256 lines
6.5 KiB
Go
256 lines
6.5 KiB
Go
// Copyright 2018 Google Inc.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package boot
|
|
|
|
import (
|
|
"os"
|
|
"sync"
|
|
"testing"
|
|
"time"
|
|
|
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
|
"gvisor.googlesource.com/gvisor/pkg/control/server"
|
|
"gvisor.googlesource.com/gvisor/pkg/log"
|
|
"gvisor.googlesource.com/gvisor/pkg/sentry/context/contexttest"
|
|
)
|
|
|
|
func init() {
|
|
log.SetLevel(log.Debug)
|
|
}
|
|
|
|
// testSpec returns a simple spec that can be used in tests.
|
|
func testSpec() *specs.Spec {
|
|
return &specs.Spec{
|
|
// The host filesystem root is the sandbox root.
|
|
Root: &specs.Root{
|
|
Path: "/",
|
|
Readonly: true,
|
|
},
|
|
Process: &specs.Process{
|
|
Args: []string{"/bin/true"},
|
|
},
|
|
}
|
|
}
|
|
|
|
func createLoader() (*Loader, error) {
|
|
fd, err := server.CreateSocket(ControlSocketAddr("123"))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
conf := &Config{
|
|
RootDir: "unused_root_dir",
|
|
Network: NetworkNone,
|
|
FileAccess: FileAccessDirect,
|
|
DisableSeccomp: true,
|
|
}
|
|
return New(testSpec(), conf, fd, nil, false)
|
|
}
|
|
|
|
// TestRun runs a simple application in a sandbox and checks that it succeeds.
|
|
func TestRun(t *testing.T) {
|
|
s, err := createLoader()
|
|
if err != nil {
|
|
t.Fatalf("error creating loader: %v", err)
|
|
}
|
|
defer s.Destroy()
|
|
|
|
// Start a goroutine to read the start chan result, otherwise Run will
|
|
// block forever.
|
|
var resultChanErr error
|
|
var wg sync.WaitGroup
|
|
wg.Add(1)
|
|
go func() {
|
|
resultChanErr = <-s.ctrl.app.startResultChan
|
|
wg.Done()
|
|
}()
|
|
|
|
// Run the application.
|
|
if err := s.Run(); err != nil {
|
|
t.Errorf("error running application: %v", err)
|
|
}
|
|
|
|
// We should have not gotten an error on the startResultChan.
|
|
wg.Wait()
|
|
if resultChanErr != nil {
|
|
t.Errorf("error on startResultChan: %v", resultChanErr)
|
|
}
|
|
|
|
// Wait for the application to exit. It should succeed.
|
|
if status := s.WaitExit(); status.Code != 0 || status.Signo != 0 {
|
|
t.Errorf("application exited with status %+v, want 0", status)
|
|
}
|
|
}
|
|
|
|
// TestStartSignal tests that the controller Start message will cause
|
|
// WaitForStartSignal to return.
|
|
func TestStartSignal(t *testing.T) {
|
|
s, err := createLoader()
|
|
if err != nil {
|
|
t.Fatalf("error creating loader: %v", err)
|
|
}
|
|
defer s.Destroy()
|
|
|
|
// We aren't going to wait on this application, so the control server
|
|
// needs to be shut down manually.
|
|
defer s.ctrl.srv.Stop()
|
|
|
|
// Start a goroutine that calls WaitForStartSignal and writes to a
|
|
// channel when it returns.
|
|
waitFinished := make(chan struct{})
|
|
go func() {
|
|
s.WaitForStartSignal()
|
|
// Pretend that Run() executed and returned no error.
|
|
s.ctrl.app.startResultChan <- nil
|
|
waitFinished <- struct{}{}
|
|
}()
|
|
|
|
// Nothing has been written to the channel, so waitFinished should not
|
|
// return. Give it a little bit of time to make sure the goroutine has
|
|
// started.
|
|
select {
|
|
case <-waitFinished:
|
|
t.Errorf("WaitForStartSignal completed but it should not have")
|
|
case <-time.After(50 * time.Millisecond):
|
|
// OK.
|
|
}
|
|
|
|
// Trigger the control server Start method.
|
|
if err := s.ctrl.app.Start(nil, nil); err != nil {
|
|
t.Errorf("error calling Start: %v", err)
|
|
}
|
|
|
|
// Now WaitForStartSignal should return (within a short amount of
|
|
// time).
