diff --git a/Makefile b/Makefile index 335b6b52f..87cfb4511 100644 --- a/Makefile +++ b/Makefile @@ -58,7 +58,10 @@ validation-executables: $(VALIDATION_TESTS) $(VALIDATION_TESTS): %.t: %.go go build -tags "$(BUILDTAGS)" ${TESTFLAGS} -o $@ $< -.PHONY: test .gofmt .govet .golint +print-validation-tests: + @echo $(VALIDATION_TESTS) + +.PHONY: test .gofmt .govet .golint print-validation-tests PACKAGES = $(shell go list ./... | grep -v vendor) test: .gofmt .govet .golint .gotest diff --git a/cmd/runtimetest/main.go b/cmd/runtimetest/main.go index ad05bec70..a45e441b1 100644 --- a/cmd/runtimetest/main.go +++ b/cmd/runtimetest/main.go @@ -1216,6 +1216,16 @@ func (c *complianceTester) validateMountLabel(spec *rspec.Spec) error { } for _, mount := range spec.Mounts { + isBind := false + for _, opt := range mount.Options { + if opt == "bind" || opt == "rbind" { + isBind = true + break + } + } + if !isBind { + continue + } fileLabel, err := label.FileLabel(mount.Destination) if err != nil { return fmt.Errorf("Failed to get mountLabel of %v", mount.Destination) diff --git a/validation/delete/delete.go b/validation/delete/delete.go index 98374e3d2..6f150dd78 100644 --- a/validation/delete/delete.go +++ b/validation/delete/delete.go @@ -16,6 +16,8 @@ import ( func main() { t := tap.New() t.Header(0) + defer t.AutoPlan() + bundleDir, err := util.PrepareBundle() if err != nil { util.Fatal(err) @@ -72,7 +74,7 @@ func main() { if c.effectCheck { // waiting for the error of State, just in case the delete operation takes time - util.WaitingForStatus(testRuntime, util.LifecycleActionNone, time.Second*10, time.Second*1) + util.WaitingForStatus(testRuntime, util.LifecycleActionNone, time.Second*3, time.Second/2) _, err = testRuntime.State() // err == nil means the 'delete' operation does NOT take effect util.SpecErrorOK(t, err == nil, specerror.NewError(specerror.DeleteNonStopHaveNoEffect, fmt.Errorf("attempting to `delete` a container that is not `stopped` MUST have no effect on the container"), rspecs.Version), err) @@ -89,6 +91,4 @@ func main() { } } } - - t.AutoPlan() } diff --git a/validation/kill/kill.go b/validation/kill/kill.go index bfcc4ced6..b77d7681e 100644 --- a/validation/kill/kill.go +++ b/validation/kill/kill.go @@ -70,6 +70,10 @@ func main() { // KILL MUST be supported and KILL cannot be trapped err = r.Kill("KILL") util.WaitingForStatus(*r, util.LifecycleStatusStopped, time.Second*10, time.Second*1) + if err != nil { + //Be sure to not leave the container around + r.Delete() + } return err }, } diff --git a/validation/linux_seccomp/linux_seccomp.go b/validation/linux_seccomp/linux_seccomp.go index 9188fcf18..5bbf716d1 100644 --- a/validation/linux_seccomp/linux_seccomp.go +++ b/validation/linux_seccomp/linux_seccomp.go @@ -1,11 +1,15 @@ package main import ( + tap "github.com/mndrix/tap-go" "github.com/opencontainers/runtime-tools/generate/seccomp" "github.com/opencontainers/runtime-tools/validation/util" ) func main() { + t := tap.New() + t.Header(0) + defer t.AutoPlan() g, err := util.GetDefaultGenerator() if err != nil { util.Fatal(err) @@ -16,8 +20,10 @@ func main() { } g.SetDefaultSeccompAction("allow") g.SetSyscallAction(syscallArgs) - err = util.RuntimeInsideValidate(g, nil, nil) + err = util.RuntimeInsideValidate(g, t, nil) + t.Ok(err == nil, "seccomp action is added correctly") if err != nil { - util.Fatal(err) + t.Fail(err.Error()) } + } diff --git a/validation/misc_props/misc_props.go b/validation/misc_props/misc_props.go index 0338eb436..5a6402e23 100644 --- a/validation/misc_props/misc_props.go +++ b/validation/misc_props/misc_props.go @@ -45,9 +45,15 @@ func main() { util.Fatal(err) } basicConfig.SetProcessArgs([]string{"true"}) - annotationConfig := basicConfig + annotationConfig, err := util.GetDefaultGenerator() + if err != nil { + util.Fatal(err) + } annotationConfig.AddAnnotation(fmt.Sprintf("org.