2014-10-23 07:27:06 +08:00
|
|
|
// +build linux
|
|
|
|
|
|
|
|
|
|
package libcontainer
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
"os"
|
|
|
|
|
"path/filepath"
|
2016-03-03 23:32:59 +08:00
|
|
|
"reflect"
|
2014-10-23 07:27:06 +08:00
|
|
|
"testing"
|
2014-12-17 17:12:23 +08:00
|
|
|
|
2020-03-17 00:08:11 +08:00
|
|
|
"github.com/moby/sys/mountinfo"
|
2015-06-22 10:29:59 +08:00
|
|
|
"github.com/opencontainers/runc/libcontainer/configs"
|
2016-01-26 10:15:44 +08:00
|
|
|
"github.com/opencontainers/runc/libcontainer/utils"
|
libcontainer: Set 'status' in hook stdin
Finish off the work started in a344b2d6 (sync up `HookState` with OCI
spec `State`, 2016-12-19, #1201).
And drop HookState, since there's no need for a local alias for
specs.State.
Also set c.initProcess in newInitProcess to support OCIState calls
from within initProcess.start(). I think the cyclic references
between linuxContainer and initProcess are unfortunate, but didn't
want to address that here.
I've also left the timing of the Prestart hooks alone, although the
spec calls for them to happen before start (not as part of creation)
[1,2]. Once the timing gets fixed we can drop the
initProcessStartTime hacks which initProcess.start currently needs.
I'm not sure why we trigger the prestart hooks in response to both
procReady and procHooks. But we've had two prestart rounds in
initProcess.start since 2f276498 (Move pre-start hooks after container
mounts, 2016-02-17, #568). I've left that alone too.
I really think we should have len() guards to avoid computing the
state when .Hooks is non-nil but the particular phase we're looking at
is empty. Aleksa, however, is adamantly against them [3] citing a
risk of sloppy copy/pastes causing the hook slice being len-guarded to
diverge from the hook slice being iterated over within the guard. I
think that ort of thing is very lo-risk, because:
* We shouldn't be copy/pasting this, right? DRY for the win :).
* There's only ever a few lines between the guard and the guarded
loop. That makes broken copy/pastes easy to catch in review.
* We should have test coverage for these. Guarding with the wrong
slice is certainly not the only thing you can break with a sloppy
copy/paste.
But I'm not a maintainer ;).
[1]: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#prestart
[2]: https://github.com/opencontainers/runc/issues/1710
[3]: https://github.com/opencontainers/runc/pull/1741#discussion_r233331570
Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-26 06:47:41 +08:00
|
|
|
"github.com/opencontainers/runtime-spec/specs-go"
|
2017-05-10 05:38:27 +08:00
|
|
|
|
|
|
|
|
"golang.org/x/sys/unix"
|
2014-10-23 07:27:06 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func newTestRoot() (string, error) {
|
|
|
|
|
dir, err := ioutil.TempDir("", "libcontainer")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
return dir, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestFactoryNew(t *testing.T) {
|
|
|
|
|
root, rerr := newTestRoot()
|
|
|
|
|
if rerr != nil {
|
|
|
|
|
t.Fatal(rerr)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(root)
|
2015-02-14 07:43:14 +08:00
|
|
|
factory, err := New(root, Cgroupfs)
|
2014-10-23 07:27:06 +08:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if factory == nil {
|
|
|
|
|
t.Fatal("factory should not be nil")
|
|
|
|
|
}
|
2015-02-14 07:43:14 +08:00
|
|
|
lfactory, ok := factory.(*LinuxFactory)
|
2014-10-23 07:27:06 +08:00
|
|
|
if !ok {
|
|
|
|
|
t.Fatal("expected linux factory returned on linux based systems")
|
|
|
|
|
}
|
2015-02-14 07:43:14 +08:00
|
|
|
if lfactory.Root != root {
|
|
|
|
|
t.Fatalf("expected factory root to be %q but received %q", root, lfactory.Root)
|
2014-10-23 07:27:06 +08:00
|
|
|
}
|
2015-03-12 02:44:56 +08:00
|
|
|
|
|
|
|
|
if factory.Type() != "libcontainer" {
|
|
|
|
|
t.Fatalf("unexpected factory type: %q, expected %q", factory.Type(), "libcontainer")
|
|
|
|
|
}
|
2014-10-23 07:27:06 +08:00
|
|
|
}
|
|
|
|
|
|
2017-08-30 19:35:09 +08:00
|
|
|
func TestFactoryNewIntelRdt(t *testing.T) {
|
|
|
|
|
root, rerr := newTestRoot()
|
|
|
|
|
if rerr != nil {
|
|
|
|
|
t.Fatal(rerr)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
factory, err := New(root, Cgroupfs, IntelRdtFs)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if factory == nil {
|
|
|
