github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/mergeCode/runc/tests/integration/mask.bats (about)

     1  #!/usr/bin/env bats
     2  
     3  load helpers
     4  
     5  function setup() {
     6  	teardown_busybox
     7  	setup_busybox
     8  
     9  	# Create fake rootfs.
    10  	mkdir rootfs/testdir
    11  	echo "Forbidden information!" > rootfs/testfile
    12  
    13  	# add extra masked paths
    14  	sed -i 's;"maskedPaths": \[;"maskedPaths": \["/testdir","/testfile",;g' config.json
    15  }
    16  
    17  function teardown() {
    18  	teardown_busybox
    19  }
    20  
    21  @test "mask paths [file]" {
    22  	# run busybox detached
    23  	runc run -d --console /dev/pts/ptmx test_busybox
    24  	[ "$status" -eq 0 ]
    25  
    26  	wait_for_container 15 1 test_busybox
    27  
    28  	runc exec test_busybox cat /testfile
    29  	[ "$status" -eq 0 ]
    30  	[[ "${output}" == "" ]]
    31  
    32  	runc exec test_busybox rm -f /testfile
    33  	[ "$status" -eq 1 ]
    34  	[[ "${output}" == *"Read-only file system"* ]]
    35  
    36  	runc exec test_busybox umount /testfile
    37  	[ "$status" -eq 1 ]
    38  	[[ "${output}" == *"Operation not permitted"* ]]
    39  }
    40  
    41  @test "mask paths [directory]" {
    42  	# run busybox detached
    43  	runc run -d --console /dev/pts/ptmx test_busybox
    44  	[ "$status" -eq 0 ]
    45  
    46  	wait_for_container 15 1 test_busybox
    47  
    48  	runc exec test_busybox ls /testdir
    49  	[ "$status" -eq 0 ]
    50  	[[ "${output}" == "" ]]
    51  
    52  	runc exec test_busybox touch /testdir/foo
    53  	[ "$status" -eq 1 ]
    54  	[[ "${output}" == *"Read-only file system"* ]]
    55  
    56  	runc exec test_busybox rm -rf /testdir
    57  	[ "$status" -eq 1 ]
    58  	[[ "${output}" == *"Read-only file system"* ]]
    59  
    60  	runc exec test_busybox umount /testdir
    61  	[ "$status" -eq 1 ]
    62  	[[ "${output}" == *"Operation not permitted"* ]]
    63  }