github.com/rkt/rkt@v1.30.1-0.20200224141603-171c416fac02/tests/rkt_run_test.go (about) 1 // Copyright 2016 The rkt Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // +build host coreos src kvm 16 17 package main 18 19 import ( 20 "fmt" 21 "io/ioutil" 22 "os" 23 "testing" 24 25 "github.com/rkt/rkt/common" 26 "github.com/rkt/rkt/pkg/aci/acitest" 27 "github.com/rkt/rkt/tests/testutils" 28 29 "github.com/appc/spec/schema" 30 "github.com/appc/spec/schema/types" 31 ) 32 33 // TestRunConflictingFlags tests that 'rkt run' will complain and abort 34 // if conflicting flags are specified together with a pod manifest. 35 func TestRunConflictingFlags(t *testing.T) { 36 ctx := testutils.NewRktRunCtx() 37 defer ctx.Cleanup() 38 39 runConflictingFlagsMsg := "conflicting flags set with --pod-manifest (see --help)" 40 podManifestFlag := "--pod-manifest=/dev/null" 41 conflictingFlags := []struct { 42 flag string 43 args string 44 }{ 45 {"--inherit-env", ""}, 46 {"--no-store", ""}, 47 {"--store-only", ""}, 48 {"--port=", "foo:80"}, 49 {"--set-env=", "foo=bar"}, 50 {"--volume=", "foo,kind=host,source=/tmp"}, 51 {"--mount=", "volume=foo,target=/tmp --volume=foo,kind=host,source=/tmp"}, 52 } 53 imageConflictingFlags := []struct { 54 flag string 55 args string 56 }{ 57 {"--exec=", "/bin/sh"}, 58 {"--user=", "user_foo"}, 59 {"--group=", "group_foo"}, 60 } 61 62 for _, cf := range conflictingFlags { 63 cmd := fmt.Sprintf("%s run %s %s%s", ctx.Cmd(), podManifestFlag, cf.flag, cf.args) 64 runRktAndCheckOutput(t, cmd, runConflictingFlagsMsg, true) 65 } 66 for _, icf := range imageConflictingFlags { 67 cmd := fmt.Sprintf("%s run dummy-image.aci %s %s%s", ctx.Cmd(), podManifestFlag, icf.flag, icf.args) 68 runRktAndCheckOutput(t, cmd, runConflictingFlagsMsg, true) 69 } 70 } 71 72 // TestPreStart tests that pre-start events are run, and they run as root even 73 // when the app itself runs as an unprivileged user. 74 func TestPreStart(t *testing.T) { 75 prestartManifest := schema.ImageManifest{ 76 Name: "coreos.com/rkt-prestart-test", 77 App: &types.App{ 78 Exec: types.Exec{"/inspect"}, 79 User: "1000", Group: "1000", 80 WorkingDirectory: "/", 81 EventHandlers: []types.EventHandler{ 82 {"pre-start", types.Exec{ 83 "/inspect", 84 "--print-user", 85 }}, 86 }, 87 }, 88 Labels: types.Labels{ 89 {"version", "1.30.0"}, 90 {"arch", common.GetArch()}, 91 {"os", common.GetOS()}, 92 }, 93 } 94 95 prestartManifestStr, err := acitest.ImageManifestString(&prestartManifest) 96 if err != nil { 97 t.Fatalf("unexpected error: %v", err) 98 } 99 100 prestartManifestFile := "prestart-manifest.json" 101 if err := ioutil.WriteFile(prestartManifestFile, []byte(prestartManifestStr), 0600); err != nil { 102 t.Fatalf("Cannot write prestart manifest: %v", err) 103 } 104 defer os.Remove(prestartManifestFile) 105 prestartImage := patchTestACI("rkt-prestart.aci", fmt.Sprintf("--manifest=%s", prestartManifestFile)) 106 defer os.Remove(prestartImage) 107 108 ctx := testutils.NewRktRunCtx() 109 defer ctx.Cleanup() 110 111 rktCmd := fmt.Sprintf("%s --insecure-options=image run %s", ctx.Cmd(), prestartImage) 112 expectedLine := "User: uid=0 euid=0 gid=0 egid=0" 113 runRktAndCheckOutput(t, rktCmd, expectedLine, false) 114 }