(t *testing.T, systemd bool)
| 11 | ) |
| 12 | |
| 13 | func testUpdateDevices(t *testing.T, systemd bool) { |
| 14 | if testing.Short() { |
| 15 | return |
| 16 | } |
| 17 | config := newTemplateConfig(t, &tParam{systemd: systemd}) |
| 18 | container, err := newContainer(t, config) |
| 19 | ok(t, err) |
| 20 | defer destroyContainer(container) |
| 21 | |
| 22 | // Execute a first process in the container |
| 23 | stdinR, stdinW, err := os.Pipe() |
| 24 | ok(t, err) |
| 25 | process := &libcontainer.Process{ |
| 26 | Cwd: "/", |
| 27 | Args: []string{"cat"}, |
| 28 | Env: standardEnvironment, |
| 29 | Stdin: stdinR, |
| 30 | Init: true, |
| 31 | } |
| 32 | err = container.Run(process) |
| 33 | _ = stdinR.Close() |
| 34 | defer func() { |
| 35 | _ = stdinW.Close() |
| 36 | if _, err := process.Wait(); err != nil { |
| 37 | t.Log(err) |
| 38 | } |
| 39 | }() |
| 40 | ok(t, err) |
| 41 | |
| 42 | var buf strings.Builder |
| 43 | devCheck := &libcontainer.Process{ |
| 44 | Cwd: "/", |
| 45 | Args: []string{"/bin/sh", "-c", "echo > /dev/full; cat /dev/null; true"}, |
| 46 | Env: standardEnvironment, |
| 47 | Stderr: &buf, |
| 48 | } |
| 49 | isAllowed := true |
| 50 | expected := map[bool][]string{ |
| 51 | true: { |
| 52 | "write error: No space left on device", // from write to /dev/full |
| 53 | // no error from cat /dev/null |
| 54 | }, |
| 55 | false: { |
| 56 | "/dev/full: Operation not permitted", |
| 57 | `cat: can't open '/dev/null': Operation not permitted`, |
| 58 | }, |
| 59 | } |
| 60 | defaultDevices := config.Cgroups.Resources.Devices |
| 61 | |
| 62 | for i := range 300 { |
| 63 | // Check the access |
| 64 | buf.Reset() |
| 65 | err = container.Run(devCheck) |
| 66 | ok(t, err) |
| 67 | waitProcess(devCheck, t) |
| 68 | |
| 69 | for _, exp := range expected[isAllowed] { |
| 70 | if !strings.Contains(buf.String(), exp) { |
no test coverage detected
searching dependent graphs…