github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/cgroups/devices/v1_test.go (about) 1 package devices 2 3 import ( 4 "os" 5 "path" 6 "testing" 7 8 "github.com/opencontainers/runc/libcontainer/cgroups" 9 "github.com/opencontainers/runc/libcontainer/cgroups/fscommon" 10 "github.com/opencontainers/runc/libcontainer/configs" 11 "github.com/opencontainers/runc/libcontainer/devices" 12 ) 13 14 func init() { 15 testingSkipFinalCheck = true 16 cgroups.TestMode = true 17 } 18 19 func TestSetV1Allow(t *testing.T) { 20 dir := t.TempDir() 21 22 for file, contents := range map[string]string{ 23 "devices.allow": "", 24 "devices.deny": "", 25 "devices.list": "a *:* rwm", 26 } { 27 err := os.WriteFile(path.Join(dir, file), []byte(contents), 0o600) 28 if err != nil { 29 t.Fatal(err) 30 } 31 } 32 33 r := &configs.Resources{ 34 Devices: []*devices.Rule{ 35 { 36 Type: devices.CharDevice, 37 Major: 1, 38 Minor: 5, 39 Permissions: devices.Permissions("rwm"), 40 Allow: true, 41 }, 42 }, 43 } 44 45 if err := setV1(dir, r); err != nil { 46 t.Fatal(err) 47 } 48 49 // The default deny rule must be written. 50 value, err := fscommon.GetCgroupParamString(dir, "devices.deny") 51 if err != nil { 52 t.Fatal(err) 53 } 54 if value[0] != 'a' { 55 t.Errorf("Got the wrong value (%q), set devices.deny failed.", value) 56 } 57 58 // Permitted rule must be written. 59 if value, err := fscommon.GetCgroupParamString(dir, "devices.allow"); err != nil { 60 t.Fatal(err) 61 } else if value != "c 1:5 rwm" { 62 t.Errorf("Got the wrong value (%q), set devices.allow failed.", value) 63 } 64 }