github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/cgroup_delegation.bats (about) 1 #!/usr/bin/env bats 2 3 load helpers 4 5 function teardown() { 6 teardown_bundle 7 } 8 9 function setup() { 10 requires root cgroups_v2 systemd 11 12 setup_busybox 13 14 # chown test temp dir to allow host user to read it 15 chown 100000 "$ROOT" 16 17 # chown rootfs to allow host user to mkdir mount points 18 chown 100000 "$ROOT"/bundle/rootfs 19 20 set_cgroups_path 21 22 # configure a user namespace 23 update_config ' .linux.namespaces += [{"type": "user"}] 24 | .linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}] 25 | .linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}] 26 ' 27 } 28 29 @test "runc exec (cgroup v2, ro cgroupfs, new cgroupns) does not chown cgroup" { 30 runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroup_chown 31 [ "$status" -eq 0 ] 32 33 runc exec test_cgroup_chown sh -c "stat -c %U /sys/fs/cgroup" 34 [ "$status" -eq 0 ] 35 [ "$output" = "nobody" ] # /sys/fs/cgroup owned by unmapped user 36 } 37 38 @test "runc exec (cgroup v2, rw cgroupfs, inherit cgroupns) does not chown cgroup" { 39 set_cgroup_mount_writable 40 41 # inherit cgroup namespace (remove cgroup from namespaces list) 42 update_config '.linux.namespaces |= map(select(.type != "cgroup"))' 43 44 runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroup_chown 45 [ "$status" -eq 0 ] 46 47 runc exec test_cgroup_chown sh -c "stat -c %U /sys/fs/cgroup" 48 [ "$status" -eq 0 ] 49 [ "$output" = "nobody" ] # /sys/fs/cgroup owned by unmapped user 50 } 51 52 @test "runc exec (cgroup v2, rw cgroupfs, new cgroupns) does chown cgroup" { 53 set_cgroup_mount_writable 54 55 runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroup_chown 56 [ "$status" -eq 0 ] 57 58 runc exec test_cgroup_chown sh -c "stat -c %U /sys/fs/cgroup" 59 [ "$status" -eq 0 ] 60 [ "$output" = "root" ] # /sys/fs/cgroup owned by root (of user namespace) 61 }