| 198 | } |
| 199 | |
| 200 | func initIDMappedChecker(t *testing.T, uidMaps, gidMaps []syscall.SysProcIDMap, expectWritable bool) (_srcDir string, _verifyFunc func(destDir string)) { |
| 201 | testutil.RequiresRoot(t) |
| 202 | |
| 203 | srcDir := t.TempDir() |
| 204 | |
| 205 | require.Equal(t, len(uidMaps), len(gidMaps)) |
| 206 | for idx := range uidMaps { |
| 207 | file := filepath.Join(srcDir, fmt.Sprintf("%v", idx)) |
| 208 | |
| 209 | f, err := os.Create(file) |
| 210 | require.NoError(t, err, fmt.Sprintf("create file %s", file)) |
| 211 | defer f.Close() |
| 212 | |
| 213 | uid, gid := uidMaps[idx].ContainerID, gidMaps[idx].ContainerID |
| 214 | err = f.Chown(uid, gid) |
| 215 | require.NoError(t, err, fmt.Sprintf("chown %v:%v for file %s", uid, gid, file)) |
| 216 | } |
| 217 | |
| 218 | writableDir := filepath.Join(srcDir, "write-test") |
| 219 | require.NoError(t, os.Mkdir(writableDir, os.ModePerm)) |
| 220 | require.NoError(t, os.Chmod(writableDir, os.ModePerm)) |
| 221 | require.NoError(t, os.Chown(writableDir, uidMaps[0].ContainerID, gidMaps[0].ContainerID)) |
| 222 | |
| 223 | return srcDir, func(destDir string) { |
| 224 | for idx := range uidMaps { |
| 225 | file := filepath.Join(destDir, fmt.Sprintf("%v", idx)) |
| 226 | |
| 227 | f, err := os.Open(file) |
| 228 | require.NoError(t, err, fmt.Sprintf("open file %s", file)) |
| 229 | defer f.Close() |
| 230 | |
| 231 | stat, err := f.Stat() |
| 232 | require.NoError(t, err, fmt.Sprintf("stat file %s", file)) |
| 233 | |
| 234 | sysStat := stat.Sys().(*syscall.Stat_t) |
| 235 | |
| 236 | uid, gid := uidMaps[idx].HostID, gidMaps[idx].HostID |
| 237 | require.Equal(t, uint32(uid), sysStat.Uid, fmt.Sprintf("check file %s uid", file)) |
| 238 | require.Equal(t, uint32(gid), sysStat.Gid, fmt.Sprintf("check file %s gid", file)) |
| 239 | t.Logf("IDMapped File %s uid=%v, gid=%v", file, uid, gid) |
| 240 | } |
| 241 | |
| 242 | wf, err := os.Create(filepath.Join(destDir, "write-test", "1")) |
| 243 | if err == nil { |
| 244 | defer wf.Close() |
| 245 | } |
| 246 | if expectWritable { |
| 247 | require.NoError(t, err, "create write-test file") |
| 248 | } else { |
| 249 | require.Error(t, err) |
| 250 | pathErr, isPathErr := err.(*fs.PathError) |
| 251 | require.True(t, isPathErr, "Expecting path error") |
| 252 | require.Equal(t, unix.EROFS, pathErr.Err, "Expecting read-only filesystem error") |
| 253 | } |
| 254 | } |
| 255 | } |