Google Git
Sign in
cos/third_party/runc/refs/heads/release-R129/./tests/integration/exec.bats
blob: a92a237809d52bf43d494eff8ebcf4cdd1f3feda [file] [edit]
#!/usr/bin/env bats
load helpers
function setup() {
setup_busybox
}
function teardown() {
teardown_bundle
}
@test "runc exec" {
# run busybox detached
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
runc exec test_busybox echo Hello from exec
[ "$status" -eq 0 ]
echo text echoed = "'""${output}""'"
[[ "${output}" == *"Hello from exec"* ]]
}
@test "runc exec [exit codes]" {
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
runc exec test_busybox false
[ "$status" -eq 1 ]
runc exec test_busybox sh -c "exit 42"
[ "$status" -eq 42 ]
runc exec --pid-file /non-existent/directory test_busybox true
[ "$status" -eq 255 ]
runc exec test_busybox no-such-binary
[ "$status" -eq 255 ]
runc exec no_such_container true
[ "$status" -eq 255 ]
}
@test "runc exec --pid-file" {
# run busybox detached
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
runc exec --pid-file pid.txt test_busybox echo Hello from exec
[ "$status" -eq 0 ]
echo text echoed = "'""${output}""'"
[[ "${output}" == *"Hello from exec"* ]]
# check pid.txt was generated
[ -e pid.txt ]
output=$(cat pid.txt)
[[ "$output" =~ [0-9]+ ]]
[[ "$output" != $(__runc state test_busybox | jq '.pid') ]]
}
@test "runc exec --pid-file with new CWD" {
bundle="$(pwd)"
# create pid_file directory as the CWD
mkdir pid_file
cd pid_file
# run busybox detached
runc run -d -b "$bundle" --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
runc exec --pid-file pid.txt test_busybox echo Hello from exec
[ "$status" -eq 0 ]
echo text echoed = "'""${output}""'"
[[ "${output}" == *"Hello from exec"* ]]
# check pid.txt was generated
[ -e pid.txt ]
output=$(cat pid.txt)
[[ "$output" =~ [0-9]+ ]]
[[ "$output" != $(__runc state test_busybox | jq '.pid') ]]
}
@test "runc exec ls -la" {
# run busybox detached
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
runc exec test_busybox ls -la
[ "$status" -eq 0 ]
[[ ${lines[0]} == *"total"* ]]
[[ ${lines[1]} == *"."* ]]
[[ ${lines[2]} == *".."* ]]
}
@test "runc exec ls -la with --cwd" {
# run busybox detached
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
runc exec --cwd /bin test_busybox pwd
[ "$status" -eq 0 ]
[[ ${output} == "/bin"* ]]
}
@test "runc exec --env" {
# run busybox detached
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
runc exec --env RUNC_EXEC_TEST=true test_busybox env
[ "$status" -eq 0 ]
[[ ${output} == *"RUNC_EXEC_TEST=true"* ]]
}
@test "runc exec --user" {
# --user can't work in rootless containers that don't have idmap.
[ $EUID -ne 0 ] && requires rootless_idmap
# run busybox detached
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
runc exec --user 1000:1000 test_busybox id
[ "$status" -eq 0 ]
[[ "${output}" == "uid=1000 gid=1000"* ]]
}
# https://github.com/opencontainers/runc/issues/3674.
@test "runc exec --user vs /dev/null ownership" {
requires root
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
ls -l /dev/null
__runc exec -d --user 1000:1000 test_busybox id </dev/null
ls -l /dev/null
UG=$(stat -c %u:%g /dev/null)
# Host's /dev/null must be owned by root.
[ "$UG" = "0:0" ]
}
@test "runc exec --additional-gids" {
requires root
# run busybox detached
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
wait_for_container 15 1 test_busybox
runc exec --user 1000:1000 --additional-gids 100 --additional-gids 65534 test_busybox id -G
[ "$status" -eq 0 ]
[ "$output" = "1000 100 65534" ]
}
@test "runc exec --preserve-fds" {
# run busybox detached
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]
echo hello >preserve-fds.test
# fd 3 is used by bats, so we use 4
exec 4<preserve-fds.test
runc exec --preserve-fds=2 test_busybox cat /proc/self/fd/4
[ "$status" -eq 0 ]
[ "${output}" = "hello" ]
}
function check_exec_debug() {
[[ "$*" == *"nsexec container setup"* ]]
[[ "$*" == *"child process in init()"* ]]
[[ "$*" == *"setns_init: about to exec"* ]]
}
@test "runc --debug exec" {
runc run -d --console-socket "$CONSOLE_SOCKET" test
[ "$status" -eq 0 ]
runc --debug exec test true
[ "$status" -eq 0 ]
[[ "${output}" == *"level=debug"* ]]
check_exec_debug "$output"
}
@test "runc --debug --log exec" {
runc run -d --console-socket "$CONSOLE_SOCKET" test
[ "$status" -eq 0 ]
runc --debug --log log.out exec test true
# check output does not include debug info
[[ "${output}" != *"level=debug"* ]]
cat log.out >&2
# check expected debug output was sent to log.out
output=$(cat log.out)
[[ "${output}" == *"level=debug"* ]]
check_exec_debug "$output"
}
@test "runc exec --cgroup sub-cgroups [v1]" {
requires root cgroups_v1
set_cgroups_path
set_cgroup_mount_writable
__runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
testcontainer test_busybox running
# Check we can't join parent cgroup.
runc exec --cgroup ".." test_busybox cat /proc/self/cgroup
[ "$status" -ne 0 ]
[[ "$output" == *" .. is not a sub cgroup path"* ]]
