github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/mounts_recursive.bats

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/tests/integration/mounts_recursive.bats (about)

     1  #!/usr/bin/env bats
     2  
     3  load helpers
     4  
     5  TESTVOLUME="${BATS_RUN_TMPDIR}/mounts_recursive"
     6  
     7  function setup_volume() {
     8  	# requires root (in the current user namespace) to mount tmpfs outside runc
     9  	requires root
    10  
    11  	mkdir -p "${TESTVOLUME}"
    12  	mount -t tmpfs none "${TESTVOLUME}"
    13  	echo "foo" >"${TESTVOLUME}/foo"
    14  
    15  	mkdir "${TESTVOLUME}/subvol"
    16  	mount -t tmpfs none "${TESTVOLUME}/subvol"
    17  	echo "bar" >"${TESTVOLUME}/subvol/bar"
    18  }
    19  
    20  function teardown_volume() {
    21  	umount -R "${TESTVOLUME}"
    22  }
    23  
    24  function setup() {
    25  	setup_volume
    26  	setup_busybox
    27  }
    28  
    29  function teardown() {
    30  	teardown_volume
    31  	teardown_bundle
    32  }
    33  
    34  @test "runc run [rbind,ro mount is read-only but not recursively]" {
    35  	update_config ".mounts += [{source: \"${TESTVOLUME}\" , destination: \"/mnt\", options: [\"rbind\",\"ro\"]}]"
    36  
    37  	runc run -d --console-socket "$CONSOLE_SOCKET" test_rbind_ro
    38  	[ "$status" -eq 0 ]
    39  
    40  	runc exec test_rbind_ro touch /mnt/foo
    41  	[ "$status" -eq 1 ]
    42  	[[ "${output}" == *"Read-only file system"* ]]
    43  
    44  	runc exec test_rbind_ro touch /mnt/subvol/bar
    45  	[ "$status" -eq 0 ]
    46  }
    47  
    48  @test "runc run [rbind,rro mount is recursively read-only]" {
    49  	requires_kernel 5.12
    50  	update_config ".mounts += [{source: \"${TESTVOLUME}\" , destination: \"/mnt\", options: [\"rbind\",\"rro\"]}]"
    51  
    52  	runc run -d --console-socket "$CONSOLE_SOCKET" test_rbind_rro
    53  	[ "$status" -eq 0 ]
    54  
    55  	runc exec test_rbind_rro touch /mnt/foo
    56  	[ "$status" -eq 1 ]
    57  	[[ "${output}" == *"Read-only file system"* ]]
    58  
    59  	runc exec test_rbind_rro touch /mnt/subvol/bar
    60  	[ "$status" -eq 1 ]
    61  	[[ "${output}" == *"Read-only file system"* ]]
    62  }
    63  
    64  @test "runc run [rbind,ro,rro mount is recursively read-only too]" {
    65  	requires_kernel 5.12
    66  	update_config ".mounts += [{source: \"${TESTVOLUME}\" , destination: \"/mnt\", options: [\"rbind\",\"ro\",\"rro\"]}]"
    67  
    68  	runc run -d --console-socket "$CONSOLE_SOCKET" test_rbind_ro_rro
    69  	[ "$status" -eq 0 ]
    70  
    71  	runc exec test_rbind_ro_rro touch /mnt/foo
    72  	[ "$status" -eq 1 ]
    73  	[[ "${output}" == *"Read-only file system"* ]]
    74  
    75  	runc exec test_rbind_ro_rro touch /mnt/subvol/bar
    76  	[ "$status" -eq 1 ]
    77  	[[ "${output}" == *"Read-only file system"* ]]
    78  }