From df448c0089395165929e1aef1d5cb8a98370ee14 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Fri, 25 Oct 2024 00:17:12 +0900 Subject: [PATCH 01/23] add test root readonly true Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/contest/src/main.rs | 4 +++ tests/contest/contest/src/tests/mod.rs | 2 ++ .../src/tests/root_readonly_true/mod.rs | 2 ++ .../root_readonly_true/root_readonly_tests.rs | 27 +++++++++++++++++++ tests/contest/runtimetest/src/main.rs | 1 + tests/contest/runtimetest/src/tests.rs | 16 +++++++++++ 6 files changed, 52 insertions(+) create mode 100644 tests/contest/contest/src/tests/root_readonly_true/mod.rs create mode 100644 tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs diff --git a/tests/contest/contest/src/main.rs b/tests/contest/contest/src/main.rs index 8049457c0..02af5714c 100644 --- a/tests/contest/contest/src/main.rs +++ b/tests/contest/contest/src/main.rs @@ -21,6 +21,7 @@ use crate::tests::linux_ns_itype::get_ns_itype_tests; use crate::tests::mounts_recursive::get_mounts_recursive_test; use crate::tests::pidfile::get_pidfile_test; use crate::tests::readonly_paths::get_ro_paths_test; +use crate::tests::root_readonly_true::get_root_readonly_test; use crate::tests::scheduler::get_scheduler_test; use crate::tests::seccomp::get_seccomp_test; use crate::tests::seccomp_notify::get_seccomp_notify_test; @@ -113,6 +114,7 @@ fn main() -> Result<()> { let scheduler = get_scheduler_test(); let io_priority_test = get_io_priority_test(); let devices = get_devices_test(); + let root_readonly = get_root_readonly_test(); tm.add_test_group(Box::new(cl)); tm.add_test_group(Box::new(cc)); @@ -136,6 +138,8 @@ fn main() -> Result<()> { tm.add_test_group(Box::new(sysctl)); tm.add_test_group(Box::new(scheduler)); tm.add_test_group(Box::new(devices)); + tm.add_test_group(Box::new(root_readonly)); + tm.add_test_group(Box::new(io_priority_test)); tm.add_cleanup(Box::new(cgroups::cleanup_v1)); diff --git a/tests/contest/contest/src/tests/mod.rs b/tests/contest/contest/src/tests/mod.rs index 1fee606b1..b6f4d20a4 100644 --- a/tests/contest/contest/src/tests/mod.rs +++ b/tests/contest/contest/src/tests/mod.rs @@ -16,3 +16,5 @@ pub mod seccomp; pub mod seccomp_notify; pub mod sysctl; pub mod tlb; + +pub mod root_readonly_true; diff --git a/tests/contest/contest/src/tests/root_readonly_true/mod.rs b/tests/contest/contest/src/tests/root_readonly_true/mod.rs new file mode 100644 index 000000000..32bcfe81d --- /dev/null +++ b/tests/contest/contest/src/tests/root_readonly_true/mod.rs @@ -0,0 +1,2 @@ +mod root_readonly_tests; +pub use root_readonly_tests::get_root_readonly_test; diff --git a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs new file mode 100644 index 000000000..8502e1470 --- /dev/null +++ b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs @@ -0,0 +1,27 @@ +use crate::utils::test_inside_container; +use anyhow::{Context, Ok, Result}; +use oci_spec::runtime::{ProcessBuilder, Root, RootBuilder, Spec, SpecBuilder}; +use test_framework::{test_result, Test, TestGroup, TestResult}; + +fn create_spec() -> Result { + let spec = SpecBuilder::default(). + root( + RootBuilder::default().readonly(true).build().unwrap() + ).build().context("failed to build spec")?; + + Ok(spec) +} + +fn root_readonly_test() -> TestResult { + let spec = test_result!(create_spec()); + test_inside_container(spec, &|_| Ok(())) +} + +pub fn get_root_readonly_test() -> TestGroup { + let mut process_test_group = TestGroup::new("root_readonly"); + + let test = Test::new("root_readonly_test", Box::new(root_readonly_test)); + process_test_group.add(vec![Box::new(test)]); + + process_test_group +} \ No newline at end of file diff --git a/tests/contest/runtimetest/src/main.rs b/tests/contest/runtimetest/src/main.rs index 95780bd48..565fde94d 100644 --- a/tests/contest/runtimetest/src/main.rs +++ b/tests/contest/runtimetest/src/main.rs @@ -44,6 +44,7 @@ fn main() { "io_priority_class_be" => tests::test_io_priority_class(&spec, IoprioClassBe), "io_priority_class_idle" => tests::test_io_priority_class(&spec, IoprioClassIdle), "devices" => tests::validate_devices(&spec), + "root_readonly" => tests::test_validate_root_readonly(), _ => eprintln!("error due to unexpected execute test name: {execute_test}"), } } diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 40f5ad29c..f43bcdaa6 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -545,3 +545,19 @@ pub fn test_io_priority_class(spec: &Spec, io_priority_class: IOPriorityClass) { eprintln!