本文整理汇总了Golang中github.com/coreos/rkt/tests/testutils.NewRktRunCtx函数的典型用法代码示例。如果您正苦于以下问题:Golang NewRktRunCtx函数的具体用法?Golang NewRktRunCtx怎么用?Golang NewRktRunCtx使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NewRktRunCtx函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: TestProcFSRestrictions
// TestProcFSRestrictions checks that access to sensitive paths under
// /proc and /sys is correctly restricted:
// https://github.com/coreos/rkt/issues/2484
func TestProcFSRestrictions(t *testing.T) {
// check access to read-only paths
roEntry := "/proc/sysrq-trigger"
testContent := "h"
roImage := patchTestACI("rkt-inspect-write-procfs.aci", fmt.Sprintf("--exec=/inspect --write-file --file-name %s --content %s", roEntry, testContent))
defer os.Remove(roImage)
roCtx := testutils.NewRktRunCtx()
defer roCtx.Cleanup()
roCmd := fmt.Sprintf("%s --insecure-options=image run %s", roCtx.Cmd(), roImage)
roExpectedLine := fmt.Sprintf("Cannot write to file \"%s\"", roEntry)
runRktAndCheckOutput(t, roCmd, roExpectedLine, true)
// check access to inaccessible paths
hiddenEntry := "/sys/firmware/"
hiddenImage := patchTestACI("rkt-inspect-stat-procfs.aci", fmt.Sprintf("--exec=/inspect --stat-file --file-name %s", hiddenEntry))
defer os.Remove(hiddenImage)
hiddenCtx := testutils.NewRktRunCtx()
defer hiddenCtx.Cleanup()
hiddenCmd := fmt.Sprintf("%s --insecure-options=image run %s", hiddenCtx.Cmd(), hiddenImage)
hiddenExpectedLine := fmt.Sprintf("%s: mode: d---------", hiddenEntry)
runRktAndCheckOutput(t, hiddenCmd, hiddenExpectedLine, false)
}
开发者ID:yanghongkjxy,项目名称:rkt,代码行数:31,代码来源:rkt_mount_test.go
示例2: testFetchNoStore
func testFetchNoStore(t *testing.T, args string, image string, imageArgs string, finalURL string) {
remoteFetchMsgTpl := `remote fetching from URL %q`
remoteFetchMsg := fmt.Sprintf(remoteFetchMsgTpl, finalURL)
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
if _, err := importImageAndFetchHash(t, ctx, "", image); err != nil {
t.Skip(fmt.Sprintf("%v, probably a network failure. Skipping...", err))
}
cmd := fmt.Sprintf("%s --no-store %s %s %s", ctx.Cmd(), args, image, imageArgs)
// 1. Run cmd with the image available in the store, should get $remoteFetchMsg.
err := runRktAndCheckRegexOutput(t, cmd, remoteFetchMsg)
status, _ := common.GetExitStatus(err)
if status != 0 {
t.Logf("%v", err)
t.Skip("remote fetching failed, probably a network failure. Skipping...")
}
if err != nil {
t.Fatalf("%q should be found: %v", remoteFetchMsg, err)
}
}
开发者ID:joshix,项目名称:rkt,代码行数:25,代码来源:rkt_fetch_test.go
示例3: testFetchDefault
func testFetchDefault(t *testing.T, arg string, image string, imageArgs string, finalURL string) {
remoteFetchMsgTpl := `remote fetching from URL %q`
storeMsgTpl := `using image from local store for .* %s`
if finalURL == "" {
finalURL = image
}
remoteFetchMsg := fmt.Sprintf(remoteFetchMsgTpl, finalURL)
storeMsg := fmt.Sprintf(storeMsgTpl, image)
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
cmd := fmt.Sprintf("%s %s %s %s", ctx.Cmd(), arg, image, imageArgs)
// 1. Run cmd with the image not available in the store, should get $remoteFetchMsg.
err := runRktAndCheckRegexOutput(t, cmd, remoteFetchMsg)
status, _ := common.GetExitStatus(err)
if status != 0 {
t.Logf("%v", err)
t.Skip("remote fetching failed, probably a network failure. Skipping...")
