From 0d3e3194e26a21c531d13bde5e45c0bce9717a99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Sk=C3=B8tt?= Date: Thu, 11 Aug 2022 21:50:57 +0200 Subject: [PATCH 3/4] Add unit test for --device-access MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Skøtt --- tests/test_device_access.podman.json | 244 +++++++++++++++++++++++++++ tests/test_main.py | 15 ++ 2 files changed, 259 insertions(+) create mode 100644 tests/test_device_access.podman.json diff --git a/tests/test_device_access.podman.json b/tests/test_device_access.podman.json new file mode 100644 index 0000000..9a806a2 --- /dev/null +++ b/tests/test_device_access.podman.json @@ -0,0 +1,244 @@ +[ + { + "Id": "68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744", + "Created": "2022-08-11T20:54:51.026287311+02:00", + "Path": "/bin/bash", + "Args": [ + "/bin/bash" + ], + "State": { + "OciVersion": "1.0.2-dev", + "Status": "exited", + "Running": false, + "Paused": false, + "Restarting": false, + "OOMKilled": false, + "Dead": false, + "Pid": 0, + "ExitCode": 0, + "Error": "", + "StartedAt": "2022-08-11T20:54:51.116938836+02:00", + "FinishedAt": "2022-08-11T20:54:51.1327839+02:00", + "Health": { + "Status": "", + "FailingStreak": 0, + "Log": null + }, + "CheckpointedAt": "0001-01-01T00:00:00Z", + "RestoredAt": "0001-01-01T00:00:00Z" + }, + "Image": "2ecb6df959942dd2fdeb65606ca2e42a54f8c06af10eeb594fdfc3e2656c53d1", + "ImageName": "registry.fedoraproject.org/fedora:latest", + "Rootfs": "", + "Pod": "", + "ResolvConfPath": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/resolv.conf", + "HostnamePath": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/hostname", + "HostsPath": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/hosts", + "StaticDir": "/home/martin/.local/share/containers/storage/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata", + "OCIConfigPath": "/home/martin/.local/share/containers/storage/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/config.json", + "OCIRuntime": "crun", + "ConmonPidFile": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/conmon.pid", + "PidFile": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/pidfile", + "Name": "charming_khorana", + "RestartCount": 0, + "Driver": "overlay", + "MountLabel": "system_u:object_r:container_file_t:s0:c8,c574", + "ProcessLabel": "system_u:system_r:container_t:s0:c8,c574", + "AppArmorProfile": "", + "EffectiveCaps": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + "CAP_SETFCAP", + "CAP_SETGID", + "CAP_SETPCAP", + "CAP_SETUID", + "CAP_SYS_CHROOT" + ], + "BoundingCaps": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + "CAP_SETFCAP", + "CAP_SETGID", + "CAP_SETPCAP", + "CAP_SETUID", + "CAP_SYS_CHROOT" + ], + "ExecIDs": [], + "GraphDriver": { + "Name": "overlay", + "Data": { + "LowerDir": "/home/martin/.local/share/containers/storage/overlay/1da06ca5080c2ce2499e2f9802259209c7dd85c92d64852c3165425cdc18c443/diff", + "UpperDir": "/home/martin/.local/share/containers/storage/overlay/98294044df8fadc428b8a41befc0c83d574601b56076c62ce7fa93df6c48f8dc/diff", + "WorkDir": "/home/martin/.local/share/containers/storage/overlay/98294044df8fadc428b8a41befc0c83d574601b56076c62ce7fa93df6c48f8dc/work" + } + }, + "Mounts": [], + "Dependencies": [], + "NetworkSettings": { + "EndpointID": "", + "Gateway": "", + "IPAddress": "", + "IPPrefixLen": 0, + "IPv6Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "MacAddress": "", + "Bridge": "", + "SandboxID": "", + "HairpinMode": false, + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + "Ports": {}, + "SandboxKey": "" + }, + "Namespace": "", + "IsInfra": false, + "Config": { + "Hostname": "68485406c4bb", + "Domainname": "", + "User": "", + "AttachStdin": false, + "AttachStdout": false, + "AttachStderr": false, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": [ + "FGC=f36", + "DISTTAG=f36container", + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm", + "container=oci", + "HOME=/root", + "HOSTNAME=68485406c4bb" + ], + "Cmd": [ + "/bin/bash" + ], + "Image": "registry.fedoraproject.org/fedora:latest", + "Volumes": null, + "WorkingDir": "/", + "Entrypoint": "", + "OnBuild": null, + "Labels": { + "license": "MIT", + "name": "fedora", + "vendor": "Fedora Project", + "version": "36" + }, + "Annotations": { + "io.container.manager": "libpod", + "io.kubernetes.cri-o.Created": "2022-08-11T20:54:51.026287311+02:00", + "io.kubernetes.cri-o.TTY": "false", + "io.podman.annotations.autoremove": "FALSE", + "io.podman.annotations.init": "FALSE", + "io.podman.annotations.privileged": "FALSE", + "io.podman.annotations.publish-all": "FALSE", + "org.opencontainers.image.stopSignal": "15" + }, + "StopSignal": 15, + "CreateCommand": [ + "podman", + "run", + "--device", + "/dev/fb0", + "fedora" + ], + "Umask": "0022", + "Timeout": 0, + "StopTimeout": 10, + "Passwd": true + }, + "HostConfig": { + "Binds": [], + "CgroupManager": "systemd", + "CgroupMode": "private", + "ContainerIDFile": "", + "LogConfig": { + "Type": "journald", + "Config": null, + "Path": "", + "Tag": "", + "Size": "0B" + }, + "NetworkMode": "slirp4netns", + "PortBindings": {}, + "RestartPolicy": { + "Name": "", + "MaximumRetryCount": 0 + }, + "AutoRemove": false, + "VolumeDriver": "", + "VolumesFrom": null, + "CapAdd": [], + "CapDrop": [ + "CAP_AUDIT_WRITE", + "CAP_MKNOD", + "CAP_NET_RAW" + ], + "Dns": [], + "DnsOptions": [], + "DnsSearch": [], + "ExtraHosts": [], + "GroupAdd": [], + "IpcMode": "shareable", + "Cgroup": "", + "Cgroups": "default", + "Links": null, + "OomScoreAdj": 0, + "PidMode": "private", + "Privileged": false, + "PublishAllPorts": false, + "ReadonlyRootfs": false, + "SecurityOpt": [], + "Tmpfs": {}, + "UTSMode": "private", + "UsernsMode": "", + "ShmSize": 65536000, + "Runtime": "oci", + "ConsoleSize": [ + 0, + 0 + ], + "Isolation": "", + "CpuShares": 0, + "Memory": 0, + "NanoCpus": 0, + "CgroupParent": "user.slice", + "BlkioWeight": 0, + "BlkioWeightDevice": null, + "BlkioDeviceReadBps": null, + "BlkioDeviceWriteBps": null, + "BlkioDeviceReadIOps": null, + "BlkioDeviceWriteIOps": null, + "CpuPeriod": 0, + "CpuQuota": 0, + "CpuRealtimePeriod": 0, + "CpuRealtimeRuntime": 0, + "CpusetCpus": "", + "CpusetMems": "", + "Devices": [], + "DiskQuota": 0, + "KernelMemory": 0, + "MemoryReservation": 0, + "MemorySwap": 0, + "MemorySwappiness": 0, + "OomKillDisable": false, + "PidsLimit": 2048, + "Ulimits": [], + "CpuCount": 0, + "CpuPercent": 0, + "IOMaximumIOps": 0, + "IOMaximumBandwidth": 0, + "CgroupConf": null + } + } +] diff --git a/tests/test_main.py b/tests/test_main.py index 6b30dc4..bc17cc2 100644 --- a/tests/test_main.py +++ b/tests/test_main.py @@ -354,6 +354,21 @@ class TestBase(unittest.TestCase): self.assert_templates(output, ["base_container"]) self.assert_policy(test_file("test_devices.podman.cil")) + def test_device_access_podman(self): + """podman run --device /dev/fb0 fedora""" + output = self.run_udica( + [ + "udica", + "-j", + "tests/test_devices.podman.json", + "--device-access", + "/dev/fd0", + "my_container", + ] + ) + self.assert_templates(output, ["base_container"]) + self.assert_policy(test_file("test_devices.podman.cil")) + def run_udica(self, args): with patch("sys.argv", args): with patch("sys.stderr.write") as mock_err, patch( -- 2.37.3