("error ioprio_get expected priority {expected_priority:?}, got {priority}") } } + +pub fn test_validate_root_readonly() { + if let std::io::Result::Err(e) = test_read_access("/") { + let errno = Errno::from_raw(e.raw_os_error().unwrap()); + if errno == Errno::ENOENT { + /* This is expected */ + } else { + eprintln!( + "in readonly paths, error in testing read access for / : {e:?}" + ); + return; + } + } else { + /* Expected */ + } +} From acf161baaab222ae6ed9a0fded7cfcbb4dc7a9f9 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 4 Nov 2024 13:16:08 +0900 Subject: [PATCH 02/23] fix test group name Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- .../root_readonly_true/root_readonly_tests.rs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs index 8502e1470..a1991a6a4 100644 --- a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs +++ b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs @@ -4,10 +4,10 @@ use oci_spec::runtime::{ProcessBuilder, Root, RootBuilder, Spec, SpecBuilder}; use test_framework::{test_result, Test, TestGroup, TestResult}; fn create_spec() -> Result { - let spec = SpecBuilder::default(). - root( - RootBuilder::default().readonly(true).build().unwrap() - ).build().context("failed to build spec")?; + let spec = SpecBuilder::default() + .root(RootBuilder::default().readonly(true).build().unwrap()) + .build() + .context("failed to build spec")?; Ok(spec) } @@ -18,10 +18,10 @@ fn root_readonly_test() -> TestResult { } pub fn get_root_readonly_test() -> TestGroup { - let mut process_test_group = TestGroup::new("root_readonly"); + let mut root_readonly_test_group = TestGroup::new("root_readonly"); let test = Test::new("root_readonly_test", Box::new(root_readonly_test)); - process_test_group.add(vec![Box::new(test)]); + root_readonly_test_group.add(vec![Box::new(test)]); - process_test_group -} \ No newline at end of file + root_readonly_test_group +} From 87d1d26b1482e991f733401c4ac246a1ea1e3d68 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 4 Nov 2024 13:16:34 +0900 Subject: [PATCH 03/23] fix format Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/contest/src/main.rs | 1 - tests/contest/runtimetest/src/tests.rs | 4 +--- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/contest/contest/src/main.rs b/tests/contest/contest/src/main.rs index 02af5714c..39d8efe70 100644 --- a/tests/contest/contest/src/main.rs +++ b/tests/contest/contest/src/main.rs @@ -140,7 +140,6 @@ fn main() -> Result<()> { tm.add_test_group(Box::new(devices)); tm.add_test_group(Box::new(root_readonly)); - tm.add_test_group(Box::new(io_priority_test)); tm.add_cleanup(Box::new(cgroups::cleanup_v1)); tm.add_cleanup(Box::new(cgroups::cleanup_v2)); diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index f43bcdaa6..0d4cd3051 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -552,9 +552,7 @@ pub fn test_validate_root_readonly() { if errno == Errno::ENOENT { /* This is expected */ } else { - eprintln!( - "in readonly paths, error in testing read access for / : {e:?}" - ); + eprintln!("in readonly paths, error in testing read access for / : {e:?}"); return; } } else { From 69e88a24f73dbcf0e309d737cda84e01ab4565f7 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 4 Nov 2024 13:18:03 +0900 Subject: [PATCH 04/23] remove blank line Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/contest/src/tests/mod.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/contest/contest/src/tests/mod.rs b/tests/contest/contest/src/tests/mod.rs index b6f4d20a4..4d45ba44b 100644 --- a/tests/contest/contest/src/tests/mod.rs +++ b/tests/contest/contest/src/tests/mod.rs @@ -16,5 +16,4 @@ pub mod seccomp; pub mod seccomp_notify; pub mod sysctl; pub mod tlb; - pub mod root_readonly_true; From e08b84a64af7717fedf24c059b372564bf83f600 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 4 Nov 2024 13:45:26 +0900 Subject: [PATCH 05/23] remove unused import Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/contest/src/tests/mod.rs | 2 +- .../contest/src/tests/root_readonly_true/root_readonly_tests.