Skip to content

Commit

Permalink
Move integration tests to debian
Browse files Browse the repository at this point in the history
Signed-off-by: Renaud Gaubert <[email protected]>
  • Loading branch information
Renaud Gaubert committed Jun 25, 2020
1 parent 1b94395 commit 2436fc8
Show file tree
Hide file tree
Showing 35 changed files with 562 additions and 623 deletions.
3 changes: 3 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ matrix:
- RUNC_USE_SYSTEMD=1
script:
- make all
- curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64
- . /etc/os-release && sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/x${NAME}_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" && wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/x${NAME}_${VERSION_ID}/Release.key -O- | sudo apt-key add -
- apt-get update -qq && apt-get install skopeo
- sudo PATH="$PATH" make localintegration RUNC_USE_SYSTEMD=1
- name: "fedora32"
before_install:
Expand Down
9 changes: 2 additions & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -86,14 +86,9 @@ ENTRYPOINT ["/tmpmount"]

# setup a playground for us to spawn containers in
COPY tests/integration/multi-arch.bash tests/integration/
ENV ROOTFS /busybox
ENV ROOTFS /opensuse
RUN mkdir -p "${ROOTFS}"
RUN . tests/integration/multi-arch.bash \
&& curl -fsSL `get_busybox` | tar xfJC - "${ROOTFS}"

ENV DEBIAN_ROOTFS /debian
RUN mkdir -p "${DEBIAN_ROOTFS}"
RUN . tests/integration/multi-arch.bash \
&& get_and_extract_debian "$DEBIAN_ROOTFS"
&& get_and_extract_opensuse "$ROOTFS"

COPY . .
6 changes: 3 additions & 3 deletions Vagrantfile.centos7
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,9 @@ EOF
# Add a user for rootless tests
useradd -u2000 -m -d/home/rootless -s/bin/bash rootless
# Add busybox for libcontainer/integration tests
# Add opensuse for libcontainer/integration tests
. /vagrant/tests/integration/multi-arch.bash \
&& mkdir /busybox \
&& curl -fsSL $(get_busybox) | tar xfJC - /busybox
&& mkdir /opensuse \
&& get_and_extract_opensuse /opensuse
SHELL
end
7 changes: 3 additions & 4 deletions Vagrantfile.fedora32
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,10 @@ EOF
curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.5/umoci.amd64
chmod +x /usr/local/bin/umoci
# Add busybox for libcontainer/integration tests
# Add opensuse for libcontainer/integration tests
. /vagrant/tests/integration/multi-arch.bash \
&& mkdir /busybox /debian \
&& curl -fsSL $(get_busybox) | tar xfJC - /busybox \
&& get_and_extract_debian /debian
&& mkdir /opensuse \
&& get_and_extract_opensuse /opensuse
# Delegate cgroup v2 controllers to rootless user via --systemd-cgroup
mkdir -p /etc/systemd/system/[email protected]
Expand Down
12 changes: 4 additions & 8 deletions libcontainer/integration/exec_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -480,7 +480,7 @@ func TestAdditionalGroups(t *testing.T) {
Env: standardEnvironment,
Stdin: nil,
Stdout: &stdout,
AdditionalGroups: []string{"plugdev", "audio"},
AdditionalGroups: []string{"video", "audio"},
Init: true,
}
err = container.Run(&pconfig)
Expand All @@ -496,8 +496,8 @@ func TestAdditionalGroups(t *testing.T) {
t.Fatalf("Listed groups do not contain the audio group as expected: %v", outputGroups)
}

if !strings.Contains(outputGroups, "plugdev") {
t.Fatalf("Listed groups do not contain the plugdev group as expected: %v", outputGroups)
if !strings.Contains(outputGroups, "video") {
t.Fatalf("Listed groups do not contain the video group as expected: %v", outputGroups)
}
}

Expand Down Expand Up @@ -665,11 +665,7 @@ func testPids(t *testing.T, systemd bool) {
if err != nil && strings.Contains(err.Error(), "no such directory for pids.max") {
t.Skip("PIDs cgroup is unsupported")
}
if err != nil && !strings.Contains(out.String(), "sh: can't fork") {
ok(t, err)
}

if err == nil {
if !strings.Contains(out.String(), "/bin/sh: fork: retry: Resource temporarily unavailable") {
t.Fatalf("expected fork() to fail with restrictive pids limit")
}

Expand Down
10 changes: 5 additions & 5 deletions libcontainer/integration/execin_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ func TestExecInAdditionalGroups(t *testing.T) {
Env: standardEnvironment,
Stdin: nil,
Stdout: &stdout,
AdditionalGroups: []string{"plugdev", "audio"},
AdditionalGroups: []string{"video", "audio"},
}
err = container.Run(&pconfig)
ok(t, err)
Expand All @@ -197,8 +197,8 @@ func TestExecInAdditionalGroups(t *testing.T) {
t.Fatalf("Listed groups do not contain the audio group as expected: %v", outputGroups)
}

if !strings.Contains(outputGroups, "plugdev") {
t.Fatalf("Listed groups do not contain the plugdev group as expected: %v", outputGroups)
if !strings.Contains(outputGroups, "video") {
t.Fatalf("Listed groups do not contain the video group as expected: %v", outputGroups)
}
}

