github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/libcontainer/cgroups/fs/devices_test.go

github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/libcontainer/cgroups/fs/devices_test.go (about)

     1  // +build linux
     2  
     3  package fs
     4  
     5  import (
     6  	"testing"
     7  
     8  	"github.com/opencontainers/runc/libcontainer/configs"
     9  )
    10  
    11  var (
    12  	allowedDevices = []*configs.Device{
    13  		{
    14  			Path:        "/dev/zero",
    15  			Type:        'c',
    16  			Major:       1,
    17  			Minor:       5,
    18  			Permissions: "rwm",
    19  			FileMode:    0666,
    20  		},
    21  	}
    22  	allowedList   = "c 1:5 rwm"
    23  	deniedDevices = []*configs.Device{
    24  		{
    25  			Path:        "/dev/null",
    26  			Type:        'c',
    27  			Major:       1,
    28  			Minor:       3,
    29  			Permissions: "rwm",
    30  			FileMode:    0666,
    31  		},
    32  	}
    33  	deniedList = "c 1:3 rwm"
    34  )
    35  
    36  func TestDevicesSetAllow(t *testing.T) {
    37  	helper := NewCgroupTestUtil("devices", t)
    38  	defer helper.cleanup()
    39  
    40  	helper.writeFileContents(map[string]string{
    41  		"devices.deny": "a",
    42  	})
    43  	allowAllDevices := false
    44  	helper.CgroupData.config.Resources.AllowAllDevices = &allowAllDevices
    45  	helper.CgroupData.config.Resources.AllowedDevices = allowedDevices
    46  	devices := &DevicesGroup{}
    47  	if err := devices.Set(helper.CgroupPath, helper.CgroupData.config); err != nil {
    48  		t.Fatal(err)
    49  	}
    50  
    51  	value, err := getCgroupParamString(helper.CgroupPath, "devices.allow")
    52  	if err != nil {
    53  		t.Fatalf("Failed to parse devices.allow - %s", err)
    54  	}
    55  
    56  	if value != allowedList {
    57  		t.Fatal("Got the wrong value, set devices.allow failed.")
    58  	}
    59  
    60  	// When AllowAllDevices is nil, devices.allow file should not be modified.
    61  	helper.CgroupData.config.Resources.AllowAllDevices = nil
    62  	if err := devices.Set(helper.CgroupPath, helper.CgroupData.config); err != nil {
    63  		t.Fatal(err)
    64  	}
    65  	value, err = getCgroupParamString(helper.CgroupPath, "devices.allow")
    66  	if err != nil {
    67  		t.Fatalf("Failed to parse devices.allow - %s", err)
    68  	}
    69  	if value != allowedList {
    70  		t.Fatal("devices policy shouldn't have changed on AllowedAllDevices=nil.")
    71  	}
    72  }
    73  
    74  func TestDevicesSetDeny(t *testing.T) {
    75  	helper := NewCgroupTestUtil("devices", t)
    76  	defer helper.cleanup()
    77  
    78  	helper.writeFileContents(map[string]string{
    79  		"devices.allow": "a",
    80  	})
    81  
    82  	allowAllDevices := true
    83  	helper.CgroupData.config.Resources.AllowAllDevices = &allowAllDevices
    84  	helper.CgroupData.config.Resources.DeniedDevices = deniedDevices
    85  	devices := &DevicesGroup{}
    86  	if err := devices.Set(helper.CgroupPath, helper.CgroupData.config); err != nil {
    87  		t.Fatal(err)
    88  	}
    89  
    90  	value, err := getCgroupParamString(helper.CgroupPath, "devices.deny")
    91  	if err != nil {
    92  		t.Fatalf("Failed to parse devices.deny - %s", err)
    93  	}
    94  
    95  	if value != deniedList {
    96  		t.Fatal("Got the wrong value, set devices.deny failed.")
    97  	}
    98  }