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/contest/contest/src/tests/mod.rs b/tests/contest/contest/src/tests/mod.rs index df8c25dfc..b53a0a361 100644 --- a/tests/contest/contest/src/tests/mod.rs +++ b/tests/contest/contest/src/tests/mod.rs @@ -12,9 +12,9 @@ pub mod mounts_recursive; pub mod no_pivot; pub mod pidfile; pub mod readonly_paths; +pub mod root_readonly_true; pub mod scheduler; pub mod seccomp; pub mod seccomp_notify; pub mod sysctl; pub mod tlb; -pub mod root_readonly_true; diff --git a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs index a1991a6a4..a2b6061d8 100644 --- a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs +++ b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs @@ -1,6 +1,6 @@ use crate::utils::test_inside_container; use anyhow::{Context, Ok, Result}; -use oci_spec::runtime::{ProcessBuilder, Root, RootBuilder, Spec, SpecBuilder}; +use oci_spec::runtime::{RootBuilder, Spec, SpecBuilder}; use test_framework::{test_result, Test, TestGroup, TestResult}; fn create_spec() -> Result { From 8f667f2e8813790525262182834500112d03305d Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 4 Nov 2024 18:12:26 +0900 Subject: [PATCH 06/23] fix format err Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- .../src/tests/root_readonly_true/root_readonly_tests.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs index a2b6061d8..7773c4e99 100644 --- a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs +++ b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs @@ -1,8 +1,9 @@ -use crate::utils::test_inside_container; use anyhow::{Context, Ok, Result}; use oci_spec::runtime::{RootBuilder, Spec, SpecBuilder}; use test_framework::{test_result, Test, TestGroup, TestResult}; +use crate::utils::test_inside_container; + fn create_spec() -> Result { let spec = SpecBuilder::default() .root(RootBuilder::default().readonly(true).build().unwrap()) From acc437cbfd4279f163cdb56b8cf52ec59f4c17c1 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 4 Nov 2024 18:20:39 +0900 Subject: [PATCH 07/23] remove unnecessary return Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 49dae98e5..1e22c7549 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -553,7 +553,6 @@ pub fn test_validate_root_readonly() { /* This is expected */ } else { eprintln!("in readonly paths, error in testing read access for / : {e:?}"); - return; } } else { /* Expected */ From 2175df7aefb556592e4c1f6433e01777eea73b4b Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Sun, 10 Nov 2024 20:09:28 +0900 Subject: [PATCH 08/23] separate test root readonly true and false Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- .../root_readonly_true/root_readonly_tests.rs | 18 ++++++++---- tests/contest/runtimetest/src/main.rs | 2 +- tests/contest/runtimetest/src/tests.rs | 28 ++++++++++++++----- 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs index 7773c4e99..fb7cd7950 100644 --- a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs +++ b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs @@ -1,12 +1,18 @@ use anyhow::{Context, Ok, Result}; -use oci_spec::runtime::{RootBuilder, Spec, SpecBuilder}; +use oci_spec::runtime::{ProcessBuilder, RootBuilder, Spec, SpecBuilder}; use test_framework::{test_result, Test, TestGroup, TestResult}; use crate::utils::test_inside_container; -fn create_spec() -> Result { +fn create_spec(readonly: bool) -> Result { let spec = SpecBuilder::default() - .root(RootBuilder::default().readonly(true).build().unwrap()) + .root(RootBuilder::default().readonly(readonly).build().unwrap()) + .process( + ProcessBuilder::default() + .args(vec!["runtimetest".to_string(), "root_readonly".to_string()]) + .build() + .expect("error in creating config"), + ) .build() .context("failed to build spec")?; @@ -14,8 +20,10 @@ fn create_spec() -> Result { } fn root_readonly_test() -> TestResult { - let spec = test_result!(create_spec()); - test_inside_container(spec, &|_| Ok(())) + let spec_true = test_result!(create_spec(true)); + let spec_false = test_result!(create_spec(false)); + test_inside_container(spec_true, &|_| Ok(())); + test_inside_container(spec_false, &|_| Ok(())) } pub fn get_root_readonly_test() -> TestGroup { diff --git a/tests/contest/runtimetest/src/main.rs b/tests/contest/runtimetest/src/main.rs index d33a6ddf5..6f953cd28 100644 --- a/tests/contest/runtimetest/src/main.rs +++ b/tests/contest/runtimetest/src/main.rs @@ -44,7 +44,7 @@ fn main() { "io_priority_class_be" => tests::test_io_priority_class(&spec, IoprioClassBe), "io_priority_class_idle" => tests::test_io_priority_class(&spec, IoprioClassIdle), "devices" => tests::validate_devices(&spec), - "root_readonly" => tests::test_validate_root_readonly(), + "root_readonly" => tests::test_validate_root_readonly(&spec), "no_pivot" => tests::validate_rootfs(), _ => eprintln!