From 61e1a446576fc294a9d7f01b197afbcae91540a9 Mon Sep 17 00:00:00 2001 From: Piotr Bartosiewicz Date: Wed, 10 Sep 2014 13:35:50 +0200 Subject: [PATCH 01/16] Unit test cleanup [Bug/Feature] Update unit test of configuration to test changes in libConfig (added missing piece of code). [Cause] N/A [Solution] N/A [Verification] Build, install, run tests Change-Id: Ifab57f3537cfcc4afa046608bd337b5386099b6e --- tests/unit_tests/config/ut-configuration.cpp | 69 +++------------------------- 1 file changed, 6 insertions(+), 63 deletions(-) diff --git a/tests/unit_tests/config/ut-configuration.cpp b/tests/unit_tests/config/ut-configuration.cpp index 6220a58..1e98d22 100644 --- a/tests/unit_tests/config/ut-configuration.cpp +++ b/tests/unit_tests/config/ut-configuration.cpp @@ -285,76 +285,19 @@ BOOST_AUTO_TEST_CASE(HasVisibleInternalHelperTest) BOOST_CHECK(isVisitable()); } -namespace saveLoadKVStoreTest { - -// This struct is like TestConfig, but without a list of structures. -struct PoorTestConfig { - // subtree class - struct SubConfig { - - struct SubSubConfig { - int intVal; - - CONFIG_REGISTER - ( - intVal - ) - }; - - int intVal; - SubSubConfig subSubObj; - - CONFIG_REGISTER - ( - intVal, - subSubObj - ) - }; - - int intVal; - std::int64_t int64Val; - std::string stringVal; - double doubleVal; - bool boolVal; - - std::vector intVector; - std::vector stringVector; - std::vector doubleVector; - - SubConfig subObj; - - CONFIG_REGISTER - ( - intVal, - int64Val, - stringVal, - doubleVal, - boolVal, - - intVector, - stringVector, - doubleVector, - - subObj - ) -}; -} // saveLoadKVStoreTest - - BOOST_AUTO_TEST_CASE(FromToKVStoreTest) { - using namespace saveLoadKVStoreTest; - - // TODO: Change this to TestConfig and delete PoorTestConfig when serialization is implemented - PoorTestConfig config; + TestConfig config; loadFromString(jsonTestString, config); std::string dbPath = fs::unique_path("/tmp/kvstore-%%%%.db3").string(); saveToKVStore(dbPath, config); - loadFromKVStore(dbPath, config); - saveToKVStore(dbPath, config, "some_config"); - loadFromKVStore(dbPath, config, "some_config"); + TestConfig outConfig; + loadFromKVStore(dbPath, outConfig); + + std::string out = saveToString(outConfig); + BOOST_CHECK_EQUAL(out, jsonTestString); fs::remove(dbPath); } -- 2.7.4 From e1302ae96a14947703e37029398bdb059b4f209f Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Tue, 5 Aug 2014 13:49:56 +0200 Subject: [PATCH 02/16] Add API to create new containers [Feature] Dbus method to add new containers [Cause] Need of dynamic management of containers [Solution] Added dbus API to add new containers. Added new functions to utils needed during dynamic container creation. [Verification] Build, install, run unit tests. Change-Id: I2044c416947dccc3e0e90302f6b56ea49db0baa1 --- CMakeLists.txt | 4 + common/utils/fs.cpp | 89 ++++++++ common/utils/fs.hpp | 12 ++ common/utils/img.cpp | 240 +++++++++++++++++++++ common/utils/img.hpp | 55 +++++ common/utils/paths.hpp | 12 ++ packaging/security-containers.spec | 8 +- server/configs/CMakeLists.txt | 5 +- server/configs/daemon.conf | 3 + .../configs/systemd/security-containers.service.in | 1 + server/configs/templates/template-network.xml | 12 ++ server/configs/templates/template-nwfilter.xml | 9 + server/configs/templates/template.conf | 13 ++ server/configs/templates/template.xml | 123 +++++++++++ server/container-admin.cpp | 4 + server/container.cpp | 28 +++ server/container.hpp | 10 + server/containers-manager-config.hpp | 19 ++ server/containers-manager.cpp | 236 +++++++++++++++++--- server/containers-manager.hpp | 15 +- server/host-connection.cpp | 14 ++ server/host-connection.hpp | 9 + server/host-dbus-definitions.hpp | 5 + server/server.cpp | 18 +- .../client/configs/ut-client/test-dbus-daemon.conf | 3 + tests/unit_tests/server/configs/CMakeLists.txt | 9 + .../ut-containers-manager/buggy-daemon.conf | 3 + .../buggy-default-daemon.conf | 3 + .../buggy-foreground-daemon.conf | 3 + .../templates/template-network.xml | 4 + .../templates/template-nwfilter.xml | 3 + .../ut-containers-manager/templates/template.conf | 13 ++ .../templates/template.xml.in | 15 ++ .../configs/ut-containers-manager/test-daemon.conf | 3 + .../ut-containers-manager/test-dbus-daemon.conf | 3 + .../server/configs/ut-server/buggy-daemon.conf | 3 + .../server/configs/ut-server/test-daemon.conf | 3 + tests/unit_tests/server/ut-containers-manager.cpp | 74 +++++++ tests/unit_tests/utils/ut-fs.cpp | 51 +++++ 39 files changed, 1099 insertions(+), 38 deletions(-) create mode 100644 common/utils/img.cpp create mode 100644 common/utils/img.hpp create mode 100644 server/configs/templates/template-network.xml create mode 100644 server/configs/templates/template-nwfilter.xml create mode 100644 server/configs/templates/template.conf create mode 100644 server/configs/templates/template.xml create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/templates/template-network.xml create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/templates/template-nwfilter.xml create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/templates/template.xml.in diff --git a/CMakeLists.txt b/CMakeLists.txt index 266773a..9cb880a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -69,10 +69,14 @@ ENDIF(NOT DEFINED LIBVIRT_GROUP) IF(NOT DEFINED INPUT_EVENT_GROUP) SET(INPUT_EVENT_GROUP "input") ENDIF(NOT DEFINED INPUT_EVENT_GROUP) +IF(NOT DEFINED DISK_GROUP) + SET(DISK_GROUP "disk") +ENDIF(NOT DEFINED DISK_GROUP) ADD_DEFINITIONS(-DSECURITY_CONTAINERS_USER="${SECURITY_CONTAINERS_USER}") ADD_DEFINITIONS(-DLIBVIRT_GROUP="${LIBVIRT_GROUP}") ADD_DEFINITIONS(-DINPUT_EVENT_GROUP="${INPUT_EVENT_GROUP}") +ADD_DEFINITIONS(-DDISK_GROUP="${DISK_GROUP}") ## Python packages directory ################################################### diff --git a/common/utils/fs.cpp b/common/utils/fs.cpp index d663831..a03c139 100644 --- a/common/utils/fs.cpp +++ b/common/utils/fs.cpp @@ -39,6 +39,8 @@ #include #include +#include + namespace security_containers { namespace utils { @@ -199,6 +201,63 @@ bool moveFile(const std::string& src, const std::string& dst) return true; } +namespace { + +bool copyDirContentsRec(const boost::filesystem::path& src, const boost::filesystem::path& dst) +{ + namespace fs = boost::filesystem; + + // TODO: Right now this function skips files which produce error when copying. Errors show up + // when: + // a) fs::directory_iterator file(src) is created + // b) fs::copy(...) is called + // In both cases lack of permissions is the issue. + // + // In a) case we can't do much - SCS won't be able to read the directory and its contents. Such + // directories are not common in the filesystem, so they *probably* can be skipped. + // + // In b) case multiple directories have too strict permissions to be directly copied. This + // is a problem for some files crucial to container launch (ex. we cannot copy + // /usr/lib/systemd/systemd because /usr/lib has 555 permissions). + // To fix b) issue, copying must be done in two steps: + // 1. Copy file contents without permissions (this probably can be achieved by opening two + // files in-code with fstream and programatically copying data from one file to another). + // 2. Apply all available file attributes from source (permissions, owner UID/GID, xattrs...) + + try { + for (fs::directory_iterator file(src); + file != fs::directory_iterator(); + ++file) { + fs::path current(file->path()); + + boost::system::error_code ec; + fs::copy(current, dst / current.filename(), ec); + if(ec.value() != boost::system::errc::success) { + LOGW("Failed to copy " << current << ": " << ec.message()); + } + + if (!fs::is_symlink(current) && fs::is_directory(current)) { + if (!copyDirContentsRec(current, dst / current.filename())) { + return false; + } + } + } + } catch (fs::filesystem_error& e) { + LOGW(e.what()); + } + + return true; +} + +} // namespace + +bool copyDirContents(const std::string& src, const std::string& dst) +{ + namespace fs = boost::filesystem; + + return copyDirContentsRec(fs::path(src), fs::path(dst)); +} + bool createDir(const std::string& path, uid_t uid, uid_t gid, boost::filesystem::perms mode) { namespace fs = boost::filesystem; @@ -239,5 +298,35 @@ bool createDir(const std::string& path, uid_t uid, uid_t gid, boost::filesystem: return true; } +bool createEmptyDir(const std::string& path) +{ + namespace fs = boost::filesystem; + + fs::path dirPath(path); + boost::system::error_code ec; + bool cleanDirCreated = false; + + if (!fs::exists(dirPath)) { + if (!fs::create_directory(dirPath, ec)) { + LOGE("Failed to create dir. Error: " << ec.message()); + return false; + } + cleanDirCreated = true; + } else if (!fs::is_directory(dirPath)) { + LOGE("Provided path already exists and is not a dir, cannot create."); + return false; + } + + if (!cleanDirCreated) { + // check if directory is empty if it was already created + if (!fs::is_empty(dirPath)) { + LOGE("Directory has some data inside, cannot be used."); + return false; + } + } + + return true; +} + } // namespace utils } // namespace security_containers diff --git a/common/utils/fs.hpp b/common/utils/fs.hpp index 9cff7a9..0e2f00e 100644 --- a/common/utils/fs.hpp +++ b/common/utils/fs.hpp @@ -87,10 +87,22 @@ bool hasSameMountPoint(const std::string& path1, const std::string& path2, bool& bool moveFile(const std::string& src, const std::string& dst); /** + * Recursively copy contents of src dir to dst dir. + */ +bool copyDirContents(const std::string& src, const std::string& dst); + +/** * Creates a directory with specific UID, GID and permissions set. */ bool createDir(const std::string& path, uid_t uid, uid_t gid, boost::filesystem::perms mode); +/** + * Creates an empty directory, ready to serve as mount point. + * Succeeds either if path did not exist and was created successfully, or if already existing dir + * under the same path is empty and is not a mount point. + */ +bool createEmptyDir(const std::string& path); + } // namespace utils } // namespace security_containers diff --git a/common/utils/img.cpp b/common/utils/img.cpp new file mode 100644 index 0000000..4d7de88 --- /dev/null +++ b/common/utils/img.cpp @@ -0,0 +1,240 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Lukasz Kostyra + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file img.hpp + * @author Lukasz Kostyra (l.kostyra@samsung.com) + * @brief Image utility functions declaration + */ + +#include "config.hpp" +#include "logger/logger.hpp" +#include "utils/img.hpp" +#include "utils/fs.hpp" +#include "utils/paths.hpp" + +#include +#include +#include + +namespace security_containers { +namespace utils { + +namespace { + +const std::string LOOP_DEV_PREFIX = "/dev/loop"; +const std::string LOOP_MOUNT_POINT_OPTIONS = ""; +const std::string LOOP_MOUNT_POINT_TYPE = "ext4"; +const unsigned long LOOP_MOUNT_POINT_FLAGS = MS_RDONLY; + +// Writes to ret if loop device (provided in loopdev arg) is free to use. +// Returns true if check was successful, false if loop device FD was unavailable for some reason. +bool isLoopDevFree(const std::string& loopdev, bool& ret) +{ + // initialize + ret = false; + + // open loop device FD + int loopFD = ::open(loopdev.c_str(), O_RDWR); + if (loopFD < 0) { + LOGD("Failed to open loop device descriptor: " << ::strerror(errno)); + return false; + } + + // if ioctl with LOOP_GET_STATUS fails, device is not assigned and free to use + struct loop_info linfo; + if (::ioctl(loopFD, LOOP_GET_STATUS, &linfo)) { + ret = true; + } + + ::close(loopFD); + return true; +} + +bool mountLoop(const std::string& img, + const std::string& loopdev, + const std::string& path, + const std::string& type, + unsigned long flags, + const std::string& options) +{ + // to mount an image, we need to connect image FD with loop device FD + // get image file FD + int fileFD = ::open(img.c_str(), O_RDWR); + if (fileFD < 0) { + LOGD("Failed to open image file descriptor: " << ::strerror(errno)); + return false; + } + + // get loop device FD + int loopFD = ::open(loopdev.c_str(), O_RDWR); + if (loopFD < 0) { + LOGD("Failed to open loop device descriptor: " << ::strerror(errno)); + ::close(fileFD); + return false; + } + + // set loop device + if (::ioctl(loopFD, LOOP_SET_FD, fileFD)) { + LOGD("Failed to assign loop device to image: " << ::strerror(errno)); + ::close(fileFD); + ::close(loopFD); + return false; + } + + // mount loop device to path + if (::mount(loopdev.c_str(), path.c_str(), type.c_str(), flags, options.c_str()) != 