You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by xy...@apache.org on 2018/05/09 17:40:53 UTC
[15/26] hadoop git commit: YARN-8207. Docker container launch use
popen have risk of shell expansion. Contributed by Eric Yang.
http://git-wip-us.apache.org/repos/asf/hadoop/blob/a2ea7564/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
index 35b7873..1096935 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
@@ -94,45 +94,68 @@ namespace ContainerExecutor {
write_file(docker_command_file, contents);
}
+ char* flatten(args *args) {
+ size_t string_len = 0;
+ size_t current_len = 0;
+ char *buffer = (char *) malloc(8192 * sizeof(char));
+ for (int i = 0; i < args->length; i++) {
+ string_len = strlen(args->data[i]);
+ if (string_len != 0) {
+ strncpy(buffer + current_len, args->data[i], string_len);
+ current_len = current_len + string_len;
+ if (args->length - 1 != i) {
+ strncpy(buffer + current_len, " ", 1);
+ current_len++;
+ }
+ }
+ }
+ buffer[current_len] = '\0';
+ return buffer;
+ }
+
void run_docker_command_test(const std::vector<std::pair<std::string, std::string> > &file_cmd_vec,
const std::vector<std::pair<std::string, int> > &bad_file_cmd_vec,
- int (*docker_func)(const char *, const struct configuration *, char *, const size_t)) {
- char tmp[8192];
+ int (*docker_func)(const char *, const struct configuration *, args *)) {
+ struct args tmp = ARGS_INITIAL_VALUE;
std::vector<std::pair<std::string, std::string> >::const_iterator itr;
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(tmp, 0, 8192);
+ reset_args(&tmp);
write_command_file(itr->first);
- int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, tmp, 8192);
+ int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp);
ASSERT_EQ(0, ret) << "error message: " << get_docker_error_message(ret) << " for input " << itr->first;
- ASSERT_STREQ(itr->second.c_str(), tmp);
+ char *actual = flatten(&tmp);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
std::vector<std::pair<std::string, int> >::const_iterator itr2;
for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
- memset(tmp, 0, 8192);
+ reset_args(&tmp);
write_command_file(itr2->first);
- int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, tmp, 8192);
+ int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp);
ASSERT_EQ(itr2->second, ret) << " for " << itr2->first << std::endl;
- ASSERT_EQ(0, strlen(tmp));
}
- int ret = (*docker_func)("unknown-file", &container_executor_cfg, tmp, 8192);
+ reset_args(&tmp);
+ int ret = (*docker_func)("unknown-file", &container_executor_cfg, &tmp);
ASSERT_EQ(static_cast<int>(INVALID_COMMAND_FILE), ret);
+ reset_args(&tmp);
}
void run_docker_run_helper_function(const std::vector<std::pair<std::string, std::string> > &file_cmd_vec,
- int (*helper_func)(const struct configuration *, char *, const size_t)) {
+ int (*helper_func)(const struct configuration *, args *)) {
std::vector<std::pair<std::string, std::string> >::const_iterator itr;
for(itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
struct configuration cfg;
- const int buff_len = 1024;
- char buff[buff_len];
- memset(buff, 0, buff_len);
+ struct args buff = ARGS_INITIAL_VALUE;
+ reset_args(&buff);
write_command_file(itr->first);
int ret = read_config(docker_command_file.c_str(), &cfg);
if(ret == 0) {
- ret = (*helper_func)(&cfg, buff, buff_len);
+ ret = (*helper_func)(&cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
}
}
@@ -142,12 +165,12 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=inspect\n format={{.State.Status}}\n name=container_e1_12312_11111_02_000001",
- "inspect --format={{.State.Status}} container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker inspect --format={{.State.Status}} container_e1_12312_11111_02_000001"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=inspect\n"
" format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}}\n"
" name=container_e1_12312_11111_02_000001",
- "inspect --format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}} container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker inspect --format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}} container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -179,7 +202,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=load\n image=image-id",
- "load --i='image-id' "));
+ "/usr/bin/docker load --i=image-id"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -249,7 +272,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=pull\n image=image-id",
- "pull 'image-id' "));
+ "/usr/bin/docker pull image-id"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -269,7 +292,7 @@ namespace ContainerExecutor {
file_cmd_vec.push_back(
std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=rm\n name=container_e1_12312_11111_02_000001",
- "rm container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker rm container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -289,10 +312,10 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001",