("error due to unexpected execute test name: {execute_test}"), diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 1e22c7549..4103ec233 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -546,16 +546,30 @@ pub fn test_io_priority_class(spec: &Spec, io_priority_class: IOPriorityClass) { } } -pub fn test_validate_root_readonly() { - if let std::io::Result::Err(e) = test_read_access("/") { +pub fn test_validate_root_readonly(spec: &Spec) { + let root = spec.root().as_ref().unwrap(); + if root.readonly().unwrap() == true { + if let Err(e) = test_write_access("/test.txt") { + let errno = Errno::from_raw(e.raw_os_error().unwrap()); + if errno == Errno::ENOENT || errno == Errno::EROFS { + /* This is expected */ + } else { + eprintln!( + "readonly root filesystem, error in testing write access for path {}", + "/test.txt" + ); + } + } + } else if let Err(e) = test_write_access("/test.txt") { let errno = Errno::from_raw(e.raw_os_error().unwrap()); - if errno == Errno::ENOENT { - /* This is expected */ + if errno == Errno::ENOENT || errno == Errno::EROFS { + eprintln!( + "readt only root filesystem is false but write access for path {} is err", + "/test.txt" + ); } else { - eprintln!("in readonly paths, error in testing read access for / : {e:?}"); + /* This is expected */ } - } else { - /* Expected */ } } From e73746a6ccd8d41b3f7ebdf61c2a6df35bc5cf43 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Sun, 10 Nov 2024 20:45:41 +0900 Subject: [PATCH 09/23] fix format err Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 4103ec233..5adbc0291 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -548,15 +548,16 @@ pub fn test_io_priority_class(spec: &Spec, io_priority_class: IOPriorityClass) { pub fn test_validate_root_readonly(spec: &Spec) { let root = spec.root().as_ref().unwrap(); - if root.readonly().unwrap() == true { - if let Err(e) = test_write_access("/test.txt") { + let test_path = "/test.txt".to_string(); + if root.readonly().unwrap() { + if let Err(e) = test_write_access(&test_path) { let errno = Errno::from_raw(e.raw_os_error().unwrap()); if errno == Errno::ENOENT || errno == Errno::EROFS { /* This is expected */ } else { eprintln!( "readonly root filesystem, error in testing write access for path {}", - "/test.txt" + &test_path ); } } @@ -565,7 +566,7 @@ pub fn test_validate_root_readonly(spec: &Spec) { if errno == Errno::ENOENT || errno == Errno::EROFS { eprintln!( "readt only root filesystem is false but write access for path {} is err", - "/test.txt" + &test_path ); } else { /* This is expected */ From d58291239099320c2a39c2959a91a3b7c010c6d5 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 11 Nov 2024 07:29:28 +0900 Subject: [PATCH 10/23] change test_dir_write_access to pub fn to use test Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/utils.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/contest/runtimetest/src/utils.rs b/tests/contest/runtimetest/src/utils.rs index 4976fe5ae..b331946d2 100644 --- a/tests/contest/runtimetest/src/utils.rs +++ b/tests/contest/runtimetest/src/utils.rs @@ -51,7 +51,7 @@ fn test_file_write_access(path: &str) -> Result<(), std::io::Error> { Ok(()) } -fn test_dir_write_access(path: &str) -> Result<(), std::io::Error> { +pub fn test_dir_write_access(path: &str) -> Result<(), std::io::Error> { let _ = std::fs::OpenOptions::new() .create(true) .truncate(true) From 944c7d4358bba2fa279f7581e2fc6ec7abf90dd2 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 11 Nov 2024 07:30:39 +0900 Subject: [PATCH 11/23] check root readonly to use test_dir_write_access Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 5adbc0291..e477eedfd 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -11,7 +11,7 @@ use nix::unistd::getcwd; use oci_spec::runtime::IOPriorityClass::{self, IoprioClassBe, IoprioClassIdle, IoprioClassRt}; use oci_spec::runtime::{LinuxDevice, LinuxDeviceType, LinuxSchedulerPolicy, Spec}; -use crate::utils::{self, test_read_access, test_write_access}; +use crate::utils::{self, test_dir_write_access, test_read_access, test_write_access}; ////////// ANCHOR: example_hello_world pub fn hello_world(_spec: &Spec) { @@ -548,25 +548,24 @@ pub fn test_io_priority_class(spec: &Spec, io_priority_class: IOPriorityClass) { pub fn test_validate_root_readonly(spec: &Spec) { let root = spec.root().as_ref().unwrap(); - let test_path = "/test.txt".to_string(); if root.readonly().unwrap() { - if let Err(e) = test_write_access(&test_path) { + if let Err(e) = test_dir_write_access("/") { let errno = Errno::from_raw(e.raw_os_error().unwrap()); - if errno == Errno::ENOENT || errno == Errno::EROFS { + if errno == Errno::EROFS { /* This is expected */ } else { eprintln!