%s", containerID), "") - invalidConfig := basicConfig + invalidConfig, err := util.GetDefaultGenerator() + if err != nil { + util.Fatal(err) + } invalidConfig.SetVersion("invalid") cases := []struct { diff --git a/validation/pidfile/pidfile.go b/validation/pidfile/pidfile.go index 0bc8655e0..8ec10df3e 100644 --- a/validation/pidfile/pidfile.go +++ b/validation/pidfile/pidfile.go @@ -7,6 +7,7 @@ import ( "os/exec" "path/filepath" "strconv" + "time" tap "github.com/mndrix/tap-go" "github.com/opencontainers/runtime-tools/validation/util" @@ -31,7 +32,7 @@ func main() { g.SetProcessArgs([]string{"true"}) config := util.LifecycleConfig{ Config: g, - Actions: util.LifecycleActionCreate | util.LifecycleActionDelete, + Actions: util.LifecycleActionCreate | util.LifecycleActionStart | util.LifecycleActionDelete, PreCreate: func(r *util.Runtime) error { r.SetID(uuid.NewV4().String()) r.PidFile = tempPidFile @@ -55,6 +56,13 @@ func main() { } return nil }, + PreDelete: func(r *util.Runtime) error { + util.WaitingForStatus(*r, util.LifecycleStatusRunning, time.Second*10, time.Second*1) + err = r.Kill("KILL") + // wait before the container been deleted + util.WaitingForStatus(*r, util.LifecycleStatusStopped, time.Second*10, time.Second*1) + return err + }, } err = util.RuntimeLifecycleValidate(config) diff --git a/validation/process_capabilities_fail/process_capabilities_fail.go b/validation/process_capabilities_fail/process_capabilities_fail.go index 13007a8c7..21c94f32b 100644 --- a/validation/process_capabilities_fail/process_capabilities_fail.go +++ b/validation/process_capabilities_fail/process_capabilities_fail.go @@ -20,7 +20,7 @@ func main() { if err != nil { util.Fatal(err) } - g.AddProcessCapabilityBounding("CAP_TEST") + g.Config.Process.Capabilities.Bounding = append(g.Config.Process.Capabilities.Bounding, "CAP_TEST") err = util.RuntimeInsideValidate(g, nil, nil) if err == nil { util.Fatal(specerror.NewError(specerror.LinuxProcCapError, fmt.Errorf("Any value which cannot be mapped to a relevant kernel interface MUST cause an error"), rspecs.Version)) diff --git a/validation/state/state.go b/validation/state/state.go index 3694fc9c3..986a52e05 100644 --- a/validation/state/state.go +++ b/validation/state/state.go @@ -3,6 +3,7 @@ package main import ( "fmt" "os/exec" + "time" "github.com/mndrix/tap-go" rspecs "github.com/opencontainers/runtime-spec/specs-go" @@ -44,6 +45,8 @@ func main() { }, PostCreate: func(r *util.Runtime) error { _, err = r.State() + r.Kill("KILL") + util.WaitingForStatus(*r, util.LifecycleStatusStopped, time.Second*10, time.Second) return err }, } diff --git a/validation/util/container.go b/validation/util/container.go index 48d9f7398..1ba49844c 100644 --- a/validation/util/container.go +++ b/validation/util/container.go @@ -9,6 +9,7 @@ import ( "os" "os/exec" "path/filepath" + "time" rspecs "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" @@ -197,6 +198,9 @@ func (r *Runtime) Delete() (err error) { // forceRemoveBundle is true, after the deletion attempt regardless of // whether it was successful or not. func (r *Runtime) Clean(removeBundle bool, forceRemoveBundle bool) error { + r.Kill("KILL") + WaitingForStatus(*r, LifecycleStatusStopped, time.Second*10, time.Second/10) + err := r.Delete() if removeBundle && (err == nil || forceRemoveBundle) { diff --git a/validation/util/test.go b/validation/util/test.go index 7f32bcb75..de69daff0 100644 --- a/validation/util/test.go +++ b/validation/util/test.go @@ -350,7 +350,8 @@ func RuntimeLifecycleValidate(config LifecycleConfig) error { if _, err := r.State(); err != nil { return } - err := WaitingForStatus(r, LifecycleStatusCreated|LifecycleStatusStopped, time.Second*10, time.Second*1) + r.Kill("KILL") + err := WaitingForStatus(r, LifecycleStatusStopped, time.Second*10, time.Second*1) if err == nil { r.Delete() } else {