zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-10-07 08:21:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

libct/int: make newTemplateConfig argument a struct

Browse Source 
...so we can add more fields later.

This commit is mostly courtesy of

sed -i 's/newTemplateConfig(rootfs)/newTemplateConfig(\&tParam{rootfs: rootfs})/g'

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
2020-09-28 16:55:21 -07:00
parent 0a9af3949f
commit 73d93eeb01
5 changed files with 60 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libcontainer/integration/checkpoint_test.go
View File

@@ -76,7 +76,7 @@ func testCheckpoint(t *testing.T, userns bool) {
} }
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
if userns { if userns {
config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}

72
libcontainer/integration/exec_test.go
View File

@@ -40,7 +40,7 @@ func testExecPS(t *testing.T, userns bool) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
if userns { if userns {
config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
@@ -77,7 +77,7 @@ func TestIPCPrivate(t *testing.T) {
l, err := os.Readlink("/proc/1/ns/ipc") l, err := os.Readlink("/proc/1/ns/ipc")
ok(t, err) ok(t, err)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc") buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc")
ok(t, err) ok(t, err)
@@ -102,7 +102,7 @@ func TestIPCHost(t *testing.T) {
l, err := os.Readlink("/proc/1/ns/ipc") l, err := os.Readlink("/proc/1/ns/ipc")
ok(t, err) ok(t, err)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Namespaces.Remove(configs.NEWIPC) config.Namespaces.Remove(configs.NEWIPC)
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc") buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc")
ok(t, err) ok(t, err)
@@ -128,7 +128,7 @@ func TestIPCJoinPath(t *testing.T) {
l, err := os.Readlink("/proc/1/ns/ipc") l, err := os.Readlink("/proc/1/ns/ipc")
ok(t, err) ok(t, err)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipc") config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipc")
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc") buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/ipc")
@@ -152,7 +152,7 @@ func TestIPCBadPath(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipcc") config.Namespaces.Add(configs.NEWIPC, "/proc/1/ns/ipcc")
_, _, err = runContainer(config, "", "true") _, _, err = runContainer(config, "", "true")
@@ -182,7 +182,7 @@ func testRlimit(t *testing.T, userns bool) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
if userns { if userns {
config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
@@ -212,7 +212,7 @@ func TestEnter(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainerWithName("test", config) container, err := newContainerWithName("test", config)
ok(t, err) ok(t, err)
@@ -299,7 +299,7 @@ func TestProcessEnv(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainerWithName("test", config) container, err := newContainerWithName("test", config)
ok(t, err) ok(t, err)
@@ -347,7 +347,7 @@ func TestProcessEmptyCaps(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Capabilities = nil config.Capabilities = nil
container, err := newContainerWithName("test", config) container, err := newContainerWithName("test", config)
@@ -396,7 +396,7 @@ func TestProcessCaps(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainerWithName("test", config) container, err := newContainerWithName("test", config)
ok(t, err) ok(t, err)
@@ -464,7 +464,7 @@ func TestAdditionalGroups(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainerWithName("test", config) container, err := newContainerWithName("test", config)
ok(t, err) ok(t, err)
@@ -518,7 +518,7 @@ func testFreeze(t *testing.T, systemd bool) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainerWithName("test", config) container, err := newContainerWithName("test", config)
ok(t, err) ok(t, err)
defer container.Destroy() defer container.Destroy()
@@ -575,7 +575,7 @@ func testCpuShares(t *testing.T, systemd bool) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
if systemd { if systemd {
config.Cgroups.Parent = "system.slice" config.Cgroups.Parent = "system.slice"
} }
@@ -607,7 +607,7 @@ func testPids(t *testing.T, systemd bool) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
if systemd { if systemd {
config.Cgroups.Parent = "system.slice" config.Cgroups.Parent = "system.slice"
} }
@@ -693,7 +693,7 @@ func testRunWithKernelMemory(t *testing.T, systemd bool) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
if systemd { if systemd {
config.Cgroups.Parent = "system.slice" config.Cgroups.Parent = "system.slice"
} }
@@ -727,7 +727,7 @@ func testCgroupResourcesUnifiedErrorOnV1(t *testing.T, systemd bool) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
if systemd { if systemd {
config.Cgroups.Parent = "system.slice" config.Cgroups.Parent = "system.slice"
} }
@@ -762,7 +762,7 @@ func testCgroupResourcesUnified(t *testing.T, systemd bool) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Cgroups.Resources.Memory = 536870912 // 512M config.Cgroups.Resources.Memory = 536870912 // 512M
config.Cgroups.Resources.MemorySwap = 536870912 // 512M, i.e. no swap config.Cgroups.Resources.MemorySwap = 536870912 // 512M, i.e. no swap
config.Namespaces.Add(configs.NEWCGROUP, "") config.Namespaces.Add(configs.NEWCGROUP, "")
@@ -870,7 +870,7 @@ func TestContainerState(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Namespaces = configs.Namespaces([]configs.Namespace{ config.Namespaces = configs.Namespaces([]configs.Namespace{
{Type: configs.NEWNS}, {Type: configs.NEWNS},
{Type: configs.NEWUTS}, {Type: configs.NEWUTS},
@@ -931,7 +931,7 @@ func TestPassExtraFiles(t *testing.T) {
} }
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainerWithName("test", config) container, err := newContainerWithName("test", config)
if err != nil { if err != nil {
@@ -1006,7 +1006,7 @@ func TestMountCmds(t *testing.T) {
} }
