opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-25 02:04:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
podman/test/e2e/run_ns_test.go
Giuseppe Scrivano 2c328a4ac1 specgen: improve heuristic for /sys bind mount 
partially revert 95c45773d7dbca2880152de681c81f0a2afec99b

restrict the cases where /sys is bind mounted from the host.

The heuristic doesn't detect all the cases where the bind mount is not
necessary, but it is an improvement on the previous version where /sys
was always bind mounted for rootless containers unless --net none was
specified.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2021-01-15 09:10:55 +01:00

147 lines
5.0 KiB
Go
Raw Blame History

package integration
import (
"os"
"os/exec"
"strings"
. "github.com/containers/podman/v2/test/utils"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = Describe("Podman run ns", func() {
var (
tempdir string
err error
podmanTest *PodmanTestIntegration
)
BeforeEach(func() {
tempdir, err = CreateTempDirInTempDir()
if err != nil {
os.Exit(1)
}
podmanTest = PodmanTestCreate(tempdir)
podmanTest.Setup()
podmanTest.SeedImages()
})
AfterEach(func() {
podmanTest.Cleanup()
f := CurrentGinkgoTestDescription()
processTestResult(f)
})
It("podman run pidns test", func() {
SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
session := podmanTest.Podman([]string{"run", fedoraMinimal, "bash", "-c", "echo $$"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal("1"))
session = podmanTest.Podman([]string{"run", "--pid=host", fedoraMinimal, "bash", "-c", "echo $$"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Not(Equal("1")))
session = podmanTest.Podman([]string{"run", "--pid=badpid", fedoraMinimal, "bash", "-c", "echo $$"})
session.WaitWithDefaultTimeout()
Expect(session).To(ExitWithError())
})
It("podman run --cgroup private test", func() {
session := podmanTest.Podman([]string{"run", "--cgroupns=private", fedoraMinimal, "cat", "/proc/self/cgroup"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
output := session.OutputToString()
Expect(output).ToNot(ContainSubstring("slice"))
})
It("podman run ipcns test", func() {
setup := SystemExec("ls", []string{"--inode", "-d", "/dev/shm"})
Expect(setup.ExitCode()).To(Equal(0))
hostShm := setup.OutputToString()
session := podmanTest.Podman([]string{"run", "--ipc=host", fedoraMinimal, "ls", "--inode", "-d", "/dev/shm"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(Equal(hostShm))
})
It("podman run ipcns ipcmk host test", func() {
setup := SystemExec("ipcmk", []string{"-M", "1024"})
Expect(setup.ExitCode()).To(Equal(0))
output := strings.Split(setup.OutputToString(), " ")
ipc := output[len(output)-1]
session := podmanTest.Podman([]string{"run", "--ipc=host", fedoraMinimal, "ipcs", "-m", "-i", ipc})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
setup = SystemExec("ipcrm", []string{"-m", ipc})
Expect(setup.ExitCode()).To(Equal(0))
})
It("podman run ipcns ipcmk container test", func() {
setup := podmanTest.Podman([]string{"run", "-d", "--name", "test1", fedoraMinimal, "sleep", "999"})
setup.WaitWithDefaultTimeout()
Expect(setup.ExitCode()).To(Equal(0))
session := podmanTest.Podman([]string{"exec", "test1", "ipcmk", "-M", "1024"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
output := strings.Split(session.OutputToString(), " ")
ipc := output[len(output)-1]
session = podmanTest.Podman([]string{"run", "--ipc=container:test1", fedoraMinimal, "ipcs", "-m", "-i", ipc})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
})
It("podman run bad ipc pid test", func() {
session := podmanTest.Podman([]string{"run", "--ipc=badpid", fedoraMinimal, "bash", "-c", "echo $$"})
session.WaitWithDefaultTimeout()
Expect(session).To(ExitWithError())
})
It("podman run mounts fresh cgroup", func() {
session := podmanTest.Podman([]string{"run", fedoraMinimal, "grep", "cgroup", "/proc/self/mountinfo"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
output := session.OutputToString()
Expect(output).ToNot(ContainSubstring(".."))
})
It("podman run --ipc=host --pid=host", func() {
SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1")
cmd := exec.Command("ls", "-l", "/proc/self/ns/pid")
res, err := cmd.Output()
Expect(err).To(BeNil())
fields := strings.Split(string(res), " ")
hostPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
cmd = exec.Command("ls", "-l", "/proc/self/ns/ipc")
res, err = cmd.Output()
Expect(err).To(BeNil())
fields = strings.Split(string(res), " ")
hostIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
session := podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/pid"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
fields = strings.Split(session.OutputToString(), " ")
ctrPidNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
session = podmanTest.Podman([]string{"run", "--ipc=host", "--pid=host", ALPINE, "ls", "-l", "/proc/self/ns/ipc"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
fields = strings.Split(session.OutputToString(), " ")
ctrIpcNS := strings.TrimSuffix(fields[len(fields)-1], "\n")
Expect(hostPidNS).To(Equal(ctrPidNS))
Expect(hostIpcNS).To(Equal(ctrIpcNS))
})
})
Reference in New Issue View Git Blame Copy Permalink