Merge pull request #224 from chenyukang/pass-root-readonly

Fix #209, pass root-readonly
youki-dev · Aug 25, 2021 · 1485606 · 1485606
2 parents a14ce13 + 1aa467f
commit 1485606
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -47,7 +47,7 @@ youki is not at the practical stage yet. However, it is getting closer to practi
 |    Seccomp     |             Filtering system calls              |                     WIP on [#25](https://github.com/containers/youki/issues/25)                     |
 |     Hooks      | Add custom processing during container creation |                                                  ✅                                                  |
 |    Rootless    |   Running a container without root privileges   | It works, but cgroups isn't supported. WIP on [#77](https://github.com/containers/youki/issues/77)  |
-| OCI Compliance |        Compliance with OCI Runtime Spec         |                                   39 out of 55 test cases passing                                   |
+| OCI Compliance |        Compliance with OCI Runtime Spec         |                                   40 out of 55 test cases passing                                   |
 
 # Getting Started
 
@@ -158,6 +158,8 @@ Go and node-tap are required to run integration test. See the [opencontainers/ru
 ```
 $ git submodule update --init --recursive
 $ ./integration_test.sh
+# run specific test_cases with pattern
+$ ./integration_test.sh linux_*
 ```
 
 ### Setting up Vagrant

diff --git a/integration_test.sh b/integration_test.sh
@@ -2,6 +2,7 @@
 
 ROOT=$(pwd)
 RUNTIME=${ROOT}/youki
+PATTERN=${1:-.}
 
 cd integration_test/src/github.com/opencontainers/runtime-tools
 
@@ -64,7 +65,7 @@ test_cases=(
   "process_rlimits/process_rlimits.t"
   "process_rlimits_fail/process_rlimits_fail.t"
   # "process_user/process_user.t"
-  # "root_readonly_true/root_readonly_true.t"
+  "root_readonly_true/root_readonly_true.t"
   # Record the tests that runc also fails to pass below, maybe we will fix this by origin integration test, issue: https://github.com/containers/youki/issues/56
   # "start/start.t"
   "state/state.t"
@@ -93,6 +94,10 @@ for case in "${test_cases[@]}"; do
     continue
   fi
 
+  if [ $PATTERN != "." ] && [[ ! $case =~ $PATTERN ]]; then
+    continue    
+  fi 
+
   echo "Running $case"
   logfile="./log/$case.log"
   mkdir -p "$(dirname $logfile)"

diff --git a/src/process/init.rs b/src/process/init.rs
@@ -311,6 +311,16 @@ pub fn container_init(
         }
     }
 
+    if let Some(true) = spec.root.as_ref().map(|r| r.readonly.unwrap_or(false)) {
+        nix_mount(
+            None::<&str>,
+            "/",
+            None::<&str>,
+            MsFlags::MS_RDONLY | MsFlags::MS_REMOUNT | MsFlags::MS_BIND,
+            None::<&str>,
+        )?
+    }
+
     if let Some(paths) = &linux.readonly_paths {
         // mount readonly path
         for path in paths {