defer os.RemoveAll(tmpDir) defer os.RemoveAll(tmpDir)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Mounts = append(config.Mounts, &configs.Mount{ config.Mounts = append(config.Mounts, &configs.Mount{
Source: tmpDir, Source: tmpDir,
Destination: "/tmp", Destination: "/tmp",
@@ -1063,7 +1063,7 @@ func TestSysctl(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Sysctl = map[string]string{ config.Sysctl = map[string]string{
"kernel.shmmni": "8192", "kernel.shmmni": "8192",
} }
@@ -1100,7 +1100,7 @@ func TestMountCgroupRO(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Mounts = append(config.Mounts, &configs.Mount{ config.Mounts = append(config.Mounts, &configs.Mount{
Destination: "/sys/fs/cgroup", Destination: "/sys/fs/cgroup",
@@ -1149,7 +1149,7 @@ func TestMountCgroupRW(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Mounts = append(config.Mounts, &configs.Mount{ config.Mounts = append(config.Mounts, &configs.Mount{
Destination: "/sys/fs/cgroup", Destination: "/sys/fs/cgroup",
@@ -1200,7 +1200,7 @@ func TestOomScoreAdj(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.OomScoreAdj = ptrInt(200) config.OomScoreAdj = ptrInt(200)
container, err := newContainerWithName("test", config) container, err := newContainerWithName("test", config)
@@ -1242,7 +1242,7 @@ func TestHook(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
expectedBundle := bundle expectedBundle := bundle
config.Labels = append(config.Labels, "bundle="+expectedBundle) config.Labels = append(config.Labels, "bundle="+expectedBundle)
@@ -1388,7 +1388,7 @@ func TestSTDIOPermissions(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
buffers, exitCode, err := runContainer(config, "", "sh", "-c", "echo hi > /dev/stderr") buffers, exitCode, err := runContainer(config, "", "sh", "-c", "echo hi > /dev/stderr")
ok(t, err) ok(t, err)
if exitCode != 0 { if exitCode != 0 {
@@ -1421,7 +1421,7 @@ func TestRootfsPropagationSlaveMount(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.RootPropagation = unix.MS_SLAVE | unix.MS_REC config.RootPropagation = unix.MS_SLAVE | unix.MS_REC
@@ -1537,7 +1537,7 @@ func TestRootfsPropagationSharedMount(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.RootPropagation = unix.MS_PRIVATE config.RootPropagation = unix.MS_PRIVATE
// Bind mount a volume // Bind mount a volume
@@ -1646,7 +1646,7 @@ func TestPIDHost(t *testing.T) {
l, err := os.Readlink("/proc/1/ns/pid") l, err := os.Readlink("/proc/1/ns/pid")
ok(t, err) ok(t, err)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Namespaces.Remove(configs.NEWPID) config.Namespaces.Remove(configs.NEWPID)
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/pid") buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/pid")
ok(t, err) ok(t, err)
@@ -1669,7 +1669,7 @@ func TestInitJoinPID(t *testing.T) {
defer remove(rootfs) defer remove(rootfs)
// Execute a long-running container // Execute a long-running container
container1, err := newContainer(newTemplateConfig(rootfs)) container1, err := newContainer(newTemplateConfig(&tParam{rootfs: rootfs}))
ok(t, err) ok(t, err)
defer container1.Destroy() defer container1.Destroy()
@@ -1693,7 +1693,7 @@ func TestInitJoinPID(t *testing.T) {
pidns1 := state1.NamespacePaths[configs.NEWPID] pidns1 := state1.NamespacePaths[configs.NEWPID]
// Run a container inside the existing pidns but with different cgroups // Run a container inside the existing pidns but with different cgroups
config2 := newTemplateConfig(rootfs) config2 := newTemplateConfig(&tParam{rootfs: rootfs})
config2.Namespaces.Add(configs.NEWPID, pidns1) config2.Namespaces.Add(configs.NEWPID, pidns1)
config2.Cgroups.Path = "integration/test2" config2.Cgroups.Path = "integration/test2"
container2, err := newContainerWithName("testCT2", config2) container2, err := newContainerWithName("testCT2", config2)
@@ -1772,7 +1772,7 @@ func TestInitJoinNetworkAndUser(t *testing.T) {
defer remove(rootfs) defer remove(rootfs)
// Execute a long-running container // Execute a long-running container
config1 := newTemplateConfig(rootfs) config1 := newTemplateConfig(&tParam{rootfs: rootfs})
config1.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config1.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config1.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config1.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config1.Namespaces = append(config1.Namespaces, configs.Namespace{Type: configs.NEWUSER}) config1.Namespaces = append(config1.Namespaces, configs.Namespace{Type: configs.NEWUSER})
@@ -1805,7 +1805,7 @@ func TestInitJoinNetworkAndUser(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs2) defer remove(rootfs2)
config2 := newTemplateConfig(rootfs2) config2 := newTemplateConfig(&tParam{rootfs: rootfs2})
config2.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config2.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config2.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config2.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config2.Namespaces.Add(configs.NEWNET, netns1) config2.Namespaces.Add(configs.NEWNET, netns1)
@@ -1865,7 +1865,7 @@ func TestTmpfsCopyUp(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Mounts = append(config.Mounts, &configs.Mount{ config.Mounts = append(config.Mounts, &configs.Mount{
Source: "tmpfs", Source: "tmpfs",
@@ -1915,7 +1915,7 @@ func TestCGROUPPrivate(t *testing.T) {
l, err := os.Readlink("/proc/1/ns/cgroup") l, err := os.Readlink("/proc/1/ns/cgroup")
ok(t, err) ok(t, err)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Namespaces.Add(configs.NEWCGROUP, "") config.Namespaces.Add(configs.NEWCGROUP, "")
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/cgroup") buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/cgroup")
ok(t, err) ok(t, err)
@@ -1944,7 +1944,7 @@ func TestCGROUPHost(t *testing.T) {
l, err := os.Readlink("/proc/1/ns/cgroup") l, err := os.Readlink("/proc/1/ns/cgroup")
ok(t, err) ok(t, err)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/cgroup") buffers, exitCode, err := runContainer(config, "", "readlink", "/proc/self/ns/cgroup")
ok(t, err) ok(t, err)