0) { + LOGD("Mount failed for '" << path << "', options=" << options << ": " << strerror(errno)); + ::ioctl(loopFD, LOOP_CLR_FD, 0); + ::close(fileFD); + ::close(loopFD); + return false; + } + + ::close(fileFD); + ::close(loopFD); + return true; +} + +} // namespace + +// Finds first available loop device and returns its path through ret. +// Returns false if an error occurs, or if all available loop devices are taken. +bool getFreeLoopDevice(std::string& ret) +{ + for (unsigned int i = 0; i < 8; ++i) { + // build path to loop device + const std::string loopdev = LOOP_DEV_PREFIX + std::to_string(i); + bool isFree = false; + + // check if it is free + if (!isLoopDevFree(loopdev, isFree)) { + LOGD("Failed to check status of " << loopdev); + return false; + } + + // if checked loop device is free, we can exit the function and return it + if (isFree) { + ret = loopdev; + return true; + } + } + + LOGD("All loop devices are taken."); + return false; +} + +bool mountImage(const std::string& image, const std::string& path, const std::string& loopdev) +{ + return mountLoop(image, path, loopdev, + LOOP_MOUNT_POINT_TYPE, + LOOP_MOUNT_POINT_FLAGS, + LOOP_MOUNT_POINT_OPTIONS); +} + +bool umountImage(const std::string& path, const std::string& loopdev) +{ + if (::umount(path.c_str()) != 0) { + LOGD("Umount failed for '" << path << "': " << strerror(errno)); + return false; + } + + // clear loop device + int loopFD = ::open(loopdev.c_str(), O_RDWR); + if (loopFD < 0) { + LOGD("Failed to open fd for loop device 0"); + return false; + } + + if (::ioctl(loopFD, LOOP_CLR_FD, 0) < 0) { + LOGD("Failed to clear loop device."); + close(loopFD); + return false; + } + + close(loopFD); + return true; +} + +bool copyImageContents(const std::string& img, const std::string& dst) +{ + namespace fs = boost::filesystem; + boost::system::error_code ec; + + // make sure that image exists + if (!fs::exists(fs::path(img))) { + LOGE("Image " << img << " does not exist"); + return false; + } + + const std::string mountPoint = createFilePath(dirName(img), "/mp/"); + // create a mount point for copied image + if (!createEmptyDir(mountPoint)) { + LOGE("Cannot create mount point for copied image."); + return false; + } + + // create dst directory + if (!createEmptyDir(dst)) { + LOGE("Cannot create directory for data."); + return false; + } + + // find free loop device for image + std::string loopdev; + if (!utils::getFreeLoopDevice(loopdev)) { + LOGE("Failed to get free loop device."); + return false; + } + + LOGT("Using " << loopdev << " to mount image"); + // mount an image + if (!utils::mountImage(img, loopdev, mountPoint)) { + LOGE("Cannot mount image."); + return false; + } + + // copy data + LOGI("Beginning image copy"); + if (!utils::copyDirContents(mountPoint, dst)) { + LOGE("Failed to copy image."); + utils::umountImage(mountPoint, loopdev); + LOGD("Removing already copied data"); + fs::remove_all(fs::path(dst)); + return false; + } + LOGI("Finished image copy"); + + // umount image + if (!utils::umountImage(mountPoint, loopdev)) { + LOGE("Failed to umount image"); + LOGD("Removing copied data"); + fs::remove_all(fs::path(dst)); + return false; + } + + // remove mount point + if (!fs::remove(fs::path(mountPoint), ec)) { + LOGW("Failed to remove mount point: " << ec.message()); + } + + return true; +} + +} // namespace utils +} // namespace security_containers diff --git a/common/utils/img.hpp b/common/utils/img.hpp new file mode 100644 index 0000000..d42300e --- /dev/null +++ b/common/utils/img.hpp @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Lukasz Kostyra + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file img.hpp + * @author Lukasz Kostyra (l.kostyra@samsung.com) + * @brief Image utility functions declaration + */ + +#ifndef COMMON_UTILS_IMG_HPP +#define COMMON_UTILS_IMG_HPP + +namespace security_containers { +namespace utils { + +/** + * Returns string with first free loop device. + */ +bool getFreeLoopDevice(std::string& ret); + +/** + * Mount an ext4 image from file on a given path by using a loop device. + */ +bool mountImage(const std::string& image, const std::string& loopdev, const std::string& path); + +/** + * Umounts previously mounted image. + * This call will also free loop device used to mount specified path. + */ +bool umountImage(const std::string& path, const std::string& loopdev); + +/** + * Mounts an image and copies its contents to dst directory. + */ +bool copyImageContents(const std::string& img, const std::string& dst); + +} // namespace utils +} // namespace security_containers + +#endif // COMMON_UTILS_IMG_HPP diff --git a/common/utils/paths.hpp b/common/utils/paths.hpp index e357c71..14132b4 100644 --- a/common/utils/paths.hpp +++ b/common/utils/paths.hpp @@ -107,6 +107,18 @@ inline std::string dirName(std::string path) return path; } +/* + * Gets absolute path to specified file (if needed) + */ +inline std::string getAbsolutePath(const std::string& path, const std::string& base) +{ + if (path[0] == '/') { + return path; + } else { + return utils::createFilePath(base, "/", path); + } +} + } // namespace utils } // namespace security_containers diff --git a/packaging/security-containers.spec b/packaging/security-containers.spec index 30914b0..97bf4d5 100644 --- a/packaging/security-containers.spec +++ b/packaging/security-containers.spec @@ -5,6 +5,8 @@ # The group that has read and write access to /dev/input/event* devices. # It may vary between platforms. %define input_event_group video +# The group has access to /dev/loop* devices. +%define disk_group disk Name: security-containers Version: 0.1.1 @@ -40,9 +42,12 @@ between them. A process from inside a container can request a switch of context %dir /etc/security-containers %dir /etc/security-containers/containers %dir /etc/security-containers/libvirt-config +%dir /etc/security-containers/templates %config /etc/security-containers/daemon.conf %config /etc/security-containers/containers/*.conf %config /etc/security-containers/libvirt-config/*.xml +%config /etc/security-containers/templates/*.conf +%config /etc/security-containers/templates/*.xml %{_unitdir}/security-containers.service %{_unitdir}/multi-user.target.wants/security-containers.service /etc/dbus-1/system.d/org.tizen.containers.host.conf @@ -65,7 +70,8 @@ between them. A process from inside a container can request a switch of context -DPYTHON_SITELIB=%{python_sitelib} \ -DSECURITY_CONTAINERS_USER=%{scs_user} \ -DLIBVIRT_GROUP=%{libvirt_group} \ - -DINPUT_EVENT_GROUP=%{input_event_group} + -DINPUT_EVENT_GROUP=%{input_event_group} \ + -DDISK_GROUP=%{disk_group} make -k %{?jobs:-j%jobs} %install diff --git a/server/configs/CMakeLists.txt b/server/configs/CMakeLists.txt index def06a2..81859c1 100644 --- a/server/configs/CMakeLists.txt +++ b/server/configs/CMakeLists.txt @@ -21,7 +21,7 @@ MESSAGE(STATUS "Installing configs to " ${SC_CONFIG_INSTALL_DIR}) FILE(GLOB container_CONF containers/*.conf) FILE(GLOB admin_CONF libvirt-config/*.xml) - +FILE(GLOB template_CONF templates/*.conf templates/*.xml) ## Generate #################################################################### CONFIGURE_FILE(systemd/security-containers.service.in @@ -45,5 +45,8 @@ INSTALL(FILES ${container_CONF} INSTALL(FILES ${admin_CONF} DESTINATION ${SC_CONFIG_INSTALL_DIR}/libvirt-config) +INSTALL(FILES ${template_CONF} + DESTINATION ${SC_CONFIG_INSTALL_DIR}/templates) + INSTALL(FILES ${CMAKE_BINARY_DIR}/systemd/security-containers.service DESTINATION ${SYSTEMD_UNIT_DIR}) diff --git a/server/configs/daemon.conf b/server/configs/daemon.conf index 67ef356..db85284 100644 --- a/server/configs/daemon.conf +++ b/server/configs/daemon.conf @@ -1,6 +1,9 @@ { "containerConfigs" : ["containers/private.conf", "containers/business.conf" ], "containersPath" : "/opt/usr/containers", + "containerImagePath" : "/opt/usr/containers/img/system-data.img", + "containerTemplatePath" : "templates", + "containerNewConfigPrefix" : "/var/lib/security-containers", "runMountPointPrefix" : "/var/run/containers", "foregroundId" : "private", "defaultId" : "private", diff --git a/server/configs/systemd/security-containers.service.in b/server/configs/systemd/security-containers.service.in index f06dea3..c271341 100644 --- a/server/configs/systemd/security-containers.service.in +++ b/server/configs/systemd/security-containers.service.in @@ -2,6 +2,7 @@ Description=Security Containers Server After=libvirtd.service Requires=libvirtd.service +ConditionVirtualization=no [Service] Type=simple diff --git a/server/configs/templates/template-network.xml b/server/configs/templates/template-network.xml new file mode 100644 index 0000000..f5ec171 --- /dev/null +++ b/server/configs/templates/template-network.xml @@ -0,0 +1,12 @@ + + ~NAME~ + ~UUID~ + + + + + + + + + diff --git a/server/configs/templates/template-nwfilter.xml b/server/configs/templates/template-nwfilter.xml new file mode 100644 index 0000000..82ea8cc --- /dev/null +++ b/server/configs/templates/template-nwfilter.xml @@ -0,0 +1,9 @@ + + ~UUID~ + + + + + + + diff --git a/server/configs/templates/template.conf b/server/configs/templates/template.conf new file mode 100644 index 0000000..17480a0 --- /dev/null +++ b/server/configs/templates/template.conf @@ -0,0 +1,13 @@ +{ + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "privilege" : 10, + "switchToDefaultAfterTimeout" : true, + "enableDbusIntegration" : true, + "config" : "../libvirt-config/~NAME~.xml", + "networkConfig" : "../libvirt-config/~NAME~-network.xml", + "networkFilterConfig" : "../libvirt-config/~NAME~-nwfilter.xml", + "runMountPoint" : "~NAME~/run", + "permittedToSend" : [ "/tmp/.*" ], + "permittedToRecv" : [ "/tmp/.*" ] +} diff --git a/server/configs/templates/template.xml b/server/configs/templates/template.xml new file mode 100644 index 0000000..bdb452d --- /dev/null +++ b/server/configs/templates/template.xml @@ -0,0 +1,123 @@ + + ~NAME~ + ~UUID~ + 102400 + + exe + /usr/lib/systemd/systemd + + destroy + restart + destroy + + + + + /dev/fb0 + + + + + /dev/tty2 + + + + + /dev/tty3 + + + + + /dev/tty4 + + + + + /dev/tty5 + + + + + /dev/input/event0 + + + + + /dev/input/event1 + + + + + /dev/input/event2 + + + + + /dev/input/event3 + + + + + /dev/input/event4 + + + + + /dev/input/mice + + + + + /dev/input/mouse0 + + + + + + + /dev/log_events + + + + + /dev/log_main + + + + + /dev/log_radio + + + + + /dev/log_system + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/server/container-admin.cpp b/server/container-admin.cpp index 805e9c1..f60d942 100644 --- a/server/container-admin.cpp +++ b/server/container-admin.cpp @@ -90,6 +90,8 @@ ContainerAdmin::ContainerAdmin(const ContainerConfig& config) throw ContainerOperationException(mId + ": Failed to register a libvirt lifecycle callback"); } + LOGT(mId << ": registered lifecycle callback"); + mRebootCallbackId = virConnectDomainEventRegisterAny(virDomainGetConnect(mDom.get()), mDom.get(), VIR_DOMAIN_EVENT_ID_REBOOT, @@ -103,6 +105,8 @@ ContainerAdmin::ContainerAdmin(const ContainerConfig& config) mLifecycleCallbackId); throw ContainerOperationException(mId + ": Failed to register a libvirt reboot callback"); } + + LOGT(mId << ": registered reboot callback"); } diff --git a/server/container.cpp b/server/container.cpp index 60d124e..494b0ae 100644 --- a/server/container.cpp +++ b/server/container.cpp @@ -91,6 +91,10 @@ Container::~Container() if (mReconnectThread.joinable()) { mReconnectThread.join(); } + + if (mStartThread.joinable()) { + mStartThread.join(); + } } const std::vector& Container::getPermittedToSend() const @@ -131,6 +135,30 @@ void Container::start() goBackground(); } +void Container::startAsync(const StartAsyncResultCallback& callback) +{ + if (mStartThread.joinable()) { + mStartThread.join(); + } + + auto startWrapper = [this, callback]() { + bool succeeded = false; + + try { + start(); + succeeded = true; + } catch(std::exception& e) { + LOGE(getId() << ": failed to start: " << e.what()); + } + + if (callback) { + callback(succeeded); + } + }; + + mStartThread = std::thread(startWrapper); +} + void Container::stop() { Lock lock(mReconnectMutex); diff --git a/server/container.hpp b/server/container.hpp index f2d67c0..f741464 100644 --- a/server/container.hpp +++ b/server/container.hpp @@ -56,6 +56,7 @@ public: typedef ContainerConnection::ProxyCallCallback ProxyCallCallback; typedef std::function DbusStateChangedCallback; + typedef std::function