2019-04-29 21:25:05 +00:00
|
|
|
// Copyright 2018 The gVisor Authors.
|
2018-09-05 20:12:15 +00:00
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
|
|
package container
|
|
|
|
|
|
|
|
|
|
import (
|
2018-09-28 05:52:25 +00:00
|
|
|
"fmt"
|
2018-09-05 21:28:52 +00:00
|
|
|
"io/ioutil"
|
2018-09-27 22:00:03 +00:00
|
|
|
"math"
|
2018-09-05 20:12:15 +00:00
|
|
|
"os"
|
2018-09-20 01:52:53 +00:00
|
|
|
"path"
|
2018-09-05 21:28:52 +00:00
|
|
|
"path/filepath"
|
2018-09-05 20:12:15 +00:00
|
|
|
"strings"
|
|
|
|
|
"sync"
|
2018-09-06 17:40:53 +00:00
|
|
|
"syscall"
|
2018-09-05 20:12:15 +00:00
|
|
|
"testing"
|
2018-09-28 19:20:56 +00:00
|
|
|
"time"
|
2018-09-05 20:12:15 +00:00
|
|
|
|
2018-09-05 21:01:25 +00:00
|
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
2019-06-13 23:49:09 +00:00
|
|
|
"gvisor.dev/gvisor/pkg/sentry/control"
|
2019-08-02 20:46:42 +00:00
|
|
|
"gvisor.dev/gvisor/pkg/sentry/kernel"
|
2019-06-13 23:49:09 +00:00
|
|
|
"gvisor.dev/gvisor/runsc/boot"
|
|
|
|
|
"gvisor.dev/gvisor/runsc/specutils"
|
|
|
|
|
"gvisor.dev/gvisor/runsc/test/testutil"
|
2018-09-05 20:12:15 +00:00
|
|
|
)
|
|
|
|
|
|
2018-09-05 21:01:25 +00:00
|
|
|
func createSpecs(cmds ...[]string) ([]*specs.Spec, []string) {
|
|
|
|
|
var specs []*specs.Spec
|
|
|
|
|
var ids []string
|
|
|
|
|
rootID := testutil.UniqueContainerID()
|
|
|
|
|
|
|
|
|
|
for i, cmd := range cmds {
|
|
|
|
|
spec := testutil.NewSpecWithArgs(cmd...)
|
|
|
|
|
if i == 0 {
|
|
|
|
|
spec.Annotations = map[string]string{
|
|
|
|
|
specutils.ContainerdContainerTypeAnnotation: specutils.ContainerdContainerTypeSandbox,
|
|
|
|
|
}
|
|
|
|
|
ids = append(ids, rootID)
|
|
|
|
|
} else {
|
|
|
|
|
spec.Annotations = map[string]string{
|
|
|
|
|
specutils.ContainerdContainerTypeAnnotation: specutils.ContainerdContainerTypeContainer,
|
|
|
|
|
specutils.ContainerdSandboxIDAnnotation: rootID,
|
|
|
|
|
}
|
|
|
|
|
ids = append(ids, testutil.UniqueContainerID())
|
|
|
|
|
}
|
|
|
|
|
specs = append(specs, spec)
|
|
|
|
|
}
|
|
|
|
|
return specs, ids
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-28 05:52:25 +00:00
|
|
|
func startContainers(conf *boot.Config, specs []*specs.Spec, ids []string) ([]*Container, func(), error) {
|
|
|
|
|
rootDir, err := testutil.SetupRootDir()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, nil, fmt.Errorf("error creating root dir: %v", err)
|
|
|
|
|
}
|
2018-11-08 05:30:11 +00:00
|
|
|
conf.RootDir = rootDir
|
2018-09-28 05:52:25 +00:00
|
|
|
|
|
|
|
|
var containers []*Container
|
|
|
|
|
var bundles []string
|
|
|
|
|
cleanup := func() {
|
|
|
|
|
for _, c := range containers {
|
|
|
|
|
c.Destroy()
|
|
|
|
|
}
|
|
|
|
|
for _, b := range bundles {
|
|
|
|
|
os.RemoveAll(b)
|
|
|
|
|
}
|
|
|
|
|
os.RemoveAll(rootDir)
|
|
|
|
|
}
|
|
|
|
|
for i, spec := range specs {
|
2018-11-08 05:30:11 +00:00
|
|
|
bundleDir, err := testutil.SetupBundleDir(spec)
|
2018-09-28 05:52:25 +00:00
|
|
|
if err != nil {
|
|
|
|
|
cleanup()
|
|
|
|
|
return nil, nil, fmt.Errorf("error setting up container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
bundles = append(bundles, bundleDir)
|
|
|
|
|
|
2019-06-18 21:45:50 +00:00
|
|
|
args := Args{
|
|
|
|
|
ID: ids[i],
|
|
|
|
|
Spec: spec,
|
|
|
|
|
BundleDir: bundleDir,
|
|
|
|
|
}
|
|
|
|
|
cont, err := New(conf, args)
|
2018-09-28 05:52:25 +00:00
|
|
|
if err != nil {
|
|
|
|
|
cleanup()
|
|
|
|
|
return nil, nil, fmt.Errorf("error creating container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
containers = append(containers, cont)
|
|
|
|
|
|
|
|
|
|
if err := cont.Start(conf); err != nil {
|
|
|
|
|
cleanup()
|
|
|
|
|
return nil, nil, fmt.Errorf("error starting container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return containers, cleanup, nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-11 21:52:06 +00:00
|
|
|
type execDesc struct {
|
|
|
|
|
c *Container
|
|
|
|
|
cmd []string
|
|
|
|
|
want int
|
|
|
|
|
desc string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func execMany(execs []execDesc) error {
|
|
|
|
|
for _, exec := range execs {
|
|
|
|
|
args := &control.ExecArgs{Argv: exec.cmd}
|
|
|
|
|
if ws, err := exec.c.executeSync(args); err != nil {
|
|
|
|
|
return fmt.Errorf("error executing %+v: %v", args, err)
|
|
|
|
|
} else if ws.ExitStatus() != exec.want {
|
|
|
|
|
return fmt.Errorf("%q: exec %q got exit status: %d, want: %d", exec.desc, exec.cmd, ws.ExitStatus(), exec.want)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createSharedMount(mount specs.Mount, name string, pod ...*specs.Spec) {
|
|
|
|
|
for _, spec := range pod {
|
|
|
|
|
spec.Annotations[path.Join(boot.MountPrefix, name, "source")] = mount.Source
|
|
|
|
|
spec.Annotations[path.Join(boot.MountPrefix, name, "type")] = mount.Type
|
|
|
|
|
spec.Annotations[path.Join(boot.MountPrefix, name, "share")] = "pod"
|
|
|
|
|
if len(mount.Options) > 0 {
|
|
|
|
|
spec.Annotations[path.Join(boot.MountPrefix, name, "options")] = strings.Join(mount.Options, ",")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-05 20:12:15 +00:00
|
|
|
// TestMultiContainerSanity checks that it is possible to run 2 dead-simple
|
|
|
|
|
// containers in the same sandbox.
|
|
|
|
|
func TestMultiContainerSanity(t *testing.T) {
|
|
|
|
|
for _, conf := range configs(all...) {
|
|
|
|
|
t.Logf("Running test with conf: %+v", conf)
|
|
|
|
|
|
|
|
|
|
// Setup the containers.
|
2018-09-05 21:01:25 +00:00
|
|
|
sleep := []string{"sleep", "100"}
|
|
|
|
|
specs, ids := createSpecs(sleep, sleep)
|
2018-09-28 05:52:25 +00:00
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
2018-09-28 05:52:25 +00:00
|
|
|
defer cleanup()
|
2018-09-05 20:12:15 +00:00
|
|
|
|
2018-09-05 21:01:25 +00:00
|
|
|
// Check via ps that multiple processes are running.
|
2018-09-05 20:12:15 +00:00
|
|
|
expectedPL := []*control.Process{
|
2018-09-05 21:01:25 +00:00
|
|
|
{PID: 1, Cmd: "sleep"},
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[0], expectedPL); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
expectedPL = []*control.Process{
|
|
|
|
|
{PID: 2, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[1], expectedPL); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-30 15:35:36 +00:00
|
|
|
// TestMultiPIDNS checks that it is possible to run 2 dead-simple
|
|
|
|
|
// containers in the same sandbox with different pidns.
