def main(): build_tools() cleanup() try: test_simple_start_stop() test_hostname() test_daemonization() test_fs_contents() test_start_with_interactive_shell() test_many_conts_start_stop() test_many_cont_list() test_cont_user_is_root() test_cont_user_root_is_fake() test_host_user_uid_preserved() # test_cpu_perc_limit() test_basic_networking() test_webserver() test_many_cont_networks() util.log('===== ALL TESTS ARE PASSED! =====') except: cleanup() raise
def test_cont_user_root_is_fake(): util.log("""[START_TEST] check that root inside container is not initial user namespace root""") aucont.run_cmd( util.test_rootfs_path(), '/test/kmodule/bin/test', '/test/kmodule/module.ko' )
def test_simple_start_stop(): util.log('[START TEST] start daemonized container and kill it') cont_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '5') util.check(aucont.clist()[0] == cont_pid) aucont.stop(cont_pid, 9) util.check(len(aucont.clist()) == 0)
def test_fs_contents(): util.log("[START_TEST] check file system contents inside container") output = aucont.run_cmd( util.test_rootfs_path(), '/test/fs/test.sh' ).strip() util.log("\n==== CHECK THIS OUTPUT MANUALLY ====\n", output, "\n")
def test_cont_user_is_root(): util.log("""[START_TEST] check that user name inside container is root""") output = aucont.run_cmd( util.test_rootfs_path(), '/bin/sh', '-c', 'whoami' ).strip() util.check(output == 'root')
def test_many_cont_networks(): util.log( """[START TEST] start 2 containers run simple networking tests in each one. Warning: stop network manager before running all network tests""" ) cont1_ip = '192.168.1.1' host1_ip = '192.168.1.2' cont1_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '10000', cont_ip=cont1_ip ) cont2_ip = '10.0.0.1' host2_ip = '10.0.0.2' cont2_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '10000', cont_ip=cont2_ip ) time.sleep(2) aucont.exec_capture_output(cont1_pid, '/test/net/test.sh', cont1_ip, host1_ip ) aucont.exec_capture_output(cont1_pid, '/test/net/test.sh', cont1_ip, host1_ip ) cleanup()
def main(): build_tools() cleanup() try: test_simple_start_stop() test_hostname() test_fs_contents() test_daemonization() test_user_is_root() test_user_root_is_fake() test_cpu_perc_limit() test_basic_networking() test_webserver() test_many_conts_start_stop() test_many_cont_list() test_many_cont_networks() test_start_with_interactive_shell() util.log('===== ALL TESTS ARE PASSED! =====') except: cleanup() raise
def test_user_is_root(): util.log("""[START_TEST] check that user name inside container is root""") output = aucont.run_cmd( util.test_rootfs_path(), '/bin/sh', '-c', 'whoami' ).strip() util.check(output == 'root')
def test_many_cont_networks(): util.log("""[START TEST] start 2 containers run simple networking tests in each one. Warning: stop network manager before running all network tests""") cont1_ip = '192.168.1.1' host1_ip = '192.168.1.2' cont1_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '10000', cont_ip=cont1_ip) cont2_ip = '10.0.0.1' host2_ip = '10.0.0.2' cont2_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '10000', cont_ip=cont2_ip) time.sleep(2) aucont.exec_capture_output(cont1_pid, '/test/net/test.sh', cont1_ip, host1_ip) aucont.exec_capture_output(cont1_pid, '/test/net/test.sh', cont1_ip, host1_ip) cleanup()
def test_user_root_is_fake(): util.log("""[START_TEST] check that root inside container is not initial user namespace root""") aucont.run_cmd( util.test_rootfs_path(), '/test/kmodule/bin/test', '/test/kmodule/module.ko' )
def test_hostname(): util.log("[START_TEST] check that hostname inside container ", "is 'container'") output = aucont.run_cmd( util.test_rootfs_path(), '/bin/hostname' ).strip() util.debug(output) util.check(output == 'container')
def test_simple_start_stop(): util.log('[START TEST] start daemonized container and kill it') cont_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '5' ) util.check(aucont.clist()[0] == cont_pid) aucont.stop(cont_pid, 9) util.check(len(aucont.clist()) == 0)