StartAsyncResultCallback; /** * Returns a vector of regexps defining files permitted to be @@ -87,6 +88,14 @@ public: void start(); /** + * Boot the container to the background in separate thread. This function immediately exits + * after container booting is started in another thread. + * + * @param callback Called after starting the container. Passes bool with result of starting. + */ + void startAsync(const StartAsyncResultCallback& callback); + + /** * Try to shutdown the container, if failed, destroy it. */ void stop(); @@ -197,6 +206,7 @@ private: std::unique_ptr mAdmin; std::unique_ptr mConnection; std::thread mReconnectThread; + std::thread mStartThread; mutable std::recursive_mutex mReconnectMutex; NotifyActiveContainerCallback mNotifyCallback; DisplayOffCallback mDisplayOffCallback; diff --git a/server/containers-manager-config.hpp b/server/containers-manager-config.hpp index 310dca3..06b83be 100644 --- a/server/containers-manager-config.hpp +++ b/server/containers-manager-config.hpp @@ -62,6 +62,22 @@ struct ContainersManagerConfig { */ std::string containersPath; + /** + * A path where the containers image reside. Empty path means that containers image won't be + * copied to containersPath when creating new container. + */ + std::string containerImagePath; + + /** + * A path where template configuration files for new containers reside + */ + std::string containerTemplatePath; + + /** + * Prefix added to a path for new container configuration files + */ + std::string containerNewConfigPrefix; + /* * Parameters describing input device used to switch between containers */ @@ -83,6 +99,9 @@ struct ContainersManagerConfig { foregroundId, defaultId, containersPath, + containerImagePath, + containerTemplatePath, + containerNewConfigPrefix, inputConfig, runMountPointPrefix, proxyCallRules diff --git a/server/containers-manager.cpp b/server/containers-manager.cpp index 90a6cfc..5dc909b 100644 --- a/server/containers-manager.cpp +++ b/server/containers-manager.cpp @@ -36,9 +36,14 @@ #include "config/manager.hpp" #include "dbus/exception.hpp" #include "utils/fs.hpp" +#include "utils/img.hpp" #include #include +#include +#include +#include +#include #include #include #include @@ -61,13 +66,25 @@ bool regexMatchVector(const std::string& str, const std::vector& v } const std::string HOST_ID = "host"; +const std::string CONTAINER_TEMPLATE_CONFIG_PATH = "template.conf"; +const std::string CONTAINER_TEMPLATE_LIBVIRT_CONFIG_PATH = "template.xml"; +const std::string CONTAINER_TEMPLATE_LIBVIRT_NETWORK_PATH = "template-network.xml"; +const std::string CONTAINER_TEMPLATE_LIBVIRT_NETWORK_FILTER_PATH = "template-nwfilter.xml"; + +const boost::regex CONTAINER_NAME_REGEX("~NAME~"); +const boost::regex CONTAINER_UUID_REGEX("~UUID~"); +const boost::regex CONTAINER_IP_THIRD_OCTET_REGEX("~IP~"); + +const unsigned int CONTAINER_IP_BASE_THIRD_OCTET = 100; } // namespace ContainersManager::ContainersManager(const std::string& managerConfigPath): mDetachOnExit(false) { LOGD("Instantiating ContainersManager object..."); - config::loadFromFile(managerConfigPath, mConfig); + + mConfigPath = managerConfigPath; + config::loadFromFile(mConfigPath, mConfig); mProxyCallPolicy.reset(new ProxyCallPolicy(mConfig.proxyCallRules)); @@ -87,40 +104,11 @@ ContainersManager::ContainersManager(const std::string& managerConfigPath): mDet mHostConnection.setSetActiveContainerCallback(bind(&ContainersManager::handleSetActiveContainerCall, this, _1, _2)); - for (auto& containerConfig : mConfig.containerConfigs) { - std::string containerConfigPath; - - if (containerConfig[0] == '/') { - containerConfigPath = containerConfig; - } else { - std::string baseConfigPath = utils::dirName(managerConfigPath); - containerConfigPath = utils::createFilePath(baseConfigPath, "/", containerConfig); - } - - LOGD("Creating Container " << containerConfigPath); - std::unique_ptr c(new Container(containerConfigPath, - mConfig.runMountPointPrefix)); - const std::string id = c->getId(); - if (id == HOST_ID) { - throw ContainerOperationException("Cannot use reserved container ID"); - } - - c->setNotifyActiveContainerCallback(bind(&ContainersManager::notifyActiveContainerHandler, - this, id, _1, _2)); + mHostConnection.setAddContainerCallback(bind(&ContainersManager::handleAddContainerCall, + this, _1, _2)); - c->setDisplayOffCallback(bind(&ContainersManager::displayOffHandler, - this, id)); - - c->setFileMoveRequestCallback(std::bind(&ContainersManager::handleContainerMoveFileRequest, - this, id, _1, _2, _3)); - - c->setProxyCallCallback(bind(&ContainersManager::handleProxyCall, - this, id, _1, _2, _3, _4, _5, _6, _7)); - - c->setDbusStateChangedCallback(bind(&ContainersManager::handleDbusStateChanged, - this, id, _1)); - - mContainers.insert(ContainerMap::value_type(id, std::move(c))); + for (auto& containerConfig : mConfig.containerConfigs) { + addContainer(containerConfig); } // check if default container exists, throw ContainerOperationException if not found @@ -139,6 +127,8 @@ ContainersManager::ContainersManager(const std::string& managerConfigPath): mDet std::bind(&ContainersManager::switchingSequenceMonitorNotify, this))); } + + } ContainersManager::~ContainersManager() @@ -156,6 +146,38 @@ ContainersManager::~ContainersManager() LOGD("ContainersManager object destroyed"); } +void ContainersManager::addContainer(const std::string& containerConfig) +{ + std::string baseConfigPath = utils::dirName(mConfigPath); + std::string containerConfigPath = utils::getAbsolutePath(containerConfig, baseConfigPath); + + LOGT("Creating Container " << containerConfigPath); + std::unique_ptr c(new Container(containerConfigPath, + mConfig.runMountPointPrefix)); + const std::string id = c->getId(); + if (id == HOST_ID) { + throw ContainerOperationException("Cannot use reserved container ID"); + } + + using namespace std::placeholders; + c->setNotifyActiveContainerCallback(bind(&ContainersManager::notifyActiveContainerHandler, + this, id, _1, _2)); + + c->setDisplayOffCallback(bind(&ContainersManager::displayOffHandler, + this, id)); + + c->setFileMoveRequestCallback(bind(&ContainersManager::handleContainerMoveFileRequest, + this, id, _1, _2, _3)); + + c->setProxyCallCallback(bind(&ContainersManager::handleProxyCall, + this, id, _1, _2, _3, _4, _5, _6, _7)); + + c->setDbusStateChangedCallback(bind(&ContainersManager::handleDbusStateChanged, + this, id, _1)); + + mContainers.insert(ContainerMap::value_type(id, std::move(c))); +} + void