Expand Down Expand Up @@ -285,7 +285,7 @@ func TestExecInTTY(t *testing.T) {
var stdout bytes.Buffer
ps := &libcontainer.Process{
Cwd: "/",
Args: []string{"ps"},
Args: []string{"ps", "x"},
Env: standardEnvironment,
}
parent, child, err := utils.NewSockPair("console")
Expand Down Expand Up @@ -345,7 +345,7 @@ func TestExecInTTY(t *testing.T) {

out := stdout.String()
if !strings.Contains(out, "cat") || !strings.Contains(out, "ps") {
t.Fatalf("unexpected running process, output %q", out)
t.Fatalf("unexpected running process, output:\n %v", out)
}
if strings.Contains(out, "\r") {
t.Fatalf("unexpected carriage-return in output")
Expand Down
2 changes: 1 addition & 1 deletion libcontainer/integration/init_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"github.com/sirupsen/logrus"
)

// init runs the libcontainer initialization code because of the busybox style needs
// init runs the libcontainer initialization code because of the debian style needs
// to work around the go runtime and the issues with forking
func init() {
if len(os.Args) < 2 || os.Args[1] != "init" {
Expand Down
30 changes: 15 additions & 15 deletions libcontainer/integration/seccomp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {
buffers := newStdBuffers()
pwd := &libcontainer.Process{
Cwd: "/",
Args: []string{"pwd"},
Args: []string{"/bin/sh", "-c", "pwd"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
Stdout: buffers.Stdout,
Expand All @@ -60,7 +60,7 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {
}
ps, err := pwd.Wait()
if err == nil {
t.Fatal("Expecting error (negative return code); instead exited cleanly!")
t.Fatalf("Expecting error (negative return code); instead exited cleanly!")
}

var exitCode int
Expand All @@ -77,10 +77,10 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {
t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)
}

expected := "pwd: getcwd: No such process"
expected := "getcwd: cannot access parent directories: No such process"
actual := strings.Trim(buffers.Stderr.String(), "\n")
if actual != expected {
t.Fatalf("Expected output %s but got %s\n", expected, actual)
if !strings.Contains(actual, expected) {
t.Fatalf("Expected output to contain `%s` but got `%s`\n", expected, actual)
}
}

Expand Down Expand Up @@ -115,7 +115,7 @@ func TestSeccompDenyGetcwd(t *testing.T) {
buffers := newStdBuffers()
pwd := &libcontainer.Process{
Cwd: "/",
Args: []string{"pwd"},
Args: []string{"/bin/sh", "-c", "pwd"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
Stdout: buffers.Stdout,
Expand Down Expand Up @@ -146,10 +146,10 @@ func TestSeccompDenyGetcwd(t *testing.T) {
t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode)
}

expected := "pwd: getcwd: Operation not permitted"
expected := "getcwd: cannot access parent directories: Operation not permitted"
actual := strings.Trim(buffers.Stderr.String(), "\n")
if actual != expected {
t.Fatalf("Expected output %s but got %s\n", expected, actual)
if !strings.Contains(actual, expected) {
t.Fatalf("Expected output to contain `%s` but got `%s`\n", expected, actual)
}
}

Expand Down Expand Up @@ -191,7 +191,7 @@ func TestSeccompPermitWriteConditional(t *testing.T) {
buffers := newStdBuffers()
dmesg := &libcontainer.Process{
Cwd: "/",
Args: []string{"busybox", "ls", "/"},
Args: []string{"ls", "/"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
Stdout: buffers.Stdout,
Expand Down Expand Up @@ -253,7 +253,7 @@ func TestSeccompDenyWriteConditional(t *testing.T) {
buffers := newStdBuffers()
dmesg := &libcontainer.Process{
Cwd: "/",
Args: []string{"busybox", "ls", "does_not_exist"},
Args: []string{"ls", "does_not_exist"},
Env: standardEnvironment,
Stdin: buffers.Stdin,
Stdout: buffers.Stdout,
Expand Down Expand Up @@ -433,11 +433,11 @@ func TestSeccompMultipleConditionSameArgDeniesStdout(t *testing.T) {
}

buffers, exitCode, err := runContainer(config, "", "ls", "/")
if err != nil {
t.Fatalf("%s: %s", buffers, err)
if err == nil {
t.Fatalf("Container returned without error when we expected an error, code: `%d`, stdout: `%s`, stderr: `%s`", exitCode, buffers.Stdout.String(), buffers.Stderr.String())
}
if exitCode != 0 {
t.Fatalf("exit code not 0. code %d buffers %s", exitCode, buffers)
if exitCode != -1 {
t.Fatalf("exit code not -1. code: `%d`, stdout: `%s`, stderr: `%s`", exitCode, buffers.Stdout.String(), buffers.Stderr.String())
}
// Verify that nothing was printed
if len(buffers.Stdout.String()) != 0 {
Expand Down
10 changes: 5 additions & 5 deletions libcontainer/integration/utils_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ func newTestBundle() (string, error) {
return dir, nil
}