|
|
t.Fatal("factory should not be nil")
|
|
|
|
|
}
|
|
|
|
|
lfactory, ok := factory.(*LinuxFactory)
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Fatal("expected linux factory returned on linux based systems")
|
|
|
|
|
}
|
|
|
|
|
if lfactory.Root != root {
|
|
|
|
|
t.Fatalf("expected factory root to be %q but received %q", root, lfactory.Root)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if factory.Type() != "libcontainer" {
|
|
|
|
|
t.Fatalf("unexpected factory type: %q, expected %q", factory.Type(), "libcontainer")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-20 01:17:32 +08:00
|
|
|
func TestFactoryNewTmpfs(t *testing.T) {
|
|
|
|
|
root, rerr := newTestRoot()
|
|
|
|
|
if rerr != nil {
|
|
|
|
|
t.Fatal(rerr)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
factory, err := New(root, Cgroupfs, TmpfsRoot)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if factory == nil {
|
|
|
|
|
t.Fatal("factory should not be nil")
|
|
|
|
|
}
|
|
|
|
|
lfactory, ok := factory.(*LinuxFactory)
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Fatal("expected linux factory returned on linux based systems")
|
|
|
|
|
}
|
|
|
|
|
if lfactory.Root != root {
|
|
|
|
|
t.Fatalf("expected factory root to be %q but received %q", root, lfactory.Root)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if factory.Type() != "libcontainer" {
|
|
|
|
|
t.Fatalf("unexpected factory type: %q, expected %q", factory.Type(), "libcontainer")
|
|
|
|
|
}
|
2020-03-17 00:08:11 +08:00
|
|
|
mounted, err := mountinfo.Mounted(lfactory.Root)
|
2015-03-20 01:17:32 +08:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if !mounted {
|
|
|
|
|
t.Fatalf("Factory Root is not mounted")
|
|
|
|
|
}
|
2020-03-13 08:25:51 +08:00
|
|
|
mounts, err := mountinfo.GetMounts(mountinfo.SingleEntryFilter(lfactory.Root))
|
2015-03-20 01:17:32 +08:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2020-03-13 08:25:51 +08:00
|
|
|
if len(mounts) != 1 {
|
2015-03-20 01:17:32 +08:00
|
|
|
t.Fatalf("Factory Root is not listed in mounts list")
|
|
|
|
|
}
|
2020-03-13 08:25:51 +08:00
|
|
|
m := mounts[0]
|
|
|
|
|
if m.Fstype != "tmpfs" {
|
|
|
|
|
t.Fatalf("Fstype of root: %s, expected %s", m.Fstype, "tmpfs")
|
|
|
|
|
}
|
|
|
|
|
if m.Source != "tmpfs" {
|
|
|
|
|
t.Fatalf("Source of root: %s, expected %s", m.Source, "tmpfs")
|
|
|
|
|
}
|
|
|
|
|
unix.Unmount(root, unix.MNT_DETACH)
|
2015-03-20 01:17:32 +08:00
|
|
|
}
|
|
|
|
|
|
2014-10-23 07:27:06 +08:00
|
|
|
func TestFactoryLoadNotExists(t *testing.T) {
|
|
|
|
|
root, rerr := newTestRoot()
|
|
|
|
|
if rerr != nil {
|
|
|
|
|
t.Fatal(rerr)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(root)
|
2015-02-14 07:43:14 +08:00
|
|
|
factory, err := New(root, Cgroupfs)
|
2014-10-23 07:27:06 +08:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
_, err = factory.Load("nocontainer")
|
|
|
|
|
if err == nil {
|
|
|
|
|
t.Fatal("expected nil error loading non-existing container")
|
|
|
|
|
}
|
|
|
|
|
lerr, ok := err.(Error)
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Fatal("expected libcontainer error type")
|
|
|
|
|
}
|
|
|
|
|
if lerr.Code() != ContainerNotExists {
|
|
|
|
|
t.Fatalf("expected error code %s but received %s", ContainerNotExists, lerr.Code())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestFactoryLoadContainer(t *testing.T) {
|
|
|
|
|
root, err := newTestRoot()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
defer os.RemoveAll(root)
|
|
|
|
|
// setup default container config and state for mocking
|
|
|
|
|
var (
|
2016-03-03 23:32:59 +08:00
|
|
|
id = "1"
|
|
|
|
|
expectedHooks = &configs.Hooks{
|
|
|
|
|
Prestart: []configs.Hook{
|
|
|
|
|
configs.CommandHook{Command: configs.Command{Path: "prestart-hook"}},
|
|
|
|
|
},
|
|
|
|
|
Poststart: []configs.Hook{
|
|
|
|
|
configs.CommandHook{Command: configs.Command{Path: "poststart-hook"}},
|
|
|
|
|
},
|
|
|
|
|
Poststop: []configs.Hook{
|
|
|
|
|
unserializableHook{},
|
|
|
|
|
configs.CommandHook{Command: configs.Command{Path: "poststop-hook"}},
|
|
|
|
|
},
|
|
|
|
|
}
|
2014-12-17 17:12:23 +08:00
|
|
|
expectedConfig = &configs.Config{
|
2015-02-04 09:44:58 +08:00
|
|
|
Rootfs: "/mycontainer/root",
|
2016-03-03 23:32:59 +08:00
|
|
|
Hooks: expectedHooks,
|
2014-10-23 07:27:06 +08:00
|
|
|
}
|
2015-02-12 06:45:07 +08:00