ContainersManager::focus(const std::string& containerId) { /* try to access the object first to throw immediately if it doesn't exist */ @@ -465,4 +487,150 @@ void ContainersManager::handleSetActiveContainerCall(const std::string& id, result->setVoid(); } + +void ContainersManager::generateNewConfig(const std::string& id, + const std::string& templatePath, + const std::string& resultPath) +{ + namespace fs = boost::filesystem; + + std::string resultFileDir = utils::dirName(resultPath); + if (!fs::exists(resultFileDir)) { + if (!utils::createEmptyDir(resultFileDir)) { + LOGE("Unable to create directory for new config."); + throw ContainerOperationException("Unable to create directory for new config."); + } + } + + fs::path resultFile(resultPath); + if (fs::exists(resultFile)) { + LOGT(resultPath << " already exists, removing"); + fs::remove(resultFile); + } + + std::string config; + if (!utils::readFileContent(templatePath, config)) { + LOGE("Failed to read template config file."); + throw ContainerOperationException("Failed to read template config file."); + } + + std::string resultConfig = boost::regex_replace(config, CONTAINER_NAME_REGEX, id); + + boost::uuids::uuid u = boost::uuids::random_generator()(); + std::string uuidStr = to_string(u); + LOGD("uuid: " << uuidStr); + resultConfig = boost::regex_replace(resultConfig, CONTAINER_UUID_REGEX, uuidStr); + + // generate third IP octet for network config + std::string thirdOctetStr = std::to_string(CONTAINER_IP_BASE_THIRD_OCTET + mContainers.size() + 1); + LOGD("ip_third_octet: " << thirdOctetStr); + resultConfig = boost::regex_replace(resultConfig, CONTAINER_IP_THIRD_OCTET_REGEX, thirdOctetStr); + + if (!utils::saveFileContent(resultPath, resultConfig)) { + LOGE("Faield to save new config file."); + throw ContainerOperationException("Failed to save new config file."); + } + + // restrict new config file so that only owner (security-containers) can write it + fs::permissions(resultPath, fs::perms::owner_all | + fs::perms::group_read | + fs::perms::others_read); +} + +void ContainersManager::handleAddContainerCall(const std::string& id, + dbus::MethodResultBuilder::Pointer result) +{ + LOGI("Adding container " << id); + + // TODO: This solution is temporary. It utilizes direct access to config files when creating new + // containers. Update this handler when config database will appear. + namespace fs = boost::filesystem; + + boost::system::error_code ec; + const std::string containerPathStr = utils::createFilePath(mConfig.containersPath, "/", id, "/"); + + // check if container does not exist + if (mContainers.find(id) != mContainers.end()) { + LOGE("Cannot create " << id << " container - already exists!"); + result->setError(api::host::ERROR_CONTAINER_CREATE_FAILED, + "Cannot create " + id + " container - already exists!"); + return; + } + + // copy container image if config contains path to image + LOGT("image path: " << mConfig.containerImagePath); + if (!mConfig.containerImagePath.empty()) { + if (!utils::copyImageContents(mConfig.containerImagePath, containerPathStr)) { + LOGE("Failed to copy container image."); + result->setError(api::host::ERROR_CONTAINER_CREATE_FAILED, + "Failed to copy container image."); + return; + } + } + + // generate paths to new configuration files + std::string baseDir = utils::dirName(mConfigPath); + std::string configDir = utils::getAbsolutePath(mConfig.containerNewConfigPrefix, baseDir); + std::string templateDir = utils::getAbsolutePath(mConfig.containerTemplatePath, baseDir); + + std::string configPath = utils::createFilePath(templateDir, "/", CONTAINER_TEMPLATE_CONFIG_PATH); + std::string newConfigPath = utils::createFilePath(configDir, "/containers/", id + ".conf"); + std::string libvirtConfigPath = utils::createFilePath(templateDir, "/", CONTAINER_TEMPLATE_LIBVIRT_CONFIG_PATH); + std::string newLibvirtConfigPath = utils::createFilePath(configDir, "/libvirt-config/", id + ".xml"); + std::string libvirtNetworkPath = utils::createFilePath(templateDir, "/", CONTAINER_TEMPLATE_LIBVIRT_NETWORK_PATH); + std::string newLibvirtNetworkPath = utils::createFilePath(configDir, "/libvirt-config/", id + "-network.xml"); + std::string libvirtNetworkFilterPath = utils::createFilePath(templateDir, "/", CONTAINER_TEMPLATE_LIBVIRT_NETWORK_FILTER_PATH); + std::string newLibvirtNetworkFilterPath = utils::createFilePath(configDir, "/libvirt-config/", id + "-nwfilter.xml"); + + auto removeAllWrapper = [](const std::string& path) { + try { + LOGD("Removing copied data"); + fs::remove_all(fs::path(path)); + } catch(const boost::exception& e) { + LOGW("Failed to remove data: " << boost::diagnostic_information(e)); + } + }; + + try { + LOGI("Generating config from " << configPath << " to " << newConfigPath); + generateNewConfig(id, configPath, newConfigPath); + + LOGI("Generating config from " << libvirtConfigPath << " to " << newLibvirtConfigPath); + generateNewConfig(id, libvirtConfigPath, newLibvirtConfigPath); + + LOGI("Generating config from " << libvirtNetworkPath << " to " << newLibvirtNetworkPath); + generateNewConfig(id, libvirtNetworkPath, newLibvirtNetworkPath); + + LOGI("Generating config from " << libvirtNetworkFilterPath << " to " << newLibvirtNetworkFilterPath); + generateNewConfig(id, libvirtNetworkFilterPath, newLibvirtNetworkFilterPath); + } catch (SecurityContainersException& e) { + LOGE(e.what()); + removeAllWrapper(containerPathStr); + result->setError(api::host::ERROR_CONTAINER_CREATE_FAILED, e.what()); + return; + } + + LOGT("Adding new container"); + try { + addContainer(newConfigPath); + } catch (SecurityContainersException& e) { + LOGE(e.what()); + removeAllWrapper(containerPathStr); + result->setError(api::host::ERROR_CONTAINER_CREATE_FAILED, e.what()); + return; + } + + auto resultCallback = [result, containerPathStr, removeAllWrapper](bool succeeded) { + if (succeeded) { + result->setVoid(); + } else { + LOGE("Failed to start