- "stop container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker stop container_e1_12312_11111_02_000001"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001\ntime=25",
- "stop --time=25 container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker stop --time=25 container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -316,10 +339,10 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001",
- "kill container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker kill container_e1_12312_11111_02_000001"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001\nsignal=SIGQUIT",
- "kill --signal=SIGQUIT container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker kill --signal=SIGQUIT container_e1_12312_11111_02_000001"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -361,7 +384,7 @@ namespace ContainerExecutor {
TEST_F(TestDockerUtil, test_detach_container) {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n detach=true", "-d "));
+ "[docker-command-execution]\n docker-command=run\n detach=true", "-d"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
@@ -371,7 +394,7 @@ namespace ContainerExecutor {
TEST_F(TestDockerUtil, test_rm_container) {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n rm=true", "--rm "));
+ "[docker-command-execution]\n docker-command=run\n rm=true", "--rm"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
@@ -381,7 +404,7 @@ namespace ContainerExecutor {
TEST_F(TestDockerUtil, test_set_container_workdir) {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n workdir=/tmp/test", "--workdir='/tmp/test' "));
+ "[docker-command-execution]\n docker-command=run\n workdir=/tmp/test", "--workdir=/tmp/test"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
@@ -392,7 +415,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n cgroup-parent=/sys/fs/cgroup/yarn",
- "--cgroup-parent='/sys/fs/cgroup/yarn' "));
+ "--cgroup-parent=/sys/fs/cgroup/yarn"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
@@ -402,7 +425,7 @@ namespace ContainerExecutor {
TEST_F(TestDockerUtil, test_set_hostname) {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n hostname=ctr-id", "--hostname='ctr-id' "));
+ "[docker-command-execution]\n docker-command=run\n hostname=ctr-id", "--hostname=ctr-id"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
@@ -412,7 +435,7 @@ namespace ContainerExecutor {
TEST_F(TestDockerUtil, test_set_group_add) {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n group-add=1000,1001", "--group-add '1000' --group-add '1001' "));
+ "[docker-command-execution]\n docker-command=run\n group-add=1000,1001", "--group-add 1000 --group-add 1001"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
@@ -421,15 +444,15 @@ namespace ContainerExecutor {
TEST_F(TestDockerUtil, test_set_network) {
struct configuration container_cfg;
- const int buff_len = 1024;
- char buff[buff_len];
+ struct args buff = ARGS_INITIAL_VALUE;
+ reset_args(&buff);
int ret = 0;
std::string container_executor_cfg_contents = "[docker]\n docker.allowed.networks=sdn1,bridge";
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n net=bridge", "--net='bridge' "));
+ "[docker-command-execution]\n docker-command=run\n net=bridge", "--net=bridge"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n net=sdn1", "--net='sdn1' "));
+ "[docker-command-execution]\n docker-command=run\n net=sdn1", "--net=sdn1"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
write_container_executor_cfg(container_executor_cfg_contents);
@@ -441,15 +464,17 @@ namespace ContainerExecutor {
}
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
struct configuration cmd_cfg;
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_network(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_network(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
struct configuration cmd_cfg_1;
write_command_file("[docker-command-execution]\n docker-command=run\n net=sdn2");
@@ -457,10 +482,10 @@ namespace ContainerExecutor {
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_network(&cmd_cfg_1, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_network(&cmd_cfg_1, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_NETWORK, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
container_executor_cfg_contents = "[docker]\n";
write_container_executor_cfg(container_executor_cfg_contents);
@@ -468,16 +493,15 @@ namespace ContainerExecutor {
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_network(&cmd_cfg_1, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_network(&cmd_cfg_1, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_NETWORK, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
}
TEST_F(TestDockerUtil, test_set_pid_namespace) {
struct configuration container_cfg, cmd_cfg;
- const int buff_len = 1024;
- char buff[buff_len];
+ struct args buff = ARGS_INITIAL_VALUE;
int ret = 0;
