|
@@ -5,20 +5,20 @@ import (
|
|
"os"
|
|
"os"
|
|
"path"
|
|
"path"
|
|
"path/filepath"
|
|
"path/filepath"
|
|
|
|
+ "syscall"
|
|
"testing"
|
|
"testing"
|
|
|
|
+
|
|
|
|
+ "github.com/stretchr/testify/require"
|
|
)
|
|
)
|
|
|
|
|
|
func TestReadProcBool(t *testing.T) {
|
|
func TestReadProcBool(t *testing.T) {
|
|
tmpDir, err := ioutil.TempDir("", "test-sysinfo-proc")
|
|
tmpDir, err := ioutil.TempDir("", "test-sysinfo-proc")
|
|
- if err != nil {
|
|
|
|
- t.Fatal(err)
|
|
|
|
- }
|
|
|
|
|
|
+ require.NoError(t, err)
|
|
defer os.RemoveAll(tmpDir)
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
|
|
procFile := filepath.Join(tmpDir, "read-proc-bool")
|
|
procFile := filepath.Join(tmpDir, "read-proc-bool")
|
|
- if err := ioutil.WriteFile(procFile, []byte("1"), 0644); err != nil {
|
|
|
|
- t.Fatal(err)
|
|
|
|
- }
|
|
|
|
|
|
+ err = ioutil.WriteFile(procFile, []byte("1"), 0644)
|
|
|
|
+ require.NoError(t, err)
|
|
|
|
|
|
if !readProcBool(procFile) {
|
|
if !readProcBool(procFile) {
|
|
t.Fatal("expected proc bool to be true, got false")
|
|
t.Fatal("expected proc bool to be true, got false")
|
|
@@ -39,20 +39,66 @@ func TestReadProcBool(t *testing.T) {
|
|
|
|
|
|
func TestCgroupEnabled(t *testing.T) {
|
|
func TestCgroupEnabled(t *testing.T) {
|
|
cgroupDir, err := ioutil.TempDir("", "cgroup-test")
|
|
cgroupDir, err := ioutil.TempDir("", "cgroup-test")
|
|
- if err != nil {
|
|
|
|
- t.Fatal(err)
|
|
|
|
- }
|
|
|
|
|
|
+ require.NoError(t, err)
|
|
defer os.RemoveAll(cgroupDir)
|
|
defer os.RemoveAll(cgroupDir)
|
|
|
|
|
|
if cgroupEnabled(cgroupDir, "test") {
|
|
if cgroupEnabled(cgroupDir, "test") {
|
|
t.Fatal("cgroupEnabled should be false")
|
|
t.Fatal("cgroupEnabled should be false")
|
|
}
|
|
}
|
|
|
|
|
|
- if err := ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644); err != nil {
|
|
|
|
- t.Fatal(err)
|
|
|
|
- }
|
|
|
|
|
|
+ err = ioutil.WriteFile(path.Join(cgroupDir, "test"), []byte{}, 0644)
|
|
|
|
+ require.NoError(t, err)
|
|
|
|
|
|
if !cgroupEnabled(cgroupDir, "test") {
|
|
if !cgroupEnabled(cgroupDir, "test") {
|
|
t.Fatal("cgroupEnabled should be true")
|
|
t.Fatal("cgroupEnabled should be true")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
+
|
|
|
|
+func TestNew(t *testing.T) {
|
|
|
|
+ sysInfo := New(false)
|
|
|
|
+ require.NotNil(t, sysInfo)
|
|
|
|
+ checkSysInfo(t, sysInfo)
|
|
|
|
+
|
|
|
|
+ sysInfo = New(true)
|
|
|
|
+ require.NotNil(t, sysInfo)
|
|
|
|
+ checkSysInfo(t, sysInfo)
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+func checkSysInfo(t *testing.T, sysInfo *SysInfo) {
|
|
|
|
+ // Check if Seccomp is supported, via CONFIG_SECCOMP.then sysInfo.Seccomp must be TRUE , else FALSE
|
|
|
|
+ if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_GET_SECCOMP, 0, 0); err != syscall.EINVAL {
|
|
|
|
+ // Make sure the kernel has CONFIG_SECCOMP_FILTER.
|
|
|
|
+ if _, _, err := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_SECCOMP, SeccompModeFilter, 0); err != syscall.EINVAL {
|
|
|
|
+ require.True(t, sysInfo.Seccomp)
|
|
|
|
+ }
|
|
|
|
+ } else {
|
|
|
|
+ require.False(t, sysInfo.Seccomp)
|
|
|
|
+ }
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+func TestNewAppArmorEnabled(t *testing.T) {
|
|
|
|
+ // Check if AppArmor is supported. then it must be TRUE , else FALSE
|
|
|
|
+ if _, err := os.Stat("/sys/kernel/security/apparmor"); err != nil {
|
|
|
|
+ t.Skip("App Armor Must be Enabled")
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ sysInfo := New(true)
|
|
|
|
+ require.True(t, sysInfo.AppArmor)
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+func TestNewAppArmorDisabled(t *testing.T) {
|
|
|
|
+ // Check if AppArmor is supported. then it must be TRUE , else FALSE
|
|
|
|
+ if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) {
|
|
|
|
+ t.Skip("App Armor Must be Disabled")
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ sysInfo := New(true)
|
|
|
|
+ require.False(t, sysInfo.AppArmor)
|
|
|
|
+}
|
|
|
|
+
|
|
|
|
+func TestNumCPU(t *testing.T) {
|
|
|
|
+ cpuNumbers := NumCPU()
|
|
|
|
+ if cpuNumbers <= 0 {
|
|
|
|
+ t.Fatal("CPU returned must be greater than zero")
|
|
|
|
+ }
|
|
|
|
+}
|