github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/libcontainer/configs/validate/validator_test.go

github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/libcontainer/configs/validate/validator_test.go (about)

     1  package validate_test
     2  
     3  import (
     4  	"os"
     5  	"testing"
     6  
     7  	"github.com/opencontainers/runc/libcontainer/configs"
     8  	"github.com/opencontainers/runc/libcontainer/configs/validate"
     9  )
    10  
    11  func TestValidate(t *testing.T) {
    12  	config := &configs.Config{
    13  		Rootfs: "/var",
    14  	}
    15  
    16  	validator := validate.New()
    17  	err := validator.Validate(config)
    18  	if err != nil {
    19  		t.Errorf("Expected error to not occur: %+v", err)
    20  	}
    21  }
    22  
    23  func TestValidateWithInvalidRootfs(t *testing.T) {
    24  	dir := "rootfs"
    25  	os.Symlink("/var", dir)
    26  	defer os.Remove(dir)
    27  
    28  	config := &configs.Config{
    29  		Rootfs: dir,
    30  	}
    31  
    32  	validator := validate.New()
    33  	err := validator.Validate(config)
    34  	if err == nil {
    35  		t.Error("Expected error to occur but it was nil")
    36  	}
    37  }
    38  
    39  func TestValidateNetworkWithoutNETNamespace(t *testing.T) {
    40  	network := &configs.Network{Type: "loopback"}
    41  	config := &configs.Config{
    42  		Rootfs:     "/var",
    43  		Namespaces: []configs.Namespace{},
    44  		Networks:   []*configs.Network{network},
    45  	}
    46  
    47  	validator := validate.New()
    48  	err := validator.Validate(config)
    49  	if err == nil {
    50  		t.Error("Expected error to occur but it was nil")
    51  	}
    52  }
    53  
    54  func TestValidateNetworkRoutesWithoutNETNamespace(t *testing.T) {
    55  	route := &configs.Route{Gateway: "255.255.255.0"}
    56  	config := &configs.Config{
    57  		Rootfs:     "/var",
    58  		Namespaces: []configs.Namespace{},
    59  		Routes:     []*configs.Route{route},
    60  	}
    61  
    62  	validator := validate.New()
    63  	err := validator.Validate(config)
    64  	if err == nil {
    65  		t.Error("Expected error to occur but it was nil")
    66  	}
    67  }
    68  
    69  func TestValidateHostname(t *testing.T) {
    70  	config := &configs.Config{
    71  		Rootfs:   "/var",
    72  		Hostname: "runc",
    73  		Namespaces: configs.Namespaces(
    74  			[]configs.Namespace{
    75  				{Type: configs.NEWUTS},
    76  			},
    77  		),
    78  	}
    79  
    80  	validator := validate.New()
    81  	err := validator.Validate(config)
    82  	if err != nil {
    83  		t.Errorf("Expected error to not occur: %+v", err)
    84  	}
    85  }
    86  
    87  func TestValidateHostnameWithoutUTSNamespace(t *testing.T) {
    88  	config := &configs.Config{
    89  		Rootfs:   "/var",
    90  		Hostname: "runc",
    91  	}
    92  
    93  	validator := validate.New()
    94  	err := validator.Validate(config)
    95  	if err == nil {
    96  		t.Error("Expected error to occur but it was nil")
    97  	}
    98  }
    99  
   100  func TestValidateSecurityWithMaskPaths(t *testing.T) {
   101  	config := &configs.Config{
   102  		Rootfs:    "/var",
   103  		MaskPaths: []string{"/proc/kcore"},
   104  		Namespaces: configs.Namespaces(
   105  			[]configs.Namespace{
   106  				{Type: configs.NEWNS},
   107  			},
   108  		),
   109  	}
   110  
   111  	validator := validate.New()
   112  	err := validator.Validate(config)
   113  	if err != nil {
   114  		t.Errorf("Expected error to not occur: %+v", err)
   115  	}
   116  }
   117  
   118  func TestValidateSecurityWithROPaths(t *testing.T) {
   119  	config := &configs.Config{
   120  		Rootfs:        "/var",
   121  		ReadonlyPaths: []string{"/proc/sys"},
   122  		Namespaces: configs.Namespaces(
   123  			[]configs.Namespace{
   124  				{Type: configs.NEWNS},
   125  			},
   126  		),
   127  	}
   128  
   129  	validator := validate.New()
   130  	err := validator.Validate(config)
