...

Text file src/github.com/opencontainers/runc/tests/integration/start_hello.bats

Documentation: github.com/opencontainers/runc/tests/integration

     1#!/usr/bin/env bats
     2
     3load helpers
     4
     5function setup() {
     6	setup_busybox
     7	update_config '.process.args = ["/bin/echo", "Hello World"]'
     8}
     9
    10function teardown() {
    11	teardown_bundle
    12}
    13
    14@test "runc run" {
    15	# run hello-world
    16	runc run test_hello
    17	[ "$status" -eq 0 ]
    18
    19	# check expected output
    20	[[ "${output}" == *"Hello"* ]]
    21}
    22
    23@test "runc run ({u,g}id != 0)" {
    24	# cannot start containers as another user in rootless setup without idmap
    25	[[ "$ROOTLESS" -ne 0 ]] && requires rootless_idmap
    26
    27	# replace "uid": 0 with "uid": 1000
    28	# and do a similar thing for gid.
    29	update_config ' (.. | select(.uid? == 0)) .uid |= 1000
    30		| (.. | select(.gid? == 0)) .gid |= 100'
    31
    32	# run hello-world
    33	runc run test_hello
    34	[ "$status" -eq 0 ]
    35
    36	# check expected output
    37	[[ "${output}" == *"Hello"* ]]
    38}
    39
    40# https://github.com/opencontainers/runc/issues/3715.
    41#
    42# Fails when using Go 1.20 < 1.20.2, the reasons is https://go.dev/issue/58552.
    43@test "runc run as user with no exec bit but CAP_DAC_OVERRIDE set" {
    44	requires root # Can't chown/chmod otherwise.
    45
    46	# Remove exec perm for everyone but owner (root).
    47	chown 0 rootfs/bin/echo
    48	chmod go-x rootfs/bin/echo
    49
    50	# Replace "uid": 0 with "uid": 1000 and do a similar thing for gid.
    51	update_config '	  (.. | select(.uid? == 0)) .uid |= 1000
    52			| (.. | select(.gid? == 0)) .gid |= 100'
    53
    54	# Sanity check: make sure we can't run the container w/o CAP_DAC_OVERRIDE.
    55	runc run test_busybox
    56	[ "$status" -ne 0 ]
    57
    58	# Enable CAP_DAC_OVERRIDE.
    59	update_config '	  .process.capabilities.bounding += ["CAP_DAC_OVERRIDE"]
    60			| .process.capabilities.effective += ["CAP_DAC_OVERRIDE"]
    61			| .process.capabilities.permitted += ["CAP_DAC_OVERRIDE"]'
    62
    63	runc run test_busybox
    64	[ "$status" -eq 0 ]
    65}
    66
    67@test "runc run with rootfs set to ." {
    68	cp config.json rootfs/.
    69	rm config.json
    70	cd rootfs
    71	update_config '(.. | select(. == "rootfs")) |= "."'
    72
    73	# run hello-world
    74	runc run test_hello
    75	[ "$status" -eq 0 ]
    76	[[ "${output}" == *"Hello"* ]]
    77}
    78
    79@test "runc run --pid-file" {
    80	# run hello-world
    81	runc run --pid-file pid.txt test_hello
    82	[ "$status" -eq 0 ]
    83	[[ "${output}" == *"Hello"* ]]
    84
    85	# check pid.txt was generated
    86	[ -e pid.txt ]
    87
    88	[[ "$(cat pid.txt)" =~ [0-9]+ ]]
    89}
    90
    91# https://github.com/opencontainers/runc/pull/2897
    92@test "runc run [rootless with host pidns]" {
    93	requires rootless_no_features
    94
    95	# Remove pid namespace, and replace /proc mount
    96	# with a bind mount from the host.
    97	update_config '	  .linux.namespaces -= [{"type": "pid"}]
    98			| .mounts |= map((select(.type == "proc")
    99				| .type = "none"
   100				| .source = "/proc"
   101				| .options = ["rbind", "nosuid", "nodev", "noexec"]
   102			  ) // .)'
   103
   104	runc run test_hello
   105	[ "$status" -eq 0 ]
   106}
   107
   108@test "runc run [redundant seccomp rules]" {
   109	update_config '	  .linux.seccomp = {
   110				"defaultAction": "SCMP_ACT_ALLOW",
   111				"syscalls": [{
   112					"names": ["bdflush"],
   113					"action": "SCMP_ACT_ALLOW",
   114				}]
   115			    }'
   116	runc run test_hello
   117	[ "$status" -eq 0 ]
   118}

View as plain text