You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by gi...@apache.org on 2019/07/13 17:18:15 UTC
[mesos] 04/06: Added the test `ROOT_DisallowShareAgentIPCNamespace`.
This is an automated email from the ASF dual-hosted git repository.
gilbert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit c4ce90884e2a93e331a6d1bbbe9ed960c5872d24
Author: Qian Zhang <zh...@gmail.com>
AuthorDate: Sat Jul 13 10:07:57 2019 -0700
Added the test `ROOT_DisallowShareAgentIPCNamespace`.
Review: https://reviews.apache.org/r/70857/
---
src/tests/containerizer/isolator_tests.cpp | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/src/tests/containerizer/isolator_tests.cpp b/src/tests/containerizer/isolator_tests.cpp
index 75b9520..8668088 100644
--- a/src/tests/containerizer/isolator_tests.cpp
+++ b/src/tests/containerizer/isolator_tests.cpp
@@ -865,6 +865,36 @@ TEST_F(NamespacesIsolatorTest, ROOT_ShareAgentIPCNamespace)
ASSERT_SOME(os::rm("/dev/shm/nest1"));
ASSERT_SOME(os::rm("/dev/shm/nest2"));
}
+
+
+// This test verifies that top-level container with `SHARE_PARENT` IPC mode
+// will fail to launch when `--disallow_sharing_agent_ipc_namespace = true`.
+TEST_F(NamespacesIsolatorTest, ROOT_DisallowShareAgentIPCNamespace)
+{
+ Try<Owned<MesosContainerizer>> containerizer =
+ createContainerizer("filesystem/linux,namespaces/ipc", None(), true);
+
+ ASSERT_SOME(containerizer);
+
+ // Launch a top-level container with `SHARE_PARENT` IPC mode.
+ mesos::slave::ContainerConfig containerConfig = createContainerConfig(
+ None(),
+ createExecutorInfo("executor", "sleep 1000"),
+ directory);
+
+ ContainerInfo* container = containerConfig.mutable_container_info();
+ container->set_type(ContainerInfo::MESOS);
+ container->mutable_linux_info()->set_ipc_mode(LinuxInfo::SHARE_PARENT);
+
+ process::Future<Containerizer::LaunchResult> launch =
+ containerizer.get()->launch(
+ containerId,
+ containerConfig,
+ std::map<string, string>(),
+ None());
+
+ AWAIT_FAILED(launch);
+}
#endif // __linux__
} // namespace tests {