From bdd817d0024a7671bbbea14007b866c693cec988 Mon Sep 17 00:00:00 2001
From: HaoZhang <crazykev@zju.edu.cn>
Date: Sat, 19 Nov 2016 10:17:14 +0800
Subject: [PATCH] add test for sysctls

Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
---
 test/pod.bats                     | 40 +++++++++++++++++++++++++++++++
 test/testdata/sandbox_config.json |  4 +++-
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/test/pod.bats b/test/pod.bats
index a62ceac2..e33db963 100644
--- a/test/pod.bats
+++ b/test/pod.bats
@@ -187,3 +187,43 @@ function teardown() {
 	cleanup_pods
 	stop_ocid
 }
+
+@test "pass pod sysctls to runtime" {
+	# this test requires docker, thus it can't yet be run in a container
+	if [ "$TRAVIS" = "true" ]; then # instead of $TRAVIS, add a function is_containerized to skip here
+		skip "cannot yet run this test in a container, use sudo make localintegration"
+	fi
+
+	start_ocid
+	run ocic pod create --config "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+
+	run ocic ctr create --pod "$pod_id" --config "$TESTDATA"/container_redis.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	container_id="$output"
+
+	run ocic ctr start --id "$container_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+
+	run ocic ctr execsync --id "$container_id" sysctl kernel.shm_rmid_forced
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "kernel.shm_rmid_forced = 1" ]]
+
+	run ocic ctr execsync --id "$container_id" sysctl kernel.msgmax
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "kernel.msgmax = 8192" ]]
+
+	run ocic ctr execsync --id "$container_id" sysctl net.ipv4.ip_local_port_range
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "net.ipv4.ip_local_port_range = 1024	65000" ]]
+
+	cleanup_pods
+	stop_ocid
+}
diff --git a/test/testdata/sandbox_config.json b/test/testdata/sandbox_config.json
index d1acda59..43e7a2ca 100644
--- a/test/testdata/sandbox_config.json
+++ b/test/testdata/sandbox_config.json
@@ -46,7 +46,9 @@
 		"group": "test"
 	},
 	"annotations": {
-		"owner": "hmeng"
+		"owner": "hmeng",
+		"security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000",
+		"security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" 
 	},
 	"linux": {
 		"cgroup_parent": "podsandbox1.slice:container:infra",