|
|
|
|
|
func TestMultiPIDNS(t *testing.T) {
|
|
|
|
|
for _, conf := range configs(all...) {
|
|
|
|
|
t.Logf("Running test with conf: %+v", conf)
|
|
|
|
|
|
|
|
|
|
// Setup the containers.
|
|
|
|
|
sleep := []string{"sleep", "100"}
|
|
|
|
|
testSpecs, ids := createSpecs(sleep, sleep)
|
|
|
|
|
testSpecs[1].Linux = &specs.Linux{
|
|
|
|
|
Namespaces: []specs.LinuxNamespace{
|
|
|
|
|
{
|
|
|
|
|
Type: "pid",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
containers, cleanup, err := startContainers(conf, testSpecs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
// Check via ps that multiple processes are running.
|
|
|
|
|
expectedPL := []*control.Process{
|
|
|
|
|
{PID: 1, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[0], expectedPL); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
expectedPL = []*control.Process{
|
|
|
|
|
{PID: 1, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[1], expectedPL); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TestMultiPIDNSPath checks the pidns path.
|
|
|
|
|
func TestMultiPIDNSPath(t *testing.T) {
|
|
|
|
|
for _, conf := range configs(all...) {
|
|
|
|
|
t.Logf("Running test with conf: %+v", conf)
|
|
|
|
|
|
|
|
|
|
// Setup the containers.
|
|
|
|
|
sleep := []string{"sleep", "100"}
|
|
|
|
|
testSpecs, ids := createSpecs(sleep, sleep, sleep)
|
|
|
|
|
testSpecs[0].Linux = &specs.Linux{
|
|
|
|
|
Namespaces: []specs.LinuxNamespace{
|
|
|
|
|
{
|
|
|
|
|
Type: "pid",
|
|
|
|
|
Path: "/proc/1/ns/pid",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
testSpecs[1].Linux = &specs.Linux{
|
|
|
|
|
Namespaces: []specs.LinuxNamespace{
|
|
|
|
|
{
|
|
|
|
|
Type: "pid",
|
|
|
|
|
Path: "/proc/1/ns/pid",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
testSpecs[2].Linux = &specs.Linux{
|
|
|
|
|
Namespaces: []specs.LinuxNamespace{
|
|
|
|
|
{
|
|
|
|
|
Type: "pid",
|
|
|
|
|
Path: "/proc/2/ns/pid",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
containers, cleanup, err := startContainers(conf, testSpecs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
// Check via ps that multiple processes are running.
|
|
|
|
|
expectedPL := []*control.Process{
|
|
|
|
|
{PID: 1, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[0], expectedPL); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[2], expectedPL); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
expectedPL = []*control.Process{
|
|
|
|
|
{PID: 2, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[1], expectedPL); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-05 20:12:15 +00:00
|
|
|
func TestMultiContainerWait(t *testing.T) {
|
2018-09-05 21:01:25 +00:00
|
|
|
// The first container should run the entire duration of the test.
|
|
|
|
|
cmd1 := []string{"sleep", "100"}
|
|
|
|
|
// We'll wait on the second container, which is much shorter lived.
|
|
|
|
|
cmd2 := []string{"sleep", "1"}
|
|
|
|
|
specs, ids := createSpecs(cmd1, cmd2)
|
|
|
|
|
|
2018-09-28 05:52:25 +00:00
|
|
|
conf := testutil.TestConfig()
|
|
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
2018-09-28 05:52:25 +00:00
|
|
|
defer cleanup()
|
2018-09-05 20:12:15 +00:00
|
|
|
|
2018-09-05 21:01:25 +00:00
|
|
|
// Check via ps that multiple processes are running.
|
2018-09-05 20:12:15 +00:00
|
|
|
expectedPL := []*control.Process{
|
2018-09-05 21:01:25 +00:00
|
|
|
{PID: 2, Cmd: "sleep"},
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
if err := waitForProcessList(containers[1], expectedPL); err != nil {
|
2018-09-05 20:12:15 +00:00
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait on the short lived container from multiple goroutines.
|
|
|
|
|
wg := sync.WaitGroup{}
|
|
|
|
|
for i := 0; i < 3; i++ {
|
|
|
|
|
wg.Add(1)
|
2018-09-05 21:01:25 +00:00
|
|
|
go func(c *Container) {
|
2018-09-05 20:12:15 +00:00
|
|
|
defer wg.Done()
|
2018-09-05 21:01:25 +00:00
|
|
|
if ws, err := c.Wait(); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for process %s: %v", c.Spec.Process.Args, err)
|
2018-09-05 20:12:15 +00:00
|
|
|
} else if es := ws.ExitStatus(); es != 0 {
|
2018-09-05 21:01:25 +00:00
|
|
|
t.Errorf("process %s exited with non-zero status %d", c.Spec.Process.Args, es)
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
2018-09-20 23:58:36 +00:00
|
|
|
if _, err := c.Wait(); err != nil {
|
|
|
|
|
t.Errorf("wait for stopped container %s shouldn't fail: %v", c.Spec.Process.Args, err)
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
2018-09-05 21:01:25 +00:00
|
|
|
}(containers[1])
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Also wait via PID.
|
|
|
|
|
for i := 0; i < 3; i++ {
|
|
|
|
|
wg.Add(1)
|
2018-09-05 21:01:25 +00:00
|
|
|
go func(c *Container) {
|
2018-09-05 20:12:15 +00:00
|
|
|
defer wg.Done()
|
|
|
|
|
const pid = 2
|
2019-06-04 01:14:52 +00:00
|
|
|
if ws, err := c.WaitPID(pid); err != nil {
|
2018-09-05 20:12:15 +00:00
|
|
|
t.Errorf("failed to wait for PID %d: %v", pid, err)
|
|
|
|
|
} else if es := ws.ExitStatus(); es != 0 {
|
|
|
|
|
t.Errorf("PID %d exited with non-zero status %d", pid, es)
|
|
|
|
|
}
|
2019-06-04 01:14:52 +00:00
|
|
|
if _, err := c.WaitPID(pid); err == nil {
|
2018-09-05 20:12:15 +00:00
|
|
|
t.Errorf("wait for stopped PID %d should fail", pid)
|
|
|
|
|
}
|
2018-09-17 23:24:05 +00:00
|
|
|
}(containers[1])
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
wg.Wait()
|
2018-09-05 21:01:25 +00:00
|
|
|
|
|
|
|
|
// After Wait returns, ensure that the root container is running and
|
|
|
|
|
// the child has finished.
|
2018-09-27 22:00:03 +00:00
|
|
|
expectedPL = []*control.Process{
|
|
|
|
|
{PID: 1, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[0], expectedPL); err != nil {
|
2018-09-05 21:01:25 +00:00
|
|
|
t.Errorf("failed to wait for %q to start: %v", strings.Join(containers[0].Spec.Process.Args, " "), err)
|
|
|
|
|
}
|
2018-09-05 20:12:15 +00:00
|
|
|
}
|
2018-09-05 21:28:52 +00:00
|
|
|
|
2018-09-17 23:24:05 +00:00
|
|
|
// TestExecWait ensures what we can wait containers and individual processes in the
|
|
|
|
|
// sandbox that have already exited.
|
|
|
|
|
func TestExecWait(t *testing.T) {
|
|
|
|
|
rootDir, err := testutil.SetupRootDir()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating root dir: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(rootDir)
|
|
|
|
|
|
|
|
|
|
// The first container should run the entire duration of the test.
|
|
|
|
|
cmd1 := []string{"sleep", "100"}
|
|
|
|
|
// We'll wait on the second container, which is much shorter lived.
|
|
|
|
|
cmd2 := []string{"sleep", "1"}
|
|
|
|
|
specs, ids := createSpecs(cmd1, cmd2)
|
2018-09-28 05:52:25 +00:00
|
|
|
conf := testutil.TestConfig()
|
|
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
2018-09-17 23:24:05 +00:00
|
|
|
}
|
2018-09-28 05:52:25 +00:00
|
|
|
defer cleanup()
|
2018-09-17 23:24:05 +00:00
|
|
|
|
2018-09-27 22:00:03 +00:00
|
|
|
// Check via ps that process is running.