std::string container_executor_cfg_contents[] = {"[docker]\n docker.host-pid-namespace.enabled=1",
"[docker]\n docker.host-pid-namespace.enabled=true",
@@ -490,7 +514,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> >::const_iterator itr;
std::vector<std::pair<std::string, int> >::const_iterator itr2;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n pid=host", "--pid='host' "));
+ "[docker-command-execution]\n docker-command=run\n pid=host", "--pid='host'"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -505,26 +529,28 @@ namespace ContainerExecutor {
FAIL();
}
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_pid_namespace(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr2->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_pid_namespace(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(itr2->second, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
}
}
@@ -539,15 +565,16 @@ namespace ContainerExecutor {
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run", ""));
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(buff, 0, buff_len);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_pid_namespace(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
bad_file_cmd_vec.clear();
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -557,15 +584,15 @@ namespace ContainerExecutor {
"[docker-command-execution]\n docker-command=run\n pid=host",
static_cast<int>(PID_HOST_DISABLED)));
for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr2->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_pid_namespace(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(itr2->second, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
}
}
}
@@ -610,8 +637,7 @@ namespace ContainerExecutor {
TEST_F(TestDockerUtil, test_set_privileged) {
struct configuration container_cfg, cmd_cfg;
- const int buff_len = 1024;
- char buff[buff_len];
+ struct args buff = ARGS_INITIAL_VALUE;
int ret = 0;
std::string container_executor_cfg_contents[] = {"[docker]\n docker.privileged-containers.enabled=1\n docker.privileged-containers.registries=hadoop",
"[docker]\n docker.privileged-containers.enabled=true\n docker.privileged-containers.registries=hadoop",
@@ -639,24 +665,25 @@ namespace ContainerExecutor {
FAIL();
}
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_privileged(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(6, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
}
write_command_file("[docker-command-execution]\n docker-command=run\n user=nobody\n privileged=true\n image=nothadoop/image");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_privileged(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
}
@@ -671,31 +698,32 @@ namespace ContainerExecutor {
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n user=root\n privileged=false", ""));
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_privileged(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
write_command_file("[docker-command-execution]\n docker-command=run\n user=root\n privileged=true");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_privileged(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
}
}
TEST_F(TestDockerUtil, test_set_capabilities) {
struct configuration container_cfg, cmd_cfg;
- const int buff_len = 1024;
- char buff[buff_len];
+ struct args buff = ARGS_INITIAL_VALUE;
int ret = 0;
std::string container_executor_cfg_contents = "[docker]\n"
" docker.allowed.capabilities=CHROOT,MKNOD\n"
@@ -703,19 +731,19 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n cap-add=CHROOT,MKNOD",
- "--cap-drop='ALL' --cap-add='CHROOT' --cap-add='MKNOD' "));
+ "--cap-drop=ALL --cap-add=CHROOT --cap-add=MKNOD"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=nothadoop/docker-image\n cap-add=CHROOT,MKNOD",
- "--cap-drop='ALL' "));
+ "--cap-drop=ALL"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n cap-add=CHROOT",
- "--cap-drop='ALL' --cap-add='CHROOT' "));
+ "--cap-drop=ALL --cap-add=CHROOT"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n",
- "--cap-drop='ALL' "));
+ "--cap-drop=ALL"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=nothadoop/docker-image\n",
- "--cap-drop='ALL' "));
+ "--cap-drop=ALL"));
write_container_executor_cfg(container_executor_cfg_contents);
ret = read_config(container_executor_cfg_file.c_str(), &container_cfg);
@@ -724,25 +752,26 @@ namespace ContainerExecutor {
FAIL();
}
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_capabilities(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_capabilities(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n cap-add=SETGID");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_capabilities(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_capabilities(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret);
- ASSERT_EQ(0, strlen(buff));
container_executor_cfg_contents = "[docker]\n docker.privileged-containers.registries=hadoop\n";
