Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

linux_mount_label integration test #2688

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions tests/contest/contest/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ use crate::tests::hostname::get_hostname_test;
use crate::tests::intel_rdt::get_intel_rdt_test;
use crate::tests::io_priority::get_io_priority_test;
use crate::tests::lifecycle::{ContainerCreate, ContainerLifecycle};
use crate::tests::linux_mount_label::get_linux_mount_label_test;
use crate::tests::linux_ns_itype::get_ns_itype_tests;
use crate::tests::mounts_recursive::get_mounts_recursive_test;
use crate::tests::pidfile::get_pidfile_test;
Expand Down Expand Up @@ -109,6 +110,7 @@ fn main() -> Result<()> {
let sysctl = get_sysctl_test();
let scheduler = get_scheduler_test();
let io_priority_test = get_io_priority_test();
let linux_mount_label = get_linux_mount_label_test();

tm.add_test_group(Box::new(cl));
tm.add_test_group(Box::new(cc));
Expand All @@ -126,6 +128,7 @@ fn main() -> Result<()> {
tm.add_test_group(Box::new(seccomp_notify));
tm.add_test_group(Box::new(ro_paths));
tm.add_test_group(Box::new(hostname));
tm.add_test_group(Box::new(linux_mount_label));
tm.add_test_group(Box::new(mounts_recursive));
tm.add_test_group(Box::new(domainname));
tm.add_test_group(Box::new(intel_rdt));
Expand Down
Gekko0114 marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
use crate::utils::test_inside_container;
use oci_spec::runtime::{LinuxBuilder, ProcessBuilder, Spec, SpecBuilder};
use test_framework::{Test, TestGroup, TestResult};

fn create_spec(linux_mount_label: String) -> Spec {
SpecBuilder::default()
.linux(
// Need to reset the read-only paths
LinuxBuilder::default()
.mount_label(linux_mount_label)
.masked_paths(vec![])
.build()
.expect("error in building linux config"),
)
.process(
ProcessBuilder::default()
.args(vec![
"runtimetest".to_string(),
"linux_mount_label".to_string(),
])
.build()
.expect("error in creating process config"),
)
.build()
.unwrap()
}

// here we have to manually create and manage the container
// as the test_inside container does not provide a way to set the pid file argument
fn test_linux_mount_label() -> TestResult {
let spec = create_spec("system_u:object_r:svirt_sandbox_file_t:s0:c715,c811".to_string());
test_inside_container(spec, &|_| {
// As long as the container is created, we expect the mount label to be determined
// by the spec, so nothing to prepare prior.
Ok(())
})
}

pub fn get_linux_mount_label_test() -> TestGroup {
let linux_mount_label = Test::new("linux_mount_label", Box::new(test_linux_mount_label));
let mut tg = TestGroup::new("linux_mount_label");
tg.add(vec![Box::new(linux_mount_label)]);
tg
}
2 changes: 2 additions & 0 deletions tests/contest/contest/src/tests/linux_mount_label/mod.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
mod linux_mount_label_test;
pub use linux_mount_label_test::get_linux_mount_label_test;
1 change: 1 addition & 0 deletions tests/contest/contest/src/tests/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ pub mod hostname;
pub mod intel_rdt;
pub mod io_priority;
pub mod lifecycle;
pub mod linux_mount_label;
pub mod linux_ns_itype;
pub mod mounts_recursive;
pub mod pidfile;
Expand Down
1 change: 1 addition & 0 deletions tests/contest/runtimetest/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ fn main() {
"readonly_paths" => tests::validate_readonly_paths(&spec),
"set_host_name" => tests::validate_hostname(&spec),
"mounts_recursive" => tests::validate_mounts_recursive(&spec),
"linux_mount_label" => tests::validate_linux_mount_label(&spec),
"domainname_test" => tests::validate_domainname(&spec),
"seccomp" => tests::validate_seccomp(&spec),
"sysctl" => tests::validate_sysctl(&spec),
Expand Down
25 changes: 25 additions & 0 deletions tests/contest/runtimetest/src/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ use oci_spec::runtime::{
IOPriorityClass::{self, IoprioClassBe, IoprioClassIdle, IoprioClassRt},
LinuxSchedulerPolicy, Spec,
};
use std::fs::File;
use std::fs::{self, read_dir};
use std::io::{self, BufRead};
use std::mem;
use std::path::Path;

Expand Down Expand Up @@ -332,6 +334,29 @@ pub fn validate_sysctl(spec: &Spec) {
}
}

pub fn validate_linux_mount_label(spec: &Spec) {
Gekko0114 marked this conversation as resolved.
Show resolved Hide resolved
let linux = spec.linux().as_ref().unwrap();
let target_mount_path = "Tmp/.tmp";
if let Some(_expected_mount_label) = linux.mount_label() {
let file = match File::open("/proc/self/mountinfo") {
Ok(file) => file,
Err(_e) => {
eprintln!("Error while opening mount file");
return;
}
};
let reader = io::BufReader::new(file);
for line in reader.lines().map_while(Result::ok) {
if line.contains(target_mount_path) {
// Because proc/self/mountinfo doesn't include mount_label, just checking target mount path only.
return;
}
}
return eprintln!("There are no directory including the path {target_mount_path}");
}
eprintln!("Failed to get expected_mount_label");
}

pub fn validate_scheduler_policy(spec: &Spec) {
let proc = spec.process().as_ref().unwrap();
let sc = proc.scheduler().as_ref().unwrap();
Expand Down
Loading