|
2018-09-17 23:24:05 +00:00
|
|
|
expectedPL := []*control.Process{
|
|
|
|
|
{PID: 2, Cmd: "sleep"},
|
|
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
if err := waitForProcessList(containers[1], expectedPL); err != nil {
|
2018-09-17 23:24:05 +00:00
|
|
|
t.Fatalf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait for the second container to finish.
|
2018-09-27 22:00:03 +00:00
|
|
|
if err := waitForProcessCount(containers[1], 0); err != nil {
|
2018-09-17 23:24:05 +00:00
|
|
|
t.Fatalf("failed to wait for second container to stop: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the second container exit status.
|
|
|
|
|
if ws, err := containers[1].Wait(); err != nil {
|
|
|
|
|
t.Fatalf("failed to wait for process %s: %v", containers[1].Spec.Process.Args, err)
|
|
|
|
|
} else if es := ws.ExitStatus(); es != 0 {
|
|
|
|
|
t.Fatalf("process %s exited with non-zero status %d", containers[1].Spec.Process.Args, es)
|
|
|
|
|
}
|
2018-09-20 23:58:36 +00:00
|
|
|
if _, err := containers[1].Wait(); err != nil {
|
|
|
|
|
t.Fatalf("wait for stopped container %s shouldn't fail: %v", containers[1].Spec.Process.Args, err)
|
2018-09-17 23:24:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Execute another process in the first container.
|
|
|
|
|
args := &control.ExecArgs{
|
|
|
|
|
Filename: "/bin/sleep",
|
|
|
|
|
Argv: []string{"/bin/sleep", "1"},
|
|
|
|
|
WorkingDirectory: "/",
|
|
|
|
|
KUID: 0,
|
|
|
|
|
}
|
|
|
|
|
pid, err := containers[0].Execute(args)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error executing: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait for the exec'd process to exit.
|
2018-09-27 22:00:03 +00:00
|
|
|
expectedPL = []*control.Process{
|
|
|
|
|
{PID: 1, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[0], expectedPL); err != nil {
|
2018-09-17 23:24:05 +00:00
|
|
|
t.Fatalf("failed to wait for second container to stop: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the exit status from the exec'd process.
|
2019-06-04 01:14:52 +00:00
|
|
|
if ws, err := containers[0].WaitPID(pid); err != nil {
|
2018-09-17 23:24:05 +00:00
|
|
|
t.Fatalf("failed to wait for process %+v with pid %d: %v", args, pid, err)
|
|
|
|
|
} else if es := ws.ExitStatus(); es != 0 {
|
|
|
|
|
t.Fatalf("process %+v exited with non-zero status %d", args, es)
|
|
|
|
|
}
|
2019-06-04 01:14:52 +00:00
|
|
|
if _, err := containers[0].WaitPID(pid); err == nil {
|
2018-09-17 23:24:05 +00:00
|
|
|
t.Fatalf("wait for stopped process %+v should fail", args)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-05 21:28:52 +00:00
|
|
|
// TestMultiContainerMount tests that bind mounts can be used with multiple
|
|
|
|
|
// containers.
|
|
|
|
|
func TestMultiContainerMount(t *testing.T) {
|
|
|
|
|
cmd1 := []string{"sleep", "100"}
|
|
|
|
|
|
|
|
|
|
// 'src != dst' ensures that 'dst' doesn't exist in the host and must be
|
|
|
|
|
// properly mapped inside the container to work.
|
|
|
|
|
src, err := ioutil.TempDir(testutil.TmpDir(), "container")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("ioutil.TempDir failed:", err)
|
|
|
|
|
}
|
|
|
|
|
dst := src + ".dst"
|
|
|
|
|
cmd2 := []string{"touch", filepath.Join(dst, "file")}
|
|
|
|
|
|
|
|
|
|
sps, ids := createSpecs(cmd1, cmd2)
|
|
|
|
|
sps[1].Mounts = append(sps[1].Mounts, specs.Mount{
|
|
|
|
|
Source: src,
|
|
|
|
|
Destination: dst,
|
|
|
|
|
Type: "bind",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// Setup the containers.
|
2018-09-28 05:52:25 +00:00
|
|
|
conf := testutil.TestConfig()
|
|
|
|
|
containers, cleanup, err := startContainers(conf, sps, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
2018-09-05 21:28:52 +00:00
|
|
|
}
|
2018-09-28 05:52:25 +00:00
|
|
|
defer cleanup()
|
2018-09-05 21:28:52 +00:00
|
|
|
|
|
|
|
|
ws, err := containers[1].Wait()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Error("error waiting on container:", err)
|
|
|
|
|
}
|
|
|
|
|
if !ws.Exited() || ws.ExitStatus() != 0 {
|
|
|
|
|
t.Error("container failed, waitStatus:", ws)
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-09-06 17:40:53 +00:00
|
|
|
|
|
|
|
|
// TestMultiContainerSignal checks that it is possible to signal individual
|
|
|
|
|
// containers without killing the entire sandbox.
|
|
|
|
|
func TestMultiContainerSignal(t *testing.T) {
|
|
|
|
|
for _, conf := range configs(all...) {
|
|
|
|
|
t.Logf("Running test with conf: %+v", conf)
|
|
|
|
|
|
|
|
|
|
// Setup the containers.
|
|
|
|
|
sleep := []string{"sleep", "100"}
|
|
|
|
|
specs, ids := createSpecs(sleep, sleep)
|
2018-09-28 05:52:25 +00:00
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
2018-09-06 17:40:53 +00:00
|
|
|
}
|
2018-09-28 05:52:25 +00:00
|
|
|
defer cleanup()
|
2018-09-06 17:40:53 +00:00
|
|
|
|
2018-09-27 22:00:03 +00:00
|
|
|
// Check via ps that container 1 process is running.
|
2018-09-06 17:40:53 +00:00
|
|
|
expectedPL := []*control.Process{
|
|
|
|
|
{PID: 2, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-27 22:00:03 +00:00
|
|
|
if err := waitForProcessList(containers[1], expectedPL); err != nil {
|
2018-09-06 17:40:53 +00:00
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Kill process 2.
|
2018-10-17 17:50:24 +00:00
|
|
|
if err := containers[1].SignalContainer(syscall.SIGKILL, false); err != nil {
|
2018-09-06 17:40:53 +00:00
|
|
|
t.Errorf("failed to kill process 2: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Make sure process 1 is still running.
|
2018-09-27 22:00:03 +00:00
|
|
|
expectedPL = []*control.Process{
|
|
|
|
|
{PID: 1, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[0], expectedPL); err != nil {
|
2018-09-06 17:40:53 +00:00
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-19 02:11:49 +00:00
|
|
|
// goferPid is reset when container is destroyed.
|
|
|
|
|
goferPid := containers[1].GoferPid
|
|
|
|
|
|
2018-09-18 22:20:19 +00:00
|
|
|
// Destroy container and ensure container's gofer process has exited.
|
|
|
|
|
if err := containers[1].Destroy(); err != nil {
|
|
|
|
|
t.Errorf("failed to destroy container: %v", err)
|
|
|
|
|
}
|
2019-08-02 20:46:42 +00:00
|
|
|
_, _, err = specutils.RetryEintr(func() (uintptr, uintptr, error) {
|
2018-09-19 02:11:49 +00:00
|
|
|
cpid, err := syscall.Wait4(goferPid, nil, 0, nil)
|
2018-09-18 22:20:19 +00:00
|
|
|
return uintptr(cpid), 0, err
|
|
|
|
|
})
|
2019-01-11 18:31:21 +00:00
|
|
|
if err != syscall.ECHILD {
|
2018-09-18 22:20:19 +00:00
|
|
|
t.Errorf("error waiting for gofer to exit: %v", err)
|
|
|
|
|
}
|
|
|
|
|
// Make sure process 1 is still running.
|
2018-09-27 22:00:03 +00:00
|
|
|
if err := waitForProcessList(containers[0], expectedPL); err != nil {
|
2018-09-18 22:20:19 +00:00
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-06 17:40:53 +00:00
|
|
|
// Now that process 2 is gone, ensure we get an error trying to
|
|
|
|
|
// signal it again.