write_container_executor_cfg(container_executor_cfg_contents);
@@ -750,16 +779,15 @@ namespace ContainerExecutor {
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_capabilities(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_capabilities(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret);
- ASSERT_EQ(0, strlen(buff));
}
TEST_F(TestDockerUtil, test_set_devices) {
struct configuration container_cfg, cmd_cfg;
- const int buff_len = 1024;
- char buff[buff_len];
+ struct args buff = ARGS_INITIAL_VALUE;
+ reset_args(&buff);
int ret = 0;
std::string container_executor_cfg_contents = "[docker]\n"
" docker.privileged-containers.registries=hadoop\n"
@@ -767,22 +795,22 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/test-device:/dev/test-device",
- "--device='/dev/test-device:/dev/test-device' "));
+ "--device=/dev/test-device:/dev/test-device"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device2:/dev/device2",
- "--device='/dev/device2:/dev/device2' "));
+ "--device=/dev/device2:/dev/device2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n"
" devices=/dev/test-device:/dev/test-device,/dev/device2:/dev/device2",
- "--device='/dev/test-device:/dev/test-device' --device='/dev/device2:/dev/device2' "));
+ "--device=/dev/test-device:/dev/test-device --device=/dev/device2:/dev/device2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n"
"devices=/dev/nvidiactl:/dev/nvidiactl",
- "--device='/dev/nvidiactl:/dev/nvidiactl' "));
+ "--device=/dev/nvidiactl:/dev/nvidiactl"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n"
"devices=/dev/nvidia1:/dev/nvidia1,/dev/gpu-uvm-tools:/dev/gpu-uvm-tools",
- "--device='/dev/nvidia1:/dev/nvidia1' --device='/dev/gpu-uvm-tools:/dev/gpu-uvm-tools' "));
+ "--device=/dev/nvidia1:/dev/nvidia1 --device=/dev/gpu-uvm-tools:/dev/gpu-uvm-tools"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image", ""));
write_container_executor_cfg(container_executor_cfg_contents);
@@ -793,75 +821,77 @@ namespace ContainerExecutor {
FAIL();
}
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = set_devices(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
write_command_file("[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n devices=/dev/test-device:/dev/test-device");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device3:/dev/device3");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device1");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/testnvidia:/dev/testnvidia");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/gpu-nvidia-uvm:/dev/gpu-nvidia-uvm");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device1");
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
container_executor_cfg_contents = "[docker]\n";
write_container_executor_cfg(container_executor_cfg_contents);
@@ -869,37 +899,36 @@ namespace ContainerExecutor {
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
}
TEST_F(TestDockerUtil, test_add_rw_mounts) {
struct configuration container_cfg, cmd_cfg;
- const int buff_len = 1024;
- char buff[buff_len];
+ struct args buff = ARGS_INITIAL_VALUE;
int ret = 0;
std::string container_executor_cfg_contents = "[docker]\n docker.privileged-containers.registries=hadoop\n "
- "docker.allowed.rw-mounts=/opt,/var,/usr/bin/cut,..\n "
+ "docker.allowed.rw-mounts=/opt,/var,/usr/bin/cut\n "
"docker.allowed.ro-mounts=/etc/passwd";
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/var:/var", "-v '/var:/var' "));
+ "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/var:/var", "-v /var:/var"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n rw-mounts=/var:/var", ""));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/var/:/var/", "-v '/var/:/var/' "));
+ "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/var/:/var/", "-v /var/:/var/"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/usr/bin/cut:/usr/bin/cut",
- "-v '/usr/bin/cut:/usr/bin/cut' "));
+ "-v /usr/bin/cut:/usr/bin/cut"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n rw-mounts=/lib:/lib",
""));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/opt:/mydisk1,/var/log/:/mydisk2",
- "-v '/opt:/mydisk1' -v '/var/log/:/mydisk2' "));
+ "-v /opt:/mydisk1 -v /var/log/:/mydisk2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n rw-mounts=/opt:/mydisk1,/var/log/:/mydisk2",
""));
@@ -922,15 +951,17 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> >::const_iterator itr;
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = add_rw_mounts(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
std::vector<std::pair<std::string, int> > bad_file_cmds_vec;
@@ -947,16 +978,18 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, int> >::const_iterator itr2;
for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr2->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = add_rw_mounts(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(itr2->second, ret);
- ASSERT_STREQ("", buff);
+ ASSERT_STREQ("", actual);
