From 8e3272e7e234b9c6c37eb226804ad54ac67b4ca3 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 30 Mar 2017 09:30:05 -0700 Subject: [PATCH 1/2] Revert "Add runtime-validate command" This reverts commit da62d5b0fd0e8b264e2144bc9077cac7ae1af38c. The installable approach to runtime validation has been obsoleted by the 'go test ...' approach from 24ca87f (Add tests for runtime validation, 2017-03-06, #336). This commit drops the installable tests so we don't have to maintain both. Signed-off-by: W. Trevor King --- cmd/oci-runtime-tool/main.go | 1 - cmd/oci-runtime-tool/runtime_validate.go | 84 ------------------------ 2 files changed, 85 deletions(-) delete mode 100644 cmd/oci-runtime-tool/runtime_validate.go diff --git a/cmd/oci-runtime-tool/main.go b/cmd/oci-runtime-tool/main.go index b07a8f543..600d540da 100644 --- a/cmd/oci-runtime-tool/main.go +++ b/cmd/oci-runtime-tool/main.go @@ -27,7 +27,6 @@ func main() { app.Commands = []cli.Command{ generateCommand, bundleValidateCommand, - runtimeValidateCommand, } if err := app.Run(os.Args); err != nil { diff --git a/cmd/oci-runtime-tool/runtime_validate.go b/cmd/oci-runtime-tool/runtime_validate.go deleted file mode 100644 index 2bed19ba1..000000000 --- a/cmd/oci-runtime-tool/runtime_validate.go +++ /dev/null @@ -1,84 +0,0 @@ -package main - -import ( - "fmt" - "io/ioutil" - "os" - "os/exec" - "path/filepath" - - "github.com/mrunalp/fileutils" - "github.com/opencontainers/runtime-tools/generate" - "github.com/satori/go.uuid" - "github.com/urfave/cli" -) - -var runtimeValidateFlags = []cli.Flag{ - cli.StringFlag{Name: "runtime", Value: "runc", Usage: "OCI runtime"}, -} - -var runtimeValidateCommand = cli.Command{ - Name: "runtime-validate", - Usage: "validate an OCI runtime", - Flags: runtimeValidateFlags, - Before: before, - Action: func(context *cli.Context) error { - return runtimeValidate(context.String("runtime")) - }, -} - -func runtimeValidate(runtime string) error { - // Find the runtime binary in the PATH - runtimePath, err := exec.LookPath(runtime) - if err != nil { - return err - } - - // Setup a temporary test directory - tmpDir, err := ioutil.TempDir("", "ocitest") - if err != nil { - return err - } - defer os.RemoveAll(tmpDir) - - // Create bundle directory for the test container - bundleDir := tmpDir + "/busybox" - if err := os.MkdirAll(bundleDir, 0755); err != nil { - return err - } - - // TODO: Use go package for untar and allow using other root filesystems - // Untar the root fs - untarCmd := exec.Command("tar", "-xf", "rootfs.tar.gz", "-C", bundleDir) - output, err := untarCmd.CombinedOutput() - if err != nil { - fmt.Println(string(output)) - return err - } - - // Copy the runtimetest binary to the rootfs - err = fileutils.CopyFile("runtimetest", filepath.Join(bundleDir, "runtimetest")) - - // Generate test configuration - g := generate.New() - g.SetRootPath(".") - g.SetProcessArgs([]string{"/runtimetest"}) - err = g.SaveToFile(filepath.Join(bundleDir, "config.json"), generate.ExportOptions{}) - if err != nil { - return err - } - - // TODO: Use a library to split run into create/start - // Launch the OCI runtime - containerID := uuid.NewV4() - runtimeCmd := exec.Command(runtimePath, "run", containerID.String()) - runtimeCmd.Dir = bundleDir - runtimeCmd.Stdin = os.Stdin - runtimeCmd.Stdout = os.Stdout - runtimeCmd.Stderr = os.Stderr - if err = runtimeCmd.Run(); err != nil { - return err - } - - return nil -} From 2e9c755d5e1a0df68790c6d3ade5bbc7176137b5 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 30 Mar 2017 09:42:00 -0700 Subject: [PATCH 2/2] README: Update to use 'make localvalidation' Now that that is the only remaining runtime-validation approach. I ran the tests with runC 1.0.0-rc2, because using 1.0.0-rc3 raised: $ sudo make RUNTIME=~wking/bin/runc-1.0.0-rc3 localvalidation RUNTIME=/home/wking/bin/runc-1.0.0-rc3 go test -tags "" -v github.com/opencontainers/runtime-tools/validation === RUN TestValidateBasic json: cannot unmarshal array into Go value of type specs.LinuxCapabilities --- FAIL: TestValidateBasic (0.03s) validation_test.go:87: /home/wking/bin/runc-1.0.0-rc3 failed validation: exit status 1 === RUN TestValidateSysctls json: cannot unmarshal array into Go value of type specs.LinuxCapabilities --- FAIL: TestValidateSysctls (0.03s) validation_test.go:96: /home/wking/bin/runc-1.0.0-rc3 failed validation: exit status 1 FAIL exit status 1 FAIL github.com/opencontainers/runtime-tools/validation 0.055s make: *** [Makefile:40: localvalidation] Error 1 because runtime-tools hasn't adjusted to the new seccomp config yet. Signed-off-by: W. Trevor King --- README.md | 51 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 36 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 8eec3330c..2b24c19b1 100644 --- a/README.md +++ b/README.md @@ -30,27 +30,48 @@ INFO[0000] Bundle validation succeeded. ## Testing OCI runtimes ```sh -$ make -$ sudo make install -$ sudo oci-runtime-tool runtime-validate --runtime runc +$ sudo make RUNTIME=runc localvalidation +RUNTIME=runc go test -tags "" -v github.com/opencontainers/runtime-tools/validation +=== RUN TestValidateBasic TAP version 13 ok 1 - root filesystem ok 2 - hostname ok 3 - mounts ok 4 - capabilities ok 5 - default symlinks -ok 6 - default file system -ok 7 - default devices -ok 8 - linux devices -ok 9 - linux process -ok 10 - masked paths -ok 11 - oom score adj -ok 12 - read only paths -ok 13 - rlimits -ok 14 - sysctls -ok 15 - uid mappings -ok 16 - gid mappings -1..16 +ok 6 - default devices +ok 7 - linux devices +ok 8 - linux process +ok 9 - masked paths +ok 10 - oom score adj +ok 11 - read only paths +ok 12 - rlimits +ok 13 - sysctls +ok 14 - uid mappings +ok 15 - gid mappings +1..15 +--- PASS: TestValidateBasic (0.08s) +=== RUN TestValidateSysctls +TAP version 13 +ok 1 - root filesystem +ok 2 - hostname +ok 3 - mounts +ok 4 - capabilities +ok 5 - default symlinks +ok 6 - default devices +ok 7 - linux devices +ok 8 - linux process +ok 9 - masked paths +ok 10 - oom score adj +ok 11 - read only paths +ok 12 - rlimits +ok 13 - sysctls +ok 14 - uid mappings +ok 15 - gid mappings +1..15 +--- PASS: TestValidateSysctls (0.20s) +PASS +ok github.com/opencontainers/runtime-tools/validation 0.281s ``` [bundle]: https://github.com/opencontainers/runtime-spec/blob/master/bundle.md