// newRootfs creates a new tmp directory and copies the busybox root filesystem
// newRootfs creates a new tmp directory and copies the opensuse root filesystem
func newRootfs() (string, error) {
dir, err := ioutil.TempDir("", "")
if err != nil {
Expand All @@ -101,7 +101,7 @@ func newRootfs() (string, error) {
if err := os.MkdirAll(dir, 0700); err != nil {
return "", err
}
if err := copyBusybox(dir); err != nil {
if err := copyOpensuse(dir); err != nil {
return "", err
}
return dir, nil
Expand All @@ -111,10 +111,10 @@ func remove(dir string) {
os.RemoveAll(dir)
}

// copyBusybox copies the rootfs for a busybox container created for the test image
// copyOpensuse copies the rootfs for a opensuse container created for the test image
// into the new directory for the specific test
func copyBusybox(dest string) error {
out, err := exec.Command("sh", "-c", fmt.Sprintf("cp -a /busybox/* %s/", dest)).CombinedOutput()
func copyOpensuse(dest string) error {
out, err := exec.Command("sh", "-c", fmt.Sprintf("cp -a /opensuse/rootfs/* %s/", dest)).CombinedOutput()
if err != nil {
return fmt.Errorf("copy error %q: %q", err, out)
}
Expand Down
30 changes: 15 additions & 15 deletions tests/integration/cgroups.bats
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,24 @@ function teardown() {
rm -f $BATS_TMPDIR/runc-cgroups-integration-test.json
teardown_running_container test_cgroups_kmem
teardown_running_container test_cgroups_permissions
teardown_busybox
teardown_container
}

function setup() {
teardown
setup_busybox
setup_container
}

@test "runc update --kernel-memory{,-tcp} (initialized)" {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup
requires cgroups_kmem

set_cgroups_path "$BUSYBOX_BUNDLE"
set_cgroups_path "$BUNDLE"

# Set some initial known values
update_config '.linux.resources.memory |= {"kernel": 16777216, "kernelTCP": 11534336}' ${BUSYBOX_BUNDLE}
update_config '.linux.resources.memory |= {"kernel": 16777216, "kernelTCP": 11534336}' ${BUNDLE}

# run a detached busybox to work with
# run a detached container to work with
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_kmem
[ "$status" -eq 0 ]

Expand All @@ -45,9 +45,9 @@ function setup() {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup
requires cgroups_kmem

set_cgroups_path "$BUSYBOX_BUNDLE"
set_cgroups_path "$BUNDLE"

# run a detached busybox to work with
# run a detached container to work with
runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_kmem
[ "$status" -eq 0 ]

Expand All @@ -74,7 +74,7 @@ function setup() {
# systemd controls the permission, so error does not happen
requires no_systemd

set_cgroups_path "$BUSYBOX_BUNDLE"
set_cgroups_path "$BUNDLE"

runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 1 ]
Expand All @@ -87,7 +87,7 @@ function setup() {
# systemd controls the permission, so error does not happen
requires no_systemd

set_resources_limit "$BUSYBOX_BUNDLE"
set_resources_limit "$BUNDLE"

runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 1 ]
Expand All @@ -97,8 +97,8 @@ function setup() {
@test "runc create (limits + cgrouppath + permission on the cgroup dir) succeeds" {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup

set_cgroups_path "$BUSYBOX_BUNDLE"
set_resources_limit "$BUSYBOX_BUNDLE"
set_cgroups_path "$BUNDLE"
set_resources_limit "$BUNDLE"

runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 0 ]
Expand All @@ -118,8 +118,8 @@ function setup() {
@test "runc exec (limits + cgrouppath + permission on the cgroup dir) succeeds" {
[[ "$ROOTLESS" -ne 0 ]] && requires rootless_cgroup

set_cgroups_path "$BUSYBOX_BUNDLE"
set_resources_limit "$BUSYBOX_BUNDLE"
set_cgroups_path "$BUNDLE"
set_resources_limit "$BUNDLE"

runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
[ "$status" -eq 0 ]
Expand All @@ -132,8 +132,8 @@ function setup() {
@test "runc exec (cgroup v2 + init process in non-root cgroup) succeeds" {
requires root cgroups_v2

set_cgroups_path "$BUSYBOX_BUNDLE"
set_cgroup_mount_writable "$BUSYBOX_BUNDLE"
set_cgroups_path "$BUNDLE"
set_cgroup_mount_writable "$BUNDLE"

runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_group
[ "$status" -eq 0 ]
Expand Down
Loading

0 comments on commit 2436fc8

Please sign in to comment.