Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0f4ffc4

Browse files
frasertweedalefrasertweedale
committed
add test for chown cgroup feature
Signed-off-by: Fraser Tweedale <[email protected]>
1 parent c748f34 commit 0f4ffc4

File tree

1 file changed

+53
-0
lines changed

1 file changed

+53
-0
lines changed

tests/integration/cgroups.bats

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,59 @@ function setup() {
119119
#
120120
}
121121

122+
@test "runc exec (cgroup v2 without chown-cgroup annotation) does not chown cgroup" {
123+
requires root cgroups_v2 systemd
124+
125+
set_cgroups_path
126+
set_cgroup_mount_writable
127+
128+
# configure a user namespace
129+
update_config '.linux.namespaces += [{"type": "user"}]'
130+
update_config '.linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}]'
131+
update_config '.linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}]'
132+
133+
# chown test temp dir to allow host user to read it
134+
chown 100000 $ROOT
135+
136+
# chown rootfs to allow host user to mkdir mount points
137+
chown 100000 $ROOT/bundle/rootfs
138+
139+
runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroup_chown
140+
[ "$status" -eq 0 ]
141+
142+
runc exec test_cgroup_chown sh -c "ls -ld /sys/fs/cgroup | awk '{print \$3}'"
143+
[ "$status" -eq 0 ]
144+
[ "$output" = "nobody" ] # /sys/fs/cgroup owned by unmapped user
145+
}
146+
147+
@test "runc exec (cgroup v2 with chown-cgroup annotation) does chown cgroup" {
148+
requires root cgroups_v2 systemd
149+
150+
set_cgroups_path
151+
set_cgroup_mount_writable
152+
153+
# configure a user namespace
154+
update_config '.linux.namespaces += [{"type": "user"}]'
155+
update_config '.linux.uidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}]'
156+
update_config '.linux.gidMappings += [{"hostID": 100000, "containerID": 0, "size": 65536}]'
157+
158+
# set chown-cgroup annotation
159+
update_config '.annotations += {"org.opencontainers.runc.chown-cgroup": "true"}'
160+
161+
# chown test temp dir to allow host user to read it
162+
chown 100000 $ROOT
163+
164+
# chown rootfs to allow host user to mkdir mount points
165+
chown 100000 $ROOT/bundle/rootfs
166+
167+
runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroup_chown
168+
[ "$status" -eq 0 ]
169+
170+
runc exec test_cgroup_chown sh -c "ls -ld /sys/fs/cgroup | awk '{print \$3}'"
171+
[ "$status" -eq 0 ]
172+
[ "$output" = "root" ] # /sys/fs/cgroup owned by root (of user namespace)
173+
}
174+
122175
@test "runc run (cgroup v1 + unified resources should fail)" {
123176
requires root cgroups_v1
124177

0 commit comments

Comments
 (0)