We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
moby
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: debcb76939
分支列表 標籤列表
moby
/
integration
/
container
/
run_cgroupns_linux_test.go

run_cgroupns_linux_test.go 6.1 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 
  1. package container // import "github.com/docker/docker/integration/container"
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"testing"
    6. 

  6. 

  7. 	"github.com/docker/docker/client"
    8. 

  8. 	"github.com/docker/docker/integration/internal/container"
    9. 

  9. 	"github.com/docker/docker/integration/internal/requirement"
    10. 

  10. 	"github.com/docker/docker/testutil"
    11. 

  11. 	"github.com/docker/docker/testutil/daemon"
    12. 

  12. 	"gotest.tools/v3/assert"
    13. 

  13. 	"gotest.tools/v3/skip"
    14. 

  14. )
    15. 

  15. 

  16. // Bring up a daemon with the specified default cgroup namespace mode, and then create a container with the container options
    17. 

  17. func testRunWithCgroupNs(ctx context.Context, t *testing.T, daemonNsMode string, containerOpts ...func(*container.TestContainerConfig)) (string, string) {
    18. 

  18. 	d := daemon.New(t, daemon.WithDefaultCgroupNamespaceMode(daemonNsMode))
    19. 

  19. 	apiClient := d.NewClientT(t)
    20. 

  20. 

  21. 	d.StartWithBusybox(ctx, t)
    22. 

  22. 	defer d.Stop(t)
    23. 

  23. 

  24. 	cID := container.Run(ctx, t, apiClient, containerOpts...)
    25. 

  25. 

  26. 	daemonCgroup := d.CgroupNamespace(t)
    27. 

  27. 	containerCgroup := container.GetContainerNS(ctx, t, apiClient, cID, "cgroup")
    28. 

  28. 	return containerCgroup, daemonCgroup
    29. 

  29. }
    30. 

  30. 

  31. // Bring up a daemon with the specified default cgroup namespace mode. Create a container with the container options,
    32. 

  32. // expecting an error with the specified string
    33. 

  33. func testCreateFailureWithCgroupNs(ctx context.Context, t *testing.T, daemonNsMode string, errStr string, containerOpts ...func(*container.TestContainerConfig)) {
    34. 

  34. 	d := daemon.New(t, daemon.WithDefaultCgroupNamespaceMode(daemonNsMode))
    35. 

  35. 	apiClient := d.NewClientT(t)
    36. 

  36. 

  37. 	d.StartWithBusybox(ctx, t)
    38. 

  38. 	defer d.Stop(t)
    39. 

  39. 	_, err := container.CreateFromConfig(ctx, apiClient, container.NewTestConfig(containerOpts...))
    40. 

  40. 	assert.ErrorContains(t, err, errStr)
    41. 

  41. }
    42. 

  42. 

  43. func TestCgroupNamespacesRun(t *testing.T) {
    44. 

  44. 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
    45. 

  45. 	skip.If(t, testEnv.IsRemoteDaemon())
    46. 

  46. 	skip.If(t, !requirement.CgroupNamespacesEnabled())
    47. 

  47. 

  48. 	ctx := testutil.StartSpan(baseContext, t)
    49. 

  49. 

  50. 	// When the daemon defaults to private cgroup namespaces, containers launched
    51. 

  51. 	// should be in their own private cgroup namespace by default
    52. 

  52. 	containerCgroup, daemonCgroup := testRunWithCgroupNs(ctx, t, "private")
    53. 

  53. 	assert.Assert(t, daemonCgroup != containerCgroup)
    54. 

  54. }
    55. 

  55. 

  56. func TestCgroupNamespacesRunPrivileged(t *testing.T) {
    57. 

  57. 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
    58. 

  58. 	skip.If(t, testEnv.IsRemoteDaemon())
    59. 

  59. 	skip.If(t, !requirement.CgroupNamespacesEnabled())
    60. 

  60. 	skip.If(t, testEnv.DaemonInfo.CgroupVersion == "2", "on cgroup v2, privileged containers use private cgroupns")
    61. 

  61. 

  62. 	ctx := testutil.StartSpan(baseContext, t)
    63. 

  63. 

  64. 	// When the daemon defaults to private cgroup namespaces, privileged containers
    65. 

  65. 	// launched should not be inside their own cgroup namespaces
    66. 

  66. 	containerCgroup, daemonCgroup := testRunWithCgroupNs(ctx, t, "private", container.WithPrivileged(true))
    67. 

  67. 	assert.Assert(t, daemonCgroup == containerCgroup)
    68. 

  68. }
    69. 

  69. 

  70. func TestCgroupNamespacesRunDaemonHostMode(t *testing.T) {
    71. 

  71. 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
    72. 

  72. 	skip.If(t, testEnv.IsRemoteDaemon())
    73. 

  73. 	skip.If(t, !requirement.CgroupNamespacesEnabled())
    74. 

  74. 

  75. 	ctx := testutil.StartSpan(baseContext, t)
    76. 

  76. 

  77. 	// When the daemon defaults to host cgroup namespaces, containers
    78. 

  78. 	// launched should not be inside their own cgroup namespaces
    79. 

