2014-10-17 08:00:59 +08:00
|
|
|
package integration
|
|
|
|
|
|
|
|
import (
|
2014-12-25 23:43:05 +08:00
|
|
|
"bytes"
|
|
|
|
"io/ioutil"
|
2014-10-29 06:00:28 +08:00
|
|
|
"os"
|
2015-04-17 04:55:12 +08:00
|
|
|
"path/filepath"
|
2015-03-26 03:41:09 +08:00
|
|
|
"strconv"
|
2014-10-17 08:00:59 +08:00
|
|
|
"strings"
|
2015-04-17 04:55:12 +08:00
|
|
|
"syscall"
|
2014-10-17 08:00:59 +08:00
|
|
|
"testing"
|
2014-11-25 06:39:32 +08:00
|
|
|
|
2014-12-25 23:43:05 +08:00
|
|
|
"github.com/docker/libcontainer"
|
2015-04-03 13:15:06 +08:00
|
|
|
"github.com/docker/libcontainer/cgroups/systemd"
|
2014-12-17 17:12:23 +08:00
|
|
|
"github.com/docker/libcontainer/configs"
|
2014-10-17 08:00:59 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestExecPS(t *testing.T) {
|
2015-02-04 19:21:03 +08:00
|
|
|
testExecPS(t, false)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestUsernsExecPS(t *testing.T) {
|
|
|
|
if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) {
|
|
|
|
t.Skip("userns is unsupported")
|
|
|
|
}
|
|
|
|
testExecPS(t, true)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testExecPS(t *testing.T, userns bool) {
|
2014-10-17 08:00:59 +08:00
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
2015-02-04 09:44:58 +08:00
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-17 08:00:59 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
config := newTemplateConfig(rootfs)
|
2015-02-04 19:21:03 +08:00
|
|
|
if userns {
|
|
|
|
config.UidMappings = []configs.IDMap{{0, 0, 1000}}
|
|
|
|
config.GidMappings = []configs.IDMap{{0, 0, 1000}}
|
|
|
|
config.Namespaces = append(config.Namespaces, configs.Namespace{Type: configs.NEWUSER})
|
|
|
|
}
|
|
|
|
|
2014-10-17 08:00:59 +08:00
|
|
|
buffers, exitCode, err := runContainer(config, "", "ps")
|
|
|
|
if err != nil {
|
2015-02-07 13:12:27 +08:00
|
|
|
t.Fatalf("%s: %s", buffers, err)
|
2014-10-17 08:00:59 +08:00
|
|
|
}
|
|
|
|
if exitCode != 0 {
|
|
|
|
t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr)
|
|
|
|
}
|
|
|
|
lines := strings.Split(buffers.Stdout.String(), "\n")
|
|
|
|
if len(lines) < 2 {
|
|
|
|
t.Fatalf("more than one process running for output %q", buffers.Stdout.String())
|
|
|
|
}
|
|
|
|
expected := `1 root ps`
|
|
|
|
actual := strings.Trim(lines[1], "\n ")
|
|
|
|
if actual != expected {
|
|
|
|
t.Fatalf("expected output %q but received %q", expected, actual)
|
|
|
|
}
|
|
|
|
}
|
2014-10-29 06:00:28 +08:00
|
|
|
|
2014-10-29 06:08:04 +08:00
|
|
|
func TestIPCPrivate(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-02-04 09:44:58 +08:00
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:08:04 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
l, err := os.Readlink("/proc/1/ns/ipc")
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:08:04 +08:00
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc")
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:08:04 +08:00
|
|
|
|
|
|
|
if exitCode != 0 {
|
|
|
|
t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr)
|
|
|
|
}
|
|
|
|
|
|
|
|
if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual == l {
|
2015-01-27 20:54:19 +08:00
|
|
|
t.Fatalf("ipc link should be private to the container but equals host %q %q", actual, l)
|
2014-10-29 06:08:04 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-10-29 06:00:28 +08:00
|
|
|
func TestIPCHost(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-02-04 09:44:58 +08:00