|
|
|
expectedState = &State{
|
2015-10-24 00:22:48 +08:00
|
|
|
BaseState: BaseState{
|
|
|
|
|
InitProcessPid: 1024,
|
|
|
|
|
Config: *expectedConfig,
|
|
|
|
|
},
|
2014-10-23 07:27:06 +08:00
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
if err := os.Mkdir(filepath.Join(root, id), 0700); err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if err := marshal(filepath.Join(root, id, stateFilename), expectedState); err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
2017-08-30 19:35:09 +08:00
|
|
|
factory, err := New(root, Cgroupfs, IntelRdtFs)
|
2014-10-23 07:27:06 +08:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
container, err := factory.Load(id)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
if container.ID() != id {
|
|
|
|
|
t.Fatalf("expected container id %q but received %q", id, container.ID())
|
|
|
|
|
}
|
|
|
|
|
config := container.Config()
|
2015-02-04 09:44:58 +08:00
|
|
|
if config.Rootfs != expectedConfig.Rootfs {
|
|
|
|
|
t.Fatalf("expected rootfs %q but received %q", expectedConfig.Rootfs, config.Rootfs)
|
2014-10-23 07:27:06 +08:00
|
|
|
}
|
2016-03-03 23:32:59 +08:00
|
|
|
expectedHooks.Poststop = expectedHooks.Poststop[1:] // expect unserializable hook to be skipped
|
|
|
|
|
if !reflect.DeepEqual(config.Hooks, expectedHooks) {
|
|
|
|
|
t.Fatalf("expects hooks %q but received %q", expectedHooks, config.Hooks)
|
|
|
|
|
}
|
2014-10-23 07:27:06 +08:00
|
|
|
lcontainer, ok := container.(*linuxContainer)
|
|
|
|
|
if !ok {
|
|
|
|
|
t.Fatal("expected linux container on linux based systems")
|
|
|
|
|
}
|
2015-02-12 06:45:07 +08:00
|
|
|
if lcontainer.initProcess.pid() != expectedState.InitProcessPid {
|
|
|
|
|
t.Fatalf("expected init pid %d but received %d", expectedState.InitProcessPid, lcontainer.initProcess.pid())
|
2014-10-23 07:27:06 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func marshal(path string, v interface{}) error {
|
|
|
|
|
f, err := os.Create(path)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
defer f.Close()
|
2016-01-26 10:15:44 +08:00
|
|
|
return utils.WriteJSON(f, v)
|
2014-10-23 07:27:06 +08:00
|
|
|
}
|
2016-03-03 23:32:59 +08:00
|
|
|
|
|
|
|
|
type unserializableHook struct{}
|
|
|
|
|
|
libcontainer: Set 'status' in hook stdin
Finish off the work started in a344b2d6 (sync up `HookState` with OCI
spec `State`, 2016-12-19, #1201).
And drop HookState, since there's no need for a local alias for
specs.State.
Also set c.initProcess in newInitProcess to support OCIState calls
from within initProcess.start(). I think the cyclic references
between linuxContainer and initProcess are unfortunate, but didn't
want to address that here.
I've also left the timing of the Prestart hooks alone, although the
spec calls for them to happen before start (not as part of creation)
[1,2]. Once the timing gets fixed we can drop the
initProcessStartTime hacks which initProcess.start currently needs.
I'm not sure why we trigger the prestart hooks in response to both
procReady and procHooks. But we've had two prestart rounds in
initProcess.start since 2f276498 (Move pre-start hooks after container
mounts, 2016-02-17, #568). I've left that alone too.
I really think we should have len() guards to avoid computing the
state when .Hooks is non-nil but the particular phase we're looking at
is empty. Aleksa, however, is adamantly against them [3] citing a
risk of sloppy copy/pastes causing the hook slice being len-guarded to
diverge from the hook slice being iterated over within the guard. I
think that ort of thing is very lo-risk, because:
* We shouldn't be copy/pasting this, right? DRY for the win :).
* There's only ever a few lines between the guard and the guarded
loop. That makes broken copy/pastes easy to catch in review.
* We should have test coverage for these. Guarding with the wrong
slice is certainly not the only thing you can break with a sloppy
copy/paste.
But I'm not a maintainer ;).
[1]: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#prestart
[2]: https://github.com/opencontainers/runc/issues/1710
[3]: https://github.com/opencontainers/runc/pull/1741#discussion_r233331570
Signed-off-by: W. Trevor King <wking@tremily.us>
2018-02-26 06:47:41 +08:00
|
|
|
func (unserializableHook) Run(*specs.State) error {
|
2016-03-03 23:32:59 +08:00
|
|
|
return nil
|
|
|
|
|
}
|