|
2018-10-17 17:50:24 +00:00
|
|
|
if err := containers[1].SignalContainer(syscall.SIGKILL, false); err == nil {
|
2018-09-06 17:40:53 +00:00
|
|
|
t.Errorf("container %q shouldn't exist, but we were able to signal it", containers[1].ID)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Kill process 1.
|
2018-10-17 17:50:24 +00:00
|
|
|
if err := containers[0].SignalContainer(syscall.SIGKILL, false); err != nil {
|
2018-09-06 17:40:53 +00:00
|
|
|
t.Errorf("failed to kill process 1: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-18 22:20:19 +00:00
|
|
|
// Ensure that container's gofer and sandbox process are no more.
|
2019-01-11 18:31:21 +00:00
|
|
|
err = blockUntilWaitable(containers[0].GoferPid)
|
2018-09-18 22:20:19 +00:00
|
|
|
if err != nil && err != syscall.ECHILD {
|
|
|
|
|
t.Errorf("error waiting for gofer to exit: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-11 18:31:21 +00:00
|
|
|
err = blockUntilWaitable(containers[0].Sandbox.Pid)
|
2018-09-18 22:20:19 +00:00
|
|
|
if err != nil && err != syscall.ECHILD {
|
|
|
|
|
t.Errorf("error waiting for sandbox to exit: %v", err)
|
2018-09-06 17:40:53 +00:00
|
|
|
}
|
|
|
|
|
|
2018-09-18 22:20:19 +00:00
|
|
|
// The sentry should be gone, so signaling should yield an error.
|
2018-10-17 17:50:24 +00:00
|
|
|
if err := containers[0].SignalContainer(syscall.SIGKILL, false); err == nil {
|
2018-09-06 17:40:53 +00:00
|
|
|
t.Errorf("sandbox %q shouldn't exist, but we were able to signal it", containers[0].Sandbox.ID)
|
|
|
|
|
}
|
2019-01-11 18:31:21 +00:00
|
|
|
|
|
|
|
|
if err := containers[0].Destroy(); err != nil {
|
|
|
|
|
t.Errorf("failed to destroy container: %v", err)
|
|
|
|
|
}
|
2018-09-06 17:40:53 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-09-20 01:52:53 +00:00
|
|
|
|
|
|
|
|
// TestMultiContainerDestroy checks that container are properly cleaned-up when
|
|
|
|
|
// they are destroyed.
|
|
|
|
|
func TestMultiContainerDestroy(t *testing.T) {
|
2019-05-03 02:26:16 +00:00
|
|
|
app, err := testutil.FindFile("runsc/container/test_app/test_app")
|
2018-09-28 19:20:56 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("error finding test_app:", err)
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-20 01:52:53 +00:00
|
|
|
for _, conf := range configs(all...) {
|
|
|
|
|
t.Logf("Running test with conf: %+v", conf)
|
|
|
|
|
|
2018-09-28 19:20:56 +00:00
|
|
|
// First container will remain intact while the second container is killed.
|
|
|
|
|
specs, ids := createSpecs(
|
|
|
|
|
[]string{app, "reaper"},
|
|
|
|
|
[]string{app, "fork-bomb"})
|
2018-09-28 05:52:25 +00:00
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
2018-09-20 01:52:53 +00:00
|
|
|
}
|
2018-09-28 05:52:25 +00:00
|
|
|
defer cleanup()
|
2018-09-20 01:52:53 +00:00
|
|
|
|
2018-09-28 19:20:56 +00:00
|
|
|
// Exec more processes to ensure signal all works for exec'd processes too.
|
|
|
|
|
args := &control.ExecArgs{
|
|
|
|
|
Filename: app,
|
|
|
|
|
Argv: []string{app, "fork-bomb"},
|
|
|
|
|
}
|
|
|
|
|
if _, err := containers[1].Execute(args); err != nil {
|
|
|
|
|
t.Fatalf("error exec'ing: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Let it brew...
|
|
|
|
|
time.Sleep(500 * time.Millisecond)
|
|
|
|
|
|
2018-09-20 01:52:53 +00:00
|
|
|
if err := containers[1].Destroy(); err != nil {
|
|
|
|
|
t.Fatalf("error destroying container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-28 19:20:56 +00:00
|
|
|
// Check that destroy killed all processes belonging to the container and
|
|
|
|
|
// waited for them to exit before returning.
|
|
|
|
|
pss, err := containers[0].Sandbox.Processes("")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error getting process data from sandbox: %v", err)
|
|
|
|
|
}
|
|
|
|
|
expectedPL := []*control.Process{{PID: 1, Cmd: "test_app"}}
|
|
|
|
|
if !procListsEqual(pss, expectedPL) {
|
|
|
|
|
t.Errorf("container got process list: %s, want: %s", procListToString(pss), procListToString(expectedPL))
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-20 01:52:53 +00:00
|
|
|
// Check that cont.Destroy is safe to call multiple times.
|
|
|
|
|
if err := containers[1].Destroy(); err != nil {
|
|
|
|
|
t.Errorf("error destroying container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
|
|
|
|
|
func TestMultiContainerProcesses(t *testing.T) {
|
runsc: Support job control signals in "exec -it".
Terminal support in runsc relies on host tty file descriptors that are imported
into the sandbox. Application tty ioctls are sent directly to the host fd.
However, those host tty ioctls are associated in the host kernel with a host
process (in this case runsc), and the host kernel intercepts job control
characters like ^C and send signals to the host process. Thus, typing ^C into a
"runsc exec" shell will send a SIGINT to the runsc process.
This change makes "runsc exec" handle all signals, and forward them into the
sandbox via the "ContainerSignal" urpc method. Since the "runsc exec" is
associated with a particular container process in the sandbox, the signal must
be associated with the same container process.
One big difficulty is that the signal should not necessarily be sent to the
sandbox process started by "exec", but instead must be sent to the foreground
process group for the tty. For example, we may exec "bash", and from bash call
"sleep 100". A ^C at this point should SIGINT sleep, not bash.
To handle this, tty files inside the sandbox must keep track of their
foreground process group, which is set/get via ioctls. When an incoming
ContainerSignal urpc comes in, we look up the foreground process group via the
tty file. Unfortunately, this means we have to expose and cache the tty file in
the Loader.
Note that "runsc exec" now handles signals properly, but "runs run" does not.
That will come in a later CL, as this one is complex enough already.
Example:
root@:/usr/local/apache2# sleep 100
^C
root@:/usr/local/apache2# sleep 100
^Z
[1]+ Stopped sleep 100
root@:/usr/local/apache2# fg
sleep 100
^C
root@:/usr/local/apache2#
PiperOrigin-RevId: 215334554
Change-Id: I53cdce39653027908510a5ba8d08c49f9cf24f39
2018-10-02 05:05:41 +00:00
|
|
|
// Note: use curly braces to keep 'sh' process around. Otherwise, shell
|
|
|
|
|
// will just execve into 'sleep' and both containers will look the
|
|
|
|
|
// same.
|
2018-09-27 22:00:03 +00:00
|
|
|
specs, ids := createSpecs(
|
|
|
|
|
[]string{"sleep", "100"},
|
runsc: Support job control signals in "exec -it".
Terminal support in runsc relies on host tty file descriptors that are imported
into the sandbox. Application tty ioctls are sent directly to the host fd.
However, those host tty ioctls are associated in the host kernel with a host
process (in this case runsc), and the host kernel intercepts job control
characters like ^C and send signals to the host process. Thus, typing ^C into a
"runsc exec" shell will send a SIGINT to the runsc process.
This change makes "runsc exec" handle all signals, and forward them into the
sandbox via the "ContainerSignal" urpc method. Since the "runsc exec" is
associated with a particular container process in the sandbox, the signal must
be associated with the same container process.
One big difficulty is that the signal should not necessarily be sent to the
sandbox process started by "exec", but instead must be sent to the foreground
process group for the tty. For example, we may exec "bash", and from bash call
"sleep 100". A ^C at this point should SIGINT sleep, not bash.
To handle this, tty files inside the sandbox must keep track of their
foreground process group, which is set/get via ioctls. When an incoming
ContainerSignal urpc comes in, we look up the foreground process group via the
tty file. Unfortunately, this means we have to expose and cache the tty file in
the Loader.
Note that "runsc exec" now handles signals properly, but "runs run" does not.