( "readonly root filesystem, error in testing write access for path {}", - &test_path + "/" ); } } - } else if let Err(e) = test_write_access("/test.txt") { + } else if let Err(e) = test_dir_write_access("/") { let errno = Errno::from_raw(e.raw_os_error().unwrap()); - if errno == Errno::ENOENT || errno == Errno::EROFS { + if errno == Errno::EROFS { eprintln!( "readt only root filesystem is false but write access for path {} is err", - &test_path + "/" ); } else { /* This is expected */ From f1aeaea290ee674e2d5e4c2560c86ad6a98d8f9a Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 11 Nov 2024 07:41:16 +0900 Subject: [PATCH 12/23] fix format err Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index e477eedfd..7d5c06043 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -555,8 +555,7 @@ pub fn test_validate_root_readonly(spec: &Spec) { /* This is expected */ } else { eprintln!( - "readonly root filesystem, error in testing write access for path {}", - "/" + "readonly root filesystem, error in testing write access for path /" ); } } @@ -564,8 +563,7 @@ pub fn test_validate_root_readonly(spec: &Spec) { let errno = Errno::from_raw(e.raw_os_error().unwrap()); if errno == Errno::EROFS { eprintln!( - "readt only root filesystem is false but write access for path {} is err", - "/" + "readt only root filesystem is false but write access for path / is err" ); } else { /* This is expected */ From 903e415835bd937c9df42c556af35c9de80e1bfc Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 11 Nov 2024 07:45:32 +0900 Subject: [PATCH 13/23] fix format err Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 7d5c06043..776889b49 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -554,17 +554,13 @@ pub fn test_validate_root_readonly(spec: &Spec) { if errno == Errno::EROFS { /* This is expected */ } else { - eprintln!( - "readonly root filesystem, error in testing write access for path /" - ); + eprintln!("readonly root filesystem, error in testing write access for path /"); } } } else if let Err(e) = test_dir_write_access("/") { let errno = Errno::from_raw(e.raw_os_error().unwrap()); if errno == Errno::EROFS { - eprintln!( - "readt only root filesystem is false but write access for path / is err" - ); + eprintln!("readt only root filesystem is false but write access for path / is err"); } else { /* This is expected */ } From a49ca55f3b66d513820022b21b44b20371188ed7 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Wed, 13 Nov 2024 07:18:09 +0900 Subject: [PATCH 14/23] remove blank line Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/main.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/contest/runtimetest/src/main.rs b/tests/contest/runtimetest/src/main.rs index 6f953cd28..7dc96ca34 100644 --- a/tests/contest/runtimetest/src/main.rs +++ b/tests/contest/runtimetest/src/main.rs @@ -46,7 +46,6 @@ fn main() { "devices" => tests::validate_devices(&spec), "root_readonly" => tests::test_validate_root_readonly(&spec), "no_pivot" => tests::validate_rootfs(), - _ => eprintln!("error due to unexpected execute test name: {execute_test}"), } } From 81d6128c54e1e8cf9cf92b182c6298be25fa6010 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Wed, 13 Nov 2024 07:20:27 +0900 Subject: [PATCH 15/23] separate two tests to root_readonly_true and root_readonly_false Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- .../tests/root_readonly_true/root_readonly_tests.rs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs index fb7cd7950..33a1dd066 100644 --- a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs +++ b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs @@ -19,18 +19,22 @@ fn create_spec(readonly: bool) -> Result { Ok(spec) } -fn root_readonly_test() -> TestResult { +fn root_readonly_true_test() -> TestResult { let spec_true = test_result!(create_spec(true)); + test_inside_container(spec_true, &|_| Ok(())) +} + +fn root_readonly_false_test() -> TestResult { let spec_false = test_result!