bug in our impl of cgroup
# handling.
[[ "$cg" == "cpuset" ]] && chown rootless:rootless "$CGROUP_MOUNT/$cg$CGROUP_PATH/cpuset."{cpus,mems}
done
}
function disable_cgroup() {
# Remove cgroups used in rootless containers.
for cg in "${ALL_CGROUPS[@]}"
do
[ -d "$CGROUP_MOUNT/$cg$CGROUP_PATH" ] && rmdir "$CGROUP_MOUNT/$cg$CGROUP_PATH"
done
}
# Create a powerset of $ALL_FEATURES (the set of all subsets of $ALL_FEATURES).
# We test all of the possible combinations (as long as we don't add too many
# feature knobs this shouldn't take too long -- but the number of tested
# combinations is O(2^n)).
function powerset() {
eval printf '%s' $(printf '{,%s+}' "$@"):
}
features_powerset="$(powerset "${ALL_FEATURES[@]}")"
# Iterate over the powerset of all features.
IFS=:
for enabled_features in $features_powerset
do
idx="$(($idx+1))"
echo "[$(printf '%.2d' "$idx")] run rootless tests ... (${enabled_features%%+})"
unset IFS
for feature in "${ALL_FEATURES[@]}"
do
hook_func="disable_$feature"
grep -E "(^|\+)$feature(\+|$)" <<<$enabled_features &>/dev/null && hook_func="enable_$feature"
"$hook_func"
done
# Run the test suite!
set -e
echo path: $PATH
export ROOTLESS_FEATURES="$enabled_features"
sudo -HE -u rootless PATH="$PATH" bats -t "$ROOT/tests/integration$TESTFLAGS"
set +e
done