+ free(actual);
}
// verify that you can't mount any directory in the container-executor.cfg path
@@ -964,16 +997,18 @@ namespace ContainerExecutor {
while (strlen(ce_path) != 0) {
std::string cmd_file_contents = "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=";
cmd_file_contents.append(ce_path).append(":").append("/etc/hadoop");
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(cmd_file_contents);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = add_rw_mounts(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_RW_MOUNT, ret) << " for input " << cmd_file_contents;
- ASSERT_STREQ("", buff);
+ char *actual = flatten(&buff);
+ ASSERT_STREQ("", actual);
+ free(actual);
char *tmp = strrchr(ce_path, '/');
if (tmp != NULL) {
*tmp = '\0';
@@ -989,46 +1024,45 @@ namespace ContainerExecutor {
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = add_rw_mounts(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_EQ(11, strlen(buff));
+ ASSERT_STREQ("", actual);
+ free(actual);
}
TEST_F(TestDockerUtil, test_add_ro_mounts) {
struct configuration container_cfg, cmd_cfg;
- const int buff_len = 1024;
- char buff[buff_len];
+ struct args buff = ARGS_INITIAL_VALUE;
int ret = 0;
std::string container_executor_cfg_contents = "[docker]\n docker.privileged-containers.registries=hadoop\n "
- "docker.allowed.rw-mounts=/home/,/var,/usr/bin/cut,..\n "
+ "docker.allowed.rw-mounts=/home/,/var,/usr/bin/cut\n "
"docker.allowed.ro-mounts=/etc/passwd,/etc/group";
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/var:/var", "-v '/var:/var:ro' "));
- file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n ro-mounts=/var:/var", ""));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n ro-mounts=/etc:/etc", ""));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/var/:/var/", "-v '/var/:/var/:ro' "));
+ "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/var/:/var/", "-v /var/:/var/:ro"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home:/home", "-v '/home:/home:ro' "));
+ "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home:/home", "-v /home:/home:ro"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
- "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home/:/home", "-v '/home/:/home:ro' "));
+ "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home/:/home", "-v /home/:/home:ro"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/usr/bin/cut:/usr/bin/cut",
- "-v '/usr/bin/cut:/usr/bin/cut:ro' "));
+ "-v /usr/bin/cut:/usr/bin/cut:ro"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/etc/group:/etc/group",
- "-v '/etc/group:/etc/group:ro' "));
+ "-v /etc/group:/etc/group:ro"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/etc/passwd:/etc/passwd",
- "-v '/etc/passwd:/etc/passwd:ro' "));
+ "-v /etc/passwd:/etc/passwd:ro"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/var/log:/mydisk1,/etc/passwd:/etc/passwd",
- "-v '/var/log:/mydisk1:ro' -v '/etc/passwd:/etc/passwd:ro' "));
+ "-v /var/log:/mydisk1:ro -v /etc/passwd:/etc/passwd:ro"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n image=hadoop/image\n", ""));
write_container_executor_cfg(container_executor_cfg_contents);
@@ -1046,15 +1080,17 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> >::const_iterator itr;
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- ret = add_ro_mounts(&cmd_cfg, &container_cfg, buff, buff_len);
+ ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(0, ret);
- ASSERT_STREQ(itr->second.c_str(), buff);
+ ASSERT_STREQ(itr->second.c_str(), actual);
+ free(actual);
}
std::vector<std::pair<std::string, int> > bad_file_cmds_vec;
@@ -1068,16 +1104,18 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, int> >::const_iterator itr2;
for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) {
- memset(buff, 0, buff_len);
+ reset_args(&buff);
write_command_file(itr2->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
- strcpy(buff, "test string");
- ret = add_ro_mounts(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff);
+ char *actual = flatten(&buff);
ASSERT_EQ(itr2->second, ret);
- ASSERT_STREQ("", buff);
+ ASSERT_STREQ("", actual);
+ free(actual);
}
container_executor_cfg_contents = "[docker]\n docker.privileged-containers.registries=hadoop\n";
@@ -1087,10 +1125,10 @@ namespace ContainerExecutor {
FAIL();
}
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home:/home");
- strcpy(buff, "test string");
- ret = add_ro_mounts(&cmd_cfg, &container_cfg, buff, buff_len);
+ reset_args(&buff);
+ ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_RO_MOUNT, ret);
- ASSERT_EQ(0, strlen(buff));
+ ASSERT_EQ(0, buff.length);
}
TEST_F(TestDockerUtil, test_docker_run_privileged) {
@@ -1113,14 +1151,14 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'hadoop/docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'nothadoop/docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL nothadoop/docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'hadoop/docker-image' 'bash' 'test_script.sh' 'arg1' 'arg2' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image bash test_script.sh arg1 arg2"));