|
|
select {
|
|
case <-waitFinished:
|
|
// OK.
|
|
case <-time.After(50 * time.Millisecond):
|
|
t.Errorf("WaitForStartSignal did not complete but it should have")
|
|
}
|
|
|
|
}
|
|
|
|
// Test that MountNamespace can be created with various specs.
|
|
func TestCreateMountNamespace(t *testing.T) {
|
|
conf := &Config{
|
|
RootDir: "unused_root_dir",
|
|
FileAccess: FileAccessDirect,
|
|
DisableSeccomp: true,
|
|
}
|
|
|
|
testCases := []struct {
|
|
name string
|
|
// Spec that will be used to create the mount manager. Note
|
|
// that we can't mount procfs without a kernel, so each spec
|
|
// MUST contain something other than procfs mounted at /proc.
|
|
spec specs.Spec
|
|
// Paths that are expected to exist in the resulting fs.
|
|
expectedPaths []string
|
|
}{
|
|
{
|
|
// Only proc.
|
|
name: "only proc mount",
|
|
spec: specs.Spec{
|
|
Root: &specs.Root{
|
|
Path: os.TempDir(),
|
|
Readonly: true,
|
|
},
|
|
Mounts: []specs.Mount{
|
|
{
|
|
Destination: "/proc",
|
|
Type: "tmpfs",
|
|
},
|
|
},
|
|
},
|
|
// /proc, /dev, and /sys should always be mounted.
|
|
expectedPaths: []string{"/proc", "/dev", "/sys"},
|
|
},
|
|
{
|
|
// Mount at a deep path, with many components that do
|
|
// not exist in the root.
|
|
name: "deep mount path",
|
|
spec: specs.Spec{
|
|
Root: &specs.Root{
|
|
Path: os.TempDir(),
|
|
Readonly: true,
|
|
},
|
|
Mounts: []specs.Mount{
|
|
{
|
|
Destination: "/some/very/very/deep/path",
|
|
Type: "tmpfs",
|
|
},
|
|
{
|
|
Destination: "/proc",
|
|
Type: "tmpfs",
|
|
},
|
|
},
|
|
},
|
|
// /some/deep/path should be mounted, along with /proc,
|
|
// /dev, and /sys.
|
|
expectedPaths: []string{"/some/very/very/deep/path", "/proc", "/dev", "/sys"},
|
|
},
|
|
{
|
|
// Mounts are nested inside eachother.
|
|
name: "nested mounts",
|
|
spec: specs.Spec{
|
|
Root: &specs.Root{
|
|
Path: os.TempDir(),
|
|
Readonly: true,
|
|
},
|
|
Mounts: []specs.Mount{
|
|
{
|
|
Destination: "/proc",
|
|
Type: "tmpfs",
|
|
},
|
|
{
|
|
Destination: "/foo",
|
|
Type: "tmpfs",
|
|
},
|
|
{
|
|
Destination: "/foo/bar",
|
|
Type: "tmpfs",
|
|
},
|
|
{
|
|
Destination: "/foo/bar/baz",
|
|
Type: "tmpfs",
|
|
},
|
|
{
|
|
// A deep path that is in foo but not the other mounts.
|
|
Destination: "/foo/some/very/very/deep/path",
|
|
Type: "tmpfs",
|
|
},
|
|
},
|
|
},
|
|
expectedPaths: []string{"/foo", "/foo/bar", "/foo/bar/baz", "/foo/some/very/very/deep/path", "/proc", "/dev", "/sys"},
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
ctx := contexttest.Context(t)
|
|
mm, err := createMountNamespace(ctx, &tc.spec, conf, nil)
|
|
if err != nil {
|
|
t.Fatalf("createMountNamespace test case %q failed: %v", tc.name, err)
|
|
}
|
|
defer mm.DecRef()
|
|
root := mm.Root()
|
|
defer root.DecRef()
|
|
for _, p := range tc.expectedPaths {
|
|
if _, err := mm.FindInode(ctx, root, root, p, 0); err != nil {
|
|
t.Errorf("expected path %v to exist with spec %v, but got error %v", p, tc.spec, err)
|
|
}
|
|
}
|
|
}
|
|
}
|