udica/0003-Add-unit-test-for-device-access.patch
Vit Mojzis 4a53696b71 udica-0.2.7-5
- Show diff when checking formatting
- Fix several lint findings
- Fix generating policy for Crio mounts

Fixes:
  https://github.com/containers/udica/issues/118
2023-04-20 17:25:50 +02:00

295 lines
11 KiB
Diff

From 0d3e3194e26a21c531d13bde5e45c0bce9717a99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Sk=C3=B8tt?= <martin@skoett.name>
Date: Thu, 11 Aug 2022 21:50:57 +0200
Subject: [PATCH] Add unit test for --device-access
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Martin Skøtt <martin@skoett.name>
---
tests/test_device_access.podman.json | 244 +++++++++++++++++++++++++++
tests/test_main.py | 15 ++
2 files changed, 259 insertions(+)
create mode 100644 tests/test_device_access.podman.json
diff --git a/tests/test_device_access.podman.json b/tests/test_device_access.podman.json
new file mode 100644
index 0000000..9a806a2
--- /dev/null
+++ b/tests/test_device_access.podman.json
@@ -0,0 +1,244 @@
+[
+ {
+ "Id": "68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744",
+ "Created": "2022-08-11T20:54:51.026287311+02:00",
+ "Path": "/bin/bash",
+ "Args": [
+ "/bin/bash"
+ ],
+ "State": {
+ "OciVersion": "1.0.2-dev",
+ "Status": "exited",
+ "Running": false,
+ "Paused": false,
+ "Restarting": false,
+ "OOMKilled": false,
+ "Dead": false,
+ "Pid": 0,
+ "ExitCode": 0,
+ "Error": "",
+ "StartedAt": "2022-08-11T20:54:51.116938836+02:00",
+ "FinishedAt": "2022-08-11T20:54:51.1327839+02:00",
+ "Health": {
+ "Status": "",
+ "FailingStreak": 0,
+ "Log": null
+ },
+ "CheckpointedAt": "0001-01-01T00:00:00Z",
+ "RestoredAt": "0001-01-01T00:00:00Z"
+ },
+ "Image": "2ecb6df959942dd2fdeb65606ca2e42a54f8c06af10eeb594fdfc3e2656c53d1",
+ "ImageName": "registry.fedoraproject.org/fedora:latest",
+ "Rootfs": "",
+ "Pod": "",
+ "ResolvConfPath": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/resolv.conf",
+ "HostnamePath": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/hostname",
+ "HostsPath": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/hosts",
+ "StaticDir": "/home/martin/.local/share/containers/storage/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata",
+ "OCIConfigPath": "/home/martin/.local/share/containers/storage/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/config.json",
+ "OCIRuntime": "crun",
+ "ConmonPidFile": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/conmon.pid",
+ "PidFile": "/run/user/1000/overlay-containers/68485406c4bbfd2b379beac7d80834a4ca94d7e74ada5019c7499afed62e1744/userdata/pidfile",
+ "Name": "charming_khorana",
+ "RestartCount": 0,
+ "Driver": "overlay",
+ "MountLabel": "system_u:object_r:container_file_t:s0:c8,c574",
+ "ProcessLabel": "system_u:system_r:container_t:s0:c8,c574",
+ "AppArmorProfile": "",
+ "EffectiveCaps": [
+ "CAP_CHOWN",
+ "CAP_DAC_OVERRIDE",
+ "CAP_FOWNER",
+ "CAP_FSETID",
+ "CAP_KILL",
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SETFCAP",
+ "CAP_SETGID",
+ "CAP_SETPCAP",
+ "CAP_SETUID",
+ "CAP_SYS_CHROOT"
+ ],
+ "BoundingCaps": [
+ "CAP_CHOWN",
+ "CAP_DAC_OVERRIDE",
+ "CAP_FOWNER",
+ "CAP_FSETID",
+ "CAP_KILL",
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SETFCAP",
+ "CAP_SETGID",
+ "CAP_SETPCAP",
+ "CAP_SETUID",
+ "CAP_SYS_CHROOT"
+ ],
+ "ExecIDs": [],
+ "GraphDriver": {
+ "Name": "overlay",
+ "Data": {
+ "LowerDir": "/home/martin/.local/share/containers/storage/overlay/1da06ca5080c2ce2499e2f9802259209c7dd85c92d64852c3165425cdc18c443/diff",
+ "UpperDir": "/home/martin/.local/share/containers/storage/overlay/98294044df8fadc428b8a41befc0c83d574601b56076c62ce7fa93df6c48f8dc/diff",
+ "WorkDir": "/home/martin/.local/share/containers/storage/overlay/98294044df8fadc428b8a41befc0c83d574601b56076c62ce7fa93df6c48f8dc/work"
+ }
+ },
+ "Mounts": [],
+ "Dependencies": [],
+ "NetworkSettings": {
+ "EndpointID": "",
+ "Gateway": "",
+ "IPAddress": "",
+ "IPPrefixLen": 0,
+ "IPv6Gateway": "",