}
// 2. Run cmd with the image available in the store, should get $storeMsg.
runRktAndCheckRegexOutput(t, cmd, storeMsg)
}
开发者ID:joshix,项目名称:rkt,代码行数:25,代码来源:rkt_fetch_test.go
示例4: TestPidFileDelayedStart
// Check that "enter" is able to wait for the ppid file to be created
func TestPidFileDelayedStart(t *testing.T) {
sleepImage := patchTestACI("rkt-inspect-sleep.aci", "--exec=/inspect --read-stdin")
defer os.Remove(sleepImage)
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
runChild, enterChild, pidFileName, pidFileNameBackup := preparePidFileRace(t, ctx, sleepImage)
// Restore ppid file so the "enter" command can find it
if err := os.Rename(pidFileNameBackup, pidFileName); err != nil {
t.Fatalf("Cannot restore ppid file: %v", err)
}
// Now the "enter" command works and can complete
if err := expectWithOutput(enterChild, "RktEnterWorksFine"); err != nil {
t.Fatalf("Waited for enter to works but failed: %v", err)
}
if err := enterChild.Wait(); err != nil {
t.Fatalf("rkt enter didn't terminate correctly: %v", err)
}
// Terminate the pod
if err := runChild.SendLine("Bye"); err != nil {
t.Fatalf("rkt couldn't write to the container: %v", err)
}
if err := expectWithOutput(runChild, "Received text: Bye"); err != nil {
t.Fatalf("Expected Bye but not found: %v", err)
}
if err := runChild.Wait(); err != nil {
t.Fatalf("rkt didn't terminate correctly: %v", err)
}
}
开发者ID:coderhaoxin,项目名称:rkt,代码行数:34,代码来源:rkt_pid_file_test.go
示例5: TestPidFileAbortedStart
// Check that "enter" doesn't wait forever for the ppid file when the pod is terminated
func TestPidFileAbortedStart(t *testing.T) {
sleepImage := patchTestACI("rkt-inspect-sleep.aci", "--exec=/inspect --read-stdin")
defer os.Remove(sleepImage)
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
runChild, enterChild, _, _ := preparePidFileRace(t, ctx, sleepImage)
// Terminate the pod with the escape sequence: ^]^]^]
if err := runChild.SendLine("\035\035\035"); err != nil {
t.Fatalf("Failed to terminate the pod: %v", err)
}
waitOrFail(t, runChild, 1)
// Now the "enter" command terminates quickly
before := time.Now()
if err := enterChild.Wait(); err.Error() != "exit status 1" {
t.Fatalf("rkt enter didn't terminate as expected: %v", err)
}
delay := time.Now().Sub(before)
t.Logf("rkt enter terminated %v after the pod was terminated", delay)
if delay > time.Second { // 1 second shall be enough: it takes less than 50ms on my computer
t.Fatalf("rkt enter didn't terminate quickly enough: %v", delay)
}
}
开发者ID:coderhaoxin,项目名称:rkt,代码行数:28,代码来源:rkt_pid_file_test.go
示例6: TestAceValidator
func TestAceValidator(t *testing.T) {
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
if err := ctx.LaunchMDS(); err != nil {
t.Fatalf("Cannot launch metadata service: %v", err)
}
aceMain := os.Getenv("RKT_ACE_MAIN_IMAGE")
if aceMain == "" {
panic("empty RKT_ACE_MAIN_IMAGE env var")
}
aceSidekick := os.Getenv("RKT_ACE_SIDEKICK_IMAGE")
if aceSidekick == "" {
panic("empty RKT_ACE_SIDEKICK_IMAGE env var")
}
rktArgs := fmt.Sprintf("--debug --insecure-skip-verify run --mds-register --volume database,kind=empty %s %s",
aceMain, aceSidekick)
rktCmd := fmt.Sprintf("%s %s", ctx.Cmd(), rktArgs)
child := spawnOrFail(t, rktCmd)
defer waitOrFail(t, child, true)
for _, e := range expectedResults {
if err := expectWithOutput(child, e); err != nil {
t.Fatalf("Expected %q but not found: %v", e, err)
}
}
}
