runtime: Fix TestCheckHostIsVMContainerCapable unstablity issue

TestCheckHostIsVMContainerCapable removes sysModuleDir to simulate a case that the kernel modules are not loaded. However, checkKernelModules() executes modprobe <module> if a module not found in that directory. Loading those modules is required to be denied temporarily. Fixes: #8390 Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
2025-09-18 07:18:27 +00:00 · 2023-11-07 15:31:56 +08:00
parent 100a73d2fd
commit acd9057c7b
1 changed files with 33 additions and 0 deletions
--- a/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go
+++ b/src/runtime/cmd/kata-runtime/kata-check_amd64_test.go
@@ -9,6 +9,7 @@ import (
 	"bytes"
 	"fmt"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"regexp"
 	"testing"
@@ -18,6 +19,8 @@ import (
 	"github.com/stretchr/testify/assert"
 )

+const denylistModuleConf = "/etc/modprobe.d/denylist-kata-kernel-modules.conf"
+
 func setupCheckHostIsVMContainerCapable(assert *assert.Assertions, cpuInfoFile string, cpuData []testCPUData, moduleData []testModuleData) {
 	createModules(assert, cpuInfoFile, moduleData)

@@ -322,6 +325,36 @@ func TestCheckHostIsVMContainerCapable(t *testing.T) {

 	err = hostIsVMContainerCapable(details)
 	assert.Nil(err)
+
+	// Remove required kernel modules and add them to denylist
+	denylistFile, err := os.Create(denylistModuleConf)
+	assert.Nil(err)
+	succeedToRemoveOneModule := false
+	for mod := range archRequiredKernelModules {
+		cmd := exec.Command(modProbeCmd, "-r", mod)
+		if output, err := cmd.CombinedOutput(); err == nil {
+			succeedToRemoveOneModule = true
+		} else {
+			kataLog.WithField("output", string(output)).Warn("failed to remove module")
+		}
+		// Write the following into the denylist file
+		// blacklist <mod>
+		// install <mod> /bin/false
+		_, err = denylistFile.WriteString(fmt.Sprintf("blacklist %s\ninstall %s /bin/false\n", mod, mod))
+		assert.Nil(err)
+	}
+	denylistFile.Close()
+	assert.True(succeedToRemoveOneModule)
+
+	defer func() {
+		os.Remove(denylistModuleConf)
+	}()
+
+	// remove the modules to force a failure
+	err = os.RemoveAll(sysModuleDir)
+	assert.NoError(err)
+	err = hostIsVMContainerCapable(details)
+	assert.Error(err)
 }

 func TestArchKernelParamHandler(t *testing.T) {