18
libcontainer/integration/execin_test.go
View File

@@ -25,7 +25,7 @@ func TestExecIn(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainer(config) container, err := newContainer(config)
ok(t, err) ok(t, err)
defer container.Destroy() defer container.Destroy()
@@ -91,7 +91,7 @@ func testExecInRlimit(t *testing.T, userns bool) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
if userns { if userns {
config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
@@ -152,7 +152,7 @@ func TestExecInAdditionalGroups(t *testing.T) {
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainer(config) container, err := newContainer(config)
ok(t, err) ok(t, err)
defer container.Destroy() defer container.Destroy()
@@ -209,7 +209,7 @@ func TestExecInError(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainer(config) container, err := newContainer(config)
ok(t, err) ok(t, err)
defer container.Destroy() defer container.Destroy()
@@ -262,7 +262,7 @@ func TestExecInTTY(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainer(config) container, err := newContainer(config)
ok(t, err) ok(t, err)
defer container.Destroy() defer container.Destroy()
@@ -359,7 +359,7 @@ func TestExecInEnvironment(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainer(config) container, err := newContainer(config)
ok(t, err) ok(t, err)
defer container.Destroy() defer container.Destroy()
@@ -421,7 +421,7 @@ func TestExecinPassExtraFiles(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
container, err := newContainer(config) container, err := newContainer(config)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
@@ -505,7 +505,7 @@ func TestExecInOomScoreAdj(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.OomScoreAdj = ptrInt(200) config.OomScoreAdj = ptrInt(200)
container, err := newContainer(config) container, err := newContainer(config)
ok(t, err) ok(t, err)
@@ -557,7 +557,7 @@ func TestExecInUserns(t *testing.T) {
rootfs, err := newRootfs() rootfs, err := newRootfs()
ok(t, err) ok(t, err)
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config.Namespaces = append(config.Namespaces, configs.Namespace{Type: configs.NEWUSER}) config.Namespaces = append(config.Namespaces, configs.Namespace{Type: configs.NEWUSER})