+ "GlobalIPv6Address": "",
+ "GlobalIPv6PrefixLen": 0,
+ "MacAddress": "",
+ "Bridge": "",
+ "SandboxID": "",
+ "HairpinMode": false,
+ "LinkLocalIPv6Address": "",
+ "LinkLocalIPv6PrefixLen": 0,
+ "Ports": {},
+ "SandboxKey": ""
+ },
+ "Namespace": "",
+ "IsInfra": false,
+ "Config": {
+ "Hostname": "68485406c4bb",
+ "Domainname": "",
+ "User": "",
+ "AttachStdin": false,
+ "AttachStdout": false,
+ "AttachStderr": false,
+ "Tty": false,
+ "OpenStdin": false,
+ "StdinOnce": false,
+ "Env": [
+ "FGC=f36",
+ "DISTTAG=f36container",
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "TERM=xterm",
+ "container=oci",
+ "HOME=/root",
+ "HOSTNAME=68485406c4bb"
+ ],
+ "Cmd": [
+ "/bin/bash"
+ ],
+ "Image": "registry.fedoraproject.org/fedora:latest",
+ "Volumes": null,
+ "WorkingDir": "/",
+ "Entrypoint": "",
+ "OnBuild": null,
+ "Labels": {
+ "license": "MIT",
+ "name": "fedora",
+ "vendor": "Fedora Project",
+ "version": "36"
+ },
+ "Annotations": {
+ "io.container.manager": "libpod",
+ "io.kubernetes.cri-o.Created": "2022-08-11T20:54:51.026287311+02:00",
+ "io.kubernetes.cri-o.TTY": "false",
+ "io.podman.annotations.autoremove": "FALSE",
+ "io.podman.annotations.init": "FALSE",
+ "io.podman.annotations.privileged": "FALSE",
+ "io.podman.annotations.publish-all": "FALSE",
+ "org.opencontainers.image.stopSignal": "15"
+ },
+ "StopSignal": 15,
+ "CreateCommand": [
+ "podman",
+ "run",
+ "--device",
+ "/dev/fb0",
+ "fedora"
+ ],
+ "Umask": "0022",
+ "Timeout": 0,
+ "StopTimeout": 10,
+ "Passwd": true
+ },
+ "HostConfig": {
+ "Binds": [],
+ "CgroupManager": "systemd",
+ "CgroupMode": "private",
+ "ContainerIDFile": "",
+ "LogConfig": {
+ "Type": "journald",
+ "Config": null,
+ "Path": "",
+ "Tag": "",
+ "Size": "0B"
+ },
+ "NetworkMode": "slirp4netns",
+ "PortBindings": {},
+ "RestartPolicy": {
+ "Name": "",
+ "MaximumRetryCount": 0
+ },
+ "AutoRemove": false,
+ "VolumeDriver": "",
+ "VolumesFrom": null,
+ "CapAdd": [],
+ "CapDrop": [
+ "CAP_AUDIT_WRITE",
+ "CAP_MKNOD",
+ "CAP_NET_RAW"
+ ],
+ "Dns": [],
+ "DnsOptions": [],
+ "DnsSearch": [],
+ "ExtraHosts": [],
+ "GroupAdd": [],
+ "IpcMode": "shareable",
+ "Cgroup": "",
+ "Cgroups": "default",
+ "Links": null,
+ "OomScoreAdj": 0,
+ "PidMode": "private",
+ "Privileged": false,
+ "PublishAllPorts": false,
+ "ReadonlyRootfs": false,
+ "SecurityOpt": [],
+ "Tmpfs": {},
+ "UTSMode": "private",
+ "UsernsMode": "",
+ "ShmSize": 65536000,
+ "Runtime": "oci",
+ "ConsoleSize": [
+ 0,
+ 0
+ ],
+ "Isolation": "",
+ "CpuShares": 0,
+ "Memory": 0,
+ "NanoCpus": 0,
+ "CgroupParent": "user.slice",
+ "BlkioWeight": 0,
+ "BlkioWeightDevice": null,
+ "BlkioDeviceReadBps": null,
+ "BlkioDeviceWriteBps": null,
+ "BlkioDeviceReadIOps": null,
+ "BlkioDeviceWriteIOps": null,
+ "CpuPeriod": 0,
+ "CpuQuota": 0,
+ "CpuRealtimePeriod": 0,
+ "CpuRealtimeRuntime": 0,
+ "CpusetCpus": "",
+ "CpusetMems": "",
+ "Devices": [],
+ "DiskQuota": 0,
+ "KernelMemory": 0,
+ "MemoryReservation": 0,
+ "MemorySwap": 0,
+ "MemorySwappiness": 0,
+ "OomKillDisable": false,
+ "PidsLimit": 2048,
+ "Ulimits": [],
+ "CpuCount": 0,
+ "CpuPercent": 0,
+ "IOMaximumIOps": 0,
+ "IOMaximumBandwidth": 0,
+ "CgroupConf": null
+ }
+ }
+]
diff --git a/tests/test_main.py b/tests/test_main.py
index 6b30dc4..bc17cc2 100644
--- a/tests/test_main.py
+++ b/tests/test_main.py
@@ -354,6 +354,21 @@ class TestBase(unittest.TestCase):
self.assert_templates(output, ["base_container"])
self.assert_policy(test_file("test_devices.podman.cil"))
+ def test_device_access_podman(self):
+ """podman run --device /dev/fb0 fedora"""
+ output = self.run_udica(
+ [
+ "udica",
+ "-j",
+ "tests/test_devices.podman.json",
+ "--device-access",
+ "/dev/fd0",
+ "my_container",
+ ]
+ )
+ self.assert_templates(output, ["base_container"])
+ self.assert_policy(test_file("test_devices.podman.cil"))
+
def run_udica(self, args):
with patch("sys.argv", args):
with patch("sys.stderr.write") as mock_err, patch(
--
2.37.3