github.com/containers/podman/v5@v5.1.0-rc1/test/e2e/run_device_test.go (about) 1 package integration 2 3 import ( 4 "fmt" 5 "os" 6 "os/exec" 7 "path/filepath" 8 9 . "github.com/containers/podman/v5/test/utils" 10 . "github.com/onsi/ginkgo/v2" 11 . "github.com/onsi/gomega" 12 . "github.com/onsi/gomega/gexec" 13 ) 14 15 func createContainersConfFileWithDevices(pTest *PodmanTestIntegration, devices string) { 16 configPath := filepath.Join(pTest.TempDir, "containers.conf") 17 containersConf := []byte(fmt.Sprintf("[containers]\ndevices = [%s]\n", devices)) 18 err := os.WriteFile(configPath, containersConf, os.ModePerm) 19 Expect(err).ToNot(HaveOccurred()) 20 21 // Set custom containers.conf file 22 os.Setenv("CONTAINERS_CONF", configPath) 23 if IsRemote() { 24 pTest.RestartRemoteService() 25 } 26 } 27 28 var _ = Describe("Podman run device", func() { 29 30 It("podman run bad device test", func() { 31 session := podmanTest.Podman([]string{"run", "-q", "--device", "/dev/baddevice", ALPINE, "true"}) 32 session.WaitWithDefaultTimeout() 33 Expect(session).To(ExitWithError(125, "stat /dev/baddevice: no such file or directory")) 34 }) 35 36 It("podman run device test", func() { 37 session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", ALPINE, "test", "-c", "/dev/kmsg"}) 38 session.WaitWithDefaultTimeout() 39 Expect(session).Should(ExitCleanly()) 40 if !isRootless() { 41 // Kernel 6.9.0 (2024-03) requires SYSLOG 42 session = podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg", "--cap-add", "SYS_ADMIN,SYSLOG", ALPINE, "head", "-n", "1", "/dev/kmsg"}) 43 session.WaitWithDefaultTimeout() 44 Expect(session).Should(ExitCleanly()) 45 } 46 }) 47 48 It("podman run device rename test", func() { 49 // TODO: Confirm absence of /dev/kmsg in container 50 session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1", ALPINE, "test", "-c", "/dev/kmsg1"}) 51 session.WaitWithDefaultTimeout() 52 Expect(session).Should(ExitCleanly()) 53 }) 54 55 It("podman run device permission test", func() { 56 // TODO: Confirm write-permission failure 57 session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:r", ALPINE, "test", "-r", "/dev/kmsg"}) 58 session.WaitWithDefaultTimeout() 59 Expect(session).Should(ExitCleanly()) 60 }) 61 62 It("podman run device rename and permission test", func() { 63 // TODO: Confirm write-permission failure 64 session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:r", ALPINE, "test", "-r", "/dev/kmsg1"}) 65 session.WaitWithDefaultTimeout() 66 Expect(session).Should(ExitCleanly()) 67 }) 68 It("podman run device rename and bad permission test", func() { 69 session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "/dev/kmsg:/dev/kmsg1:rd", ALPINE, "true"}) 70 session.WaitWithDefaultTimeout() 71 Expect(session).Should(ExitWithError(125, "invalid device mode: rd")) 72 }) 73 74 It("podman run device host device and container device parameter are directories", func() { 75 SkipIfRootless("Cannot create devices in /dev in rootless mode") 76 // path must be unique to this test, not used anywhere else 77 devdir := "/dev/devdirrundevice" 78 Expect(os.MkdirAll(devdir, os.ModePerm)).To(Succeed()) 79 defer os.RemoveAll(devdir) 80 81 mknod := SystemExec("mknod", []string{devdir + "/null", "c", "1", "3"}) 82 mknod.WaitWithDefaultTimeout() 83 Expect(mknod).Should(ExitCleanly()) 84 85 session := podmanTest.Podman([]string{"run", "-q", "--device", devdir + ":/dev/bar", ALPINE, "stat", "-c%t:%T", "/dev/bar/null"}) 86 session.WaitWithDefaultTimeout() 87 Expect(session).Should(ExitCleanly()) 88 Expect(session.OutputToString()).To(Equal("1:3")) 89 }) 90 91 It("podman run device host device with --privileged", func() { 92 session := podmanTest.Podman([]string{"run", "--privileged", ALPINE, "test", "-c", "/dev/kmsg"}) 93 session.WaitWithDefaultTimeout() 94 Expect(session).Should(ExitCleanly()) 95 // verify --privileged is required 96 session2 := podmanTest.Podman([]string{"run", ALPINE, "test", "-c", "/dev/kmsg"}) 97 session2.WaitWithDefaultTimeout() 98 Expect(session2).Should(Exit(1)) 99 Expect(session2.OutputToString()).To(BeEmpty()) 100 }) 101 102 It("podman run CDI device test", func() { 103 SkipIfRootless("Rootless will not be able to create files/folders in /etc") 104 cdiDir := "/etc/cdi" 105 if _, err := os.Stat(cdiDir); os.IsNotExist(err) { 106 Expect(os.MkdirAll(cdiDir, os.ModePerm)).To(Succeed()) 107 } 108 defer os.RemoveAll(cdiDir) 109 110 cmd := exec.Command("cp", "cdi/device.json", cdiDir) 111 err = cmd.Run() 112 Expect(err).ToNot(HaveOccurred()) 113 114 session := podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", "--device", "vendor.com/device=myKmsg", ALPINE, "test", "-c", "/dev/kmsg1"}) 115 session.WaitWithDefaultTimeout() 116 Expect(session).Should(ExitCleanly()) 117 118 createContainersConfFileWithDevices(podmanTest, "\"vendor.com/device=myKmsg\"") 119 session = podmanTest.Podman([]string{"run", "-q", "--security-opt", "label=disable", ALPINE, "test", "-c", "/dev/kmsg1"}) 120 session.WaitWithDefaultTimeout() 121 Expect(session).Should(ExitCleanly()) 122 }) 123 124 It("podman run cannot access non default devices", func() { 125 session := podmanTest.Podman([]string{"run", "-v /dev:/dev-host", ALPINE, "head", "-1", "/dev-host/kmsg"}) 126 session.WaitWithDefaultTimeout() 127 Expect(session).Should(Not(ExitCleanly())) 128 }) 129 130 })