diff --git a/Dockerfile b/Dockerfile index 7591f964077..297c29897cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -89,9 +89,9 @@ ENTRYPOINT ["/tmpmount"] # setup a playground for us to spawn containers in COPY tests/integration/multi-arch.bash tests/integration/ -ENV ROOTFS /opensuse +ENV ROOTFS /ubuntu RUN mkdir -p "${ROOTFS}" RUN /bin/bash -c '. tests/integration/multi-arch.bash \ - && get_and_extract_opensuse "$ROOTFS"' + && get_and_extract_ubuntu "$ROOTFS"' COPY . . diff --git a/Vagrantfile.centos7 b/Vagrantfile.centos7 index 5e919512b2d..89c2b933b9b 100644 --- a/Vagrantfile.centos7 +++ b/Vagrantfile.centos7 @@ -51,9 +51,9 @@ EOF # Add a user for rootless tests useradd -u2000 -m -d/home/rootless -s/bin/bash rootless - # Add opensuse for libcontainer/integration tests + # Add ubuntu for libcontainer/integration tests . /vagrant/tests/integration/multi-arch.bash \ - && mkdir /opensuse \ - && get_and_extract_opensuse /opensuse + && mkdir /ubuntu \ + && get_and_extract_ubuntu /ubuntu SHELL end diff --git a/Vagrantfile.fedora32 b/Vagrantfile.fedora32 index 520dc1b1cb0..0e51f520d30 100644 --- a/Vagrantfile.fedora32 +++ b/Vagrantfile.fedora32 @@ -40,10 +40,10 @@ EOF curl -o /usr/local/bin/umoci -fsSL https://github.com/opencontainers/umoci/releases/download/v0.4.6/umoci.amd64 chmod +x /usr/local/bin/umoci - # Add opensuse for libcontainer/integration tests + # Add ubuntu for libcontainer/integration tests . /vagrant/tests/integration/multi-arch.bash \ - && mkdir /opensuse \ - && get_and_extract_opensuse /opensuse + && mkdir /ubuntu \ + && get_and_extract_ubuntu /ubuntu # Delegate cgroup v2 controllers to rootless user via --systemd-cgroup mkdir -p /etc/systemd/system/user@.service.d diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go index 5f287ba24b5..9e545c1b36f 100644 --- a/libcontainer/integration/exec_test.go +++ b/libcontainer/integration/exec_test.go @@ -665,8 +665,8 @@ func testPids(t *testing.T, systemd bool) { if err != nil && strings.Contains(err.Error(), "no such directory for pids.max") { t.Skip("PIDs cgroup is unsupported") } - if !strings.Contains(out.String(), "/bin/sh: fork: retry: Resource temporarily unavailable") { - t.Fatalf("expected fork() to fail with restrictive pids limit") + if !strings.Contains(out.String(), "/bin/sh: 0: Cannot fork") { + t.Fatalf("expected fork() to fail with restrictive pids limit, stdout: %q", out.String()) } // Minimal restrictions are not really supported, due to quirks in using Go diff --git a/libcontainer/integration/seccomp_test.go b/libcontainer/integration/seccomp_test.go index f4c2bd3eef0..352b5d11826 100644 --- a/libcontainer/integration/seccomp_test.go +++ b/libcontainer/integration/seccomp_test.go @@ -58,26 +58,9 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) { if err != nil { t.Fatal(err) } - ps, err := pwd.Wait() - if err == nil { - t.Fatal("Expecting error (negative return code); instead exited cleanly!") - } - - var exitCode int - status := ps.Sys().(syscall.WaitStatus) - if status.Exited() { - exitCode = status.ExitStatus() - } else if status.Signaled() { - exitCode = -int(status.Signal()) - } else { - t.Fatalf("Unrecognized exit reason!") - } - - if exitCode == 0 { - t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode) - } + pwd.Wait() - expected := "getcwd: cannot access parent directories: No such process" + expected := "getcwd() failed: No such process" actual := strings.Trim(buffers.Stderr.String(), "\n") if !strings.Contains(actual, expected) { t.Fatalf("Expected output to contain %q but got %q\n", expected, actual) @@ -127,26 +110,9 @@ func TestSeccompDenyGetcwd(t *testing.T) { if err != nil { t.Fatal(err) } - ps, err := pwd.Wait() - if err == nil { - t.Fatal("Expecting error (negative return code); instead exited cleanly!") - } - - var exitCode int - status := ps.Sys().