You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by as...@apache.org on 2021/03/02 05:56:58 UTC

[mesos] branch master updated: Fixed NNP isolator test on systems with POSIX-compliant /bin/sh.

This is an automated email from the ASF dual-hosted git repository.

asekretenko pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git


The following commit(s) were added to refs/heads/master by this push:
     new 96339ef  Fixed NNP isolator test on systems with POSIX-compliant /bin/sh.
96339ef is described below

commit 96339efb53f7cdf1126ead7755d2b83b435e3263
Author: Charles-Francois Natali <cf...@gmail.com>
AuthorDate: Sun Jan 31 10:08:36 2021 +0000

    Fixed NNP isolator test on systems with POSIX-compliant /bin/sh.
    
    The test used some non-POSIX features such as arrays when parsing
    /proc/self/status, which breaks on systems where /bin/sh is
    POSIX-compliant, e.g. on Debian which uses dash.
---
 src/tests/containerizer/linux_nnp_isolator_tests.cpp | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/tests/containerizer/linux_nnp_isolator_tests.cpp b/src/tests/containerizer/linux_nnp_isolator_tests.cpp
index 4d8bce1..4661373 100644
--- a/src/tests/containerizer/linux_nnp_isolator_tests.cpp
+++ b/src/tests/containerizer/linux_nnp_isolator_tests.cpp
@@ -102,18 +102,26 @@ TEST_F(LinuxNNPIsolatorTest, ROOT_CheckNoNewPrivileges)
   containerId.set_value(id::UUID::random().toString());
 
   // Test that the child process inherits the PR_NO_NEW_PRIVS flag.
-  // Using parameter expansion to parse the process status file
+  // Using convoluted way to parse the process status file
   // due to minimal docker image. The child process should inherit
   // the PR_NO_NEW_PRIVS flag. Parse the process status file and
   // determine if "NoNewPrivs: 1" is found.
   ExecutorInfo executor = createExecutorInfo(
       "test_executor",
       R"~(
-      #!/bin/bash
-      x=$(cat /proc/self/status);
-      y=${x##*NoNewPrivs:};
-      read -a a <<< $y;
-      if [ ${a[0]} == "1" ]; then exit 0; else exit 1; fi
+      nnp_seen="false"
+      for word in $(cat /proc/self/status); do
+        if [ "$word" = "NoNewPrivs:" ]; then
+          nnp_seen="true"
+        elif [ "$nnp_seen" = "true" ]; then
+          if [ "$word" = "1" ]; then
+            exit 0
+          else
+            exit 1
+          fi
+        fi
+      done
+      exit 1
       )~");
 
   executor.mutable_container()->CopyFrom(createContainerInfo("test_image"));