forked from firecracker-microvm/firecracker-containerd
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathjailer_test.go
138 lines (115 loc) · 3.8 KB
/
jailer_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License"). You may
// not use this file except in compliance with the License. A copy of the
// License is located at
//
// http://aws.amazon.com/apache2.0/
//
// or in the "license" file accompanying this file. This file is distributed
// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
// express or implied. See the License for the specific language governing
// permissions and limitations under the License.
package main
import (
"context"
"os"
"os/exec"
"path/filepath"
"syscall"
"testing"
"github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/firecracker-microvm/firecracker-containerd/config"
"github.com/firecracker-microvm/firecracker-containerd/internal/integtest"
"github.com/firecracker-microvm/firecracker-containerd/internal/vm"
"github.com/firecracker-microvm/firecracker-containerd/proto"
)
func TestCopyFile_simple(t *testing.T) {
srcPath := "./firecracker-runc-config.json.example"
dstPath := "./test-copy-file"
const expectedMode = 0600
err := copyFile(srcPath, dstPath, expectedMode)
assert.NoError(t, err, "failed to copy file")
defer os.Remove(dstPath)
info, err := os.Stat(dstPath)
assert.NoError(t, err, "failed to stat file")
assert.Equal(t, os.FileMode(expectedMode), info.Mode())
assert.NotEqual(t, 0, int(info.Size()))
}
func createSparseFile(path string, size int) error {
f, err := os.Create(path)
if err != nil {
return err
}
defer f.Close()
err = f.Truncate(int64(size))
if err != nil {
return err
}
return nil
}
func TestCopyFile_sparse(t *testing.T) {
dir := t.TempDir()
expectedSize := 1024
src := filepath.Join(dir, "original-sparse-file")
err := createSparseFile(src, expectedSize)
require.NoError(t, err)
dst := filepath.Join(dir, "copied-as-sparse")
err = copyFile(src, dst, 0600)
require.NoError(t, err, "failed to copy file")
stat, err := os.Stat(dst)
require.NoError(t, err)
assert.Equal(t, expectedSize, int(stat.Size()), "metadata-wise, the file is not empty")
unixStat, ok := (stat.Sys()).(*syscall.Stat_t)
require.True(t, ok)
assert.Equal(t, int64(0), unixStat.Blocks, "it doesn't allocate any blocks, since the file is empty")
}
func TestCopyFile_invalidPaths(t *testing.T) {
srcPath := "./invalid.path"
dstPath := "./test-copy-file"
err := copyFile(srcPath, dstPath, 0600)
assert.Error(t, err, "copyFile should have returned an error")
}
func TestJailer_invalidUIDGID(t *testing.T) {
req := proto.CreateVMRequest{
JailerConfig: &proto.JailerConfig{},
}
_, err := newJailer(context.Background(), logrus.NewEntry(logrus.New()), "/foo", &service{}, &req)
assert.Error(t, err, "expected invalid uid and gid error, but received none")
}
func TestNewJailer_Isolated(t *testing.T) {
integtest.Prepare(t)
ociBundlePath := t.TempDir()
b, err := exec.Command(
"cp",
"firecracker-runc-config.json.example",
filepath.Join(ociBundlePath, "config.json"),
).CombinedOutput()
require.NoErrorf(t, err, "copy runc config failed with: %s", string(b))
ctx := context.Background()
logger := logrus.NewEntry(logrus.New())
s := &service{
vmID: "id",
shimDir: vm.Dir("/path/to/shim"),
config: &config.Config{
JailerConfig: config.JailerConfig{
RuncBinaryPath: "/path/to/runc_bin_path",
RuncConfigPath: filepath.Join(ociBundlePath, "config.json"),
},
},
}
req := &proto.CreateVMRequest{
JailerConfig: &proto.JailerConfig{
UID: 123,
GID: 456,
CgroupPath: "/my/cgroup_path",
},
}
j, err := newJailer(ctx, logger, ociBundlePath, s, req)
require.NoError(t, err)
runc, ok := j.(*runcJailer)
require.True(t, ok)
assert.Equal(t, filepath.Join(req.JailerConfig.CgroupPath, s.vmID), runc.CgroupPath())
}