Skip to content

Commit

Permalink
update/add some tests for rlimit
Browse files Browse the repository at this point in the history
issues:
#4195
#4265 (comment)

Signed-off-by: lifubang <[email protected]>
  • Loading branch information
lifubang committed May 5, 2024
1 parent dea81e6 commit b7efb3b
Show file tree
Hide file tree
Showing 2 changed files with 93 additions and 2 deletions.
6 changes: 4 additions & 2 deletions libcontainer/integration/exec_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,11 +136,13 @@ func testRlimit(t *testing.T, userns bool) {

config := newTemplateConfig(t, &tParam{userns: userns})

// ensure limit is lower than what the config requests to test that in a user namespace
// Ensure limit is lower than what the config requests to test that in a user namespace
// the Setrlimit call happens early enough that we still have permissions to raise the limit.
// Do not change the Cur value to be equal to the Max value, please see:
// https://github.com/opencontainers/runc/pull/4265#discussion_r1589666444
ok(t, unix.Setrlimit(unix.RLIMIT_NOFILE, &unix.Rlimit{
Max: 1024,
Cur: 1024,
Cur: 512,
}))

out := runContainerOk(t, config, "/bin/sh", "-c", "ulimit -n")
Expand Down
89 changes: 89 additions & 0 deletions tests/integration/rlimits.bats
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
#!/usr/bin/env bats

load helpers

function setup() {
# Do not change the Cur value to be equal to the Max value
# Because in some environments, the soft and hard nofile limit have the same value.
[ $EUID -eq 0 ] && prlimit --nofile=1024:65536 -p $$
setup_busybox
}

function teardown() {
teardown_bundle
}

@test "runc run with RLIMIT_NOFILE(The same as system's hard value)" {
# https://github.com/opencontainers/runc/pull/4265#discussion_r1588599809
hard=$(ulimit -n -H)
update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${hard}, \"soft\": ${hard}}]"
update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'

runc run test_ulimit
[ "$status" -eq 0 ]
[[ "${output}" == "${hard}" ]]
}

@test "runc run with RLIMIT_NOFILE(Bigger than system's hard value)" {
requires root
# https://github.com/opencontainers/runc/pull/4265#discussion_r1588599809
hard=$(ulimit -n -H)
val=$((hard + 1))
update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${val}, \"soft\": ${val}}]"
update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'

runc run test_ulimit
[ "$status" -eq 0 ]
[[ "${output}" == "${val}" ]]
}

@test "runc run with RLIMIT_NOFILE(Smaller than system's hard value)" {
hard=$(ulimit -n -H)
val=$((hard - 1))
update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${val}, \"soft\": ${val}}]"
update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'

runc run test_ulimit
[ "$status" -eq 0 ]
[[ "${output}" == "${val}" ]]
}

@test "runc exec with RLIMIT_NOFILE(The same as system's hard value)" {
hard=$(ulimit -n -H)
update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${hard}, \"soft\": ${hard}}]"

runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]

runc exec test_busybox /bin/sh -c "ulimit -n"
[ "$status" -eq 0 ]
[[ "${output}" == "${hard}" ]]
}

@test "runc exec with RLIMIT_NOFILE(Bigger than system's hard value)" {
requires root
hard=$(ulimit -n -H)
val=$((hard + 1))
update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${val}, \"soft\": ${val}}]"

runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]

runc exec test_busybox /bin/sh -c "ulimit -n"
[ "$status" -eq 0 ]
[[ "${output}" == "${val}" ]]
}

@test "runc exec with RLIMIT_NOFILE(Smaller than system's hard value)" {
hard=$(ulimit -n -H)
val=$((hard - 1))
update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${val}, \"soft\": ${val}}]"

runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
[ "$status" -eq 0 ]

# issue: https://github.com/opencontainers/runc/issues/4195
runc exec test_busybox /bin/sh -c "ulimit -n"
[ "$status" -eq 0 ]
[[ "${output}" == "${val}" ]]
}

0 comments on commit b7efb3b

Please sign in to comment.