That will come in a later CL, as this one is complex enough already.
Example:
root@:/usr/local/apache2# sleep 100
^C
root@:/usr/local/apache2# sleep 100
^Z
[1]+ Stopped sleep 100
root@:/usr/local/apache2# fg
sleep 100
^C
root@:/usr/local/apache2#
PiperOrigin-RevId: 215334554
Change-Id: I53cdce39653027908510a5ba8d08c49f9cf24f39
2018-10-02 05:05:41 +00:00
|
|
|
[]string{"sh", "-c", "{ sleep 100; }"})
|
2018-09-28 05:52:25 +00:00
|
|
|
conf := testutil.TestConfig()
|
|
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
2018-09-27 22:00:03 +00:00
|
|
|
if err != nil {
|
2018-09-28 05:52:25 +00:00
|
|
|
t.Fatalf("error starting containers: %v", err)
|
2018-09-27 22:00:03 +00:00
|
|
|
}
|
2018-09-28 05:52:25 +00:00
|
|
|
defer cleanup()
|
2018-09-27 22:00:03 +00:00
|
|
|
|
|
|
|
|
// Check root's container process list doesn't include other containers.
|
|
|
|
|
expectedPL0 := []*control.Process{
|
|
|
|
|
{PID: 1, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[0], expectedPL0); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for process to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Same for the other container.
|
|
|
|
|
expectedPL1 := []*control.Process{
|
|
|
|
|
{PID: 2, Cmd: "sh"},
|
|
|
|
|
{PID: 3, PPID: 2, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(containers[1], expectedPL1); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for process to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Now exec into the second container and verify it shows up in the container.
|
|
|
|
|
args := &control.ExecArgs{
|
|
|
|
|
Filename: "/bin/sleep",
|
|
|
|
|
Argv: []string{"/bin/sleep", "100"},
|
|
|
|
|
}
|
|
|
|
|
if _, err := containers[1].Execute(args); err != nil {
|
|
|
|
|
t.Fatalf("error exec'ing: %v", err)
|
|
|
|
|
}
|
|
|
|
|
expectedPL1 = append(expectedPL1, &control.Process{PID: 4, Cmd: "sleep"})
|
|
|
|
|
if err := waitForProcessList(containers[1], expectedPL1); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for process to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
// Root container should remain unchanged.
|
|
|
|
|
if err := waitForProcessList(containers[0], expectedPL0); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for process to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TestMultiContainerKillAll checks that all process that belong to a container
|
|
|
|
|
// are killed when SIGKILL is sent to *all* processes in that container.
|
|
|
|
|
func TestMultiContainerKillAll(t *testing.T) {
|
2018-09-29 01:14:59 +00:00
|
|
|
for _, tc := range []struct {
|
|
|
|
|
killContainer bool
|
|
|
|
|
}{
|
|
|
|
|
{killContainer: true},
|
|
|
|
|
{killContainer: false},
|
|
|
|
|
} {
|
2019-05-03 02:26:16 +00:00
|
|
|
app, err := testutil.FindFile("runsc/container/test_app/test_app")
|
2018-09-29 01:14:59 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("error finding test_app:", err)
|
|
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
|
2018-09-29 01:14:59 +00:00
|
|
|
// First container will remain intact while the second container is killed.
|
|
|
|
|
specs, ids := createSpecs(
|
|
|
|
|
[]string{app, "task-tree", "--depth=2", "--width=2"},
|
|
|
|
|
[]string{app, "task-tree", "--depth=4", "--width=2"})
|
|
|
|
|
conf := testutil.TestConfig()
|
|
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
2018-09-27 22:00:03 +00:00
|
|
|
|
2018-09-29 01:14:59 +00:00
|
|
|
// Wait until all processes are created.
|
|
|
|
|
rootProcCount := int(math.Pow(2, 3) - 1)
|
|
|
|
|
if err := waitForProcessCount(containers[0], rootProcCount); err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
procCount := int(math.Pow(2, 5) - 1)
|
|
|
|
|
if err := waitForProcessCount(containers[1], procCount); err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
|
2018-09-29 01:14:59 +00:00
|
|
|
// Exec more processes to ensure signal works for exec'd processes too.
|
|
|
|
|
args := &control.ExecArgs{
|
|
|
|
|
Filename: app,
|
|
|
|
|
Argv: []string{app, "task-tree", "--depth=2", "--width=2"},
|
|
|
|
|
}
|
|
|
|
|
if _, err := containers[1].Execute(args); err != nil {
|
|
|
|
|
t.Fatalf("error exec'ing: %v", err)
|
|
|
|
|
}
|
2018-10-03 17:46:42 +00:00
|
|
|
// Wait for these new processes to start.
|
|
|
|
|
procCount += int(math.Pow(2, 3) - 1)
|
2018-09-29 01:14:59 +00:00
|
|
|
if err := waitForProcessCount(containers[1], procCount); err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if tc.killContainer {
|
|
|
|
|
// First kill the init process to make the container be stopped with
|
|
|
|
|
// processes still running inside.
|
2018-10-17 17:50:24 +00:00
|
|
|
containers[1].SignalContainer(syscall.SIGKILL, false)
|
2018-09-29 01:14:59 +00:00
|
|
|
op := func() error {
|
|
|
|
|
c, err := Load(conf.RootDir, ids[1])
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if c.Status != Stopped {
|
|
|
|
|
return fmt.Errorf("container is not stopped")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
if err := testutil.Poll(op, 5*time.Second); err != nil {
|
|
|
|
|
t.Fatalf("container did not stop %q: %v", containers[1].ID, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
|
2018-09-29 01:14:59 +00:00
|
|
|
c, err := Load(conf.RootDir, ids[1])
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("failed to load child container %q: %v", c.ID, err)
|
|
|
|
|
}
|
|
|
|
|
// Kill'Em All
|
2018-10-17 17:50:24 +00:00
|
|
|
if err := c.SignalContainer(syscall.SIGKILL, true); err != nil {
|
2018-09-29 01:14:59 +00:00
|
|
|
t.Fatalf("failed to send SIGKILL to container %q: %v", c.ID, err)
|
|
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
|
2018-09-29 01:14:59 +00:00
|
|
|
// Check that all processes are gone.
|
|
|
|
|
if err := waitForProcessCount(containers[1], 0); err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
// Check that root container was not affected.
|
|
|
|
|
if err := waitForProcessCount(containers[0], rootProcCount); err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2018-09-27 22:00:03 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-11-06 05:28:45 +00:00
|
|
|
|
|
|
|
|
func TestMultiContainerDestroyNotStarted(t *testing.T) {
|
|
|
|
|
specs, ids := createSpecs(
|
|
|
|
|
[]string{"/bin/sleep", "100"},
|
|
|
|
|
[]string{"/bin/sleep", "100"})
|
|
|
|
|
rootDir, err := testutil.SetupRootDir()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating root dir: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(rootDir)
|
|
|
|
|
|
2018-11-08 05:30:11 +00:00
|
|
|
conf := testutil.TestConfigWithRoot(rootDir)
|
|
|
|
|
|
2018-11-06 05:28:45 +00:00
|
|
|
// Create and start root container.
|
2018-11-08 05:30:11 +00:00
|
|
|
rootBundleDir, err := testutil.SetupBundleDir(specs[0])
|
2018-11-06 05:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error setting up container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(rootBundleDir)
|
|
|
|
|
|
2019-06-18 21:45:50 +00:00
|
|
|
rootArgs := Args{
|
|
|
|
|
ID: ids[0],
|
|
|
|
|
Spec: specs[0],
|
|
|
|
|
BundleDir: rootBundleDir,
|
|
|
|
|
}
|
|
|
|
|
root, err := New(conf, rootArgs)
|
2018-11-06 05:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating root container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer root.Destroy()
|
|
|
|
|
if err := root.Start(conf); err != nil {
|
|
|
|
|
t.Fatalf("error starting root container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create and destroy sub-container.
|
2018-11-08 05:30:11 +00:00
|
|
|
bundleDir, err := testutil.SetupBundleDir(specs[1])
|
2018-11-06 05:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error setting up container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(bundleDir)
|
|
|
|
|
|
2019-06-18 21:45:50 +00:00
|
|
|
args := Args{
|
|
|
|
|
ID: ids[1],
|
|
|
|
|
Spec: specs[1],
|
|
|
|
|
BundleDir: bundleDir,
|
|
|
|
|
}
|
|
|
|
|
cont, err := New(conf, args)
|
2018-11-06 05:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check that container can be destroyed.