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:00:28 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
l, err := os.Readlink("/proc/1/ns/ipc")
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:00:28 +08:00
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
2015-01-27 20:54:19 +08:00
|
|
|
config.Namespaces.Remove(configs.NEWIPC)
|
2014-10-29 06:00:28 +08:00
|
|
|
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc")
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:00:28 +08:00
|
|
|
|
|
|
|
if exitCode != 0 {
|
|
|
|
t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr)
|
|
|
|
}
|
|
|
|
|
|
|
|
if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual != l {
|
|
|
|
t.Fatalf("ipc link not equal to host link %q %q", actual, l)
|
|
|
|
}
|
|
|
|
}
|
2014-10-29 06:08:04 +08:00
|
|
|
|
|
|
|
func TestIPCJoinPath(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-02-04 09:44:58 +08:00
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:08:04 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
l, err := os.Readlink("/proc/1/ns/ipc")
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:08:04 +08:00
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
2015-01-27 20:54:19 +08:00
|
|
|
config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipc")
|
2014-10-29 06:08:04 +08:00
|
|
|
|
|
|
|
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc")
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:08:04 +08:00
|
|
|
|
|
|
|
if exitCode != 0 {
|
|
|
|
t.Fatalf("exit code not 0. code %d stderr %q", exitCode, buffers.Stderr)
|
|
|
|
}
|
|
|
|
|
|
|
|
if actual := strings.Trim(buffers.Stdout.String(), "\n"); actual != l {
|
|
|
|
t.Fatalf("ipc link not equal to host link %q %q", actual, l)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestIPCBadPath(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-02-04 09:44:58 +08:00
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-10-29 06:08:04 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
2015-01-27 20:54:19 +08:00
|
|
|
config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipcc")
|
2014-10-29 06:08:04 +08:00
|
|
|
|
|
|
|
_, _, err = runContainer(config, "", "true")
|
|
|
|
if err == nil {
|
2015-01-27 20:54:19 +08:00
|
|
|
t.Fatal("container succeeded with bad ipc path")
|
2014-10-29 06:08:04 +08:00
|
|
|
}
|
|
|
|
}
|
2014-11-27 02:16:53 +08:00
|
|
|
|
|
|
|
func TestRlimit(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2015-02-04 09:44:58 +08:00
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-11-27 02:16:53 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
out, _, err := runContainer(config, "", "/bin/sh", "-c", "ulimit -n")
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-04 17:10:53 +08:00
|
|
|
if limit := strings.TrimSpace(out.Stdout.String()); limit != "1025" {
|
|
|
|
t.Fatalf("expected rlimit to be 1025, got %s", limit)
|
2014-11-27 02:16:53 +08:00
|
|
|
}
|
|
|
|
}
|
2014-11-25 06:39:32 +08:00
|
|
|
|
2014-12-25 23:43:05 +08:00
|
|
|
func newTestRoot() (string, error) {
|
|
|
|
dir, err := ioutil.TempDir("", "libcontainer")
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
if err := os.MkdirAll(dir, 0700); err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
return dir, nil
|
|
|
|
}
|
|
|
|
|
2015-02-23 17:26:43 +08:00
|
|
|
func waitProcess(p *libcontainer.Process, t *testing.T) {
|
2015-02-03 18:53:31 +08:00
|
|
|
status, err := p.Wait()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-02-03 18:53:31 +08:00