16
libcontainer/integration/seccomp_test.go
View File

@@ -25,7 +25,7 @@ func TestSeccompDenyGetcwdWithErrno(t *testing.T) {
errnoRet := uint(syscall.ESRCH) errnoRet := uint(syscall.ESRCH)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Seccomp = &configs.Seccomp{ config.Seccomp = &configs.Seccomp{
DefaultAction: configs.Allow, DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{ Syscalls: []*configs.Syscall{
@@ -95,7 +95,7 @@ func TestSeccompDenyGetcwd(t *testing.T) {
} }
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Seccomp = &configs.Seccomp{ config.Seccomp = &configs.Seccomp{
DefaultAction: configs.Allow, DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{ Syscalls: []*configs.Syscall{
@@ -164,7 +164,7 @@ func TestSeccompPermitWriteConditional(t *testing.T) {
} }
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Seccomp = &configs.Seccomp{ config.Seccomp = &configs.Seccomp{
DefaultAction: configs.Allow, DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{ Syscalls: []*configs.Syscall{
@@ -226,7 +226,7 @@ func TestSeccompDenyWriteConditional(t *testing.T) {
} }
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Seccomp = &configs.Seccomp{ config.Seccomp = &configs.Seccomp{
DefaultAction: configs.Allow, DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{ Syscalls: []*configs.Syscall{
@@ -304,7 +304,7 @@ func TestSeccompPermitWriteMultipleConditions(t *testing.T) {
} }
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Seccomp = &configs.Seccomp{ config.Seccomp = &configs.Seccomp{
DefaultAction: configs.Allow, DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{ Syscalls: []*configs.Syscall{
@@ -359,7 +359,7 @@ func TestSeccompDenyWriteMultipleConditions(t *testing.T) {
} }
defer remove(rootfs) defer remove(rootfs)
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Seccomp = &configs.Seccomp{ config.Seccomp = &configs.Seccomp{
DefaultAction: configs.Allow, DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{ Syscalls: []*configs.Syscall{
@@ -409,7 +409,7 @@ func TestSeccompMultipleConditionSameArgDeniesStdout(t *testing.T) {
defer remove(rootfs) defer remove(rootfs)
// Prevent writing to both stdout and stderr // Prevent writing to both stdout and stderr
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Seccomp = &configs.Seccomp{ config.Seccomp = &configs.Seccomp{
DefaultAction: configs.Allow, DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{ Syscalls: []*configs.Syscall{
@@ -457,7 +457,7 @@ func TestSeccompMultipleConditionSameArgDeniesStderr(t *testing.T) {
defer remove(rootfs) defer remove(rootfs)
// Prevent writing to both stdout and stderr // Prevent writing to both stdout and stderr
config := newTemplateConfig(rootfs) config := newTemplateConfig(&tParam{rootfs: rootfs})
config.Seccomp = &configs.Seccomp{ config.Seccomp = &configs.Seccomp{
DefaultAction: configs.Allow, DefaultAction: configs.Allow,
Syscalls: []*configs.Syscall{ Syscalls: []*configs.Syscall{

8
libcontainer/integration/template_test.go
View File

@@ -16,17 +16,21 @@ var standardEnvironment = []string{
const defaultMountFlags = unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV const defaultMountFlags = unix.MS_NOEXEC | unix.MS_NOSUID | unix.MS_NODEV
type tParam struct {
rootfs string
}
// newTemplateConfig returns a base template for running a container // newTemplateConfig returns a base template for running a container
// //
// it uses a network strategy of just setting a loopback interface // it uses a network strategy of just setting a loopback interface
// and the default setup for devices // and the default setup for devices
func newTemplateConfig(rootfs string) *configs.Config { func newTemplateConfig(p *tParam) *configs.Config {
var allowedDevices []*configs.DeviceRule var allowedDevices []*configs.DeviceRule
for _, device := range specconv.AllowedDevices { for _, device := range specconv.AllowedDevices {
allowedDevices = append(allowedDevices, &device.DeviceRule) allowedDevices = append(allowedDevices, &device.DeviceRule)
} }
return &configs.Config{ return &configs.Config{
Rootfs: rootfs, Rootfs: p.rootfs,
Capabilities: &configs.Capabilities{ Capabilities: &configs.Capabilities{
Bounding: []string{ Bounding: []string{
"CAP_CHOWN", "CAP_CHOWN",