diff --git a/tests/contest/contest/src/main.rs b/tests/contest/contest/src/main.rs index e0d3a4a02..c8443ced3 100644 --- a/tests/contest/contest/src/main.rs +++ b/tests/contest/contest/src/main.rs @@ -21,6 +21,7 @@ use crate::tests::linux_ns_itype::get_ns_itype_tests; use crate::tests::mounts_recursive::get_mounts_recursive_test; use crate::tests::no_pivot::get_no_pivot_test; use crate::tests::pidfile::get_pidfile_test; +use crate::tests::process::get_process_test; use crate::tests::readonly_paths::get_ro_paths_test; use crate::tests::scheduler::get_scheduler_test; use crate::tests::seccomp::get_seccomp_test; @@ -114,6 +115,7 @@ fn main() -> Result<()> { let scheduler = get_scheduler_test(); let io_priority_test = get_io_priority_test(); let devices = get_devices_test(); + let process = get_process_test(); let no_pivot = get_no_pivot_test(); tm.add_test_group(Box::new(cl)); @@ -138,6 +140,7 @@ fn main() -> Result<()> { tm.add_test_group(Box::new(sysctl)); tm.add_test_group(Box::new(scheduler)); tm.add_test_group(Box::new(devices)); + tm.add_test_group(Box::new(process)); tm.add_test_group(Box::new(no_pivot)); tm.add_test_group(Box::new(io_priority_test)); diff --git a/tests/contest/contest/src/tests/mod.rs b/tests/contest/contest/src/tests/mod.rs index 7a742d384..da7bdb150 100644 --- a/tests/contest/contest/src/tests/mod.rs +++ b/tests/contest/contest/src/tests/mod.rs @@ -11,6 +11,7 @@ pub mod linux_ns_itype; pub mod mounts_recursive; pub mod no_pivot; pub mod pidfile; +pub mod process; pub mod readonly_paths; pub mod scheduler; pub mod seccomp; diff --git a/tests/contest/contest/src/tests/process/mod.rs b/tests/contest/contest/src/tests/process/mod.rs new file mode 100644 index 000000000..8237bcd5f --- /dev/null +++ b/tests/contest/contest/src/tests/process/mod.rs @@ -0,0 +1,2 @@ +mod process_test; +pub use process_test::get_process_test; diff --git a/tests/contest/contest/src/tests/process/process_test.rs b/tests/contest/contest/src/tests/process/process_test.rs new file mode 100644 index 000000000..d605e5c30 --- /dev/null +++ b/tests/contest/contest/src/tests/process/process_test.rs @@ -0,0 +1,47 @@ +use crate::utils::test_inside_container; +use anyhow::{bail, Context, Ok, Result}; +use oci_spec::runtime::{ProcessBuilder, Spec, SpecBuilder}; +use std::fs; +use std::os::unix::fs::PermissionsExt; +use test_framework::{test_result, Test, TestGroup, TestResult}; + +fn create_spec() -> Result { + let spec = SpecBuilder::default() + .process( + ProcessBuilder::default() + .cwd("/test") + .env(vec!["testa=valuea".into(), "testb=123".into()]) + .build() + .expect("error in creating process config"), + ) + .build() + .context("failed to build spec")?; + + Ok(spec) +} + +fn process_test() -> TestResult { + let spec = test_result!(create_spec()); + test_inside_container(spec, &|_| { + match fs::create_dir("/test") { + Result::Ok(_) => { /*This is expected*/ } + Err(e) => { + bail!(e) + } + } + let metadata = fs::metadata("/test")?; + let mut permissions = metadata.permissions(); + permissions.set_mode(0o700); + + Ok(()) + }) +} + +pub fn get_process_test() -> TestGroup { + let mut process_test_group = TestGroup::new("process"); + + let test = Test::new("process_test", Box::new(process_test)); + process_test_group.add(vec![Box::new(test)]); + + process_test_group +} diff --git a/tests/contest/runtimetest/src/main.rs b/tests/contest/runtimetest/src/main.rs index 486495a8b..41b06fb7c 100644 --- a/tests/contest/runtimetest/src/main.rs +++ b/tests/contest/runtimetest/src/main.rs @@ -20,7 +20,6 @@ fn get_spec() -> Spec { } } -////////// ANCHOR: example_runtimetest_main fn main() { let spec = get_spec(); let args: Vec = env::args().collect(); @@ -44,6 +43,7 @@ fn main() { "io_priority_class_be" => tests::test_io_priority_class(&spec, IoprioClassBe), "io_priority_class_idle" => tests::test_io_priority_class(&spec, IoprioClassIdle), "devices" => tests::validate_devices(&spec), + "process" => tests::validate_process(&spec), "no_pivot" => tests::validate_rootfs(), _ => eprintln!("error due to unexpected execute test name: {execute_test}"), } diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index dec34dee3..52e57a5d0 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -1,9 +1,11 @@ +use std::env; use std::fs::{self, read_dir}; use std::os::linux::fs::MetadataExt; use std::os::unix::fs::{FileTypeExt, PermissionsExt}; use std::path::Path; use anyhow::{bail, Result}; + use nix::errno::Errno; use nix::libc; use nix::sys::utsname; @@ -546,6 +548,34 @@ pub fn test_io_priority_class(spec: &Spec, io_priority_class: IOPriorityClass) { } } +pub fn validate_process(spec: &Spec) { + let process = spec.process().as_ref().unwrap(); + + if process.cwd().ne(&getcwd().unwrap()) { + eprintln!( + "error due to spec cwd want {:?}, got {:?}", + process.cwd(), + getcwd().unwrap() + ) + } + + if env::var("testa").unwrap().to_string().ne("valuea") { + eprintln!( + "error due to spec environment value of testa want {:?}, got {:?}", + "valuea", + env::var("testa") + ) + } + + if env::var("testb").unwrap().to_string().ne("123") { + eprintln!( + "error due to spec environment value of testb want {:?}, got {:?}", + "123", + env::var("testb") + ) + } +} + // the validate_rootfs function is used to validate the rootfs of the container is // as expected. This function is used in the no_pivot test to validate the rootfs pub fn validate_rootfs() {