(create_spec(false)); - test_inside_container(spec_true, &|_| Ok(())); test_inside_container(spec_false, &|_| Ok(())) } pub fn get_root_readonly_test() -> TestGroup { let mut root_readonly_test_group = TestGroup::new("root_readonly"); - let test = Test::new("root_readonly_test", Box::new(root_readonly_test)); - root_readonly_test_group.add(vec![Box::new(test)]); + let test_true = Test::new("root_readonly_true_test", Box::new(root_readonly_true_test)); + let test_false = Test::new("root_readonly_false_test", Box::new(root_readonly_false_test)); + root_readonly_test_group.add(vec![Box::new(test_true), Box::new(test_false)]); root_readonly_test_group } From da0ccbbe9102369c0bddc905aaee04121db658a6 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Wed, 13 Nov 2024 07:35:11 +0900 Subject: [PATCH 16/23] change test_dir_read_access to pub fn to use test Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/utils.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/contest/runtimetest/src/utils.rs b/tests/contest/runtimetest/src/utils.rs index b331946d2..fd1c1cbde 100644 --- a/tests/contest/runtimetest/src/utils.rs +++ b/tests/contest/runtimetest/src/utils.rs @@ -14,7 +14,7 @@ fn test_file_read_access(path: &str) -> Result<(), std::io::Error> { Ok(()) } -fn test_dir_read_access(path: &str) -> Result<(), std::io::Error> { +pub fn test_dir_read_access(path: &str) -> Result<(), std::io::Error> { let _ = std::fs::read_dir(path)?; Ok(()) } From c3c62fbf865aeaedfb6fdce1b33aba31301988ca Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Wed, 13 Nov 2024 07:36:24 +0900 Subject: [PATCH 17/23] fix debug message and add check read access Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 776889b49..715e779b0 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -2,7 +2,6 @@ use std::fs::{self, read_dir}; use std::os::linux::fs::MetadataExt; use std::os::unix::fs::{FileTypeExt, PermissionsExt}; use std::path::Path; - use anyhow::{bail, Result}; use nix::errno::Errno; use nix::libc; @@ -11,7 +10,7 @@ use nix::unistd::getcwd; use oci_spec::runtime::IOPriorityClass::{self, IoprioClassBe, IoprioClassIdle, IoprioClassRt}; use oci_spec::runtime::{LinuxDevice, LinuxDeviceType, LinuxSchedulerPolicy, Spec}; -use crate::utils::{self, test_dir_write_access, test_read_access, test_write_access}; +use crate::utils::{self, test_dir_read_access, test_dir_write_access, test_read_access, test_write_access}; ////////// ANCHOR: example_hello_world pub fn hello_world(_spec: &Spec) { @@ -554,13 +553,21 @@ pub fn test_validate_root_readonly(spec: &Spec) { if errno == Errno::EROFS { /* This is expected */ } else { - eprintln!("readonly root filesystem, error in testing write access for path /"); + eprintln!("readonly root filesystem, error in testing write access for path /, {}", errno); + } + } + if let Err(e) = test_dir_read_access("/") { + let errno = Errno::from_raw(e.raw_os_error().unwrap()); + if errno == Errno::EROFS { + /* This is expected */ + } else { + eprintln!("readonly root filesystem, error in testing read access for path /, {}", errno); } } } else if let Err(e) = test_dir_write_access("/") { - let errno = Errno::from_raw(e.raw_os_error().unwrap()); - if errno == Errno::EROFS { - eprintln!("readt only root filesystem is false but write access for path / is err"); + if e.raw_os_error().is_some() { + let errno = Errno::from_raw(e.raw_os_error().unwrap()); + eprintln!("readt only root filesystem is false but write access for path / is err, {}", errno); } else { /* This is expected */ } From 80d2bc8423f99a555ad157876719e2bcff2f9d93 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Wed, 13 Nov 2024 07:47:59 +0900 Subject: [PATCH 18/23] fix format err Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- .../root_readonly_true/root_readonly_tests.rs | 5 ++++- tests/contest/runtimetest/src/tests.rs | 20 +++++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs index 33a1dd066..21699dc7c 100644 --- a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs +++ b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs @@ -33,7 +33,10 @@ pub fn get_root_readonly_test() -> TestGroup { let mut root_readonly_test_group = TestGroup::new("root_readonly"); let test_true = Test::new("root_readonly_true_test", Box::new(root_readonly_true_test)); - let test_false = Test::new("root_readonly_false_test", Box::new(root_readonly_false_test)); + let test_false = Test::new( + "root_readonly_false_test", + Box::new(root_readonly_false_test), + ); root_readonly_test_group.add(vec![Box::new(test_true), Box::new(test_false)]); root_readonly_test_group diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 715e779b0..edce421d0 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -2,6 +2,7 @@ use std::fs::{self, read_dir}; use std::os::linux::fs::MetadataExt; use