Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a relative_network_cgroups test as one of the integration tests #2986

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add a relative_network_cgroups test as one of the integration tests #2986

wants to merge 2 commits into from
+102 −0

Conversation

moz-sec
Copy link

@moz-sec moz-sec commented Nov 12, 2024

This implements the relative_network_cgroups validation in #361 .
I wrote it based on linux_cgroups_relative_network.go from opencontainers/runtime-tools and tests/cgroups/network.rs from youki-dev/youki.

@moz-sec moz-sec changed the title test: add relative_network_cgroups test Add a relative_network_cgroups test as one of the integration tests Nov 12, 2024
@YJDoc2 YJDoc2 self-requested a review November 12, 2024 13:02
@YJDoc2
Copy link
Collaborator

YJDoc2 commented Nov 12, 2024

Hey, thanks for the PR :)
I'll need some time to get to this, will comment once the review is done.

YJDoc2
YJDoc2 reviewed Nov 25, 2024
View reviewed changes
tests/contest/contest/src/tests/cgroups/relative_network.rs Outdated
Comment on lines 62 to 65
test_outside_container(spec, &|data| {
test_result!(check_container_created(&data));
TestResult::Passed
})
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, here along with checking if the container is created, we also need validation for the created network cgroup resources - In the original test we call this function which does the validation, so need that here as well.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you.
Added validation for the created network cgroup resources.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, I don't think it is fixed yet. Let me clarify in case there is any confusion -

  1. In the original go test, at line https://github.com/opencontainers/runtime-tools/blob/master/validation/linux_cgroups_relative_network/linux_cgroups_relative_network.go#L24C1-L24C77, in the test_outside_container , they are passing util.ValidateLinuxResourcesNetwork function, which will do the validation that ok, the runtime has actually setup the relative network correctly.
  2. The util.ValidateLinuxResourcesNetwork function defined at https://github.com/opencontainers/runtime-tools/blob/master/validation/util/linux_resources_network.go#L12 does the checking and validation of relative network cgroup.
  3. The change you did in the last commit you pushed is actually almost a no-op. The original way of just calling the test_outside_container was correct, but also needs the cgroup checking logic as mentioned above.

@moz-sec moz-sec requested a review from YJDoc2 November 25, 2024 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YJDoc2 YJDoc2 Awaiting requested review from YJDoc2

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
kind/test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@moz-sec @YJDoc2