Text file src/github.com/opencontainers/runc/tests/integration/mounts_recursive.bats

Documentation: github.com/opencontainers/runc/tests/integration

     1#!/usr/bin/env bats
     2
     3load helpers
     4
     5TESTVOLUME="${BATS_RUN_TMPDIR}/mounts_recursive"
     6
     7function setup_volume() {
     8	# requires root (in the current user namespace) to mount tmpfs outside runc
     9	requires root
    10
    11	mkdir -p "${TESTVOLUME}"
    12	mount -t tmpfs none "${TESTVOLUME}"
    13	echo "foo" >"${TESTVOLUME}/foo"
    14
    15	mkdir "${TESTVOLUME}/subvol"
    16	mount -t tmpfs none "${TESTVOLUME}/subvol"
    17	echo "bar" >"${TESTVOLUME}/subvol/bar"
    18}
    19
    20function teardown_volume() {
    21	umount -R "${TESTVOLUME}"
    22}
    23
    24function setup() {
    25	setup_volume
    26	setup_busybox
    27}
    28
    29function teardown() {
    30	teardown_volume
    31	teardown_bundle
    32}
    33
    34@test "runc run [rbind,ro mount is read-only but not recursively]" {
    35	update_config ".mounts += [{source: \"${TESTVOLUME}\" , destination: \"/mnt\", options: [\"rbind\",\"ro\"]}]"
    36
    37	runc run -d --console-socket "$CONSOLE_SOCKET" test_rbind_ro
    38	[ "$status" -eq 0 ]
    39
    40	runc exec test_rbind_ro touch /mnt/foo
    41	[ "$status" -eq 1 ]
    42	[[ "${output}" == *"Read-only file system"* ]]
    43
    44	runc exec test_rbind_ro touch /mnt/subvol/bar
    45	[ "$status" -eq 0 ]
    46}
    47
    48@test "runc run [rbind,rro mount is recursively read-only]" {
    49	requires_kernel 5.12
    50	update_config ".mounts += [{source: \"${TESTVOLUME}\" , destination: \"/mnt\", options: [\"rbind\",\"rro\"]}]"
    51
    52	runc run -d --console-socket "$CONSOLE_SOCKET" test_rbind_rro
    53	[ "$status" -eq 0 ]
    54
    55	runc exec test_rbind_rro touch /mnt/foo
    56	[ "$status" -eq 1 ]
    57	[[ "${output}" == *"Read-only file system"* ]]
    58
    59	runc exec test_rbind_rro touch /mnt/subvol/bar
    60	[ "$status" -eq 1 ]
    61	[[ "${output}" == *"Read-only file system"* ]]
    62}
    63
    64@test "runc run [rbind,ro,rro mount is recursively read-only too]" {
    65	requires_kernel 5.12
    66	update_config ".mounts += [{source: \"${TESTVOLUME}\" , destination: \"/mnt\", options: [\"rbind\",\"ro\",\"rro\"]}]"
    67
    68	runc run -d --console-socket "$CONSOLE_SOCKET" test_rbind_ro_rro
    69	[ "$status" -eq 0 ]
    70
    71	runc exec test_rbind_ro_rro touch /mnt/foo
    72	[ "$status" -eq 1 ]
    73	[[ "${output}" == *"Read-only file system"* ]]
    74
    75	runc exec test_rbind_ro_rro touch /mnt/subvol/bar
    76	[ "$status" -eq 1 ]
    77	[[ "${output}" == *"Read-only file system"* ]]
    78}

View as plain text