Files

 27.x

/

oci_test.go

Copy path

Blame

Blame

Latest commit

 

History

History

168 lines (163 loc) · 4.97 KB

 27.x

/

oci_test.go

Top

File metadata and controls

• Code
• Blame

168 lines (163 loc) · 4.97 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

package oci

import (

"testing"

"github.com/opencontainers/runtime-spec/specs-go"

"gotest.tools/v3/assert"

)

func TestAppendDevicePermissionsFromCgroupRules(t *testing.T) {

ptr := func(i int64) *int64 { return &i }

tests := []struct {

doc string

rule string

expected specs.LinuxDeviceCgroup

expectedErr string

}{

{

doc: "empty rule",

rule: "",

expectedErr: `invalid device cgroup rule format: ''`,

},

{

doc: "multiple spaces after first column",

rule: "c 1:1 rwm",

expectedErr: `invalid device cgroup rule format: 'c 1:1 rwm'`,

},

{

doc: "multiple spaces after second column",

rule: "c 1:1 rwm",

expectedErr: `invalid device cgroup rule format: 'c 1:1 rwm'`,

},

{

doc: "leading spaces",

rule: " c 1:1 rwm",

expectedErr: `invalid device cgroup rule format: ' c 1:1 rwm'`,

},

{

doc: "trailing spaces",

rule: "c 1:1 rwm ",

expectedErr: `invalid device cgroup rule format: 'c 1:1 rwm '`,

},

{

doc: "unknown device type",

rule: "z 1:1 rwm",

expectedErr: `invalid device cgroup rule format: 'z 1:1 rwm'`,

},

{

doc: "invalid device type",

rule: "zz 1:1 rwm",

expectedErr: `invalid device cgroup rule format: 'zz 1:1 rwm'`,

},

{

doc: "missing colon",

rule: "c 11 rwm",

expectedErr: `invalid device cgroup rule format: 'c 11 rwm'`,

},

{

doc: "invalid device major-minor",

rule: "c a:a rwm",

expectedErr: `invalid device cgroup rule format: 'c a:a rwm'`,

},

{

doc: "negative major device",

rule: "c -1:1 rwm",

expectedErr: `invalid device cgroup rule format: 'c -1:1 rwm'`,

},

{

doc: "negative minor device",

rule: "c 1:-1 rwm",

expectedErr: `invalid device cgroup rule format: 'c 1:-1 rwm'`,

},

{

doc: "missing permissions",

rule: "c 1:1",

expectedErr: `invalid device cgroup rule format: 'c 1:1'`,

},

{

doc: "invalid permissions",

rule: "c 1:1 x",

expectedErr: `invalid device cgroup rule format: 'c 1:1 x'`,

},

{

doc: "too many permissions",

rule: "c 1:1 rwmrwm",

expectedErr: `invalid device cgroup rule format: 'c 1:1 rwmrwm'`,

},

{

doc: "major out of range",

rule: "c 18446744073709551616:1 rwm",

expectedErr: `invalid major value in device cgroup rule format: 'c 18446744073709551616:1 rwm'`,

},

{

doc: "minor out of range",

rule: "c 1:18446744073709551616 rwm",

expectedErr: `invalid minor value in device cgroup rule format: 'c 1:18446744073709551616 rwm'`,

},

{

doc: "all (a) devices",

rule: "a 1:1 rwm",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "a", Major: ptr(1), Minor: ptr(1), Access: "rwm"},

},

{

doc: "char (c) devices",

rule: "c 1:1 rwm",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "rwm"},

},

{

doc: "block (b) devices",

rule: "b 1:1 rwm",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "b", Major: ptr(1), Minor: ptr(1), Access: "rwm"},

},

{

doc: "char device with rwm permissions",

rule: "c 7:128 rwm",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(7), Minor: ptr(128), Access: "rwm"},

},

{

doc: "wildcard major",

rule: "c *:1 rwm",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(-1), Minor: ptr(1), Access: "rwm"},

},

{

doc: "wildcard minor",

rule: "c 1:* rwm",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(-1), Access: "rwm"},

},

{

doc: "wildcard major and minor",

rule: "c *:* rwm",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(-1), Minor: ptr(-1), Access: "rwm"},

},

{

doc: "read (r) permission",

rule: "c 1:1 r",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "r"},

},

{

doc: "write (w) permission",

rule: "c 1:1 w",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "w"},

},

{

doc: "mknod (m) permission",

rule: "c 1:1 m",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "m"},

},

{

doc: "mknod (m) and read (r) permission",

rule: "c 1:1 mr",

expected: specs.LinuxDeviceCgroup{Allow: true, Type: "c", Major: ptr(1), Minor: ptr(1), Access: "mr"},

},

}

for _, tc := range tests {

tc := tc

t.Run(tc.doc, func(t *testing.T) {

out, err := AppendDevicePermissionsFromCgroupRules([]specs.LinuxDeviceCgroup{}, []string{tc.rule})

if tc.expectedErr != "" {

assert.Error(t, err, tc.expectedErr)

return

}

assert.NilError(t, err)

assert.DeepEqual(t, out, []specs.LinuxDeviceCgroup{tc.expected})

})

}

}