|
|
|
|
|
if err := cont.Destroy(); err != nil {
|
|
|
|
|
t.Fatalf("deleting non-started container failed: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TestMultiContainerDestroyStarting attempts to force a race between start
|
|
|
|
|
// and destroy.
|
|
|
|
|
func TestMultiContainerDestroyStarting(t *testing.T) {
|
|
|
|
|
cmds := make([][]string, 10)
|
|
|
|
|
for i := range cmds {
|
|
|
|
|
cmds[i] = []string{"/bin/sleep", "100"}
|
|
|
|
|
}
|
|
|
|
|
specs, ids := createSpecs(cmds...)
|
|
|
|
|
|
|
|
|
|
rootDir, err := testutil.SetupRootDir()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating root dir: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(rootDir)
|
|
|
|
|
|
2018-11-08 05:30:11 +00:00
|
|
|
conf := testutil.TestConfigWithRoot(rootDir)
|
|
|
|
|
|
2018-11-06 05:28:45 +00:00
|
|
|
// Create and start root container.
|
2018-11-08 05:30:11 +00:00
|
|
|
rootBundleDir, err := testutil.SetupBundleDir(specs[0])
|
2018-11-06 05:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error setting up container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(rootBundleDir)
|
|
|
|
|
|
2019-06-18 21:45:50 +00:00
|
|
|
rootArgs := Args{
|
|
|
|
|
ID: ids[0],
|
|
|
|
|
Spec: specs[0],
|
|
|
|
|
BundleDir: rootBundleDir,
|
|
|
|
|
}
|
|
|
|
|
root, err := New(conf, rootArgs)
|
2018-11-06 05:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating root container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer root.Destroy()
|
|
|
|
|
if err := root.Start(conf); err != nil {
|
|
|
|
|
t.Fatalf("error starting root container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
wg := sync.WaitGroup{}
|
|
|
|
|
for i := range cmds {
|
|
|
|
|
if i == 0 {
|
|
|
|
|
continue // skip root container
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-08 05:30:11 +00:00
|
|
|
bundleDir, err := testutil.SetupBundleDir(specs[i])
|
2018-11-06 05:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error setting up container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(bundleDir)
|
|
|
|
|
|
2019-06-18 21:45:50 +00:00
|
|
|
rootArgs := Args{
|
|
|
|
|
ID: ids[i],
|
|
|
|
|
Spec: specs[i],
|
|
|
|
|
BundleDir: rootBundleDir,
|
|
|
|
|
}
|
|
|
|
|
cont, err := New(conf, rootArgs)
|
2018-11-06 05:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Container is not thread safe, so load another instance to run in
|
|
|
|
|
// concurrently.
|
|
|
|
|
startCont, err := Load(rootDir, ids[i])
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error loading container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
wg.Add(1)
|
|
|
|
|
go func() {
|
|
|
|
|
defer wg.Done()
|
|
|
|
|
startCont.Start(conf) // ignore failures, start can fail if destroy runs first.
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
wg.Add(1)
|
|
|
|
|
go func() {
|
|
|
|
|
defer wg.Done()
|
|
|
|
|
if err := cont.Destroy(); err != nil {
|
|
|
|
|
t.Errorf("deleting non-started container failed: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
}
|
|
|
|
|
wg.Wait()
|
|
|
|
|
}
|
2018-11-09 18:57:45 +00:00
|
|
|
|
2019-07-23 21:35:50 +00:00
|
|
|
// TestMultiContainerDifferentFilesystems tests that different containers have
|
|
|
|
|
// different root filesystems.
|
|
|
|
|
func TestMultiContainerDifferentFilesystems(t *testing.T) {
|
|
|
|
|
filename := "/foo"
|
|
|
|
|
// Root container will create file and then sleep.
|
|
|
|
|
cmdRoot := []string{"sh", "-c", fmt.Sprintf("touch %q && sleep 100", filename)}
|
|
|
|
|
|
|
|
|
|
// Child containers will assert that the file does not exist, and will
|
|
|
|
|
// then create it.
|
|
|
|
|
script := fmt.Sprintf("if [ -f %q ]; then exit 1; else touch %q; fi", filename, filename)
|
|
|
|
|
cmd := []string{"sh", "-c", script}
|
|
|
|
|
|
|
|
|
|
// Make sure overlay is enabled, and none of the root filesystems are
|
|
|
|
|
// read-only, otherwise we won't be able to create the file.
|
|
|
|
|
conf := testutil.TestConfig()
|
|
|
|
|
conf.Overlay = true
|
|
|
|
|
specs, ids := createSpecs(cmdRoot, cmd, cmd)
|
|
|
|
|
for _, s := range specs {
|
|
|
|
|
s.Root.Readonly = false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
// Both child containers should exit successfully.
|
|
|
|
|
for i, c := range containers {
|
|
|
|
|
if i == 0 {
|
|
|
|
|
// Don't wait on the root.
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if ws, err := c.Wait(); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for process %s: %v", c.Spec.Process.Args, err)
|
|
|
|
|
} else if es := ws.ExitStatus(); es != 0 {
|
|
|
|
|
t.Errorf("process %s exited with non-zero status %d", c.Spec.Process.Args, es)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-02 20:46:42 +00:00
|
|
|
// TestMultiContainerContainerDestroyStress tests that IO operations continue
|
|
|
|
|
// to work after containers have been stopped and gofers killed.
|
|
|
|
|
func TestMultiContainerContainerDestroyStress(t *testing.T) {
|
2019-05-03 02:26:16 +00:00
|
|
|
app, err := testutil.FindFile("runsc/container/test_app/test_app")
|
2018-11-09 18:57:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("error finding test_app:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Setup containers. Root container just reaps children, while the others
|
|
|
|
|
// perform some IOs. Children are executed in 3 batches of 10. Within the
|
|
|
|
|
// batch there is overlap between containers starting and being destroyed. In
|
|
|
|
|
// between batches all containers stop before starting another batch.
|
|
|
|
|
cmds := [][]string{{app, "reaper"}}
|
|
|
|
|
const batchSize = 10
|
|
|
|
|
for i := 0; i < 3*batchSize; i++ {
|
2019-01-19 00:07:28 +00:00
|
|
|
dir, err := ioutil.TempDir(testutil.TmpDir(), "gofer-stop-test")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("ioutil.TempDir failed:", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(dir)
|
|
|
|
|
|
2019-01-16 20:47:21 +00:00
|
|
|
cmd := "find /bin -type f | head | xargs -I SRC cp SRC " + dir
|
|
|
|
|
cmds = append(cmds, []string{"sh", "-c", cmd})
|
2018-11-09 18:57:45 +00:00
|
|
|
}
|
|
|
|
|
allSpecs, allIDs := createSpecs(cmds...)
|
|
|
|
|
|
|
|
|
|
rootDir, err := testutil.SetupRootDir()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating root dir: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(rootDir)
|
|
|
|
|
|
|
|
|
|
// Split up the specs and IDs.
|
|
|
|
|
rootSpec := allSpecs[0]
|
|
|
|
|
rootID := allIDs[0]
|
|
|
|
|
childrenSpecs := allSpecs[1:]
|
|
|
|
|
childrenIDs := allIDs[1:]
|
|
|
|
|
|
|
|
|
|
bundleDir, err := testutil.SetupBundleDir(rootSpec)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error setting up bundle dir: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(bundleDir)
|
|
|
|
|
|
|
|
|
|
// Start root container.
|
|
|
|
|
conf := testutil.TestConfigWithRoot(rootDir)
|
2019-06-18 21:45:50 +00:00
|
|
|
rootArgs := Args{
|
|
|
|
|
ID: rootID,
|
|
|
|
|
Spec: rootSpec,
|
|
|
|
|
BundleDir: bundleDir,
|
|
|
|
|
}
|
|
|
|
|
root, err := New(conf, rootArgs)
|
2018-11-09 18:57:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating root container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if err := root.Start(conf); err != nil {
|
|
|
|
|
t.Fatalf("error starting root container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer root.Destroy()
|
|
|
|
|
|
|
|
|
|
// Run batches. Each batch starts containers in parallel, then wait and
|
|
|
|
|
// destroy them before starting another batch.