std::os::unix::fs::{FileTypeExt, PermissionsExt}; use std::path::Path; + use anyhow::{bail, Result}; use nix::errno::Errno; use nix::libc; @@ -10,7 +11,9 @@ use nix::unistd::getcwd; use oci_spec::runtime::IOPriorityClass::{self, IoprioClassBe, IoprioClassIdle, IoprioClassRt}; use oci_spec::runtime::{LinuxDevice, LinuxDeviceType, LinuxSchedulerPolicy, Spec}; -use crate::utils::{self, test_dir_read_access, test_dir_write_access, test_read_access, test_write_access}; +use crate::utils::{ + self, test_dir_read_access, test_dir_write_access, test_read_access, test_write_access, +}; ////////// ANCHOR: example_hello_world pub fn hello_world(_spec: &Spec) { @@ -553,7 +556,10 @@ pub fn test_validate_root_readonly(spec: &Spec) { if errno == Errno::EROFS { /* This is expected */ } else { - eprintln!("readonly root filesystem, error in testing write access for path /, {}", errno); + eprintln!( + "readonly root filesystem, error in testing write access for path /, error: {}", + errno + ); } } if let Err(e) = test_dir_read_access("/") { @@ -561,13 +567,19 @@ pub fn test_validate_root_readonly(spec: &Spec) { if errno == Errno::EROFS { /* This is expected */ } else { - eprintln!("readonly root filesystem, error in testing read access for path /, {}", errno); + eprintln!( + "readonly root filesystem, error in testing read access for path /, error: {}", + errno + ); } } } else if let Err(e) = test_dir_write_access("/") { if e.raw_os_error().is_some() { let errno = Errno::from_raw(e.raw_os_error().unwrap()); - eprintln!("readt only root filesystem is false but write access for path / is err, {}", errno); + eprintln!( + "readt only root filesystem is false but write access for path / is err, error: {}", + errno + ); } else { /* This is expected */ } From faf60dc88b7b8294552460a90c26297fbd55bb9d Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Fri, 15 Nov 2024 02:24:26 +0900 Subject: [PATCH 19/23] add root_readonly test to main Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/main.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/contest/runtimetest/src/main.rs b/tests/contest/runtimetest/src/main.rs index 7e98f0847..339bacad0 100644 --- a/tests/contest/runtimetest/src/main.rs +++ b/tests/contest/runtimetest/src/main.rs @@ -44,6 +44,7 @@ fn main() { "io_priority_class_be" => tests::test_io_priority_class(&spec, IoprioClassBe), "io_priority_class_idle" => tests::test_io_priority_class(&spec, IoprioClassIdle), "devices" => tests::validate_devices(&spec), + "root_readonly" => tests::test_validate_root_readonly(&spec), "process_user" => tests::validate_process_user(&spec), "process_rlimits" => tests::validate_process_rlimits(&spec), "no_pivot" => tests::validate_rootfs(), From 6171950764ae79c2be1b67a55e09bb20c74d49cd Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Sun, 24 Nov 2024 18:27:01 +0900 Subject: [PATCH 20/23] add read access test when root readonly is false Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 31 ++++++++++++++++---------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 0b848bb40..8c2ca14df 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -568,24 +568,31 @@ pub fn test_validate_root_readonly(spec: &Spec) { } if let Err(e) = test_dir_read_access("/") { let errno = Errno::from_raw(e.raw_os_error().unwrap()); - if errno == Errno::EROFS { - /* This is expected */ - } else { + if errno { eprintln!( - "readonly root filesystem, error in testing read access for path /, error: {}", + "readonly root filesystem, but error in testing read access for path /, error: {}", errno ); } } - } else if let Err(e) = test_dir_write_access("/") { - if e.raw_os_error().is_some() { + } else { + if let Err(e) = test_dir_write_access("/") { let errno = Errno::from_raw(e.raw_os_error().unwrap()); - eprintln!( - "readt only root filesystem is false but write access for path / is err, error: {}", - errno - ); - } else { - /* This is expected */ + if errno { + eprintln!( + "readonly root filesystem is false, but error in testing write access for path /, error: {}", + errno + ); + } + } + if let Err(e) = test_dir_read_access("/") { + let errno = Errno::from_raw(e.raw_os_error().unwrap()); + if errno { + eprintln!