|
|
|
if !status.Success() {
|
|
|
|
t.Fatal(status)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-12-25 23:43:05 +08:00
|
|
|
func TestEnter(t *testing.T) {
|
2015-01-19 22:12:00 +08:00
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
2014-12-25 23:43:05 +08:00
|
|
|
root, err := newTestRoot()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-12-25 23:43:05 +08:00
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
2015-02-04 09:44:58 +08:00
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-12-25 23:43:05 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
|
|
|
|
container, err := factory.Create("test", config)
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-12-25 23:43:05 +08:00
|
|
|
defer container.Destroy()
|
|
|
|
|
|
|
|
// Execute a first process in the container
|
|
|
|
stdinR, stdinW, err := os.Pipe()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-12-25 23:43:05 +08:00
|
|
|
|
|
|
|
var stdout, stdout2 bytes.Buffer
|
|
|
|
|
2015-02-03 18:53:31 +08:00
|
|
|
pconfig := libcontainer.Process{
|
2014-12-25 23:43:05 +08:00
|
|
|
Args: []string{"sh", "-c", "cat && readlink /proc/self/ns/pid"},
|
2015-02-07 11:16:11 +08:00
|
|
|
Env: standardEnvironment,
|
2014-12-25 23:43:05 +08:00
|
|
|
Stdin: stdinR,
|
|
|
|
Stdout: &stdout,
|
|
|
|
}
|
2015-02-23 17:26:43 +08:00
|
|
|
err = container.Start(&pconfig)
|
2014-12-25 23:43:05 +08:00
|
|
|
stdinR.Close()
|
|
|
|
defer stdinW.Close()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-02-23 17:26:43 +08:00
|
|
|
pid, err := pconfig.Pid()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-12-25 23:43:05 +08:00
|
|
|
|
2015-03-04 09:30:36 +08:00
|
|
|
// Execute another process in the container
|
2015-01-21 17:29:53 +08:00
|
|
|
stdinR2, stdinW2, err := os.Pipe()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-02-23 17:26:43 +08:00
|
|
|
pconfig2 := libcontainer.Process{
|
|
|
|
Env: standardEnvironment,
|
|
|
|
}
|
|
|
|
pconfig2.Args = []string{"sh", "-c", "cat && readlink /proc/self/ns/pid"}
|
|
|
|
pconfig2.Stdin = stdinR2
|
|
|
|
pconfig2.Stdout = &stdout2
|
2014-12-25 23:43:05 +08:00
|
|
|
|
2015-02-23 17:26:43 +08:00
|
|
|
err = container.Start(&pconfig2)
|
2015-01-21 17:29:53 +08:00
|
|
|
stdinR2.Close()
|
|
|
|
defer stdinW2.Close()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-12-25 23:43:05 +08:00
|
|
|
|
2015-02-23 17:26:43 +08:00
|
|
|
pid2, err := pconfig2.Pid()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-02-23 17:26:43 +08:00
|
|
|
|
2015-01-21 17:29:53 +08:00
|
|
|
processes, err := container.Processes()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-01-21 17:29:53 +08:00
|
|
|
|
|
|
|
n := 0
|
|
|
|
for i := range processes {
|
|
|
|
if processes[i] == pid || processes[i] == pid2 {
|
|
|
|
n++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if n != 2 {
|
|
|
|
t.Fatal("unexpected number of processes", processes, pid, pid2)
|
|
|
|
}
|
|
|
|
|
2015-01-21 23:41:30 +08:00
|
|
|
// Wait processes
|
2015-01-21 17:29:53 +08:00
|
|
|
stdinW2.Close()
|
2015-02-23 17:26:43 +08:00
|
|
|
waitProcess(&pconfig2, t)
|
2014-12-25 23:43:05 +08:00
|
|
|
|
|
|
|
stdinW.Close()
|
2015-02-23 17:26:43 +08:00
|
|
|
waitProcess(&pconfig, t)
|
2014-12-25 23:43:05 +08:00
|
|
|
|
|
|
|
// Check that both processes live in the same pidns
|
|
|
|
pidns := string(stdout.Bytes())
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-12-25 23:43:05 +08:00
|
|
|
|
|
|
|
pidns2 := string(stdout2.Bytes())