// Test non-privileged conatiner with launch command
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
@@ -1130,10 +1168,10 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'"
- " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --cap-add='CHOWN'"
- " --cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash' "
- "'test_script.sh' 'arg1' 'arg2' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
+ " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN"
+ " --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash "
+ "test_script.sh arg1 arg2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n"
" docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody\n hostname=host-id\n"
@@ -1141,8 +1179,8 @@ namespace ContainerExecutor {
" network=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm"
- " --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --hostname='host-id' 'nothadoop/docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm"
+ " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
// Test non-privileged container and drop all privileges
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
@@ -1152,10 +1190,10 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge' -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'"
- " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --cap-add='CHOWN' "
- "--cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash'"
- " 'test_script.sh' 'arg1' 'arg2' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
+ " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN "
+ "--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash"
+ " test_script.sh arg1 arg2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n"
" docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody\n hostname=host-id\n"
@@ -1163,8 +1201,8 @@ namespace ContainerExecutor {
" network=bridge\n net=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge'"
- " --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --hostname='host-id' 'nothadoop/docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge"
+ " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
// Test privileged container
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
@@ -1174,10 +1212,10 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' -d --rm --net='bridge' -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'"
- " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --privileged --cap-drop='ALL' "
- "--cap-add='CHOWN' --cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' "
- "'bash' 'test_script.sh' 'arg1' 'arg2' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
+ " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL "
+ "--cap-add=CHOWN --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image "
+ "bash test_script.sh arg1 arg2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n"
@@ -1186,10 +1224,10 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n group-add=1000,1001\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' -d --rm --net='bridge' -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'"
- " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --privileged --cap-drop='ALL' "
- "--cap-add='CHOWN' --cap-add='SETUID' --hostname='host-id' "
- "--device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash' 'test_script.sh' 'arg1' 'arg2' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
+ " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL "
+ "--cap-add=CHOWN --cap-add=SETUID --hostname=host-id "
+ "--device=/dev/test:/dev/test hadoop/docker-image bash test_script.sh arg1 arg2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n"
@@ -1197,9 +1235,9 @@ namespace ContainerExecutor {
" network=bridge\n net=bridge\n"
" detach=true\n rm=true\n group-add=1000,1001\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge' --cap-drop='ALL' "
- "--hostname='host-id' --group-add '1000' --group-add '1001' "
- "'docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge --cap-drop=ALL "
+ "--hostname=host-id --group-add 1000 --group-add 1001 "
+ "docker-image"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
@@ -1302,11 +1340,11 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n user=nobody",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n"
" user=nobody\n launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n"
@@ -1315,10 +1353,10 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'"
- " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --cap-add='CHOWN'"
- " --cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash' "
- "'test_script.sh' 'arg1' 'arg2' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
+ " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN"
+ " --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash "
+ "test_script.sh arg1 arg2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n"
" docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody\n hostname=host-id\n"
@@ -1326,8 +1364,8 @@ namespace ContainerExecutor {
" network=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm"
- " --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --hostname='host-id' 'nothadoop/docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm"
+ " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n"
@@ -1336,10 +1374,10 @@ namespace ContainerExecutor {
" network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge' -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'"
- " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --cap-add='CHOWN' "
- "--cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash'"
- " 'test_script.sh' 'arg1' 'arg2' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro"
+ " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN "
+ "--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash"
+ " test_script.sh arg1 arg2"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n"
" docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody\n hostname=host-id\n"
@@ -1347,8 +1385,8 @@ namespace ContainerExecutor {
" network=bridge\n net=bridge\n"
" cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n"
" launch-command=bash,test_script.sh,arg1,arg2",
- "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge'"
- " --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --hostname='host-id' 'nothadoop/docker-image' "));
+ "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge"
+ " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@@ -1369,34 +1407,35 @@ namespace ContainerExecutor {
input_output_map.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=inspect\n docker-config=/my-config\n"
" format={{.State.Status}}\n name=container_e1_12312_11111_02_000001",
- "--config='/my-config' inspect --format={{.State.Status}} container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker --config=/my-config inspect --format={{.State.Status}} container_e1_12312_11111_02_000001"));
input_output_map.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=load\n docker-config=/my-config\n image=image-id",
- "--config='/my-config' load --i='image-id' "));
+ "/usr/bin/docker --config=/my-config load --i=image-id"));
input_output_map.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=pull\n docker-config=/my-config\n image=image-id",
- "--config='/my-config' pull 'image-id' "));
+ "/usr/bin/docker --config=/my-config pull image-id"));
input_output_map.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=rm\n docker-config=/my-config\n name=container_e1_12312_11111_02_000001",
- "--config='/my-config' rm container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker --config=/my-config rm container_e1_12312_11111_02_000001"));
input_output_map.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=stop\n docker-config=/my-config\n name=container_e1_12312_11111_02_000001",
- "--config='/my-config' stop container_e1_12312_11111_02_000001"));
+ "/usr/bin/docker --config=/my-config stop container_e1_12312_11111_02_000001"));
input_output_map.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n docker-config=/my-config\n name=container_e1_12312_11111_02_000001\n"
" image=docker-image\n user=nobody",
- "--config='/my-config' run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'docker-image' "));
+ "/usr/bin/docker --config=/my-config run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image"));
std::vector<std::pair<std::string, std::string> >::const_iterator itr;
- char buffer[4096];
+ struct args buffer = ARGS_INITIAL_VALUE;
struct configuration cfg = {0, NULL};
for (itr = input_output_map.begin(); itr != input_output_map.end(); ++itr) {
- memset(buffer, 0, 4096);
+ reset_args(&buffer);
write_command_file(itr->first);
- int ret = get_docker_command(docker_command_file.c_str(), &cfg, buffer, 4096);
+ int ret = get_docker_command(docker_command_file.c_str(), &cfg, &buffer);
ASSERT_EQ(0, ret) << "for input " << itr->first;
- ASSERT_STREQ(itr->second.c_str(), buffer);
+ ASSERT_STREQ(itr->second.c_str(), flatten(&buffer));
}
+ reset_args(&buffer);
}
TEST_F(TestDockerUtil, test_docker_module_enabled) {
@@ -1430,10 +1469,10 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> > file_cmd_vec;
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=volume\n sub-command=create\n volume=volume1 \n driver=driver1",
- "volume create --name=volume1 --driver=driver1"));
+ "/usr/bin/docker volume create --name=volume1 --driver=driver1"));
file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=volume\n format={{.Name}},{{.Driver}}\n sub-command=ls",
- "volume ls --format={{.Name}},{{.Driver}}"));
+ "/usr/bin/docker volume ls --format={{.Name}},{{.Driver}}"));
std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org