|
|
|
|
|
for i := 0; i < len(childrenSpecs); i += batchSize {
|
|
|
|
|
t.Logf("Starting batch from %d to %d", i, i+batchSize)
|
|
|
|
|
specs := childrenSpecs[i : i+batchSize]
|
|
|
|
|
ids := childrenIDs[i : i+batchSize]
|
|
|
|
|
|
|
|
|
|
var children []*Container
|
|
|
|
|
for j, spec := range specs {
|
|
|
|
|
bundleDir, err := testutil.SetupBundleDir(spec)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error setting up container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(bundleDir)
|
|
|
|
|
|
2019-06-18 21:45:50 +00:00
|
|
|
args := Args{
|
|
|
|
|
ID: ids[j],
|
|
|
|
|
Spec: spec,
|
|
|
|
|
BundleDir: bundleDir,
|
|
|
|
|
}
|
|
|
|
|
child, err := New(conf, args)
|
2018-11-09 18:57:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
children = append(children, child)
|
|
|
|
|
|
|
|
|
|
if err := child.Start(conf); err != nil {
|
|
|
|
|
t.Fatalf("error starting container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Give a small gap between containers.
|
|
|
|
|
time.Sleep(50 * time.Millisecond)
|
|
|
|
|
}
|
|
|
|
|
for _, child := range children {
|
|
|
|
|
ws, err := child.Wait()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("waiting for container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if !ws.Exited() || ws.ExitStatus() != 0 {
|
|
|
|
|
t.Fatalf("container failed, waitStatus: %x (%d)", ws, ws.ExitStatus())
|
|
|
|
|
}
|
|
|
|
|
if err := child.Destroy(); err != nil {
|
|
|
|
|
t.Fatalf("error destroying container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-06-11 21:52:06 +00:00
|
|
|
|
|
|
|
|
// Test that pod shared mounts are properly mounted in 2 containers and that
|
|
|
|
|
// changes from one container is reflected in the other.
|
|
|
|
|
func TestMultiContainerSharedMount(t *testing.T) {
|
|
|
|
|
for _, conf := range configs(all...) {
|
|
|
|
|
t.Logf("Running test with conf: %+v", conf)
|
|
|
|
|
|
|
|
|
|
// Setup the containers.
|
|
|
|
|
sleep := []string{"sleep", "100"}
|
|
|
|
|
podSpec, ids := createSpecs(sleep, sleep)
|
|
|
|
|
mnt0 := specs.Mount{
|
|
|
|
|
Destination: "/mydir/test",
|
|
|
|
|
Source: "/some/dir",
|
|
|
|
|
Type: "tmpfs",
|
|
|
|
|
Options: nil,
|
|
|
|
|
}
|
|
|
|
|
podSpec[0].Mounts = append(podSpec[0].Mounts, mnt0)
|
|
|
|
|
|
|
|
|
|
mnt1 := mnt0
|
|
|
|
|
mnt1.Destination = "/mydir2/test2"
|
|
|
|
|
podSpec[1].Mounts = append(podSpec[1].Mounts, mnt1)
|
|
|
|
|
|
|
|
|
|
createSharedMount(mnt0, "test-mount", podSpec...)
|
|
|
|
|
|
|
|
|
|
containers, cleanup, err := startContainers(conf, podSpec, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
file0 := path.Join(mnt0.Destination, "abc")
|
|
|
|
|
file1 := path.Join(mnt1.Destination, "abc")
|
|
|
|
|
execs := []execDesc{
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-d", mnt0.Destination},
|
|
|
|
|
desc: "directory is mounted in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-d", mnt1.Destination},
|
|
|
|
|
desc: "directory is mounted in container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/touch", file0},
|
|
|
|
|
desc: "create file in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-f", file0},
|
|
|
|
|
desc: "file appears in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-f", file1},
|
|
|
|
|
desc: "file appears in container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/bin/rm", file1},
|
|
|
|
|
desc: "file removed from container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "!", "-f", file0},
|
|
|
|
|
desc: "file removed from container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "!", "-f", file1},
|
|
|
|
|
desc: "file removed from container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/bin/mkdir", file1},
|
|
|
|
|
desc: "create directory in container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-d", file0},
|
|
|
|
|
desc: "dir appears in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-d", file1},
|
|
|
|
|
desc: "dir appears in container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/bin/rmdir", file0},
|
|
|
|
|
desc: "create directory in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "!", "-d", file0},
|
|
|
|
|
desc: "dir removed from container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "!", "-d", file1},
|
|
|
|
|
desc: "dir removed from container1",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
if err := execMany(execs); err != nil {
|
|
|
|
|
t.Fatal(err.Error())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test that pod mounts are mounted as readonly when requested.
|
|
|
|
|
func TestMultiContainerSharedMountReadonly(t *testing.T) {
|
|
|
|
|
for _, conf := range configs(all...) {
|
|
|
|
|
t.Logf("Running test with conf: %+v", conf)
|
|
|
|
|
|
|
|
|
|
// Setup the containers.
|
|
|
|
|
sleep := []string{"sleep", "100"}
|
|
|
|
|
podSpec, ids := createSpecs(sleep, sleep)
|
|
|
|
|
mnt0 := specs.Mount{
|
|
|
|
|
Destination: "/mydir/test",
|
|
|
|
|
Source: "/some/dir",
|
|
|
|
|
Type: "tmpfs",
|
|
|
|
|
Options: []string{"ro"},
|
|
|
|
|
}
|
|
|
|
|
podSpec[0].Mounts = append(podSpec[0].Mounts, mnt0)
|
|
|
|
|
|
|
|
|
|
mnt1 := mnt0
|
|
|
|
|
mnt1.Destination = "/mydir2/test2"
|
|
|
|
|
podSpec[1].Mounts = append(podSpec[1].Mounts, mnt1)
|
|
|
|
|
|
|
|
|
|
createSharedMount(mnt0, "test-mount", podSpec...)
|
|
|
|
|
|
|
|
|
|
containers, cleanup, err := startContainers(conf, podSpec, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
file0 := path.Join(mnt0.Destination, "abc")
|
|
|
|
|
file1 := path.Join(mnt1.Destination, "abc")
|
|
|
|
|
execs := []execDesc{
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-d", mnt0.Destination},
|
|
|
|
|
desc: "directory is mounted in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-d", mnt1.Destination},
|
|
|
|
|
desc: "directory is mounted in container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/touch", file0},
|
|
|
|
|
want: 1,
|
|
|
|
|
desc: "fails to write to container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/touch", file1},
|
|
|
|
|
want: 1,
|
|
|
|
|
desc: "fails to write to container1",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
if err := execMany(execs); err != nil {
|
|
|
|
|
t.Fatal(err.Error())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Test that shared pod mounts continue to work after container is restarted.
|
|
|
|
|
func TestMultiContainerSharedMountRestart(t *testing.T) {
|
|
|
|
|
for _, conf := range configs(all...) {
|
|
|
|
|
t.Logf("Running test with conf: %+v", conf)
|
|
|
|
|
|
|
|
|
|
// Setup the containers.
|
|
|
|
|
sleep := []string{"sleep", "100"}
|
|
|
|
|
podSpec, ids := createSpecs(sleep, sleep)
|
|
|
|
|
mnt0 := specs.Mount{
|
|
|
|
|
Destination: "/mydir/test",
|
|
|
|
|
Source: "/some/dir",
|
|
|
|
|
Type: "tmpfs",
|
|
|
|
|
Options: nil,
|
|
|
|
|
}
|
|
|
|
|
podSpec[0].Mounts = append(podSpec[0].Mounts, mnt0)
|
|
|
|
|
|
|
|
|
|
mnt1 := mnt0
|
|
|
|
|
mnt1.Destination = "/mydir2/test2"
|
|
|
|
|
podSpec[1].Mounts = append(podSpec[1].Mounts, mnt1)
|
|
|
|
|
|
|
|
|
|
createSharedMount(mnt0, "test-mount", podSpec...)