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2014-12-25 23:43:05 +08:00
|
|
|
|
|
|
|
if pidns != pidns2 {
|
|
|
|
t.Fatal("The second process isn't in the required pid namespace", pidns, pidns2)
|
|
|
|
}
|
|
|
|
}
|
2015-01-19 22:12:00 +08:00
|
|
|
|
2015-03-04 09:30:36 +08:00
|
|
|
func TestProcessEnv(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
root, err := newTestRoot()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-04 09:30:36 +08:00
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-04 09:30:36 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
|
|
|
|
container, err := factory.Create("test", config)
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-04 09:30:36 +08:00
|
|
|
defer container.Destroy()
|
|
|
|
|
|
|
|
var stdout bytes.Buffer
|
|
|
|
pconfig := libcontainer.Process{
|
2015-03-06 06:33:13 +08:00
|
|
|
Args: []string{"sh", "-c", "env"},
|
|
|
|
Env: []string{
|
|
|
|
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
|
|
|
"HOSTNAME=integration",
|
|
|
|
"TERM=xterm",
|
|
|
|
"FOO=BAR",
|
|
|
|
},
|
2015-03-04 09:30:36 +08:00
|
|
|
Stdin: nil,
|
|
|
|
Stdout: &stdout,
|
|
|
|
}
|
|
|
|
err = container.Start(&pconfig)
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-04 09:30:36 +08:00
|
|
|
|
|
|
|
// Wait for process
|
|
|
|
waitProcess(&pconfig, t)
|
|
|
|
|
|
|
|
outputEnv := string(stdout.Bytes())
|
|
|
|
|
|
|
|
// Check that the environment has the key/value pair we added
|
|
|
|
if !strings.Contains(outputEnv, "FOO=BAR") {
|
|
|
|
t.Fatal("Environment doesn't have the expected FOO=BAR key/value pair: ", outputEnv)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure that HOME is set
|
2015-03-06 06:33:13 +08:00
|
|
|
if !strings.Contains(outputEnv, "HOME=/root") {
|
2015-03-04 09:30:36 +08:00
|
|
|
t.Fatal("Environment doesn't have HOME set: ", outputEnv)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-26 03:41:09 +08:00
|
|
|
func TestProcessCaps(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
root, err := newTestRoot()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-26 03:41:09 +08:00
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-26 03:41:09 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
|
|
|
|
container, err := factory.Create("test", config)
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-26 03:41:09 +08:00
|
|
|
defer container.Destroy()
|
|
|
|
|
|
|
|
processCaps := append(config.Capabilities, "NET_ADMIN")
|
|
|
|
|
|
|
|
var stdout bytes.Buffer
|
|
|
|
pconfig := libcontainer.Process{
|
|
|
|
Args: []string{"sh", "-c", "cat /proc/self/status"},
|
|
|
|
Env: standardEnvironment,
|
|
|
|
Capabilities: processCaps,
|
|
|
|
Stdin: nil,
|
|
|
|
Stdout: &stdout,
|
|
|
|
}
|
|
|
|
err = container.Start(&pconfig)
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-03-26 03:41:09 +08:00
|
|
|
|
|
|
|
// Wait for process
|
|
|
|
waitProcess(&pconfig, t)
|
|
|
|
|
|
|
|
outputStatus := string(stdout.Bytes())
|
|
|
|
|
|
|
|
lines := strings.Split(outputStatus, "\n")
|
|
|
|
|
|
|
|
effectiveCapsLine := ""
|
|
|
|
for _, l := range lines {
|
|
|
|
line := strings.TrimSpace(l)
|
|
|
|
if strings.Contains(line, "CapEff:") {
|
|
|
|
effectiveCapsLine = line
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if effectiveCapsLine == "" {
|
|
|
|
t.Fatal("Couldn't find effective caps: ", outputStatus)
|
|
|
|
}
|
|
|
|
|
|
|
|
parts := strings.Split(effectiveCapsLine, ":")
|
|
|
|
effectiveCapsStr := strings.TrimSpace(parts[1])
