This removes unnecessary lines from checkpoint.bats like:
sed -i 's;"readonly": true;"readonly": false;' config.json
and adds (and corrects) comments which are leftover from older
versions of checkpoint.bats.
Signed-off-by: Adrian Reber <areber@redhat.com>
This adds a new CRIU based checkpoint/restore test to check if
the restored container runs in the same network namespace as before.
Signed-off-by: Adrian Reber <areber@redhat.com>
Upstream renamed the feature check for lazy migration support from
'lazy_pages' to 'uffd'. The lazy migration test case was therefore
not running at all. This enables the lazy migration test case in runc
again.
The test will, however, not run in travis as the kernel is too old.
But it works again locally.
Signed-off-by: Adrian Reber <areber@redhat.com>
In some cases, /sys/fs/cgroups is mounted read-only. In rootless
containers we can consider this effectively identical to having cgroups
that we don't have write permission to -- because the user isn't
responsible for the read-only setup and cannot modify it. The rules are
identical to when /sys/fs/cgroups is not writable by the unprivileged
user.
An example of this is the default configuration of Docker, where cgroups
are mounted as read-only as a preventative security measure.
Reported-by: Vladimir Rutsky <rutsky@google.com>
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Currently, integration test can't be done on arm64 platform due to several issues.
Fix points:
1, add busybox.tar with arm64 format
2, add hello-world.tar with arm64 format
Signed-off-by: Bin Lu <bin.lu@arm.com>
Since the defined config.json contains kmem settings, the test will try
writing to memory.kmem.* and fail. Therefore, it needs to require
cgroups_kmem.
Signed-off-by: Thomas Hipp <thipp@suse.de>
Previously we weren't testing that detached io works properly -- which
will be quite important in the case for rootless containers.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This ensures that we don't hard-code the set of cgroups on the host, as
well as making the permissions granted by rootless.sh much more
restrictive (to improve the scope of testing).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This flag allows specifying additional gids for the process.
Without this flag, the user will have to provide process.json which allows additional gids.
Closes#1306
Signed-off-by: Sumit Sanghrajka <sumit.sanghrajka@gmail.com>
Signed-off-by: Ed King <eking@pivotal.io>
Signed-off-by: Gabriel Rosenhouse <grosenhouse@pivotal.io>
Signed-off-by: Konstantinos Karampogias <konstantinos.karampogias@swisscom.com>
Signed-off-by: Will Martin <wmartin@pivotal.io>
Signed-off-by: Petar Petrov <pppepito86@gmail.com>
Signed-off-by: Ed King <eking@pivotal.io>
Signed-off-by: Roberto Jimenez Sanchez <jszroberto@gmail.com>
Signed-off-by: Thomas Godkin <tgodkin@pivotal.io>
Enable several previously disabled tests (for the idmap execution mode)
for rootless containers, in addition to making all tests use the
additional mappings. At the moment there's no strong need to add any
additional tests purely for rootless_idmap.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This is necessary in order to add proper opportunistic tests, and is a
placeholder until we add tests for new{uid,gid}map configurations.
Signed-off-by: Aleksa Sarai <asarai@suse.de>
The lazy-pages test case is not as straight forward as the other test
cases. This is related to the fact that restoring requires a different
name if restored on the same host. During 'runc checkpoint' the
container is not destroyed before all memory pages have been transferred
to the destination and thus the same container name cannot be used.
As real world usage will rather migrate a container from one system to
another than lazy migrate a container on the same host this is only
problematic for this test case.
Another reason is that it requires starting 'runc checkpoint' and 'criu
lazy-pages' in the background as those process need to be running to
start the final restore 'runc restore'.
CRIU upstream is currently discussing to automatically start 'criu
lazy-pages' which would simplify the lazy-pages test case a bit.
The handling and checking of the background processes make the test case
not the most elegant as at one point a 'sleep 2' is required to make
sure that 'runc checkpoint' had time to do its thing before looking at
log files.
Before running the actual test criu is called in feature checking mode
to make sure lazy migration is in the test case criu enabled. If not,
the test is skipped.
Signed-off-by: Adrian Reber <areber@redhat.com>
This moves all console code to use github.com/containerd/console library to
handle console I/O. Also move to use EpollConsole by default when user requests
a terminal so we can still cope when the other side temporarily goes away.
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
If criu isn't installed in the host, integration tests won't be able
to go on, it should skip checkpoint/restore tests instead of interrupt.
Output before:
```
$ make localintegration
bats -t tests/integration
/usr/lib/bats/bats-exec-suite: line 20: let: count+=: syntax error:
operand expected (error token is "+=")
Makefile:103: recipe for target 'localintegration' failed
```
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
print out errors in checkpoint/restore log when it failed similar to how we did i
in `checkpoint --pre-dump` tests
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
This patch mimics the behavior of "rm -rf" so that if a container
doesn't exist and you force delete it, it won't error out.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
We have two test cases with and without pre-dump. Terminals and
pre-dump features are orthogonal, so we can modify one of these test cases.
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
vndr doesn't support non-top-level imports, and in addition we really
should be using tagged releases far more than we currently are
(*especially* when it come to the OCI specs).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
This adds targets for rootless integration tests, as well as all of the
required setup in order to get the tests to run. This includes quite a
few changes, because of a lot of assumptions about things running as
root within the bats scripts (which is not true when setting up rootless
containers).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
As per the discussions in #1156 , we think it's a bad
idea to allow multi container operations in runc. So
revert it.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
This uses the standard go vendor location instead of old Godeps
location.
Also remove usage of symlink GOPATH. Since our README mentions that you
should build it inside GOPATH, i think its a reasonable to assume that
you dont need to create a tmp GOPATH.
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
CRIU gets pre-dump to complete iterative migration.
pre-dump saves process memory info only. And it need parent-path
to specify the former memory files.
This patch add pre-dump and parent-path arguments to runc checkpoint
Signed-off-by: Deng Guangxing <dengguangxing@huawei.com>
Signed-off-by: Adrian Reber <areber@redhat.com>
Adrian Reber
Yan Zhu
Kenta Tada
Qiang Huang
Aleksa Sarai
W. Trevor King
Tom Godkin
Bin Lu
Thomas Hipp
Mrunal Patel
Michael Crosby
Sumit Sanghrajka
Will Martin
Konstantinos Karampogias
leitwolf7
Daniel Dao
leitwolf7
Zhang Wei
Andrei Vagin
Christy Perez
Antonio Murdaca
Kenfe-Mickael Laventure
Alexander Morozov
Mohammad Arab
Deng Guangxing