开发者ID:ngorskig,项目名称:rkt,代码行数:30,代码来源:rkt_ace_validator_test.go
示例7: TestAPIServiceGetInfo
func TestAPIServiceGetInfo(t *testing.T) {
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
svc := startAPIService(t, ctx)
defer stopAPIService(t, svc)
c, conn := newAPIClientOrFail(t, "localhost:15441")
defer conn.Close()
resp, err := c.GetInfo(context.Background(), &v1alpha.GetInfoRequest{})
if err != nil {
t.Fatalf("Unexpected error: %v", err)
}
expectedAPIVersion := "1.0.0-alpha"
if resp.Info.ApiVersion != expectedAPIVersion {
t.Errorf("Expected api version to be %q, but saw %q", expectedAPIVersion, resp.Info.ApiVersion)
}
expectedGlobalFlags := &v1alpha.GlobalFlags{
Dir: ctx.DataDir(),
SystemConfigDir: ctx.SystemDir(),
LocalConfigDir: ctx.LocalDir(),
UserConfigDir: ctx.UserDir(),
InsecureFlags: "none",
}
if !reflect.DeepEqual(resp.Info.GlobalFlags, expectedGlobalFlags) {
t.Errorf("Expected global flags to be %v, but saw %v", expectedGlobalFlags, resp.Info.GlobalFlags)
}
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:31,代码来源:rkt_api_service_test.go
示例8: TestAuthSanity
func TestAuthSanity(t *testing.T) {
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
server := runServer(t, taas.None)
defer server.Close()
expectedRunRkt(ctx, t, server.URL, "sanity", authSuccessfulDownload)
}
开发者ID:blakelapierre,项目名称:rkt,代码行数:7,代码来源:rkt_auth_test.go
示例9: TestHostname
// TestHostname test that the --hostname option works.
func TestHostname(t *testing.T) {
imageFile := patchTestACI("rkt-inspect-hostname.aci", "--exec=/inspect --print-hostname")
defer os.Remove(imageFile)
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
tests := []struct {
hostname string
}{
{
"test-hostname",
},
{
"",
},
}
for _, tt := range tests {
rktCmd := fmt.Sprintf("%s prepare --insecure-options=image %s", ctx.Cmd(), imageFile)
uuid := runRktAndGetUUID(t, rktCmd)
expectedHostname := "rkt-" + uuid
hostnameParam := ""
if tt.hostname != "" {
expectedHostname = tt.hostname
hostnameParam = fmt.Sprintf("--hostname=%s", tt.hostname)
}
rktCmd = fmt.Sprintf("%s run-prepared %s %s", ctx.Cmd(), hostnameParam, uuid)
expected := fmt.Sprintf("Hostname: %s", expectedHostname)
runRktAndCheckOutput(t, rktCmd, expected, false)
}
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:35,代码来源:rkt_hostname_test.go
示例10: TestAuthOverride
func TestAuthOverride(t *testing.T) {
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
server, image := runAuthServer(t, taas.AuthOauth)
defer authCleanup(server, image)
hash := "sha512-" + getHashOrPanic(image)
tests := []struct {
systemConfig string
localConfig string
name string
resultBeforeOverride string
resultAfterOverride string
}{
{server.Conf, getInvalidOAuthConfig(server.Conf), "valid-system-invalid-local", authSuccessfulDownload, authFailedDownload},
{getInvalidOAuthConfig(server.Conf), server.Conf, "invalid-system-valid-local", authFailedDownload, authSuccessfulDownload},
}
for _, tt := range tests {
writeConfig(t, authDir(ctx.SystemDir()), "test.json", tt.systemConfig)
expectedRunRkt(ctx, t, server.URL, tt.name+"-1", tt.resultBeforeOverride)
if tt.resultBeforeOverride == authSuccessfulDownload {
// Remove the image from the store since it was fetched in the
// previous run and the test aci-server returns a
// Cache-Control max-age header
removeFromCas(t, ctx, hash)
}
writeConfig(t, authDir(ctx.LocalDir()), "test.json", tt.localConfig)
