cri/server: Add tests for ContainerMounts()

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
2023-07-19 15:55:26 +02:00 · 2023-07-19 15:55:26 +02:00 · 10cb112e4a
commit 10cb112e4a
parent 97dfa7f556
1 changed files with 52 additions and 0 deletions
--- a/pkg/cri/server/container_create_linux_test.go
+++ b/pkg/cri/server/container_create_linux_test.go
@ -459,6 +459,14 @@ func TestContainerAndSandboxPrivileged(t *testing.T) {

 func TestContainerMounts(t *testing.T) {
 	const testSandboxID = "test-id"
+	idmap := []*runtime.IDMapping{
+		{
+			ContainerId: 0,
+			HostId:      100,
+			Length:      1,
+		},
+	}
+
 	for _, test := range []struct {
 		desc            string
 		statFn          func(string) (os.FileInfo, error)
@ -528,6 +536,50 @@ func TestContainerMounts(t *testing.T) {
 				},
 			},
 		},
+		{
+			desc: "should setup uidMappings/gidMappings when userns is used",
+			securityContext: &runtime.LinuxContainerSecurityContext{
+				NamespaceOptions: &runtime.NamespaceOption{
+					UsernsOptions: &runtime.UserNamespace{
+						Mode: runtime.NamespaceMode_POD,
+						Uids: idmap,
+						Gids: idmap,
+					},
+				},
+			},
+			expectedMounts: []*runtime.Mount{
+				{
+					ContainerPath:  "/etc/hostname",
+					HostPath:       filepath.Join(testRootDir, sandboxesDir, testSandboxID, "hostname"),
+					Readonly:       false,
+					SelinuxRelabel: true,
+					UidMappings:    idmap,
+					GidMappings:    idmap,
+				},
+				{
+					ContainerPath:  "/etc/hosts",
+					HostPath:       filepath.Join(testRootDir, sandboxesDir, testSandboxID, "hosts"),
+					Readonly:       false,
+					SelinuxRelabel: true,
+					UidMappings:    idmap,
+					GidMappings:    idmap,
+				},
+				{
+					ContainerPath:  resolvConfPath,
+					HostPath:       filepath.Join(testRootDir, sandboxesDir, testSandboxID, "resolv.conf"),
+					Readonly:       false,
+					SelinuxRelabel: true,
+					UidMappings:    idmap,
+					GidMappings:    idmap,
+				},
+				{
+					ContainerPath:  "/dev/shm",
+					HostPath:       filepath.Join(testStateDir, sandboxesDir, testSandboxID, "shm"),
+					Readonly:       false,
+					SelinuxRelabel: true,
+				},
+			},
+		},
 		{
 			desc: "should use host /dev/shm when host ipc is set",
 			securityContext: &runtime.LinuxContainerSecurityContext{