def test_host_user_uid_preserved(): util.log( '[START TEST] check that host uid and gid of container isn\'t changed') cont_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '5') cont_euid, cont_egid = util.get_pid_eids(cont_pid) aucont.stop(cont_pid, 9) util.check(os.geteuid() == cont_euid and os.getegid() == cont_egid)
def stop(cont_pid, signal=15): signal = str(signal) cont_stop_cmd_and_args = [ util.aucont_tool_path('aucont_stop'), cont_pid, signal ] util.debug(*cont_stop_cmd_and_args) subprocess.check_call(cont_stop_cmd_and_args) util.log('stopped container', cont_pid);
def main(): build_tools() cleanup() try: run_tests_milestone1() run_tests_milestone2() run_tests_milestone3() util.log('===== ALL TESTS ARE PASSED! =====') except: cleanup() raise
def test_basic_networking(): util.log("""[START TEST] start container with enabled networking and ping back and forth. Warning: stop network manager before running all network tests""") cont_ip = '10.0.0.1' host_ip = '10.0.0.2' aucont.run_cmd(util.test_rootfs_path(), '/test/net/test.sh', cont_ip, host_ip, cont_ip=cont_ip)
def start_daemonized(image_path, *cmd_and_args, cpu_perc=None, cont_ip=None): cont_start_cmd_and_args = _make_cont_start_cmd( False, image_path, cmd_and_args, cpu_perc=cpu_perc, cont_ip=cont_ip ) output = subprocess.check_output(cont_start_cmd_and_args) cont_pid = output.decode('UTF-8')[:-1] util.log('started container', cont_pid) return cont_pid
def test_basic_networking(): util.log( """[START TEST] start container with enabled networking and ping back and forth. Warning: stop network manager before running all network tests""" ) cont_ip = '10.0.0.1' host_ip = '10.0.0.2' aucont.run_cmd( util.test_rootfs_path(), '/test/net/test.sh', cont_ip, host_ip, cont_ip=cont_ip )
def test_daemonization(): util.log("""[START_TEST] check that daemonized container doesn't use tty""") cont_pid = aucont.start_daemonized(util.test_rootfs_path(), '/test/interactive/bin/test') time.sleep(1) output = aucont.exec_capture_output(cont_pid, "/bin/cat", "/test/interactive/bin/result.txt") aucont.stop(cont_pid, 9) output = output.strip() util.debug(output) util.check(output != 'Ok')
def test_many_conts_start_stop(): util.log("""[START_TEST] start 3 containers. Wait exiting of some of them. Stop all the containers manually.""") cont1_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '1') cont2_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '5') cont3_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '10') time.sleep(4) aucont.stop(cont3_pid, 9) aucont.stop(cont1_pid, 9) aucont.stop(cont2_pid, 9)
def test_daemonization(): util.log("""[START_TEST] check that daemonized container doesn't use tty""") cont_pid = aucont.start_daemonized( util.test_rootfs_path(), '/test/interactive/bin/test' ) time.sleep(1) output = aucont.exec_capture_output( cont_pid, "/bin/cat", "/test/interactive/bin/result.txt" ) aucont.stop(cont_pid, 9) output = output.strip() util.debug(output) util.check(output != 'Ok')
def test_cpu_perc_limit(): util.log("""[START_TEST] check that cpu limitation works ok for container""") output = aucont.run_cmd(util.test_rootfs_path(), '/test/busyloop/bin/run.sh').strip() unlimited_result = int(output) output = aucont.run_cmd(util.test_rootfs_path(), '/test/busyloop/bin/run.sh', cpu_perc=20).strip() limited_result_20_perc = int(output) util.debug(unlimited_result, limited_result_20_perc) cpu_boost = unlimited_result / limited_result_20_perc util.check(cpu_boost >= 3 and cpu_boost <= 6)
def test_many_cont_list(): util.log("""[START_TEST] start 3 containers. Check that aucont_list tool returns right values.""") cont1_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '1') cont2_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '5') cont3_pid = aucont.start_daemonized(util.test_rootfs_path(), '/bin/sleep', '10') cont_list = aucont.clist() util.check(len(cont_list) == 3) cont_list.index(cont1_pid) cont_list.index(cont2_pid) cont_list.index(cont3_pid) cleanup()