expectedRunRkt(ctx, t, server.URL, tt.name+"-2", tt.resultAfterOverride)
ctx.Reset()
}
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:30,代码来源:rkt_auth_test.go
示例11: TestPathsStat
// TestPathsStat checks that access to inaccessible paths under
// /proc or /sys is correctly restricted:
// https://github.com/coreos/rkt/issues/2484
func TestPathsStat(t *testing.T) {
tests := []struct {
Path string
ExpectedMode string
}{
{
Path: "/sys/firmware",
ExpectedMode: "d---------",
},
{
Path: "/proc/kcore",
ExpectedMode: "----------",
},
}
for _, tt := range tests {
hiddenImage := patchTestACI("rkt-inspect-stat-procfs.aci", fmt.Sprintf("--exec=/inspect --stat-file --file-name %s", tt.Path))
defer os.Remove(hiddenImage)
hiddenCtx := testutils.NewRktRunCtx()
defer hiddenCtx.Cleanup()
//run
hiddenCmd := fmt.Sprintf("%s --debug --insecure-options=image run %s", hiddenCtx.Cmd(), hiddenImage)
hiddenExpectedLine := fmt.Sprintf("%s: mode: %s", tt.Path, tt.ExpectedMode)
runRktAndCheckOutput(t, hiddenCmd, hiddenExpectedLine, false)
// run-prepared
hiddenCmd = fmt.Sprintf(`%s --insecure-options=image prepare %s`, hiddenCtx.Cmd(), hiddenImage)
uuid := runRktAndGetUUID(t, hiddenCmd)
hiddenCmd = fmt.Sprintf("%s --debug run-prepared --mds-register=false %s", hiddenCtx.Cmd(), uuid)
runRktAndCheckOutput(t, hiddenCmd, hiddenExpectedLine, false)
}
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:36,代码来源:rkt_paths_test.go
示例12: TestDNSHost
// TestHostDNS checks that --dns=host reflects the host's /etc/resolv.conf
func TestDNSHost(t *testing.T) {
dat, err := ioutil.ReadFile("/etc/resolv.conf")
if err != nil {
t.Fatal("Could not read host's resolv.conf", err)
}
sum := fmt.Sprintf("%x", sha1.Sum(dat))
t.Log("Expecting sum", sum)
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
appCmd := "--exec=/inspect -- --hash-file"
rktCmd := fmt.Sprintf("%s --insecure-options=image run --dns=host --set-env=FILE=/etc/resolv.conf %s %s",
ctx.Cmd(), getInspectImagePath(), appCmd)
child := spawnOrFail(t, rktCmd)
ctx.RegisterChild(child)
defer waitOrFail(t, child, 0)
expectedRegex := `sha1sum: ([0-9a-f]+)`
result, out, err := expectRegexTimeoutWithOutput(child, expectedRegex, 30*time.Second)
if err != nil {
t.Fatalf("Error: %v\nOutput: %v", err, out)
}
if result[1] != sum {
t.Fatalf("container's /etc/host has sha1sum %s expected %s", result[1], sum)
}
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:31,代码来源:rkt_dns_test.go
示例13: testFetchNoStore
func testFetchNoStore(t *testing.T, args string, image string, imageArgs string, finalURL string) {
remoteFetchMsgTpl := `remote fetching from URL %q`
remoteFetchMsg := fmt.Sprintf(remoteFetchMsgTpl, finalURL)
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
if _, err := importImageAndFetchHash(t, ctx, "", image); err != nil {
t.Skip(fmt.Sprintf("%v, probably a network failure. Skipping...", err))
}
cmd := fmt.Sprintf("%s --no-store %s %s %s", ctx.Cmd(), args, image, imageArgs)
// 1. Run cmd with the image available in the store, should get $remoteFetchMsg.
child := spawnOrFail(t, cmd)
if err := expectWithOutput(child, remoteFetchMsg); err != nil {
t.Fatalf("%q should be found: %v", remoteFetchMsg, err)
}
err := child.Wait()
status := getExitStatus(err)
if status != 0 {
t.Logf("rkt terminated with unexpected status %d, expected %d\nOutput:\n%s", status, 0, child.Collect())
t.Skip("remote fetching failed, probably a network failure. Skipping...")
