test: test mounts not leak when spawn fails

Signed-off-by: NelopsisCode <[email protected]>
virt-do · Apr 10, 2022 · 52bec76 · 52bec76
1 parent a04b24a
commit 52bec76
Show file tree

Hide file tree

Showing 4 changed files with 298 additions and 1 deletion.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/container/Cargo.toml b/container/Cargo.toml
@@ -12,4 +12,5 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 
 [dev-dependencies]
-proc-mounts = "0.3.0"
+proc-mounts = "0.3.0"
+tempdir = "0.3.7"
diff --git a/container/src/lib.rs b/container/src/lib.rs
@@ -112,3 +112,31 @@ impl Container {
         Ok(())
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::Container;
+    use proc_mounts::MountList;
+    use tempdir::TempDir;
+
+    #[test]
+    fn test_mount_on_empty_rootfs_should_fail_and_cleanup() -> Result<(), std::io::Error> {
+        //use an empty rootfs for this test
+        let dir = TempDir::new_in("../hack/fixtures", "test")?;
+        let test_folder_path = dir.path().to_str().unwrap();
+        std::fs::create_dir(format!("{}/rootfs", &test_folder_path))?;
+        std::fs::copy(
+            "../hack/fixtures/config.json",
+            format!("{}/config.json", &test_folder_path),
+        )?;
+
+        let host_mounts_before_run_fail = MountList::new().unwrap();
+        let container = Container::new(test_folder_path).unwrap();
+        assert!(container.run().is_err());
+
+        let host_mounts_after_run_fail = MountList::new().unwrap();
+        assert_eq!(host_mounts_before_run_fail, host_mounts_after_run_fail);
+
+        Ok(())
+    }
+}
diff --git a/hack/fixtures/config.json b/hack/fixtures/config.json
@@ -0,0 +1,186 @@
+{
+	"ociVersion": "1.0.2-dev",
+	"process": {
+		"terminal": true,
+		"user": {
+			"uid": 0,
+			"gid": 0
+		},
+		"args": [
+			"sh"
+		],
+		"env": [
+			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+			"TERM=xterm"
+		],
+		"cwd": "/",
+		"capabilities": {
+			"bounding": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"effective": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"inheritable": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"permitted": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"ambient": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			]
+		},
+		"rlimits": [
+			{
+				"type": "RLIMIT_NOFILE",
+				"hard": 1024,
+				"soft": 1024
+			}
+		],
+		"noNewPrivileges": true
+	},
+	"root": {
+		"path": "rootfs",
+		"readonly": true
+	},
+	"hostname": "runc",
+	"mounts": [
+		{
+			"destination": "/proc",
+			"type": "proc",
+			"source": "proc"
+		},
+		{
+			"destination": "/dev",
+			"type": "tmpfs",
+			"source": "tmpfs",
+			"options": [
+				"nosuid",
+				"strictatime",
+				"mode=755",
+				"size=65536k"
+			]
+		},
+		{
+			"destination": "/dev/pts",
+			"type": "devpts",
+			"source": "devpts",
+			"options": [
+				"nosuid",
+				"noexec",
+				"newinstance",
+				"ptmxmode=0666",
+				"mode=0620"
+			]
+		},
+		{
+			"destination": "/dev/shm",
+			"type": "tmpfs",
+			"source": "shm",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev",
+				"mode=1777",
+				"size=65536k"
+			]
+		},
+		{
+			"destination": "/dev/mqueue",
+			"type": "mqueue",
+			"source": "mqueue",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev"
+			]
+		},
+		{
+			"destination": "/sys",
+			"type": "none",
+			"source": "/sys",
+			"options": [
+				"rbind",
+				"nosuid",
+				"noexec",
+				"nodev",
+				"ro"
+			]
+		},
+		{
+			"destination": "/sys/fs/cgroup",
+			"type": "cgroup",
+			"source": "cgroup",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev",
+				"relatime",
+				"ro"
+			]
+		}
+	],
+	"linux": {
+		"uidMappings": [
+			{
+				"containerID": 0,
+				"hostID": 1001,
+				"size": 1
+			}
+		],
+		"gidMappings": [
+			{
+				"containerID": 0,
+				"hostID": 1001,
+				"size": 1
+			}
+		],
+		"namespaces": [
+			{
+				"type": "pid"
+			},
+			{
+				"type": "ipc"
+			},
+			{
+				"type": "uts"
+			},
+			{
+				"type": "mount"
+			},
+			{
+				"type": "user"
+			}
+		],
+		"maskedPaths": [
+			"/proc/acpi",
+			"/proc/asound",
+			"/proc/kcore",
+			"/proc/keys",
+			"/proc/latency_stats",
+			"/proc/timer_list",
+			"/proc/timer_stats",
+			"/proc/sched_debug",
+			"/sys/firmware",
+			"/proc/scsi"
+		],
+		"readonlyPaths": [
+			"/proc/bus",
+			"/proc/fs",
+			"/proc/irq",
+			"/proc/sys",
+			"/proc/sysrq-trigger"
+		]
+	}
+}