|
|
|
|
|
|
|
|
effectiveCaps, err := strconv.ParseUint(effectiveCapsStr, 16, 64)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal("Could not parse effective caps", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var netAdminMask uint64
|
|
|
|
var netAdminBit uint
|
|
|
|
netAdminBit = 12 // from capability.h
|
|
|
|
netAdminMask = 1 << netAdminBit
|
|
|
|
if effectiveCaps&netAdminMask != netAdminMask {
|
|
|
|
t.Fatal("CAP_NET_ADMIN is not set as expected")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-19 22:12:00 +08:00
|
|
|
func TestFreeze(t *testing.T) {
|
2015-04-03 13:15:06 +08:00
|
|
|
testFreeze(t, false)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestSystemdFreeze(t *testing.T) {
|
|
|
|
if !systemd.UseSystemd() {
|
|
|
|
t.Skip("Systemd is unsupported")
|
|
|
|
}
|
|
|
|
testFreeze(t, true)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testFreeze(t *testing.T, systemd bool) {
|
2015-01-19 22:12:00 +08:00
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
root, err := newTestRoot()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-01-19 22:12:00 +08:00
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
2015-02-04 09:44:58 +08:00
|
|
|
rootfs, err := newRootfs()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-01-19 22:12:00 +08:00
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
2015-05-01 23:27:04 +08:00
|
|
|
f := factory
|
2015-04-03 13:15:06 +08:00
|
|
|
if systemd {
|
2015-05-01 23:27:04 +08:00
|
|
|
f = systemdFactory
|
2015-04-03 13:15:06 +08:00
|
|
|
}
|
2015-01-19 22:12:00 +08:00
|
|
|
|
2015-05-01 23:27:04 +08:00
|
|
|
container, err := f.Create("test", config)
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-01-19 22:12:00 +08:00
|
|
|
defer container.Destroy()
|
|
|
|
|
|
|
|
stdinR, stdinW, err := os.Pipe()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-01-19 22:12:00 +08:00
|
|
|
|
2015-02-03 18:53:31 +08:00
|
|
|
pconfig := libcontainer.Process{
|
2015-01-19 22:12:00 +08:00
|
|
|
Args: []string{"cat"},
|
2015-02-07 11:16:11 +08:00
|
|
|
Env: standardEnvironment,
|
2015-01-19 22:12:00 +08:00
|
|
|
Stdin: stdinR,
|
|
|
|
}
|
2015-02-23 17:26:43 +08:00
|
|
|
err = container.Start(&pconfig)
|
2015-01-19 22:12:00 +08:00
|
|
|
stdinR.Close()
|
|
|
|
defer stdinW.Close()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-01-19 22:12:00 +08:00
|
|
|
|
2015-02-23 17:26:43 +08:00
|
|
|
pid, err := pconfig.Pid()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-02-23 17:26:43 +08:00
|
|
|
|
2015-01-19 22:12:00 +08:00
|
|
|
process, err := os.FindProcess(pid)
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
2015-01-19 22:12:00 +08:00
|
|
|
|
2015-04-05 04:29:50 +08:00
|
|
|
err = container.Pause()
|
|
|
|
ok(t, err)
|
2015-02-03 18:53:31 +08:00
|
|
|
state, err := container.Status()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
|
|
|
err = container.Resume()
|
|
|
|
ok(t, err)
|
2015-02-12 08:45:23 +08:00
|
|
|
if state != libcontainer.Paused {
|
2015-01-21 20:24:18 +08:00
|
|
|
t.Fatal("Unexpected state: ", state)
|
|
|
|
}
|
2015-01-19 22:12:00 +08:00
|
|
|
|
|
|
|
stdinW.Close()
|
|
|
|
s, err := process.Wait()
|
2015-04-05 04:29:50 +08:00
|
|
|
ok(t, err)
|
|
|
|
|
2015-01-19 22:12:00 +08:00
|
|
|
if !s.Success() {
|
|
|
|
t.Fatal(s.String())
|
|
|
|
}
|
|
|
|
}
|
2015-04-08 05:16:29 +08:00
|
|
|
|
2015-04-17 13:51:37 +08:00
|
|
|
func TestCpuShares(t *testing.T) {
|
|
|
|