(syscall.WaitStatus) - if status.Exited() { - exitCode = status.ExitStatus() - } else if status.Signaled() { - exitCode = -int(status.Signal()) - } else { - t.Fatalf("Unrecognized exit reason!") - } - - if exitCode == 0 { - t.Fatalf("Getcwd should fail with negative exit code, instead got %d!", exitCode) - } + pwd.Wait() - expected := "getcwd: cannot access parent directories: Operation not permitted" + expected := "getcwd() failed: Operation not permitted" actual := strings.Trim(buffers.Stderr.String(), "\n") if !strings.Contains(actual, expected) { t.Fatalf("Expected output to contain %q but got %q\n", expected, actual) diff --git a/libcontainer/integration/utils_test.go b/libcontainer/integration/utils_test.go index 89ec9c8ec58..ecabf76d575 100644 --- a/libcontainer/integration/utils_test.go +++ b/libcontainer/integration/utils_test.go @@ -92,7 +92,7 @@ func newTestBundle() (string, error) { return dir, nil } -// newRootfs creates a new tmp directory and copies the opensuse root filesystem +// newRootfs creates a new tmp directory and copies the ubuntu root filesystem func newRootfs() (string, error) { dir, err := ioutil.TempDir("", "") if err != nil { @@ -101,7 +101,7 @@ func newRootfs() (string, error) { if err := os.MkdirAll(dir, 0700); err != nil { return "", err } - if err := copyOpensuse(dir); err != nil { + if err := copyUbuntu(dir); err != nil { return "", err } return dir, nil @@ -111,10 +111,10 @@ func remove(dir string) { os.RemoveAll(dir) } -// copyOpensuse copies the rootfs for a opensuse container created for the test image +// copyUbuntu copies the rootfs for an Ubuntu container created for the test image // into the new directory for the specific test -func copyOpensuse(dest string) error { - out, err := exec.Command("sh", "-c", fmt.Sprintf("cp -a /opensuse/rootfs/* %s/", dest)).CombinedOutput() +func copyUbuntu(dest string) error { + out, err := exec.Command("sh", "-c", fmt.Sprintf("cp -a /ubuntu/rootfs/* %s/", dest)).CombinedOutput() if err != nil { return fmt.Errorf("copy error %q: %q", err, out) } diff --git a/tests/integration/exec.bats b/tests/integration/exec.bats index 5459ced980c..d4df3d469d3 100644 --- a/tests/integration/exec.bats +++ b/tests/integration/exec.bats @@ -80,7 +80,7 @@ function teardown() { runc exec --cwd /bin test_container pwd [ "$status" -eq 0 ] - [[ ${output} == "/bin"* ]] + [[ ${output} == "/usr/bin"* ]] } @test "runc exec --env" { @@ -117,7 +117,8 @@ function teardown() { runc exec --user 1000:1000 --additional-gids 100 --additional-gids 65534 test_container id [ "$status" -eq 0 ] - [[ ${output} == "uid=1000 gid=1000 groups=1000,100(users),65534" ]] + echo "${output}" + [[ ${output} == "uid=1000 gid=1000 groups=1000,100(users),65534(nogroup)" ]] } @test "runc exec --preserve-fds" { diff --git a/tests/integration/helpers.bash b/tests/integration/helpers.bash index f44ea51d690..ef49a50f65a 100644 --- a/tests/integration/helpers.bash +++ b/tests/integration/helpers.bash @@ -411,7 +411,7 @@ function setup_container() { local rootless_rootfs="/tmp/cached-rootfs" setup_recvtty - get_and_extract_opensuse $BUNDLE + get_and_extract_ubuntu $BUNDLE cd "$BUNDLE" rm -f ./config.json diff --git a/tests/integration/multi-arch.bash b/tests/integration/multi-arch.bash index 6ed22d4369b..fb0bf05b9a4 100644 --- a/tests/integration/multi-arch.bash +++ b/tests/integration/multi-arch.bash @@ -1,25 +1,25 @@ #! /bin/bash -get_and_extract_opensuse() { - local cache="/tmp/opensuse-cache" - local opensuse="opensuse:3.11.6" +get_and_extract_ubuntu() { + local cache="/tmp/ubuntu-cache" + local ubuntu="ubuntu:latest" local rootless=$(id -u) local args=() if [ "$rootless" -ne 0 ]; then - cache="/tmp/opensuse-cache-rootless" + cache="/tmp/ubuntu-cache-rootless" fi mkdir -p "$cache" cd "$cache" - if [ ! -d "$cache/opensuse" ]; then + if [ ! -d "$cache/ubuntu" ]; then case $(go env GOARCH) in arm64) - skopeo copy docker://arm64v8/opensuse/leap:15.1 "oci:$opensuse" + skopeo copy docker://arm64v8/ubuntu:focal "oci:$ubuntu" ;; *) - skopeo copy docker://opensuse/leap:15.1 "oci:$opensuse" + skopeo copy docker://ubuntu:focal "oci:$ubuntu" ;; esac fi @@ -29,7 +29,7 @@ get_and_extract_opensuse() { args+=("--rootless") fi - umoci unpack "${args[@]}" --image "$opensuse" "$cache" + umoci unpack "${args[@]}" --image "$ubuntu" "$cache" fi rm -r -f "$1"