Add test code linux_cgroups_devices

tests/contest/contest/src/main.rs

@@ -103,6 +103,7 @@ fn main() -> Result<()> {
     let cgroup_v1_pids = cgroups::pids::get_test_group();
     let cgroup_v1_cpu = cgroups::cpu::v1::get_test_group();
     let cgroup_v2_cpu = cgroups::cpu::v2::get_test_group();
+    let cgroup_v1_device = cgroups::devices::get_test_group();
     let cgroup_v1_memory = cgroups::memory::get_test_group();
     let cgroup_v1_network = cgroups::network::get_test_group();
     let cgroup_v1_blkio = cgroups::blkio::get_test_group();
@@ -131,6 +132,7 @@ fn main() -> Result<()> {
     tm.add_test_group(Box::new(cgroup_v1_pids));
     tm.add_test_group(Box::new(cgroup_v1_cpu));
     tm.add_test_group(Box::new(cgroup_v2_cpu));
+    tm.add_test_group(Box::new(cgroup_v1_device));
     tm.add_test_group(Box::new(cgroup_v1_memory));
     tm.add_test_group(Box::new(cgroup_v1_network));
     tm.add_test_group(Box::new(cgroup_v1_blkio));

tests/contest/contest/src/tests/cgroups/devices.rs

@@ -0,0 +1,84 @@
+use std::path::Path;
+
+use anyhow::Context;
+use oci_spec::runtime::{
+    LinuxBuilder, LinuxDeviceCgroup, LinuxDeviceCgroupBuilder, LinuxDeviceType,
+    LinuxResourcesBuilder, Spec, SpecBuilder,
+};
+use test_framework::{test_result, ConditionalTest, TestGroup, TestResult};
+
+use crate::utils::test_outside_container;
+use crate::utils::test_utils::check_container_created;
+
+fn can_run() -> bool {
+    Path::new("/sys/fs/cgroup/devices").exists()
+}
+
+fn linux_device_build(
+    allow: bool,
+    dev_type: LinuxDeviceType,
+    major: i64,
+    minor: i64,
+    access: String,
+) -> LinuxDeviceCgroup {
+    LinuxDeviceCgroupBuilder::default()
+        .access(allow.to_string())
+        .typ(dev_type)
+        .major(major)
+        .minor(minor)
+        .access(access)
+        .build()
+        .unwrap()
+}
+
+fn create_spec(cgroup_name: &str, devices: Vec<LinuxDeviceCgroup>) -> anyhow::Result<Spec> {
+    let spec = SpecBuilder::default()
+        .linux(
+            LinuxBuilder::default()
+                .cgroups_path(Path::new("/runtime-test").join(cgroup_name))
+                .resources(
+                    LinuxResourcesBuilder::default()
+                        .devices(devices)
+                        .build()
+                        .context("failed to build resource spec")?,
+                )
+                .build()
+                .context("failed to build linux spec")?,
+        )
+        .build()
+        .context("failed to build spec")?;
+
+    Ok(spec)
+}
+
+fn test_devices_cgroups() -> TestResult {
+    let cgroup_name = "test_devices_cgroups";
+    let linux_devices = vec![
+        linux_device_build(true, LinuxDeviceType::C, 10, 229, "rwm".to_string()),
+        linux_device_build(true, LinuxDeviceType::B, 8, 20, "rw".to_string()),
+        linux_device_build(true, LinuxDeviceType::B, 10, 200, "r".to_string()),
+    ];
+    let spec = test_result!(create_spec(cgroup_name, linux_devices));
+
+    let test_result = test_outside_container(spec, &|data| {
+        test_result!(check_container_created(&data));
+        TestResult::Passed
+    });
+    if let TestResult::Failed(_) = test_result {
+        return test_result;
+    }
+    test_result
+}
+
+pub fn get_test_group() -> TestGroup {
+    let mut test_group = TestGroup::new("cgroup_v1_devices");
+    let linux_cgroups_devices = ConditionalTest::new(
+        "test_linux_cgroups_devices",
+        Box::new(can_run),
+        Box::new(crate::tests::cgroups::devices::test_devices_cgroups),
+    );
+
+    test_group.add(vec![Box::new(linux_cgroups_devices)]);
+
+    test_group
+}

tests/contest/contest/src/tests/cgroups/mod.rs

@@ -6,6 +6,7 @@ use anyhow::{Context, Result};
 use procfs::process::Process;
 pub mod blkio;
 pub mod cpu;
+pub mod devices;
 pub mod memory;
 pub mod network;
 pub mod pids;