}
}
开发者ID:yanghongkjxy,项目名称:rkt,代码行数:25,代码来源:rkt_fetch_test.go
示例14: TestRmCgroup
func TestRmCgroup(t *testing.T) {
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
imagePath := getInspectImagePath()
cmd := fmt.Sprintf("%s --insecure-options=image prepare %s", ctx.Cmd(), imagePath)
uuid := runRktAndGetUUID(t, cmd)
shortUUID := strings.Split(uuid, "-")[0]
cmd = fmt.Sprintf("%s run-prepared %s", ctx.Cmd(), shortUUID)
runRktAndCheckOutput(t, cmd, "", false)
cgs, err := getPodCgroups(shortUUID)
if err != nil {
t.Fatalf("error getting pod cgroups: %v", err)
}
if len(cgs) == 0 {
t.Fatalf("expected pod cgroup directories after run, but found none")
}
rmCmd := fmt.Sprintf("%s rm %s", ctx.Cmd(), shortUUID)
spawnAndWaitOrFail(t, rmCmd, 0)
cgs, err = getPodCgroups(shortUUID)
if err != nil {
t.Fatalf("error getting pod cgroups: %v", err)
}
if len(cgs) > 0 {
t.Fatalf(fmt.Sprintf("expected no pod cgroup directories after GC, but found %d: %v", len(cgs), cgs))
}
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:31,代码来源:rkt_rm_nspawn_test.go
示例15: TestAppIsolatorMemory
func TestAppIsolatorMemory(t *testing.T) {
ok, err := cgroup.IsIsolatorSupported("memory")
if err != nil {
t.Fatalf("Error checking memory isolator support: %v", err)
}
if !ok {
t.Skip("Memory isolator not supported.")
}
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
t.Logf("Running test: %v", memoryTest.testName)
aciFileName := patchTestACI("rkt-inspect-isolators.aci", memoryTest.aciBuildArgs...)
defer os.Remove(aciFileName)
rktCmd := fmt.Sprintf("%s --insecure-options=image run --mds-register=false %s", ctx.Cmd(), aciFileName)
expectedLine := "Memory Limit: " + strconv.Itoa(maxMemoryUsage)
runRktAndCheckOutput(t, rktCmd, expectedLine, false)
rktCmd = fmt.Sprintf("%s --insecure-options=image run --mds-register=false %s --memory 42Mi", ctx.Cmd(), aciFileName)
expectedLine = "Memory Limit: " + strconv.Itoa(42*1024*1024)
runRktAndCheckOutput(t, rktCmd, expectedLine, false)
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:25,代码来源:rkt_app_isolator_test.go
示例16: testFetchDefault
func testFetchDefault(t *testing.T, arg string, image string, imageArgs string, finalURL string) {
remoteFetchMsgTpl := `remote fetching from URL %q`
storeMsgTpl := `using image from local store for .* %s`
if finalURL == "" {
finalURL = image
}
remoteFetchMsg := fmt.Sprintf(remoteFetchMsgTpl, finalURL)
storeMsg := fmt.Sprintf(storeMsgTpl, image)
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
cmd := fmt.Sprintf("%s %s %s %s", ctx.Cmd(), arg, image, imageArgs)
// 1. Run cmd with the image not available in the store, should get $remoteFetchMsg.
child := spawnOrFail(t, cmd)
err := expectWithOutput(child, remoteFetchMsg)
if exitErr := checkExitStatus(child); exitErr != nil {
t.Logf("%v", exitErr)
t.Skip("remote fetching failed, probably a network failure. Skipping...")
}
if err != nil {
t.Fatalf("%q should be found: %v", remoteFetchMsg, err)
}
// 2. Run cmd with the image available in the store, should get $storeMsg.
runRktAndCheckRegexOutput(t, cmd, storeMsg)
}
开发者ID:nak3,项目名称:rkt,代码行数:28,代码来源:rkt_fetch_test.go
示例17: TestAppIsolatorCPU
func TestAppIsolatorCPU(t *testing.T) {
isUnified, err := cgroup.IsCgroupUnified("/")
if err != nil {
t.Fatalf("Error determining the cgroup version: %v", err)
}
if isUnified {
// TODO: for now kernel does not support cpu isolator in cgroup2.
// Write a test when it does.
t.Skip("kernel does not support cpu isolator in cgroup2.")
}
ok, err := cgroup.IsIsolatorSupported("cpu")
if err != nil {
t.Fatalf("Error checking cpu isolator support: %v", err)
}
if !ok {
t.Skip("CPU isolator not supported.")
