(t *testing.T)
| 36 | ) |
| 37 | |
| 38 | func TestNewBundle(t *testing.T) { |
| 39 | testutil.RequiresRoot(t) |
| 40 | tests := []struct { |
| 41 | userns bool |
| 42 | }{{ |
| 43 | userns: false, |
| 44 | }, { |
| 45 | userns: true, |
| 46 | }} |
| 47 | const usernsGID = 4200 |
| 48 | |
| 49 | for i, tc := range tests { |
| 50 | t.Run(strconv.Itoa(i), func(t *testing.T) { |
| 51 | dir := t.TempDir() |
| 52 | work := filepath.Join(dir, "work") |
| 53 | state := filepath.Join(dir, "state") |
| 54 | id := fmt.Sprintf("new-bundle-%d", i) |
| 55 | spec := oci.Spec{} |
| 56 | if tc.userns { |
| 57 | spec.Linux = &specs.Linux{ |
| 58 | GIDMappings: []specs.LinuxIDMapping{{ContainerID: 0, HostID: usernsGID}}, |
| 59 | } |
| 60 | } |
| 61 | specAny, err := typeurl.MarshalAny(&spec) |
| 62 | require.NoError(t, err, "failed to marshal spec") |
| 63 | |
| 64 | ctx := namespaces.WithNamespace(context.TODO(), namespaces.Default) |
| 65 | b, err := NewBundle(ctx, work, state, id, specAny) |
| 66 | require.NoError(t, err, "NewBundle should succeed") |
| 67 | require.NotNil(t, b, "bundle should not be nil") |
| 68 | |
| 69 | fi, err := os.Stat(b.Path) |
| 70 | assert.NoError(t, err, "should be able to stat bundle path") |
| 71 | if tc.userns { |
| 72 | assert.Equal(t, os.ModeDir|0710, fi.Mode(), "bundle path should be a directory with perm 0710") |
| 73 | } else { |
| 74 | assert.Equal(t, os.ModeDir|0700, fi.Mode(), "bundle path should be a directory with perm 0700") |
| 75 | } |
| 76 | stat, ok := fi.Sys().(*syscall.Stat_t) |
| 77 | require.True(t, ok, "should assert to *syscall.Stat_t") |
| 78 | expectedGID := uint32(0) |
| 79 | if tc.userns { |
| 80 | expectedGID = usernsGID |
| 81 | } |
| 82 | assert.Equal(t, expectedGID, stat.Gid, "gid should match") |
| 83 | |
| 84 | }) |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | func TestRemappedGID(t *testing.T) { |
| 89 | tests := []struct { |
nothing calls this directly
no test coverage detected
searching dependent graphs…