testCpuShares(t, false)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestSystemdCpuShares(t *testing.T) {
|
|
|
|
if !systemd.UseSystemd() {
|
|
|
|
t.Skip("Systemd is unsupported")
|
|
|
|
}
|
|
|
|
testCpuShares(t, true)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testCpuShares(t *testing.T, systemd bool) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
rootfs, err := newRootfs()
|
|
|
|
ok(t, err)
|
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
if systemd {
|
|
|
|
config.Cgroups.Slice = "system.slice"
|
|
|
|
}
|
|
|
|
config.Cgroups.CpuShares = 1
|
|
|
|
|
|
|
|
_, _, err = runContainer(config, "", "ps")
|
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("runContainer should failed with invalid CpuShares")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-08 05:16:29 +08:00
|
|
|
func TestContainerState(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
root, err := newTestRoot()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
|
|
|
rootfs, err := newRootfs()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
l, err := os.Readlink("/proc/1/ns/ipc")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
config.Namespaces = configs.Namespaces([]configs.Namespace{
|
|
|
|
{Type: configs.NEWNS},
|
|
|
|
{Type: configs.NEWUTS},
|
|
|
|
// host for IPC
|
|
|
|
//{Type: configs.NEWIPC},
|
|
|
|
{Type: configs.NEWPID},
|
|
|
|
{Type: configs.NEWNET},
|
|
|
|
})
|
|
|
|
|
|
|
|
container, err := factory.Create("test", config)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer container.Destroy()
|
|
|
|
|
|
|
|
stdinR, stdinW, err := os.Pipe()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
p := &libcontainer.Process{
|
|
|
|
Args: []string{"cat"},
|
|
|
|
Env: standardEnvironment,
|
|
|
|
Stdin: stdinR,
|
|
|
|
}
|
|
|
|
err = container.Start(p)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
stdinR.Close()
|
|
|
|
defer p.Signal(os.Kill)
|
|
|
|
|
|
|
|
st, err := container.State()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
l1, err := os.Readlink(st.NamespacePaths[configs.NEWIPC])
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if l1 != l {
|
|
|
|
t.Fatal("Container using non-host ipc namespace")
|
|
|
|
}
|
|
|
|
stdinW.Close()
|
|
|
|
p.Wait()
|
|
|
|
}
|
2015-04-01 05:40:05 +08:00
|
|
|
|
|
|
|
func TestPassExtraFiles(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
rootfs, err := newRootfs()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
|
|
|
|
container, err := factory.Create("test", config)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer container.Destroy()
|
|
|
|
|
|
|
|
var stdout bytes.Buffer
|
|
|
|
pipeout1, pipein1, err := os.Pipe()
|
|
|
|
pipeout2, pipein2, err := os.Pipe()
|
|
|
|
process := libcontainer.Process{
|
|
|
|
Args: []string{"sh", "-c", "cd /proc/$$/fd; echo -n *; echo -n 1 >3; echo -n 2 >4"},
|
|
|
|
Env: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"},
|
|
|
|
ExtraFiles: []*os.File{pipein1, pipein2},
|
|
|
|
Stdin: nil,
|
|
|
|
Stdout: &stdout,
|
|
|
|
}
|
|
|
|
err = container.Start(&process)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
waitProcess(&process, t)
|
|
|
|
|
|
|
|
out := string(stdout.Bytes())
|
|
|
|
// fd 5 is the directory handle for /proc/$$/fd
|
|
|
|
if out != "0 1 2 3 4 5" {
|
|
|
|
t.Fatalf("expected to have the file descriptors '0 1 2 3 4 5' passed to init, got '%s'", out)
|
|
|
|
}
|
|
|
|
var buf = []byte{0}
|
|
|
|
_, err = pipeout1.Read(buf)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
