github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-03 01:44:29 +00:00
Code Issues Projects Releases Wiki Activity

agent: Fix the issue with the "test_new_fs_manager" test

Browse Source 
This patch introduces a one-time cpath to mitigate the cgroup residuals. It
might break the device cgroup merging rules when the cgroup has children.

Fixes: #9456

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
This commit is contained in:
Xuewei Niu
2024-04-11 18:00:00 +08:00
parent 08dcdc62de
commit 50f78ec52c
1 changed files with 28 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/agent/rustjail/src/cgroups/fs/mod.rs
View File

@@ -1325,6 +1325,7 @@ mod tests {
use std::collections::HashMap; use std::collections::HashMap;
use std::process::Command; use std::process::Command;
use std::sync::{Arc, RwLock}; use std::sync::{Arc, RwLock};
use std::time::{SystemTime, UNIX_EPOCH};
use cgroups::devices::{DevicePermissions, DeviceType}; use cgroups::devices::{DevicePermissions, DeviceType};
use oci::{Linux, LinuxDeviceCgroup, LinuxResources, Spec}; use oci::{Linux, LinuxDeviceCgroup, LinuxResources, Spec};
@@ -1438,48 +1439,38 @@ mod tests {
access: String::from("rwm"), access: String::from("rwm"),
}; };
let now = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_secs();
let one_time_pod_name = format!("kata-agent-fs-manager-test-{}", now);
let one_time_cpath =
|child: &str| -> String { format!("/{}/{}", one_time_pod_name, child) };
let test_cases = vec![ let test_cases = vec![
TestCase { TestCase {
cpath: vec![String::from( cpath: vec![one_time_cpath("child1")],
"/kata-agent-fs-manager-test/449ccd81-9320-4f3e-bb67-78f84700fac9",
)],
devices: vec![vec![allow_all.clone()]], devices: vec![vec![allow_all.clone()]],
allowed_all: vec![true], allowed_all: vec![true],
pod_devices_list: vec![String::from("a *:* rwm\n")], pod_devices_list: vec![String::from("a *:* rwm\n")],
container_devices_list: vec![String::from("a *:* rwm\n")], container_devices_list: vec![String::from("a *:* rwm\n")],
}, },
TestCase { TestCase {
cpath: vec![String::from( cpath: vec![one_time_cpath("child1")],
"/kata-agent-fs-manager-test/449ccd81-9320-4f3e-bb67-78f84700fac9",
)],
devices: vec![vec![deny_all.clone()]], devices: vec![vec![deny_all.clone()]],
allowed_all: vec![false], allowed_all: vec![false],
pod_devices_list: vec![String::new()], pod_devices_list: vec![String::new()],
container_devices_list: vec![String::new()], container_devices_list: vec![String::new()],
}, },
TestCase { TestCase {
cpath: vec![ cpath: vec![one_time_cpath("child1"), one_time_cpath("child2")],
String::from(
"/kata-agent-fs-manager-test/449ccd81-9320-4f3e-bb67-78f84700fac9",
),
String::from(
"/kata-agent-fs-manager-test/1c7affca-1f65-427c-ba92-caff1cea61f6",
),
],
devices: vec![vec![deny_all.clone()], vec![allow_all.clone()]], devices: vec![vec![deny_all.clone()], vec![allow_all.clone()]],
allowed_all: vec![false, true], allowed_all: vec![false, true],
pod_devices_list: vec![String::new(), String::from("b *:* rwm\nc *:* rwm\n")], pod_devices_list: vec![String::new(), String::from("b *:* rwm\nc *:* rwm\n")],
container_devices_list: vec![String::new(), String::from("b *:* rwm\nc *:* rwm\n")], container_devices_list: vec![String::new(), String::from("b *:* rwm\nc *:* rwm\n")],
}, },
TestCase { TestCase {
cpath: vec![ cpath: vec![one_time_cpath("child1"), one_time_cpath("child2")],
String::from(
"/kata-agent-fs-manager-test/449ccd81-9320-4f3e-bb67-78f84700fac9",
),
String::from(
"/kata-agent-fs-manager-test/1c7affca-1f65-427c-ba92-caff1cea61f6",
),
],
devices: vec![vec![allow_all], vec![deny_all]], devices: vec![vec![allow_all], vec![deny_all]],
allowed_all: vec![true, true], allowed_all: vec![true, true],
pod_devices_list: vec![String::from("a *:* rwm\n"), String::from("a *:* rwm\n")], pod_devices_list: vec![String::from("a *:* rwm\n"), String::from("a *:* rwm\n")],
@@ -1517,13 +1508,16 @@ mod tests {
assert!(devcg_info.inited); assert!(devcg_info.inited);
assert_eq!( assert_eq!(
devcg_info.allowed_all, tc.allowed_all[cid], devcg_info.allowed_all, tc.allowed_all[cid],
"Round {}, cid {} allowed all assertion failure", "Test case {}: cid {} allowed all assertion failure",
round, cid round, cid
); );
drop(devcg_info); drop(devcg_info);
let pod_devices_list = Command::new("cat") let pod_devices_list = Command::new("cat")
.arg("/sys/fs/cgroup/devices/kata-agent-fs-manager-test/devices.list") .arg(&format!(
"/sys/fs/cgroup/devices/{}/devices.list",
one_time_pod_name
))
.output() .output()
.unwrap(); .unwrap();
let container_devices_list = Command::new("cat") let container_devices_list = Command::new("cat")
@@ -1538,8 +1532,16 @@ mod tests {
let container_devices_list = let container_devices_list =
String::from_utf8(container_devices_list.stdout).unwrap(); String::from_utf8(container_devices_list.stdout).unwrap();
assert_eq!(&pod_devices_list, &tc.pod_devices_list[cid]); assert_eq!(
assert_eq!(&container_devices_list, &tc.container_devices_list[cid]) &pod_devices_list, &tc.pod_devices_list[cid],
"Test case {}: cid {} allowed all assertion failure",
round, cid
);
assert_eq!(
&container_devices_list, &tc.container_devices_list[cid],
"Test case {}: cid {} allowed all assertion failure",
round, cid
)
} }
// Clean up cgroups // Clean up cgroups