runjail/runjail_test.go at main · debfx/runjail · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package main

import (
	"fmt"
	"os"
	"os/exec"
	"path"
	"strings"
	"testing"

	"github.com/otiai10/copy"
)

func runTest(testName string, args []string) (string, error) {
	env := os.Environ()
	env = append(env, "RUNJAIL_TEST_INNER=1")

	cmdArgs := append([]string{"/proc/self/exe"}, args...)
	cmdArgs = append(cmdArgs, "--ro", "testdata/scripts/"+testName, "--", "testdata/scripts/"+testName)

	cmd := exec.Cmd{
		Path:   "/proc/self/exe",
		Args:   cmdArgs,
		Stderr: os.Stderr,
		Env:    env,
	}
	out, err := cmd.Output()
	return strings.TrimRight(string(out), "\n"), err
}

func TestMain(m *testing.M) {
	// inside a test, run the main binary (not the test)
	if os.Getenv("RUNJAIL_TEST_INNER") == "1" {
		main()
		return
	}

	// start test runner
	os.Exit(m.Run())
}

func assertNil(t *testing.T, obj interface{}) {
	if obj != nil {
		t.Fatal(obj)
	}
}

func assertEqual(t *testing.T, expected string, actual string) {
	if actual != expected {
		t.Fatal(fmt.Printf("Expected '%s', got '%s'", expected, actual))
	}
}

func createTempDataDir(t *testing.T) string {
	tempDir, err := os.MkdirTemp("", t.Name())
	if err != nil {
		t.Errorf("TempDir create failed: %v", err)
	}

	t.Cleanup(func() {
		if err := os.RemoveAll(tempDir); err != nil {
			t.Errorf("TempDir cleanup failed: %v", err)
		}
	})

	err = copy.Copy("testdata", tempDir)
	if err != nil {
		t.Errorf("copy test data failed: %v", err)
	}

	return tempDir
}

func TestCwd(t *testing.T) {
	stdout, err := runTest("cwd", []string{"--cwd", "/tmp"})
	assertNil(t, err)
	assertEqual(t, "/tmp", stdout)
}

func TestCwdDefault(t *testing.T) {
	cwd, err := os.Getwd()
	assertNil(t, err)

	stdout, err := runTest("cwd", []string{})
	assertNil(t, err)
	assertEqual(t, cwd, stdout)
}

func TestRo(t *testing.T) {
	tempDir := createTempDataDir(t)

	stdout, err := runTest("ro", []string{"--cwd", tempDir, "--ro", path.Join(tempDir, "data/ro")})
	assertNil(t, err)
	assertEqual(t, "rotest", stdout)
}

func TestBindRo(t *testing.T) {
	tempDir := createTempDataDir(t)

	stdout, err := runTest("bindro", []string{"--bind-ro", path.Join(tempDir, "data/ro") + ":/bindro"})
	assertNil(t, err)
	assertEqual(t, "rotest", stdout)
}

func TestUnshare(t *testing.T) {
	tempDir := createTempDataDir(t)

	stdout, err := runTest("unshare", []string{"--cwd", tempDir, "--ro", tempDir, "--seccomp", "no"})
	assertNil(t, err)
	assertEqual(t, "unsharetest", stdout)
}

func TestCheckProc(t *testing.T) {
	tempDir := createTempDataDir(t)

	stdout, err := runTest("checkproc", []string{"--cwd", tempDir, "--ro", tempDir})
	assertNil(t, err)
	assertEqual(t, "checkproctest", stdout)
}