github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #1218 from Random-Liu/more-proc-mount-test

Browse Source 
Add test for disable_proc_mount.
This commit is contained in:
Lantao Liu 2019-08-02 14:02:56 -07:00 committed by GitHub
commit a99766612f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/server/container_create_test.go
View File

@ -23,10 +23,12 @@ import (
"strings" "strings"
"testing" "testing"
"github.com/containerd/containerd/containers"
"github.com/containerd/containerd/contrib/apparmor" "github.com/containerd/containerd/contrib/apparmor"
"github.com/containerd/containerd/contrib/seccomp" "github.com/containerd/containerd/contrib/seccomp"
"github.com/containerd/containerd/mount" "github.com/containerd/containerd/mount"
"github.com/containerd/containerd/oci" "github.com/containerd/containerd/oci"
ctrdutil "github.com/containerd/cri/pkg/containerd/util"
imagespec "github.com/opencontainers/image-spec/specs-go/v1" imagespec "github.com/opencontainers/image-spec/specs-go/v1"
runtimespec "github.com/opencontainers/runtime-spec/specs-go" runtimespec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -1093,21 +1095,33 @@ func TestMaskedAndReadonlyPaths(t *testing.T) {
config, sandboxConfig, imageConfig, specCheck := getCreateContainerTestData() config, sandboxConfig, imageConfig, specCheck := getCreateContainerTestData()
c := newTestCRIService() c := newTestCRIService()
defaultSpec, err := c.generateContainerSpec(testID, testSandboxID, testPid, config, sandboxConfig, imageConfig, nil, nil) defaultSpec, err := oci.GenerateSpec(ctrdutil.NamespacedContext(), nil, &containers.Container{ID: testID})
require.NoError(t, err) require.NoError(t, err)
for desc, test := range map[string]struct { for desc, test := range map[string]struct {
disableProcMount bool
masked []string masked []string
readonly []string readonly []string
expectedMasked []string expectedMasked []string
expectedReadonly []string expectedReadonly []string
privileged bool privileged bool
}{ }{
"should apply default if not specified": { "should apply default if not specified when disable_proc_mount = true": {
disableProcMount: true,
masked: nil,
readonly: nil,
expectedMasked: defaultSpec.Linux.MaskedPaths, expectedMasked: defaultSpec.Linux.MaskedPaths,
expectedReadonly: defaultSpec.Linux.ReadonlyPaths, expectedReadonly: defaultSpec.Linux.ReadonlyPaths,
privileged: false, privileged: false,
}, },
"should always apply CRI specified paths when disable_proc_mount = false": {
disableProcMount: false,
masked: nil,
readonly: nil,
expectedMasked: nil,
expectedReadonly: nil,
privileged: false,
},
"should be able to specify empty paths": { "should be able to specify empty paths": {
masked: []string{}, masked: []string{},
readonly: []string{}, readonly: []string{},
@ -1143,6 +1157,7 @@ func TestMaskedAndReadonlyPaths(t *testing.T) {
}, },
} { } {
t.Logf("TestCase %q", desc) t.Logf("TestCase %q", desc)
c.config.DisableProcMount = test.disableProcMount
config.Linux.SecurityContext.MaskedPaths = test.masked config.Linux.SecurityContext.MaskedPaths = test.masked
config.Linux.SecurityContext.ReadonlyPaths = test.readonly config.Linux.SecurityContext.ReadonlyPaths = test.readonly
config.Linux.SecurityContext.Privileged = test.privileged config.Linux.SecurityContext.Privileged = test.privileged