|
|
|
|
|
|
|
|
|
|
containers, cleanup, err := startContainers(conf, podSpec, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
file0 := path.Join(mnt0.Destination, "abc")
|
|
|
|
|
file1 := path.Join(mnt1.Destination, "abc")
|
|
|
|
|
execs := []execDesc{
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/touch", file0},
|
|
|
|
|
desc: "create file in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-f", file0},
|
|
|
|
|
desc: "file appears in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-f", file1},
|
|
|
|
|
desc: "file appears in container1",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
if err := execMany(execs); err != nil {
|
|
|
|
|
t.Fatal(err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
containers[1].Destroy()
|
|
|
|
|
|
|
|
|
|
bundleDir, err := testutil.SetupBundleDir(podSpec[1])
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error restarting container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(bundleDir)
|
|
|
|
|
|
2019-06-18 21:45:50 +00:00
|
|
|
args := Args{
|
|
|
|
|
ID: ids[1],
|
|
|
|
|
Spec: podSpec[1],
|
|
|
|
|
BundleDir: bundleDir,
|
|
|
|
|
}
|
|
|
|
|
containers[1], err = New(conf, args)
|
2019-06-11 21:52:06 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error creating container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if err := containers[1].Start(conf); err != nil {
|
|
|
|
|
t.Fatalf("error starting container: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
execs = []execDesc{
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-f", file0},
|
|
|
|
|
desc: "file is still in container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "-f", file1},
|
|
|
|
|
desc: "file is still in container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/bin/rm", file1},
|
|
|
|
|
desc: "file removed from container1",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[0],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "!", "-f", file0},
|
|
|
|
|
desc: "file removed from container0",
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
c: containers[1],
|
|
|
|
|
cmd: []string{"/usr/bin/test", "!", "-f", file1},
|
|
|
|
|
desc: "file removed from container1",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
if err := execMany(execs); err != nil {
|
|
|
|
|
t.Fatal(err.Error())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-07-23 21:35:50 +00:00
|
|
|
|
|
|
|
|
// Test that one container can send an FD to another container, even though
|
|
|
|
|
// they have distinct MountNamespaces.
|
|
|
|
|
func TestMultiContainerMultiRootCanHandleFDs(t *testing.T) {
|
|
|
|
|
app, err := testutil.FindFile("runsc/container/test_app/test_app")
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal("error finding test_app:", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We set up two containers with one shared mount that is used for a
|
|
|
|
|
// shared socket. The first container will send an FD over the socket
|
|
|
|
|
// to the second container. The FD corresponds to a file in the first
|
|
|
|
|
// container's mount namespace that is not part of the second
|
|
|
|
|
// container's mount namespace. However, the second container still
|
|
|
|
|
// should be able to read the FD.
|
|
|
|
|
|
|
|
|
|
// Create a shared mount where we will put the socket.
|
|
|
|
|
sharedMnt := specs.Mount{
|
|
|
|
|
Destination: "/mydir/test",
|
|
|
|
|
Type: "tmpfs",
|
|
|
|
|
// Shared mounts need a Source, even for tmpfs. It is only used
|
|
|
|
|
// to match up different shared mounts inside the pod.
|
|
|
|
|
Source: "/some/dir",
|
|
|
|
|
}
|
|
|
|
|
socketPath := filepath.Join(sharedMnt.Destination, "socket")
|
|
|
|
|
|
|
|
|
|
// Create a writeable tmpfs mount where the FD sender app will create
|
|
|
|
|
// files to send. This will only be mounted in the FD sender.
|
|
|
|
|
writeableMnt := specs.Mount{
|
|
|
|
|
Destination: "/tmp",
|
|
|
|
|
Type: "tmpfs",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create the specs.
|
|
|
|
|
specs, ids := createSpecs(
|
|
|
|
|
[]string{"sleep", "1000"},
|
|
|
|
|
[]string{app, "fd_sender", "--socket", socketPath},
|
|
|
|
|
[]string{app, "fd_receiver", "--socket", socketPath},
|
|
|
|
|
)
|
|
|
|
|
createSharedMount(sharedMnt, "shared-mount", specs...)
|
|
|
|
|
specs[1].Mounts = append(specs[2].Mounts, sharedMnt, writeableMnt)
|
|
|
|
|
specs[2].Mounts = append(specs[1].Mounts, sharedMnt)
|
|
|
|
|
|
|
|
|
|
conf := testutil.TestConfig()
|
|
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
// Both containers should exit successfully.
|
|
|
|
|
for _, c := range containers[1:] {
|
|
|
|
|
if ws, err := c.Wait(); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for process %s: %v", c.Spec.Process.Args, err)
|
|
|
|
|
} else if es := ws.ExitStatus(); es != 0 {
|
|
|
|
|
t.Errorf("process %s exited with non-zero status %d", c.Spec.Process.Args, es)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-08-02 20:46:42 +00:00
|
|
|
|
|
|
|
|
// Test that container is destroyed when Gofer is killed.
|
|
|
|
|
func TestMultiContainerGoferKilled(t *testing.T) {
|
|
|
|
|
sleep := []string{"sleep", "100"}
|
|
|
|
|
specs, ids := createSpecs(sleep, sleep, sleep)
|
|
|
|
|
conf := testutil.TestConfig()
|
|
|
|
|
containers, cleanup, err := startContainers(conf, specs, ids)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("error starting containers: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer cleanup()
|
|
|
|
|
|
|
|
|
|
// Ensure container is running
|
|
|
|
|
c := containers[2]
|
|
|
|
|
expectedPL := []*control.Process{
|
|
|
|
|
{PID: 3, Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(c, expectedPL); err != nil {
|
|
|
|
|
t.Errorf("failed to wait for sleep to start: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Kill container's gofer.
|
|
|
|
|
if err := syscall.Kill(c.GoferPid, syscall.SIGKILL); err != nil {
|
|
|
|
|
t.Fatalf("syscall.Kill(%d, SIGKILL)=%v", c.GoferPid, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until container stops.
|
|
|
|
|
if err := waitForProcessList(c, nil); err != nil {
|
|
|
|
|
t.Errorf("Container %q was not stopped after gofer death: %v", c.ID, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check that container isn't running anymore.
|
|
|
|
|
args := &control.ExecArgs{Argv: []string{"/bin/true"}}
|
|
|
|
|
if _, err := c.executeSync(args); err == nil {
|
|
|
|
|
t.Fatalf("Container %q was not stopped after gofer death", c.ID)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check that other containers are unaffected.
|
|
|
|
|
for i, c := range containers {
|
|
|
|
|
if i == 2 {
|
|
|
|
|
continue // container[2] has been killed.
|
|
|
|
|
}
|
|
|
|
|
pl := []*control.Process{
|
|
|
|
|
{PID: kernel.ThreadID(i + 1), Cmd: "sleep"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(c, pl); err != nil {
|
|
|
|
|
t.Errorf("Container %q was affected by another container: %v", c.ID, err)
|
|
|
|
|
}
|
|
|
|
|
args := &control.ExecArgs{Argv: []string{"/bin/true"}}
|
|
|
|
|
if _, err := c.executeSync(args); err != nil {
|
|
|
|
|
t.Fatalf("Container %q was affected by another container: %v", c.ID, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Kill root container's gofer to bring entire sandbox down.
|
|
|
|
|
c = containers[0]
|
|
|
|
|
if err := syscall.Kill(c.GoferPid, syscall.SIGKILL); err != nil {
|
|
|
|
|
t.Fatalf("syscall.Kill(%d, SIGKILL)=%v", c.GoferPid, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until sandbox stops. waitForProcessList will loop until sandbox exits
|
|
|
|
|
// and RPC errors out.
|
|
|
|
|
impossiblePL := []*control.Process{
|
|
|
|
|
{PID: 100, Cmd: "non-existent-process"},
|
|
|
|
|
}
|
|
|
|
|
if err := waitForProcessList(c, impossiblePL); err == nil {
|
|
|
|
|
t.Fatalf("Sandbox was not killed after gofer death")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check that entire sandbox isn't running anymore.
|
|
|
|
|
for _, c := range containers {
|
|
|
|
|
args := &control.ExecArgs{Argv: []string{"/bin/true"}}
|
|
|
|
|
if _, err := c.executeSync(args); err == nil {
|
|
|
|
|
t.Fatalf("Container %q was not stopped after gofer death", c.ID)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