def exec_capture_output(cont_pid, *cmd_and_args): cont_exec_cmd_and_args = [ util.aucont_tool_path('aucont_exec'), cont_pid ] cont_exec_cmd_and_args += cmd_and_args util.debug(*cont_exec_cmd_and_args) try: output = subprocess.check_output(cont_exec_cmd_and_args, stdin=sys.stdin, stderr=subprocess.STDOUT ) except subprocess.CalledProcessError as err: util.log(err.returncode, err.output) raise return output.decode('UTF-8')
def test_cpu_perc_limit(): util.log("""[START_TEST] check that cpu limitation works ok for container""") output = aucont.run_cmd( util.test_rootfs_path(), '/test/busyloop/bin/run.sh' ).strip() unlimited_result = int(output) output = aucont.run_cmd( util.test_rootfs_path(), '/test/busyloop/bin/run.sh', cpu_perc=20 ).strip() limited_result_20_perc = int(output) util.debug(unlimited_result, limited_result_20_perc) cpu_boost = unlimited_result / limited_result_20_perc util.check(cpu_boost >= 3 and cpu_boost <= 5)
def test_many_conts_start_stop(): util.log("""[START_TEST] start 3 containers. Wait exiting of some of them. Stop all the containers manually.""") cont1_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '1' ) cont2_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '5' ) cont3_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '10' ) time.sleep(4) aucont.stop(cont3_pid, 9) aucont.stop(cont1_pid, 9) aucont.stop(cont2_pid, 9)
def test_webserver(): util.log("""[START TEST] start container with enabled networking, run web server on priveledged port inside. Warning: stop network manager before running all network tests""") cont_ip = '192.168.1.1' cont_pid = aucont.start_daemonized(util.test_rootfs_path(), '/test/web/server.sh', '80', cont_ip=cont_ip) time.sleep(2) url = 'http://' + cont_ip + ':80/file.txt' http_resp = urlopen(url) aucont.stop(cont_pid, 9) util.check(http_resp.status == 200) http_resp_str = http_resp.read().decode('utf-8') util.debug(http_resp_str) util.check(http_resp_str.index('OK!') == 0)
def test_many_cont_list(): util.log("""[START_TEST] start 3 containers. Check that aucont_list tool returns right values.""") cont1_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '1' ) cont2_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '5' ) cont3_pid = aucont.start_daemonized( util.test_rootfs_path(), '/bin/sleep', '10' ) cont_list = aucont.clist() util.check(len(cont_list) == 3) cont_list.index(cont1_pid) cont_list.index(cont2_pid) cont_list.index(cont3_pid) cleanup()
def test_cpu_perc_limit(): util.log("""[START_TEST] check that cpu limitation works ok for container""") output = aucont.run_cmd(util.test_rootfs_path(), '/test/busyloop/bin/run.sh').strip() unlimited_result = int(output) output = aucont.run_cmd( util.test_rootfs_path(), '/test/busyloop/bin/run.sh', cpu_perc= 25 # changed from 20 because condition checks that boost is near 4 times ).strip() limited_result_20_perc = int(output) util.debug(unlimited_result, limited_result_20_perc) cpu_boost = unlimited_result / limited_result_20_perc print("cpu_boost is ", cpu_boost) util.check(cpu_boost >= 3 and cpu_boost <= 5)
def test_webserver(): util.log( """[START TEST] start container with enabled networking, run web server on priveledged port inside. Warning: stop network manager before running all network tests""" ) cont_ip = '192.168.1.1' cont_pid = aucont.start_daemonized( util.test_rootfs_path(), '/test/web/server.sh', '80', cont_ip=cont_ip ) time.sleep(2) url = 'http://' + cont_ip + ':80/file.txt' http_resp = urlopen(url) aucont.stop(cont_pid, 9) util.check(http_resp.status == 200) http_resp_str = http_resp.read().decode('utf-8') util.debug(http_resp_str) util.check(http_resp_str.index('OK!') == 0)
def test_start_with_interactive_shell(): util.log('[START TEST] start container with interactive shell') aucont.start_interactive(util.test_rootfs_path(), '/bin/sh') util.check(len(aucont.clist()) == 0)
def test_start_with_interactive_shell(): util.log('[START TEST] start container with interactive shell') aucont.start_interactive( util.test_rootfs_path(), '/bin/sh' ) util.check(len(aucont.clist()) == 0)