  79. 	containerCgroup, daemonCgroup := testRunWithCgroupNs(ctx, t, "host")
    80. 

  80. 	assert.Assert(t, daemonCgroup == containerCgroup)
    81. 

  81. }
    82. 

  82. 

  83. func TestCgroupNamespacesRunHostMode(t *testing.T) {
    84. 

  84. 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
    85. 

  85. 	skip.If(t, testEnv.IsRemoteDaemon())
    86. 

  86. 	skip.If(t, !requirement.CgroupNamespacesEnabled())
    87. 

  87. 

  88. 	ctx := testutil.StartSpan(baseContext, t)
    89. 

  89. 

  90. 	// When the daemon defaults to private cgroup namespaces, containers launched
    91. 

  91. 	// with a cgroup ns mode of "host" should not be inside their own cgroup namespaces
    92. 

  92. 	containerCgroup, daemonCgroup := testRunWithCgroupNs(ctx, t, "private", container.WithCgroupnsMode("host"))
    93. 

  93. 	assert.Assert(t, daemonCgroup == containerCgroup)
    94. 

  94. }
    95. 

  95. 

  96. func TestCgroupNamespacesRunPrivateMode(t *testing.T) {
    97. 

  97. 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
    98. 

  98. 	skip.If(t, testEnv.IsRemoteDaemon())
    99. 

  99. 	skip.If(t, !requirement.CgroupNamespacesEnabled())
    100. 

  100. 

  101. 	ctx := testutil.StartSpan(baseContext, t)
    102. 

  102. 

  103. 	// When the daemon defaults to private cgroup namespaces, containers launched
    104. 

  104. 	// with a cgroup ns mode of "private" should be inside their own cgroup namespaces
    105. 

  105. 	containerCgroup, daemonCgroup := testRunWithCgroupNs(ctx, t, "private", container.WithCgroupnsMode("private"))
    106. 

  106. 	assert.Assert(t, daemonCgroup != containerCgroup)
    107. 

  107. }
    108. 

  108. 

  109. func TestCgroupNamespacesRunPrivilegedAndPrivate(t *testing.T) {
    110. 

  110. 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
    111. 

  111. 	skip.If(t, testEnv.IsRemoteDaemon())
    112. 

  112. 	skip.If(t, !requirement.CgroupNamespacesEnabled())
    113. 

  113. 

  114. 	ctx := testutil.StartSpan(baseContext, t)
    115. 

  115. 

  116. 	containerCgroup, daemonCgroup := testRunWithCgroupNs(ctx, t, "private", container.WithPrivileged(true), container.WithCgroupnsMode("private"))
    117. 

  117. 	assert.Assert(t, daemonCgroup != containerCgroup)
    118. 

  118. }
    119. 

  119. 

  120. func TestCgroupNamespacesRunInvalidMode(t *testing.T) {
    121. 

  121. 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
    122. 

  122. 	skip.If(t, testEnv.IsRemoteDaemon())
    123. 

  123. 	skip.If(t, !requirement.CgroupNamespacesEnabled())
    124. 

  124. 

  125. 	ctx := testutil.StartSpan(baseContext, t)
    126. 

  126. 

  127. 	// An invalid cgroup namespace mode should return an error on container creation
    128. 

  128. 	errStr := "invalid cgroup namespace mode: invalid"
    129. 

  129. 	testCreateFailureWithCgroupNs(ctx, t, "private", errStr, container.WithCgroupnsMode("invalid"))
    130. 

  130. }
    131. 

  131. 

  132. // Clients before 1.40 expect containers to be created in the host cgroup namespace,
    133. 

  133. // regardless of the default setting of the daemon, unless running with cgroup v2
    134. 

  134. func TestCgroupNamespacesRunOlderClient(t *testing.T) {
    135. 

  135. 	skip.If(t, testEnv.DaemonInfo.OSType != "linux")
    136. 

  136. 	skip.If(t, testEnv.IsRemoteDaemon())
    137. 

  137. 	skip.If(t, !requirement.CgroupNamespacesEnabled())
    138. 

  138. 

  139. 	ctx := testutil.StartSpan(baseContext, t)
    140. 

  140. 

  141. 	d := daemon.New(t, daemon.WithDefaultCgroupNamespaceMode("private"))
    142. 

  142. 	apiClient := d.NewClientT(t, client.WithVersion("1.39"))
    143. 

  143. 

  144. 	d.StartWithBusybox(ctx, t)
    145. 

  145. 	defer d.Stop(t)
    146. 

  146. 

  147. 	cID := container.Run(ctx, t, apiClient)
    148. 

  148. 

  149. 	daemonCgroup := d.CgroupNamespace(t)
    150. 

  150. 	containerCgroup := container.GetContainerNS(ctx, t, apiClient, cID, "cgroup")
    151. 

  151. 	if testEnv.DaemonInfo.CgroupVersion != "2" {
    152. 

  152. 		assert.Assert(t, daemonCgroup == containerCgroup)
    153. 

  153. 	} else {
    154. 

  154. 		assert.Assert(t, daemonCgroup != containerCgroup)
    155. 

  155. 	}
    156. 

  156. }
    157.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5