out1 := string(buf)
|
|
|
|
if out1 != "1" {
|
|
|
|
t.Fatalf("expected first pipe to receive '1', got '%s'", out1)
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = pipeout2.Read(buf)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
out2 := string(buf)
|
|
|
|
if out2 != "2" {
|
|
|
|
t.Fatalf("expected second pipe to receive '2', got '%s'", out2)
|
|
|
|
}
|
|
|
|
}
|
2015-04-17 04:55:12 +08:00
|
|
|
|
|
|
|
func TestMountCmds(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
root, err := newTestRoot()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
|
|
|
rootfs, err := newRootfs()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
tmpDir, err := ioutil.TempDir("", "tmpdir")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
config.Mounts = append(config.Mounts, &configs.Mount{
|
|
|
|
Source: tmpDir,
|
|
|
|
Destination: filepath.Join(rootfs, "tmp"),
|
|
|
|
Device: "bind",
|
|
|
|
Flags: syscall.MS_BIND | syscall.MS_REC,
|
|
|
|
PremountCmds: []configs.Command{
|
|
|
|
{Path: "touch", Args: []string{filepath.Join(tmpDir, "hello")}},
|
|
|
|
{Path: "touch", Args: []string{filepath.Join(tmpDir, "world")}},
|
|
|
|
},
|
|
|
|
PostmountCmds: []configs.Command{
|
|
|
|
{Path: "cp", Args: []string{filepath.Join(rootfs, "tmp", "hello"), filepath.Join(rootfs, "tmp", "hello-backup")}},
|
|
|
|
{Path: "cp", Args: []string{filepath.Join(rootfs, "tmp", "world"), filepath.Join(rootfs, "tmp", "world-backup")}},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
|
|
|
|
container, err := factory.Create("test", config)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer container.Destroy()
|
|
|
|
|
|
|
|
pconfig := libcontainer.Process{
|
|
|
|
Args: []string{"sh", "-c", "env"},
|
|
|
|
Env: standardEnvironment,
|
|
|
|
}
|
|
|
|
err = container.Start(&pconfig)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Wait for process
|
|
|
|
waitProcess(&pconfig, t)
|
|
|
|
|
|
|
|
entries, err := ioutil.ReadDir(tmpDir)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
expected := []string{"hello", "hello-backup", "world", "world-backup"}
|
|
|
|
for i, e := range entries {
|
|
|
|
if e.Name() != expected[i] {
|
|
|
|
t.Errorf("Got(%s), expect %s", e.Name(), expected[i])
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2015-04-23 10:18:08 +08:00
|
|
|
|
|
|
|
func TestSystemProperties(t *testing.T) {
|
|
|
|
if testing.Short() {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
root, err := newTestRoot()
|
|
|
|
ok(t, err)
|
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
|
|
|
rootfs, err := newRootfs()
|
|
|
|
ok(t, err)
|
|
|
|
defer remove(rootfs)
|
|
|
|
|
|
|
|
config := newTemplateConfig(rootfs)
|
|
|
|
config.SystemProperties = map[string]string{
|
|
|
|
"kernel.shmmni": "8192",
|
|
|
|
}
|
|
|
|
|
|
|
|
container, err := factory.Create("test", config)
|
|
|
|
ok(t, err)
|
|
|
|
defer container.Destroy()
|
|
|
|
|
|
|
|
var stdout bytes.Buffer
|
|
|
|
pconfig := libcontainer.Process{
|
|
|
|
Args: []string{"sh", "-c", "cat /proc/sys/kernel/shmmni"},
|
|
|
|
Env: standardEnvironment,
|
|
|
|
Stdin: nil,
|
|
|
|
Stdout: &stdout,
|
|
|
|
}
|
|
|
|
err = container.Start(&pconfig)
|
|
|
|
ok(t, err)
|
|
|
|
|
|
|
|
// Wait for process
|
|
|
|
waitProcess(&pconfig, t)
|
|
|
|
|
|
|
|
shmmniOutput := strings.TrimSpace(string(stdout.Bytes()))
|
|
|
|
if shmmniOutput != "8192" {
|
|
|
|
t.Fatalf("kernel.shmmni property expected to be 8192, but is %s", shmmniOutput)
|
|
|
|
}
|
|
|
|
}
|