Add MCS label support
Carry of #1246 Signed-off-by: Darren Shepherd <darren@rancher.com> Signed-off-by: Michael Crosby <michael@thepasture.io>
This commit is contained in:
Darren Shepherd
committed by
Michael Crosby
Michael Crosby
parent
40071878d7
commit
24209b91bf
@@ -17,9 +17,12 @@
|
||||
package container
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/containerd/cri/pkg/store/label"
|
||||
"github.com/opencontainers/selinux/go-selinux"
|
||||
assertlib "github.com/stretchr/testify/assert"
|
||||
runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
|
||||
|
||||
@@ -39,9 +42,10 @@ func TestContainerStore(t *testing.T) {
|
||||
Attempt: 1,
|
||||
},
|
||||
},
|
||||
ImageRef: "TestImage-1",
|
||||
StopSignal: "SIGTERM",
|
||||
LogPath: "/test/log/path/1",
|
||||
ImageRef: "TestImage-1",
|
||||
StopSignal: "SIGTERM",
|
||||
LogPath: "/test/log/path/1",
|
||||
ProcessLabel: "junk:junk:junk:c1,c2",
|
||||
},
|
||||
"2abcd": {
|
||||
ID: "2abcd",
|
||||
@@ -53,9 +57,10 @@ func TestContainerStore(t *testing.T) {
|
||||
Attempt: 2,
|
||||
},
|
||||
},
|
||||
StopSignal: "SIGTERM",
|
||||
ImageRef: "TestImage-2",
|
||||
LogPath: "/test/log/path/2",
|
||||
StopSignal: "SIGTERM",
|
||||
ImageRef: "TestImage-2",
|
||||
LogPath: "/test/log/path/2",
|
||||
ProcessLabel: "junk:junk:junk:c1,c2",
|
||||
},
|
||||
"4a333": {
|
||||
ID: "4a333",
|
||||
@@ -67,9 +72,10 @@ func TestContainerStore(t *testing.T) {
|
||||
Attempt: 3,
|
||||
},
|
||||
},
|
||||
StopSignal: "SIGTERM",
|
||||
ImageRef: "TestImage-3",
|
||||
LogPath: "/test/log/path/3",
|
||||
StopSignal: "SIGTERM",
|
||||
ImageRef: "TestImage-3",
|
||||
LogPath: "/test/log/path/3",
|
||||
ProcessLabel: "junk:junk:junk:c1,c3",
|
||||
},
|
||||
"4abcd": {
|
||||
ID: "4abcd",
|
||||
@@ -81,8 +87,9 @@ func TestContainerStore(t *testing.T) {
|
||||
Attempt: 1,
|
||||
},
|
||||
},
|
||||
StopSignal: "SIGTERM",
|
||||
ImageRef: "TestImage-4abcd",
|
||||
StopSignal: "SIGTERM",
|
||||
ImageRef: "TestImage-4abcd",
|
||||
ProcessLabel: "junk:junk:junk:c1,c4",
|
||||
},
|
||||
}
|
||||
statuses := map[string]Status{
|
||||
@@ -136,7 +143,14 @@ func TestContainerStore(t *testing.T) {
|
||||
containers[id] = container
|
||||
}
|
||||
|
||||
s := NewStore()
|
||||
s := NewStore(label.NewStore())
|
||||
reserved := map[string]bool{}
|
||||
s.labels.Reserver = func(label string) {
|
||||
reserved[strings.SplitN(label, ":", 4)[3]] = true
|
||||
}
|
||||
s.labels.Releaser = func(label string) {
|
||||
reserved[strings.SplitN(label, ":", 4)[3]] = false
|
||||
}
|
||||
|
||||
t.Logf("should be able to add container")
|
||||
for _, c := range containers {
|
||||
@@ -155,6 +169,15 @@ func TestContainerStore(t *testing.T) {
|
||||
cs := s.List()
|
||||
assert.Len(cs, len(containers))
|
||||
|
||||
if selinux.GetEnabled() {
|
||||
t.Logf("should have reserved labels (requires -tag selinux)")
|
||||
assert.Equal(map[string]bool{
|
||||
"c1,c2": true,
|
||||
"c1,c3": true,
|
||||
"c1,c4": true,
|
||||
}, reserved)
|
||||
}
|
||||
|
||||
cntrNum := len(containers)
|
||||
for testID, v := range containers {
|
||||
truncID := genTruncIndex(testID)
|
||||
@@ -173,6 +196,15 @@ func TestContainerStore(t *testing.T) {
|
||||
assert.Equal(Container{}, c)
|
||||
assert.Equal(store.ErrNotExist, err)
|
||||
}
|
||||
|
||||
if selinux.GetEnabled() {
|
||||
t.Logf("should have released all labels (requires -tag selinux)")
|
||||
assert.Equal(map[string]bool{
|
||||
"c1,c2": false,
|
||||
"c1,c3": false,
|
||||
"c1,c4": false,
|
||||
}, reserved)
|
||||
}
|
||||
}
|
||||
|
||||
func TestWithContainerIO(t *testing.T) {
|
||||
|
||||
Reference in New Issue
Block a user