   131  	if err != nil {
   132  		t.Errorf("Expected error to not occur: %+v", err)
   133  	}
   134  }
   135  
   136  func TestValidateSecurityWithoutNEWNS(t *testing.T) {
   137  	config := &configs.Config{
   138  		Rootfs:        "/var",
   139  		MaskPaths:     []string{"/proc/kcore"},
   140  		ReadonlyPaths: []string{"/proc/sys"},
   141  	}
   142  
   143  	validator := validate.New()
   144  	err := validator.Validate(config)
   145  	if err == nil {
   146  		t.Error("Expected error to occur but it was nil")
   147  	}
   148  }
   149  
   150  func TestValidateUsernamespace(t *testing.T) {
   151  	if _, err := os.Stat("/proc/self/ns/user"); os.IsNotExist(err) {
   152  		t.Skip("userns is unsupported")
   153  	}
   154  	config := &configs.Config{
   155  		Rootfs: "/var",
   156  		Namespaces: configs.Namespaces(
   157  			[]configs.Namespace{
   158  				{Type: configs.NEWUSER},
   159  			},
   160  		),
   161  	}
   162  
   163  	validator := validate.New()
   164  	err := validator.Validate(config)
   165  	if err != nil {
   166  		t.Errorf("expected error to not occur %+v", err)
   167  	}
   168  }
   169  
   170  func TestValidateUsernamespaceWithoutUserNS(t *testing.T) {
   171  	uidMap := configs.IDMap{ContainerID: 123}
   172  	config := &configs.Config{
   173  		Rootfs:      "/var",
   174  		UidMappings: []configs.IDMap{uidMap},
   175  	}
   176  
   177  	validator := validate.New()
   178  	err := validator.Validate(config)
   179  	if err == nil {
   180  		t.Error("Expected error to occur but it was nil")
   181  	}
   182  }
   183  
   184  func TestValidateSysctl(t *testing.T) {
   185  	sysctl := map[string]string{
   186  		"fs.mqueue.ctl": "ctl",
   187  		"net.ctl":       "ctl",
   188  		"kernel.ctl":    "ctl",
   189  	}
   190  
   191  	for k, v := range sysctl {
   192  		config := &configs.Config{
   193  			Rootfs: "/var",
   194  			Sysctl: map[string]string{k: v},
   195  		}
   196  
   197  		validator := validate.New()
   198  		err := validator.Validate(config)
   199  		if err == nil {
   200  			t.Error("Expected error to occur but it was nil")
   201  		}
   202  	}
   203  }
   204  
   205  func TestValidateValidSysctl(t *testing.T) {
   206  	sysctl := map[string]string{
   207  		"fs.mqueue.ctl": "ctl",
   208  		"net.ctl":       "ctl",
   209  		"kernel.msgmax": "ctl",
   210  	}
   211  
   212  	for k, v := range sysctl {
   213  		config := &configs.Config{
   214  			Rootfs: "/var",
   215  			Sysctl: map[string]string{k: v},
   216  			Namespaces: []configs.Namespace{
   217  				{
   218  					Type: configs.NEWNET,
   219  				},
   220  				{
   221  					Type: configs.NEWIPC,
   222  				},
   223  			},
   224  		}
   225  
   226  		validator := validate.New()
   227  		err := validator.Validate(config)
   228  		if err != nil {
   229  			t.Errorf("Expected error to not occur with {%s=%s} but got: %q", k, v, err)
   230  		}
   231  	}
   232  }
   233  
   234  func TestValidateSysctlWithSameNs(t *testing.T) {
   235  	config := &configs.Config{
   236  		Rootfs: "/var",
   237  		Sysctl: map[string]string{"net.ctl": "ctl"},
   238  		Namespaces: configs.Namespaces(
   239  			[]configs.Namespace{
   240  				{
   241  					Type: configs.NEWNET,
   242  					Path: "/proc/self/ns/net",
   243  				},
   244  			},
   245  		),
   246  	}
   247  
   248  	validator := validate.New()
   249  	err := validator.Validate(config)
   250  	if err == nil {
   251  		t.Error("Expected error to occur but it was nil")
   252  	}
   253  }
   254  
   255  func TestValidateSysctlWithoutNETNamespace(t *testing.T) {
   256  	config := &configs.Config{
   257  		Rootfs:     "/var",
   258  		Sysctl:     map[string]string{"net.ctl": "ctl"},
   259  		Namespaces: []configs.Namespace{},
   260  	}
   261  
   262  	validator := validate.New()
   263  	err := validator.Validate(config)
   264  	if err == nil {
   265  		t.Error("Expected error to occur but it was nil")
   266  	}
   267  }