# Check we can't join non-existing subcgroup.
runc exec --cgroup nonexistent test_busybox cat /proc/self/cgroup
[ "$status" -ne 0 ]
[[ "$output" == *" adding pid "*"/nonexistent/cgroup.procs: no such file "* ]]
# Check we can't join non-existing subcgroup (for a particular controller).
runc exec --cgroup cpu:nonexistent test_busybox cat /proc/self/cgroup
[ "$status" -ne 0 ]
[[ "$output" == *" adding pid "*"/nonexistent/cgroup.procs: no such file "* ]]
# Check we can't specify non-existent controller.
runc exec --cgroup whaaat:/ test_busybox true
[ "$status" -ne 0 ]
[[ "$output" == *"unknown controller "* ]]
# Check we can join top-level cgroup (implicit).
runc exec test_busybox cat /proc/self/cgroup
[ "$status" -eq 0 ]
run ! grep -v ":$REL_CGROUPS_PATH\$" <<<"$output"
# Check we can join top-level cgroup (explicit).
runc exec --cgroup / test_busybox cat /proc/self/cgroup
[ "$status" -eq 0 ]
run ! grep -v ":$REL_CGROUPS_PATH\$" <<<"$output"
# Create a few subcgroups.
# Note that cpu,cpuacct may be mounted together or separate.
runc exec test_busybox sh -euc "mkdir -p /sys/fs/cgroup/memory/submem /sys/fs/cgroup/cpu/subcpu /sys/fs/cgroup/cpuacct/subcpu"
[ "$status" -eq 0 ]
# Check that explicit --cgroup works.
runc exec --cgroup memory:submem --cgroup cpu,cpuacct:subcpu test_busybox cat /proc/self/cgroup
[ "$status" -eq 0 ]
[[ "$output" == *":memory:$REL_CGROUPS_PATH/submem"* ]]
[[ "$output" == *":cpu"*":$REL_CGROUPS_PATH/subcpu"* ]]
}
@test "runc exec --cgroup subcgroup [v2]" {
requires root cgroups_v2
set_cgroups_path
set_cgroup_mount_writable
__runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
testcontainer test_busybox running
# Check we can't join parent cgroup.
runc exec --cgroup ".." test_busybox cat /proc/self/cgroup
[ "$status" -ne 0 ]
[[ "$output" == *" .. is not a sub cgroup path"* ]]
# Check we can't join non-existing subcgroup.
runc exec --cgroup nonexistent test_busybox cat /proc/self/cgroup
[ "$status" -ne 0 ]
[[ "$output" == *" adding pid "*"/nonexistent/cgroup.procs: no such file "* ]]
# Check we can join top-level cgroup (implicit).
runc exec test_busybox grep '^0::/$' /proc/self/cgroup
[ "$status" -eq 0 ]
# Check we can join top-level cgroup (explicit).
runc exec --cgroup / test_busybox grep '^0::/$' /proc/self/cgroup
[ "$status" -eq 0 ]
# Now move "init" to a subcgroup, and check it was moved.
runc exec test_busybox sh -euc "mkdir /sys/fs/cgroup/foobar \
&& echo 1 > /sys/fs/cgroup/foobar/cgroup.procs \
&& grep -w foobar /proc/1/cgroup"
[ "$status" -eq 0 ]
# The following part is taken from
# @test "runc exec (cgroup v2 + init process in non-root cgroup) succeeds"
# The init process is now in "/foo", but an exec process can still
# join "/" because we haven't enabled any domain controller yet.
runc exec test_busybox grep '^0::/$' /proc/self/cgroup
[ "$status" -eq 0 ]
# Turn on a domain controller (memory).
runc exec test_busybox sh -euc 'echo $$ > /sys/fs/cgroup/foobar/cgroup.procs; echo +memory > /sys/fs/cgroup/cgroup.subtree_control'
[ "$status" -eq 0 ]
# An exec process can no longer join "/" after turning on a domain
# controller. Check that cgroup v2 fallback to init cgroup works.
runc exec test_busybox sh -euc "cat /proc/self/cgroup && grep '^0::/foobar$' /proc/self/cgroup"
[ "$status" -eq 0 ]
# Check that --cgroup / disables the init cgroup fallback.
runc exec --cgroup / test_busybox true
[ "$status" -ne 0 ]
[[ "$output" == *" adding pid "*" to cgroups"*"/cgroup.procs: device or resource busy"* ]]
# Check that explicit --cgroup foobar works.
runc exec --cgroup foobar test_busybox grep '^0::/foobar$' /proc/self/cgroup
[ "$status" -eq 0 ]
# Check all processes is in foobar (this check is redundant).
runc exec --cgroup foobar test_busybox sh -euc '! grep -vwH foobar /proc/*/cgroup'
[ "$status" -eq 0 ]
# Add a second subcgroup, check we're in it.
runc exec --cgroup foobar test_busybox mkdir /sys/fs/cgroup/second
[ "$status" -eq 0 ]
runc exec --cgroup second test_busybox grep -w second /proc/self/cgroup
[ "$status" -eq 0 ]
}
@test "runc exec [execve error]" {
cat <<EOF >rootfs/run.sh
#!/mmnnttbb foo bar
sh
EOF
chmod +x rootfs/run.sh
runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
runc exec -t test_busybox /run.sh
[ "$status" -ne 0 ]
# After the sync socket closed, we should not send error to parent
# process, or else we will get a unnecessary error log(#4171).
# Although we never close the sync socket when doing exec,
# but we need to keep this test to ensure this behavior is always right.
[ ${#lines[@]} -eq 1 ]
[[ ${lines[0]} = *"exec /run.sh: no such file or directory"* ]]
}