github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/kill.bats

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/kill.bats (about)

     1  #!/usr/bin/env bats
     2  
     3  load helpers
     4  
     5  function setup() {
     6  	setup_busybox
     7  }
     8  
     9  function teardown() {
    10  	teardown_bundle
    11  }
    12  
    13  # This needs to be placed at the top of the bats file to work around
    14  # a shellcheck bug. See <https://github.com/koalaman/shellcheck/issues/2873>.
    15  test_host_pidns_kill() {
    16  	requires cgroups_freezer
    17  
    18  	update_config '	  .linux.namespaces -= [{"type": "pid"}]'
    19  	set_cgroups_path
    20  	if [ $EUID -ne 0 ]; then
    21  		requires rootless_cgroup
    22  		# Can't mount real /proc when rootless + no pidns,
    23  		# so change it to a bind-mounted one from the host.
    24  		update_config '	  .mounts |= map((select(.type == "proc")
    25  					| .type = "none"
    26  					| .source = "/proc"
    27  					| .options = ["rbind", "nosuid", "nodev", "noexec"]
    28  				  ) // .)'
    29  	fi
    30  
    31  	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
    32  	[ "$status" -eq 0 ]
    33  	cgpath=$(get_cgroup_path "pids")
    34  	init_pid=$(cat "$cgpath"/cgroup.procs)
    35  
    36  	# Start a few more processes.
    37  	for _ in 1 2 3 4 5; do
    38  		__runc exec -d test_busybox sleep 1h
    39  	done
    40  
    41  	if [ -v KILL_INIT ]; then
    42  		# Now kill the container's init process. Since the container do
    43  		# not have own PID ns, its init is no special and the container
    44  		# will still be up and running (except for rootless container
    45  		# AND systemd cgroup driver AND systemd > v245, when systemd
    46  		# kills the container; see "kill KILL [host pidns + init gone]"
    47  		# below).
    48  		kill -9 "$init_pid"
    49  		wait_pids_gone 10 0.2 "$init_pid"
    50  	fi
    51  
    52  	# Get the list of all container processes.
    53  	mapfile -t pids < <(cat "$cgpath"/cgroup.procs)
    54  	echo "pids:" "${pids[@]}"
    55  	# Sanity check -- make sure all processes exist.
    56  	for p in "${pids[@]}"; do
    57  		kill -0 "$p"
    58  	done
    59  
    60  	runc kill test_busybox KILL
    61  	[ "$status" -eq 0 ]
    62  	# Wait and check that all processes are gone.
    63  	wait_pids_gone 10 0.2 "${pids[@]}"
    64  
    65  	# Make sure the container is in stopped state. Note if KILL_INIT
    66  	# is set, container was already stopped by killing its $init_pid
    67  	# and so this check is NOP/redundant.
    68  	testcontainer test_busybox stopped
    69  
    70  	# Make sure cgroup.procs is empty.
    71  	mapfile -t pids < <(cat "$cgpath"/cgroup.procs || true)
    72  	if [ ${#pids[@]} -gt 0 ]; then
    73  		echo "expected empty cgroup.procs, got:" "${pids[@]}" 1>&2
    74  		return 1
    75  	fi
    76  }
    77  
    78  @test "kill detached busybox" {
    79  	# run busybox detached
    80  	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
    81  	[ "$status" -eq 0 ]
    82  
    83  	# check state
    84  	testcontainer test_busybox running
    85  
    86  	runc kill test_busybox KILL
    87  	[ "$status" -eq 0 ]
    88  	wait_for_container 10 1 test_busybox stopped
    89  
    90  	# Check that kill errors on a stopped container.
    91  	runc kill test_busybox 0
    92  	[ "$status" -ne 0 ]
    93  	[[ "$output" == *"container not running"* ]]
    94  
    95  	# Check that -a (now obsoleted) makes kill return no error for a stopped container.
    96  	runc kill -a test_busybox 0
    97  	[ "$status" -eq 0 ]
    98  
    99  	runc delete test_busybox
   100  	[ "$status" -eq 0 ]
   101  }
   102  
   103  # This is roughly the same as TestPIDHostInitProcessWait in libcontainer/integration.
   104  # The differences are:
   105  #
   106  # 1. Here we use separate processes to create and to kill a container, so the
   107  #    processes inside a container are not children of "runc kill".
   108  #
   109  # 2. We hit different codepaths (nonChildProcess.signal rather than initProcess.signal).
   110  @test "kill KILL [host pidns]" {
   111  	unset KILL_INIT
   112  	test_host_pidns_kill
   113  }
   114  
   115  # Same as above plus:
   116  #
   117  # 3. Test runc kill on a container whose init process is gone.
   118  #
   119  # Issue 4047, case "runc kill".
   120  # See also: "runc delete --force [host pidns + init gone]" test in delete.bats.
   121  @test "kill KILL [host pidns + init gone]" {
   122  	# Apparently, for rootless test, when using systemd cgroup manager,
   123  	# newer versions of systemd clean up the container as soon as its init
   124  	# process is gone. This is all fine and dandy, except it prevents us to
   125  	# test this case, thus we skip the test.
   126  	#
   127  	# It is not entirely clear which systemd version got this feature:
   128  	# v245 works fine, and v249 does not.
   129  	if [ $EUID -ne 0 ] && [ -v RUNC_USE_SYSTEMD ] && [ "$(systemd_version)" -gt 245 ]; then
   130  		skip "rootless+systemd conflicts with systemd > 245"
   131  	fi
   132  	KILL_INIT=1
   133  	test_host_pidns_kill
   134  	unset KILL_INIT
   135  }