jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #1357 from cyphar/noterminal-io-tests 

tests: add various !terminal tests
This commit is contained in:
Qiang Huang 2017-10-25 09:54:35 +08:00 committed by GitHub
parent 74a1729647 ffe5cdc4f1
commit c9b649ddcc
3 changed files with 64 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libcontainer/init_linux.go
View File

@ -348,14 +348,6 @@ func fixStdioPermissions(config *initConfig, u *user.ExecUser) error {
continue continue
} }
// Skip chown if s.Gid is actually an unmapped gid in the host. While
// this is a bit dodgy if it just so happens that the console _is_
// owned by overflow_gid, there's no way for us to disambiguate this as
// a userspace program.
if _, err := config.Config.HostGID(int(s.Gid)); err != nil {
continue
}
// We only change the uid owner (as it is possible for the mount to // We only change the uid owner (as it is possible for the mount to
// prefer a different gid, and there's no reason for us to change it). // prefer a different gid, and there's no reason for us to change it).
// The reason why we don't just leave the default uid=X mount setup is // The reason why we don't just leave the default uid=X mount setup is
@ -363,6 +355,15 @@ func fixStdioPermissions(config *initConfig, u *user.ExecUser) error {
// this code, you couldn't effectively run as a non-root user inside a // this code, you couldn't effectively run as a non-root user inside a
// container and also have a console set up. // container and also have a console set up.
if err := unix.Fchown(int(fd), u.Uid, int(s.Gid)); err != nil { if err := unix.Fchown(int(fd), u.Uid, int(s.Gid)); err != nil {
// If we've hit an EINVAL then s.Gid isn't mapped in the user
// namespace. If we've hit an EPERM then the inode's current owner
// is not mapped in our user namespace (in particular,
// privileged_wrt_inode_uidgid() has failed). In either case, we
// are in a configuration where it's better for us to just not
// touch the stdio rather than bail at this point.
if err == unix.EINVAL || err == unix.EPERM {
continue
}
return err return err
} }
} }

0
tests/integration/config.json Normal file
View File

55
tests/integration/tty.bats
View File

@ -173,3 +173,58 @@ EOF
# test tty width and height against original process.json # test tty width and height against original process.json
[[ ${lines[0]} =~ "rows 10; columns 110" ]] [[ ${lines[0]} =~ "rows 10; columns 110" ]]
} }
@test "runc create [terminal=false]" {
# Disable terminal creation.
sed -i 's|"terminal": true,|"terminal": false,|g' config.json
# Replace sh script with sleep.
sed -i 's|"sh"|"sleep", "1000s"|' config.json
# Make sure that the handling of detached IO is done properly. See #1354.
__runc create test_busybox
# Start the command.
runc start test_busybox
[ "$status" -eq 0 ]
testcontainer test_busybox running
# Kill the container.
runc kill test_busybox KILL
[ "$status" -eq 0 ]
}
@test "runc run [terminal=false]" {
# Disable terminal creation.
sed -i 's|"terminal": true,|"terminal": false,|g' config.json
# Replace sh script with sleep.
sed -i 's|"sh"|"sleep", "1000s"|' config.json
# Make sure that the handling of non-detached IO is done properly. See #1354.
(
__runc run test_busybox
) &
wait_for_container 15 1 test_busybox
testcontainer test_busybox running
# Kill the container.
runc kill test_busybox KILL
[ "$status" -eq 0 ]
}
@test "runc run -d [terminal=false]" {
# Disable terminal creation.
sed -i 's|"terminal": true,|"terminal": false,|g' config.json
# Replace sh script with sleep.
sed -i 's|"sh"|"sleep", "1000s"|' config.json
# Make sure that the handling of detached IO is done properly. See #1354.
__runc run -d test_busybox
testcontainer test_busybox running
# Kill the container.
runc kill test_busybox KILL
[ "$status" -eq 0 ]
}