d5002c6adc
When enabled with `AllowUDS`, unix domain sockets can be created in the sandbox and bound on the host filesystem. The application can listen() and accept() on these sockets as usual. Accept'ed sockets will be donated to the sandbox, similar to how connect'ed sockets work. In order to make notifications like poll work, the gofer donates the host-bound socket FD to the sandbox, but the seccomp filters will (correctly) prevent the sandbox from calling listen and accept directly on that FD. Instead, listen and accept calls must go through the gofer. The donated host FD can should only be used to poll for new incoming connectins. Note that I changed the order of some of the Lisa RPCs in order to group Bind with the existing similar Connect method. This changes the RPC numbers in a backwards-incompatible way, but since nobody is using Lisa yet we are OK. It's better to make these cleanup changes now before we have users and are locked in. PiperOrigin-RevId: 447236441 |
||
---|---|---|
.. | ||
benchmarks | ||
cmd/test_app | ||
e2e | ||
fsstress | ||
fuse | ||
image | ||
iptables | ||
kubernetes | ||
packetdrill | ||
packetimpact | ||
perf | ||
root | ||
runner | ||
runtimes | ||
syscalls | ||
uds | ||
util | ||
BUILD | ||
README.md |
README.md
Tests
The tests defined under this path are verifying functionality beyond what unit tests can cover, e.g. integration and end to end tests. Due to their nature, they may need extra setup in the test machine and extra configuration to run.
- syscalls: system call tests use a local runner, and do not require additional configuration in the machine.
- integration: defines integration tests that uses
docker run
to test functionality. - image: basic end to end test for popular images. These require the same setup as integration tests.
- root: tests that require to be run as root. These require the same setup as integration tests.
- util: utilities library to support the tests.
For the above noted cases, the relevant runtime must be installed via runsc install
before running. Just note that they require specific configuration to
work. This is handled automatically by the test scripts in the scripts
directory and they can be used to run tests locally on your machine. They are
also used to run these tests in kokoro
.
Example:
To run image and integration tests, run:
make docker-tests
To run root tests, run:
make sudo TARGETS=test/root:root_test
There are a few other interesting variations for image and integration tests:
- overlay: sets writable overlay inside the sentry
- hostnet: configures host network pass-thru, instead of netstack
- kvm: runsc the test using the KVM platform, instead of ptrace
The test will build runsc, configure it with your local docker, restart
dockerd
, and run tests. The location for runsc logs is printed to the output.