MCPcopy
hub / github.com/containerd/containerd / TestUserNamespaces

Function TestUserNamespaces

integration/client/container_linux_test.go:1106–1162  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

1104}
1105
1106func TestUserNamespaces(t *testing.T) {
1107 for name, test := range map[string]struct {
1108 testCmd oci.SpecOpts
1109 roRootFS bool
1110 exitCode uint32 // testUserNamespaces validates the exit code of the test container against this value
1111 uidmaps []specs.LinuxIDMapping
1112 gidmaps []specs.LinuxIDMapping
1113 }{
1114 "WritableRootFS": {
1115 testCmd: withExitStatus(7),
1116 roRootFS: false,
1117 exitCode: 7,
1118 uidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 1000, Size: 65535}},
1119 gidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 2000, Size: 65535}},
1120 },
1121 // see #1373 and runc#1572
1122 "ReadonlyRootFS": {
1123 testCmd: withExitStatus(7),
1124 roRootFS: true,
1125 exitCode: 7,
1126 uidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 1000, Size: 65535}},
1127 gidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 2000, Size: 65535}},
1128 },
1129 "CheckSetUidBit": {
1130 testCmd: withProcessArgs("bash", "-c", "[ -u /usr/bin/passwd ] && exit 7"),
1131 roRootFS: false,
1132 exitCode: 7,
1133 uidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 1000, Size: 65535}},
1134 gidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 2000, Size: 65535}},
1135 },
1136 "WritableRootFSMultipleMap": {
1137 testCmd: withExitStatus(7),
1138 roRootFS: false,
1139 exitCode: 7,
1140 uidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 0, Size: 10}, {ContainerID: 10, HostID: 1000, Size: 65535}},
1141 gidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 0, Size: 20}, {ContainerID: 20, HostID: 2000, Size: 65535}},
1142 },
1143 "ReadonlyRootFSMultipleMap": {
1144 testCmd: withExitStatus(7),
1145 roRootFS: true,
1146 exitCode: 7,
1147 uidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 0, Size: 20}, {ContainerID: 20, HostID: 2000, Size: 65535}},
1148 gidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 0, Size: 20}, {ContainerID: 20, HostID: 2000, Size: 65535}},
1149 },
1150 "CheckSetUidBitMultipleMap": {
1151 testCmd: withProcessArgs("bash", "-c", "[ -u /usr/bin/passwd ] && exit 7"),
1152 roRootFS: false,
1153 exitCode: 7,
1154 uidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 0, Size: 20}, {ContainerID: 20, HostID: 2000, Size: 65535}},
1155 gidmaps: []specs.LinuxIDMapping{{ContainerID: 0, HostID: 0, Size: 20}, {ContainerID: 20, HostID: 2000, Size: 65535}},
1156 },
1157 } {
1158 t.Run(name, func(t *testing.T) {
1159 testUserNamespaces(t, test.uidmaps, test.gidmaps, test.testCmd, test.roRootFS, test.exitCode)
1160 })
1161 }
1162}
1163

Callers

nothing calls this directly

Calls 4

testUserNamespacesFunction · 0.85
withExitStatusFunction · 0.70
withProcessArgsFunction · 0.70
RunMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…