}
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
t.Logf("Running test: %v", cpuTest.testName)
aciFileName := patchTestACI("rkt-inspect-isolators.aci", cpuTest.aciBuildArgs...)
defer os.Remove(aciFileName)
rktCmd := fmt.Sprintf("%s --insecure-options=image run --mds-register=false %s", ctx.Cmd(), aciFileName)
expectedLine := "CPU Quota: " + strconv.Itoa(CPUQuota)
runRktAndCheckOutput(t, rktCmd, expectedLine, false)
rktCmd = fmt.Sprintf("%s --insecure-options=image run --mds-register=false %s --cpu 900m", ctx.Cmd(), aciFileName)
expectedLine = "CPU Quota: " + strconv.Itoa(900)
runRktAndCheckOutput(t, rktCmd, expectedLine, false)
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:35,代码来源:rkt_app_isolator_test.go
示例18: TestAuthSanity
func TestAuthSanity(t *testing.T) {
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
server, image := runAuthServer(t, taas.AuthNone)
defer authCleanup(server, image)
expectedRunRkt(ctx, t, server.URL, "sanity", authSuccessfulDownload)
}
开发者ID:matomesc,项目名称:rkt,代码行数:7,代码来源:rkt_auth_test.go
示例19: TestGC
func TestGC(t *testing.T) {
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
imagePath := getInspectImagePath()
// Finished pods.
importImageAndRun(imagePath, t, ctx)
// Prepared pods.
importImageAndPrepare(imagePath, t, ctx)
// Abort prepare.
cmd := fmt.Sprintf("%s --insecure-options=image prepare %s %s", ctx.Cmd(), imagePath, imagePath)
spawnAndWaitOrFail(t, cmd, 254)
gcCmd := fmt.Sprintf("%s gc --mark-only=true --expire-prepared=0 --grace-period=0", ctx.Cmd())
spawnAndWaitOrFail(t, gcCmd, 0)
pods := podsRemaining(t, ctx)
if len(pods) == 0 {
t.Fatalf("pods should still be present in rkt's data directory")
}
gcCmd = fmt.Sprintf("%s gc --mark-only=false --expire-prepared=0 --grace-period=0", ctx.Cmd())
spawnAndWaitOrFail(t, gcCmd, 0)
pods = podsRemaining(t, ctx)
if len(pods) != 0 {
t.Fatalf("no pods should exist rkt's data directory, but found: %v", pods)
}
}
开发者ID:intelsdi-x,项目名称:rkt,代码行数:31,代码来源:rkt_gc_test.go
示例20: TestCapsNonRoot
func TestCapsNonRoot(t *testing.T) {
ctx := testutils.NewRktRunCtx()
defer ctx.Cleanup()
for i, tt := range capsTests {
args := []string{"--exec=/inspect --print-caps-pid=0 --print-user", "--user=9000", "--group=9000"}
if tt.capIsolator != "" {
args = append(args, "--capability="+tt.capIsolator)
}
fileName := patchTestACI("rkt-inspect-print-caps-nonroot.aci", args...)
defer os.Remove(fileName)
t.Logf("Running test #%v: %v [non-root]", i, tt.testName)
cmd := fmt.Sprintf("%s --debug --insecure-options=image run --mds-register=false --set-env=CAPABILITY=%d %s", ctx.Cmd(), int(tt.capa), fileName)
child := spawnOrFail(t, cmd)
expectedLine := tt.capa.String()
if tt.nonrootCapExpected {
expectedLine += "=enabled"
} else {
expectedLine += "=disabled"
}
if err := expectWithOutput(child, expectedLine); err != nil {
t.Fatalf("Expected %q but not found: %v", expectedLine, err)
}
if err := expectWithOutput(child, "User: uid=9000 euid=9000 gid=9000 egid=9000"); err != nil {
t.Fatalf("Expected user 9000 but not found: %v", err)
}
waitOrFail(t, child, 0)
ctx.Reset()
}
}
开发者ID:nak3,项目名称:rkt,代码行数:35,代码来源:rkt_caps_test.go
注:本文中的github.com/coreos/rkt/tests/testutils.NewRktRunCtx函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论