github.com/kata-containers/tests@v0.0.0-20240307153542-772105b56064/functional/rootless/rootless_test.sh

github.com/kata-containers/tests@v0.0.0-20240307153542-772105b56064/functional/rootless/rootless_test.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright (c) 2021 Intel Corporation
     4  #
     5  # SPDX-License-Identifier: Apache-2.0
     6  #
     7  
     8  set -o errexit
     9  set -o nounset
    10  set -o pipefail
    11  set -o errtrace
    12  
    13  dir_path=$(dirname "$0")
    14  source "${dir_path}/../../lib/common.bash"
    15  source "${dir_path}/../../.ci/lib.sh"
    16  source /etc/os-release || source /usr/lib/os-release
    17  pod_id=""
    18  
    19  setup() {
    20  	extract_kata_env
    21  	getent group kvm &>/dev/null || sudo groupadd --system kvm
    22  	sudo chown root:kvm /dev/kvm
    23  	sudo chmod g+rw /dev/kvm
    24  	sudo systemctl start crio
    25  	sudo sed -i -e 's/^# *\(rootless\).*=.*$/\1 = true/g' /opt/kata/share/defaults/kata-containers/configuration.toml
    26  	sudo rm -rf /run/kata-containers/ /run/vc/
    27  }
    28  
    29  cleanup() {
    30  	sudo sed -i -e 's/^.*\(rootless\)/# \1/g' /opt/kata/share/defaults/kata-containers/configuration.toml
    31  	sudo crictl stopp "$pod_id" &>/dev/null || true
    32  	sudo crictl rmp "$pod_id" &>/dev/null || true
    33  }
    34  
    35  run() {
    36  	pod_id="$(sudo crictl runp -r kata "${dir_path}/rootless-pod.json")"
    37  	waitForProcess 15 3 "sudo crictl inspectp "$pod_id" | jq '.status.state' | grep 'SANDBOX_READY'"
    38  
    39  	# There must be created one and only one temporary user.
    40  	local grep_uid="grep -e '^kata-[0-9]\+' /etc/passwd"
    41  	waitForProcess 5 1 "$grep_uid >/dev/null"
    42  	[ "$(eval $grep_uid | wc -l)" -eq 1 ] || \
    43  		die "Unexpected more than one kata temporary UID"
    44  	local kata_uid="$(eval $grep_uid | cut -d: -f3)"
    45  	local kata_gid="$(eval $grep_uid | cut -d: -f4)"
    46  	[[ -n "$kata_uid" && -n "$kata_gid" ]] || \
    47  		die "Unable to find the kata temporary UID"
    48  
    49  	# Assert the QEMU process is owned by that user.
    50  	waitForProcess 10 1 "ps -u "$kata_uid" -o cmd --no-header | \
    51  		grep -q "^${HYPERVISOR_PATH:-qemu}"" || \
    52  		die "Expects the QEMU process be owned by a non-root user"
    53  
    54  	# Assert the QEMU files are owned by that user too.
    55  	local pod_dir="/run/user/${kata_uid}/run/vc/vm/${pod_id}"
    56  	[ -d "$pod_dir" ] || \
    57  		die "Unable to find the pod directory: $pod_dir"
    58  	local pod_files=(console.sock qmp.sock pid vhost-fs.sock)
    59  	for file_name in ${pod_files[@]}; do
    60  		local file="${pod_dir}/${file_name}"
    61  		waitForProcess 10 1 "test -e "$file"" || \
    62  			die "File didn't show up: $file"
    63  		[ "$(sudo stat -c %u-%g $file)" == "${kata_uid}-${kata_gid}" ]
    64  	done
    65  }
    66  
    67  main() {
    68  	trap cleanup EXIT QUIT KILL
    69  	setup
    70  	run
    71  	echo "rootless test: PASSED"
    72  }
    73  
    74  main