From 009957deec9970edde4075190e31360029c4de90 Mon Sep 17 00:00:00 2001
From: Andrei Vagin <avagin@google.com>
Date: Tue, 24 Sep 2024 21:38:22 -0700
Subject: [PATCH] buildkite: run intergration tests with the network plugin

---
 .buildkite/pipeline.yaml |  8 ++++++++
 Makefile                 |  9 ++++++++-
 runsc/sandbox/sandbox.go | 11 ++++++-----
 test/root/runsc_test.go  |  4 ++--
 4 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml
index 4e71dbf783..030a99d924 100644
--- a/.buildkite/pipeline.yaml
+++ b/.buildkite/pipeline.yaml
@@ -368,6 +368,14 @@ steps:
       <<: *platform_specific_agents
       <<: *ubuntu_agents
       arch: "amd64"
+  - <<: *common
+    <<: *docker
+    <<: *source_test
+    label: ":satellite: gVisor network plugin tests"
+    command: make plugin-network-tests
+    agents:
+      <<: *kvm_agents
+      arch: "amd64"
   - <<: *common
     <<: *source_test
     label: ":coffee: Do tests"
diff --git a/Makefile b/Makefile
index a2fcf38333..8bfe91bfad 100644
--- a/Makefile
+++ b/Makefile
@@ -111,6 +111,7 @@ else
 RUNTIME     ?= $(BRANCH_NAME)
 endif
 RUNTIME_DIR     ?= $(shell dirname $(shell mktemp -u))/$(RUNTIME)
+RUNSC_TARGET    ?= //runsc
 RUNTIME_BIN     ?= $(RUNTIME_DIR)/runsc
 RUNTIME_LOG_DIR ?= $(RUNTIME_DIR)/logs
 RUNTIME_LOGS    ?= $(RUNTIME_LOG_DIR)/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%
@@ -127,7 +128,7 @@ endif
 $(RUNTIME_BIN): # See below.
 	@mkdir -p "$(RUNTIME_DIR)"
 ifeq (,$(STAGED_BINARIES))
-	@$(call copy,//runsc,$(RUNTIME_BIN))
+	@$(call copy,$(RUNSC_TARGET),$(RUNTIME_BIN))
 else
 	gsutil cat "${STAGED_BINARIES}" | \
 	  tar -C "$(RUNTIME_DIR)" -zxvf - runsc && \
@@ -346,6 +347,12 @@ docker-tests: load-basic $(RUNTIME_BIN)
 	@$(call test_runtime,$(RUNTIME),$(INTEGRATION_TARGETS) //test/e2e:integration_runtime_test)
 .PHONY: docker-tests
 
+plugin-network-tests: load-basic $(RUNTIME_BIN)
+	@$(call install_runtime,$(RUNTIME),--network=plugin)
+	@$(call test_runtime,$(RUNTIME), --test_arg=-test.run=ConnectToSelf $(INTEGRATION_TARGETS))
+
+plugin-network-tests: RUNSC_TARGET=--config plugin-tldk //runsc:runsc-plugin-stack
+
 overlay-tests: load-basic $(RUNTIME_BIN)
 	@$(call install_runtime,$(RUNTIME),--overlay2=all:dir=/tmp)
 	@$(call install_runtime,$(RUNTIME)-docker,--net-raw --overlay2=all:dir=/tmp)
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index 4ce9c67cef..693fb7aead 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -851,11 +851,12 @@ func (s *Sandbox) createSandboxProcess(conf *config.Config, args *Args, startSyn
 	if !conf.TestOnlyAllowRunAsCurrentUserWithoutChroot {
 		// Setting cmd.Env = nil causes cmd to inherit the current process's env.
 		cmd.Env = []string{}
-		// runsc-race with glibc needs to disable rseq.
-		glibcTunables := os.Getenv("GLIBC_TUNABLES")
-		if glibcTunables != "" {
-			cmd.Env = append(cmd.Env, fmt.Sprintf("GLIBC_TUNABLES=%s", glibcTunables))
-		}
+	}
+	if config.CgoEnabled {
+		// Platforms that use stub processes are not compatible with
+		// the glibc rseq, because they unmap everything from a process
+		// address space.
+		cmd.Env = append(cmd.Env, "GLIBC_TUNABLES=glibc.pthread.rseq=0")
 	}
 
 	// If there is a gofer, sends all socket ends to the sandbox.
diff --git a/test/root/runsc_test.go b/test/root/runsc_test.go
index f4afe3f059..c39cf694f6 100644
--- a/test/root/runsc_test.go
+++ b/test/root/runsc_test.go
@@ -172,7 +172,7 @@ func TestSandboxProcessEnv(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	if len(got) != 0 {
-		t.Errorf("sandbox process's environment is not empty: got %s", string(got))
+	if len(got) != 0 && string(got) != "GLIBC_TUNABLES=glibc.pthread.rseq=0" {
+		t.Errorf("sandbox process's environment is not empty: got %s (%v)", string(got), got)
 	}
 }