( + "readonly root filesystem is false, but error in testing read access for path /, error: {}", + errno + ); + } } } } From 6b762f75e4248b79c0ccfd62de4c37fd83ea0427 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Sun, 24 Nov 2024 18:40:38 +0900 Subject: [PATCH 21/23] fox type err Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 8c2ca14df..3f02fef14 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -567,8 +567,8 @@ pub fn test_validate_root_readonly(spec: &Spec) { } } if let Err(e) = test_dir_read_access("/") { - let errno = Errno::from_raw(e.raw_os_error().unwrap()); - if errno { + if let Some(errno_code) = e.raw_os_error() { + let errno = Errno::from_raw(errno_code); eprintln!( "readonly root filesystem, but error in testing read access for path /, error: {}", errno @@ -577,8 +577,8 @@ pub fn test_validate_root_readonly(spec: &Spec) { } } else { if let Err(e) = test_dir_write_access("/") { - let errno = Errno::from_raw(e.raw_os_error().unwrap()); - if errno { + if let Some(errno_code) = e.raw_os_error() { + let errno = Errno::from_raw(errno_code); eprintln!( "readonly root filesystem is false, but error in testing write access for path /, error: {}", errno @@ -586,8 +586,8 @@ pub fn test_validate_root_readonly(spec: &Spec) { } } if let Err(e) = test_dir_read_access("/") { - let errno = Errno::from_raw(e.raw_os_error().unwrap()); - if errno { + if let Some(errno_code) = e.raw_os_error() { + let errno = Errno::from_raw(errno_code); eprintln!( "readonly root filesystem is false, but error in testing read access for path /, error: {}", errno From 736127756158af9dd9328f8bb77cb08975f78858 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 25 Nov 2024 15:07:17 +0900 Subject: [PATCH 22/23] remove code err to raw os err Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- tests/contest/runtimetest/src/tests.rs | 33 ++++++++++---------------- 1 file changed, 12 insertions(+), 21 deletions(-) diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs index 3f02fef14..3e1f57cec 100644 --- a/tests/contest/runtimetest/src/tests.rs +++ b/tests/contest/runtimetest/src/tests.rs @@ -567,32 +567,23 @@ pub fn test_validate_root_readonly(spec: &Spec) { } } if let Err(e) = test_dir_read_access("/") { - if let Some(errno_code) = e.raw_os_error() { - let errno = Errno::from_raw(errno_code); - eprintln!( - "readonly root filesystem, but error in testing read access for path /, error: {}", - errno - ); - } + eprintln!( + "readonly root filesystem, but error in testing read access for path /, error: {}", + e + ); } } else { if let Err(e) = test_dir_write_access("/") { - if let Some(errno_code) = e.raw_os_error() { - let errno = Errno::from_raw(errno_code); - eprintln!( - "readonly root filesystem is false, but error in testing write access for path /, error: {}", - errno - ); - } + eprintln!( + "readonly root filesystem is false, but error in testing write access for path /, error: {}", + e + ); } if let Err(e) = test_dir_read_access("/") { - if let Some(errno_code) = e.raw_os_error() { - let errno = Errno::from_raw(errno_code); - eprintln!( - "readonly root filesystem is false, but error in testing read access for path /, error: {}", - errno - ); - } + eprintln!( + "readonly root filesystem is false, but error in testing read access for path /, error: {}", + e + ); } } } From c5cc238104dfa05a700518dfb0df3642a8bc8e25 Mon Sep 17 00:00:00 2001 From: sat0ken <15720506+sat0ken@users.noreply.github.com> Date: Mon, 25 Nov 2024 23:21:38 +0900 Subject: [PATCH 23/23] add CreateOptions Signed-off-by: sat0ken <15720506+sat0ken@users.noreply.github.com> --- .../src/tests/root_readonly_true/root_readonly_tests.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs index 21699dc7c..c87b30adf 100644 --- a/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs +++ b/tests/contest/contest/src/tests/root_readonly_true/root_readonly_tests.rs @@ -3,6 +3,7 @@ use oci_spec::runtime::{ProcessBuilder, RootBuilder, Spec, SpecBuilder}; use test_framework::{test_result, Test, TestGroup, TestResult}; use crate::utils::test_inside_container; +use crate::utils::test_utils::CreateOptions; fn create_spec(readonly: bool) -> Result { let spec = SpecBuilder::default() @@ -21,12 +22,12 @@ fn create_spec(readonly: bool) -> Result { fn root_readonly_true_test() -> TestResult { let spec_true = test_result!(create_spec(true)); - test_inside_container(spec_true, &|_| Ok(())) + test_inside_container(spec_true, &CreateOptions::default(), &|_| Ok(())) } fn root_readonly_false_test() -> TestResult { let spec_false = test_result!(create_spec(false)); - test_inside_container(spec_false, &|_| Ok(())) + test_inside_container(spec_false, &CreateOptions::default(), &|_| Ok(())) } pub fn get_root_readonly_test() -> TestGroup {