github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/configs/validate/rootless_test.go

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/configs/validate/rootless_test.go (about)

     1  package validate
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/opencontainers/runc/libcontainer/configs"
     7  )
     8  
     9  func rootlessEUIDConfig() *configs.Config {
    10  	return &configs.Config{
    11  		Rootfs:          "/var",
    12  		RootlessEUID:    true,
    13  		RootlessCgroups: true,
    14  		Namespaces: configs.Namespaces(
    15  			[]configs.Namespace{
    16  				{Type: configs.NEWUSER},
    17  			},
    18  		),
    19  		UIDMappings: []configs.IDMap{
    20  			{
    21  				HostID:      1337,
    22  				ContainerID: 0,
    23  				Size:        1,
    24  			},
    25  		},
    26  		GIDMappings: []configs.IDMap{
    27  			{
    28  				HostID:      7331,
    29  				ContainerID: 0,
    30  				Size:        1,
    31  			},
    32  		},
    33  	}
    34  }
    35  
    36  func TestValidateRootlessEUID(t *testing.T) {
    37  	config := rootlessEUIDConfig()
    38  	if err := Validate(config); err != nil {
    39  		t.Errorf("Expected error to not occur: %+v", err)
    40  	}
    41  }
    42  
    43  /* rootlessEUIDMappings */
    44  
    45  func TestValidateRootlessEUIDUserns(t *testing.T) {
    46  	config := rootlessEUIDConfig()
    47  	config.Namespaces = nil
    48  	if err := Validate(config); err == nil {
    49  		t.Errorf("Expected error to occur if user namespaces not set")
    50  	}
    51  }
    52  
    53  func TestValidateRootlessEUIDMappingUid(t *testing.T) {
    54  	config := rootlessEUIDConfig()
    55  	config.UIDMappings = nil
    56  	if err := Validate(config); err == nil {
    57  		t.Errorf("Expected error to occur if no uid mappings provided")
    58  	}
    59  }
    60  
    61  func TestValidateNonZeroEUIDMappingGid(t *testing.T) {
    62  	config := rootlessEUIDConfig()
    63  	config.GIDMappings = nil
    64  	if err := Validate(config); err == nil {
    65  		t.Errorf("Expected error to occur if no gid mappings provided")
    66  	}
    67  }
    68  
    69  /* rootlessEUIDMount() */
    70  
    71  func TestValidateRootlessEUIDMountUid(t *testing.T) {
    72  	config := rootlessEUIDConfig()
    73  	config.Mounts = []*configs.Mount{
    74  		{
    75  			Source:      "devpts",
    76  			Destination: "/dev/pts",
    77  			Device:      "devpts",
    78  		},
    79  	}
    80  
    81  	if err := Validate(config); err != nil {
    82  		t.Errorf("Expected error to not occur when uid= not set in mount options: %+v", err)
    83  	}
    84  
    85  	config.Mounts[0].Data = "uid=5"
    86  	if err := Validate(config); err == nil {
    87  		t.Errorf("Expected error to occur when setting uid=5 in mount options")
    88  	}
    89  
    90  	config.Mounts[0].Data = "uid=0"
    91  	if err := Validate(config); err != nil {
    92  		t.Errorf("Expected error to not occur when setting uid=0 in mount options: %+v", err)
    93  	}
    94  
    95  	config.Mounts[0].Data = "uid=2"
    96  	config.UIDMappings[0].Size = 10
    97  	if err := Validate(config); err != nil {
    98  		t.Errorf("Expected error to not occur when setting uid=2 in mount options and UIDMappings[0].size is 10")
    99  	}
   100  
   101  	config.Mounts[0].Data = "uid=20"
   102  	config.UIDMappings[0].Size = 10
   103  	if err := Validate(config); err == nil {
   104  		t.Errorf("Expected error to occur when setting uid=20 in mount options and UIDMappings[0].size is 10")
   105  	}
   106  }
   107  
   108  func TestValidateRootlessEUIDMountGid(t *testing.T) {
   109  	config := rootlessEUIDConfig()
   110  	config.Mounts = []*configs.Mount{
   111  		{
   112  			Source:      "devpts",
   113  			Destination: "/dev/pts",
   114  			Device:      "devpts",
   115  		},
   116  	}
   117  
   118  	if err := Validate(config); err != nil {
   119  		t.Errorf("Expected error to not occur when gid= not set in mount options: %+v", err)
   120  	}
   121  
   122  	config.Mounts[0].Data = "gid=5"
   123  	if err := Validate(config); err == nil {
   124  		t.Errorf("Expected error to occur when setting gid=5 in mount options")
   125  	}
   126  
   127  	config.Mounts[0].Data = "gid=0"
   128  	if err := Validate(config); err != nil {
   129  		t.Errorf("Expected error to not occur when setting gid=0 in mount options: %+v", err)
   130  	}
   131  
   132  	config.Mounts[0].Data = "gid=5"
   133  	config.GIDMappings[0].Size = 10
   134  	if err := Validate(config); err != nil {
   135  		t.Errorf("Expected error to not occur when setting gid=5 in mount options and GIDMappings[0].size is 10")
   136  	}
   137  
   138  	config.Mounts[0].Data = "gid=11"
   139  	config.GIDMappings[0].Size = 10
   140  	if err := Validate(config); err == nil {
   141  		t.Errorf("Expected error to occur when setting gid=11 in mount options and GIDMappings[0].size is 10")
   142  	}
   143  }
   144  
   145  func BenchmarkRootlessEUIDMount(b *testing.B) {
   146  	config := rootlessEUIDConfig()
   147  	config.GIDMappings[0].Size = 10
   148  	config.Mounts = []*configs.Mount{
   149  		{
   150  			Source:      "devpts",
   151  			Destination: "/dev/pts",
   152  			Device:      "devpts",
   153  			Data:        "newinstance,ptmxmode=0666,mode=0620,uid=0,gid=5",
   154  		},
   155  	}
   156  
   157  	b.ResetTimer()
   158  	for i := 0; i < b.N; i++ {
   159  		err := rootlessEUIDMount(config)
   160  		if err != nil {
   161  			b.Fatal(err)
   162  		}
   163  	}
   164  }