MCPcopy
hub / github.com/containerd/containerd / TestProcessUser

Function TestProcessUser

internal/cri/server/container_create_linux_test.go:1046–1158  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

1044}
1045
1046func TestProcessUser(t *testing.T) {
1047 testID := "test-id"
1048 testSandboxID := "sandbox-id"
1049 testContainerName := "container-name"
1050 testPid := uint32(1234)
1051 ociRuntime := config.Runtime{}
1052 c := newTestCRIService()
1053 testContainer := &containers.Container{ID: "64ddfe361f0099f8d59075398feeb3dcb3863b6851df7b946744755066c03e9d"}
1054 ctx := context.Background()
1055
1056 etcPasswd := `
1057root:x:0:0:root:/root:/bin/sh
1058alice:x:1000:1000:alice:/home/alice:/bin/sh
1059` // #nosec G101
1060 etcGroup := `
1061root:x:0
1062alice:x:1000:
1063additional-group-for-alice:x:11111:alice
1064additional-group-for-root:x:22222:root
1065`
1066 tempRootDir := t.TempDir()
1067 require.NoError(t,
1068 os.MkdirAll(filepath.Join(tempRootDir, "etc"), 0755),
1069 )
1070 require.NoError(t,
1071 os.WriteFile(filepath.Join(tempRootDir, "etc", "passwd"), []byte(etcPasswd), 0644),
1072 )
1073 require.NoError(t,
1074 os.WriteFile(filepath.Join(tempRootDir, "etc", "group"), []byte(etcGroup), 0644),
1075 )
1076
1077 for _, test := range []struct {
1078 desc string
1079 imageConfigUser string
1080 securityContext *runtime.LinuxContainerSecurityContext
1081 expected runtimespec.User
1082 }{
1083 {
1084 desc: "[SupplementalGroupsPolicy=Merge(default)] Only SecurityContext was set, SecurityContext defines User",
1085 securityContext: &runtime.LinuxContainerSecurityContext{
1086 RunAsUser: &runtime.Int64Value{Value: 1000},
1087 RunAsGroup: &runtime.Int64Value{Value: 2000},
1088 SupplementalGroups: []int64{3333},
1089 },
1090 expected: runtimespec.User{UID: 1000, GID: 2000, AdditionalGids: []uint32{2000, 3333, 11111}},
1091 },
1092 {
1093 desc: "[SupplementalGroupsPolicy=Merge(default)] Only imageConfig.User was set, imageConfig.User defines User",
1094 imageConfigUser: "1000",
1095 securityContext: nil,
1096 expected: runtimespec.User{UID: 1000, GID: 1000, AdditionalGids: []uint32{1000, 11111}},
1097 },
1098 {
1099 desc: "[SupplementalGroupsPolicy=Merge(default)] Both SecurityContext and ImageConfig.User were set, SecurityContext defines User",
1100 imageConfigUser: "0",
1101 securityContext: &runtime.LinuxContainerSecurityContext{
1102 RunAsUser: &runtime.Int64Value{Value: 1000},
1103 RunAsGroup: &runtime.Int64Value{Value: 2000},

Callers

nothing calls this directly

Calls 8

ApplyOptsFunction · 0.92
buildContainerSpecMethod · 0.80
platformSpecOptsMethod · 0.80
newTestCRIServiceFunction · 0.70
MkdirAllMethod · 0.65
WriteFileMethod · 0.65
RunMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…