You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Andrei Budnik <ab...@mesosphere.com> on 2019/01/03 13:46:29 UTC

Re: Review Request 69420: Added Seccomp isolator tests.


> On Dec. 29, 2018, 1:42 a.m., Qian Zhang wrote:
> > src/tests/containerizer/linux_seccomp_config.hpp
> > Lines 17 (patched)
> > <https://reviews.apache.org/r/69420/diff/3/?file=2110841#file2110841line17>
> >
> >     I would suggest `__TEST_LINUX_SECCOMP_CONFIG_HPP__` as what we did in the other header files under `src/test/containerizer/`.
> >     
> >     And should this file named as `linux_seccomp_profile.hpp`? Or do we really this file? Can we just define the default profile in `linux_seccomp_isolator_tests.cpp`?

I renamed and moved this constant to `linux_seccomp_isolator_tests.cpp`.


> On Dec. 29, 2018, 1:42 a.m., Qian Zhang wrote:
> > src/tests/containerizer/linux_seccomp_config.hpp
> > Lines 24 (patched)
> > <https://reviews.apache.org/r/69420/diff/3/?file=2110841#file2110841line24>
> >
> >     Can you please mention this is Docker's default seccomp profile and the link to it?

I added a comment.


> On Dec. 29, 2018, 1:42 a.m., Qian Zhang wrote:
> > src/tests/containerizer/linux_seccomp_isolator_tests.cpp
> > Lines 47 (patched)
> > <https://reviews.apache.org/r/69420/diff/3/?file=2110842#file2110842line47>
> >
> >     Can we add some tests to verify `includes`, `excludes` and the feature interaction with capability?

Added parametirized `LinuxSeccompIsolatorWithCapabilitiesTest, ROOT_LaunchWithFilter` test.


> On Dec. 29, 2018, 1:42 a.m., Qian Zhang wrote:
> > src/tests/containerizer/linux_seccomp_isolator_tests.cpp
> > Lines 227 (patched)
> > <https://reviews.apache.org/r/69420/diff/3/?file=2110842#file2110842line227>
> >
> >     Should we check `EXPECT_WTERMSIG_EQ(SIGKILL, wait.get()->status());`?

Depending on OS distro (redhat/debian based) the process either terminates with a non-zero status or is killed by a signal.


- Andrei


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69420/#review211572
-----------------------------------------------------------


On Nov. 28, 2018, 11:47 a.m., Andrei Budnik wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69420/
> -----------------------------------------------------------
> 
> (Updated Nov. 28, 2018, 11:47 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, James Peach, and Qian Zhang.
> 
> 
> Bugs: MESOS-9409
>     https://issues.apache.org/jira/browse/MESOS-9409
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa 
>   src/tests/CMakeLists.txt c588183e9d2b1cc733fdf3df70f37d47a5fdd7c0 
>   src/tests/containerizer/linux_seccomp_isolator_tests.cpp PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/69420/diff/4/
> 
> 
> Testing
> -------
> 
> internal CI
> 
> 
> Thanks,
> 
> Andrei Budnik
> 
>