container."); + removeAllWrapper(containerPathStr); + result->setError(api::host::ERROR_CONTAINER_CREATE_FAILED, + "Failed to start container."); + } + }; + mContainers[id]->startAsync(resultCallback); +} + } // namespace security_containers diff --git a/server/containers-manager.hpp b/server/containers-manager.hpp index 33767a9..cd1194d 100644 --- a/server/containers-manager.hpp +++ b/server/containers-manager.hpp @@ -48,6 +48,13 @@ public: ~ContainersManager(); /** + * Add new container. + * + * @param containerConfig config of new container + */ + void addContainer(const std::string& containerConfig); + + /** * Focus this container, put it to the foreground. * Method blocks until the focus is switched. * @@ -77,6 +84,7 @@ public: private: ContainersManagerConfig mConfig; + std::string mConfigPath; HostConnection mHostConnection; // to hold InputMonitor pointer to monitor if container switching sequence is recognized std::unique_ptr mSwitchingSequenceMonitor; @@ -86,6 +94,10 @@ private: bool mDetachOnExit; void switchingSequenceMonitorNotify(); + void generateNewConfig(const std::string& id, + const std::string& templatePath, + const std::string& resultPath); + void notifyActiveContainerHandler(const std::string& caller, const std::string& appliaction, const std::string& message); @@ -108,7 +120,8 @@ private: void handleGetActiveContainerIdCall(dbus::MethodResultBuilder::Pointer result); void handleSetActiveContainerCall(const std::string& id, dbus::MethodResultBuilder::Pointer result); - + void handleAddContainerCall(const std::string& id, + dbus::MethodResultBuilder::Pointer result); }; diff --git a/server/host-connection.cpp b/server/host-connection.cpp index ae32de2..d25bee7 100644 --- a/server/host-connection.cpp +++ b/server/host-connection.cpp @@ -130,6 +130,11 @@ void HostConnection::setSetActiveContainerCallback(const SetActiveContainerCallb mSetActiveContainerCallback = callback; } +void HostConnection::setAddContainerCallback(const AddContainerCallback& callback) +{ + mAddContainerCallback = callback; +} + void HostConnection::onMessageCall(const std::string& objectPath, const std::string& interface, const std::string& methodName, @@ -199,6 +204,15 @@ void HostConnection::onMessageCall(const std::string& objectPath, } return; } + + if (methodName == api::host::METHOD_ADD_CONTAINER) { + const gchar* id = NULL; + g_variant_get(parameters, "(&s)", &id); + + if (mAddContainerCallback){ + mAddContainerCallback(id, result); + } + } } void HostConnection::proxyCallAsync(const std::string& busName, diff --git a/server/host-connection.hpp b/server/host-connection.hpp index bc9015d..c5d1bcc 100644 --- a/server/host-connection.hpp +++ b/server/host-connection.hpp @@ -60,6 +60,9 @@ public: typedef std::function SetActiveContainerCallback; + typedef std::function AddContainerCallback; /** * Register proxy call callback @@ -92,6 +95,11 @@ public: void setSetActiveContainerCallback(const SetActiveContainerCallback& callback); /** + * Register a callback called to create new container + */ + void setAddContainerCallback(const AddContainerCallback& callback); + + /** * Make a proxy call */ void proxyCallAsync(const std::string& busName, @@ -112,6 +120,7 @@ private: GetContainerIdsCallback mGetContainerIdsCallback; GetActiveContainerIdCallback mGetActiveContainerIdCallback; SetActiveContainerCallback mSetActiveContainerCallback; + AddContainerCallback mAddContainerCallback; void onNameAcquired(); void onNameLost(); diff --git a/server/host-dbus-definitions.hpp b/server/host-dbus-definitions.hpp index 12e8d4a..040b10d 100644 --- a/server/host-dbus-definitions.hpp +++ b/server/host-dbus-definitions.hpp @@ -37,11 +37,13 @@ const std::string OBJECT_PATH = "/org/tizen/containers/host"; const std::string INTERFACE = "org.tizen.containers.host.manager"; const std::string ERROR_CONTAINER_STOPPED = "org.tizen.containers.host.Error.ContainersStopped"; +const std::string ERROR_CONTAINER_CREATE_FAILED = "org.tizen.containers.host.Error.ContainerCreateFailed"; const std::string METHOD_GET_CONTAINER_DBUSES = "GetContainerDbuses"; const std::string METHOD_GET_CONTAINER_ID_LIST = "GetContainerIds"; const std::string METHOD_GET_ACTIVE_CONTAINER_ID = "GetActiveContainerId"; const std::string METHOD_SET_ACTIVE_CONTAINER = "SetActiveContainer"; +const std::string METHOD_ADD_CONTAINER = "AddContainer"; const std::string SIGNAL_CONTAINER_DBUS_STATE = "ContainerDbusState"; @@ -70,6 +72,9 @@ const std::string DEFINITION = " " " " " " + " " + " " + " " " " " " " " diff --git a/server/server.cpp b/server/server.cpp index 5c3420d..547d023 100644 --- a/server/server.cpp +++ b/server/server.cpp @@ -58,6 +58,10 @@ #error "LIBVIRT_GROUP must be defined!" #endif +#ifndef DISK_GROUP +#error "DISK_GROUP must be defined!" +#endif + extern char** environ; namespace security_containers { @@ -165,6 +169,16 @@ bool Server::prepareEnvironment(const std::string& configPath, bool runAsRoot) } } + // create directory for additional container data (if needed) + if (!config.containerNewConfigPrefix.empty()) { + if (!utils::createDir(config.containerNewConfigPrefix, uid, gid, + fs::perms::owner_all | + fs::perms::group_read | fs::perms::group_exe | + fs::perms::others_read | fs::perms::others_exe)) { + return false; + } + } + // Omit supplementaty group setup and root drop if the user is already switched. // This situation will happen during daemon update triggered by SIGUSR1. if (!runAsRoot && geteuid() == uid) { @@ -173,7 +187,9 @@ bool Server::prepareEnvironment(const std::string& configPath, bool runAsRoot) // LIBVIRT_GROUP provides access to libvirt's daemon socket. // INPUT_EVENT_GROUP provides access to /dev/input/event* devices used by InputMonitor. - if (!utils::setSuppGroups({LIBVIRT_GROUP, INPUT_EVENT_GROUP})) { + // DISK_GROUP provides access to /dev/loop* devices, needed when adding new container to copy + // containers image + if (!utils::setSuppGroups({LIBVIRT_GROUP, INPUT_EVENT_GROUP, DISK_GROUP})) { return false; } diff --git a/tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf b/tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf index 2a6ad35..707be02 100644 --- a/tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf +++ b/tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf @@ -5,6 +5,9 @@ "foregroundId" : "ut-containers-manager-console1-dbus", "defaultId" : "ut-containers-manager-console1-dbus", "containersPath" : "/tmp", + "containerImagePath" : "", + "containerTemplatePath" : "", + "containerNewConfigPrefix" : "", "runMountPointPrefix" : "", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", diff --git a/tests/unit_tests/server/configs/CMakeLists.txt b/tests/unit_tests/server/configs/CMakeLists.txt index 816a5bc..ee1c7d9 100644 --- a/tests/unit_tests/server/configs/CMakeLists.txt +++ b/tests/unit_tests/server/configs/CMakeLists.txt @@ -26,6 +26,8 @@ FILE(GLOB server_admin_CONF ut-server/libvirt-config/*.xml) FILE(GLOB manager_manager_CONF ut-containers-manager/*.conf) FILE(GLOB manager_container_CONF ut-containers-manager/containers/*.conf) FILE(GLOB manager_admin_CONF ut-containers-manager/libvirt-config/*.xml) +FILE(GLOB manager_admin_TEMPLATE ut-containers-manager/templates/*.conf + ut-containers-manager/templates/*.xml) FILE(GLOB container_CONF ut-container/*.conf) FILE(GLOB container_container_CONF ut-container/containers/*.conf) @@ -61,7 +63,10 @@ CONFIGURE_FILE(ut-containers-manager/libvirt-config/console2-dbus.xml.in ${CMAKE_BINARY_DIR}/ut-containers-manager/libvirt-config/console2-dbus.xml @ONLY) CONFIGURE_FILE(ut-containers-manager/libvirt-config/console3-dbus.xml.in ${CMAKE_BINARY_DIR}/ut-containers-manager/libvirt-config/console3-dbus.xml @ONLY) +CONFIGURE_FILE(ut-containers-manager/templates/template.xml.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/templates/template.xml @ONLY) FILE(GLOB manager_admin_CONF_GEN ${CMAKE_BINARY_DIR}/ut-containers-manager/libvirt-config/*.xml) +FILE(GLOB manager_admin_TEMPLATE_GEN ${CMAKE_BINARY_DIR}/ut-containers-manager/templates/*.xml) CONFIGURE_FILE(ut-container/libvirt-config/test-dbus.xml.in ${CMAKE_BINARY_DIR}/ut-container/libvirt-config/test-dbus.xml @ONLY) @@ -84,6 +89,10 @@ INSTALL(FILES ${manager_admin_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/libvirt-config) INSTALL(FILES ${manager_admin_CONF_GEN} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/libvirt-config) +INSTALL(FILES ${manager_admin_TEMPLATE} + DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/templates) +INSTALL(FILES ${manager_admin_TEMPLATE_GEN} + DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/templates) INSTALL(FILES ${container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container) diff --git a/tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf index 92abbe2..5ec98cc 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf @@ -4,6 +4,9 @@ "foregroundId" : "ut-containers-manager-console1", "defaultId" : "ut-containers-manager-console1", "containersPath" : "/tmp", + "containerImagePath" : "", + "containerTemplatePath" : "templates", + "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf index a19268c..ef5a597 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf @@ -4,6 +4,9 @@ "foregroundId" : "ut-containers-manager-console1", "defaultId" : "in_no_way_there_is_a_valid_id_here", "containersPath" : "/tmp", + "containerImagePath" : "", + "containerTemplatePath" : "templates", + "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf index bcaba00..3faa0f7 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf @@ -4,6 +4,9 @@ "foregroundId" : "this_id_does_not_exist", "defaultId" : "ut-containers-manager-console1", "containersPath" : "/tmp", + "containerImagePath" : "", + "containerTemplatePath" : "templates", + "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template-network.xml b/tests/unit_tests/server/configs/ut-containers-manager/templates/template-network.xml new file mode 100644 index 0000000..b357c0e --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/templates/template-network.xml @@ -0,0 +1,4 @@ + + ~NAME~-network + ~UUID~ + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template-nwfilter.xml b/tests/unit_tests/server/configs/ut-containers-manager/templates/template-nwfilter.xml new file mode 100644 index 0000000..b96197b --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/templates/template-nwfilter.xml @@ -0,0 +1,3 @@ + + ~UUID~ + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf new file mode 100644 index 0000000..40dcacc --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf @@ -0,0 +1,13 @@ +{ + "privilege" : 20, + "switchToDefaultAfterTimeout" : true, + "config" : "../libvirt-config/~NAME~.xml", + "networkConfig" : "../libvirt-config/~NAME~-network.xml", + "networkFilterConfig" : "../libvirt-config/~NAME~-nwfilter.xml", + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "runMountPoint" : "/tmp/ut-containers-manager/~NAME~-dbus", + "enableDbusIntegration" : true, + "permittedToSend" : [ "/tmp/.*" ], + "permittedToRecv" : [ "/tmp/.*" ] +} diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template.xml.in b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.xml.in new file mode 100644 index 0000000..fbb12a5 --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.xml.in @@ -0,0 +1,15 @@ + + ~NAME~ + ~UUID~ + 102400 + + exe + /usr/bin/dbus-daemon + --nofork + --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf + --address=unix:path=/tmp/ut-containers-manager/~NAME~-dbus/dbus/system_bus_socket + + + + + diff --git a/tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf index 6147c03..9317b9d 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf @@ -4,6 +4,9 @@ "foregroundId" : "ut-containers-manager-console1", "defaultId" : "ut-containers-manager-console1", "containersPath" : "/tmp", + "containerImagePath" : "", + "containerTemplatePath" : "templates", + "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf index 2a6ad35..af183a1 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf @@ -5,6 +5,9 @@ "foregroundId" : "ut-containers-manager-console1-dbus", "defaultId" : "ut-containers-manager-console1-dbus", "containersPath" : "/tmp", + "containerImagePath" : "", + "containerTemplatePath" : "templates", + "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", "runMountPointPrefix" : "", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", diff --git a/tests/unit_tests/server/configs/ut-server/buggy-daemon.conf b/tests/unit_tests/server/configs/ut-server/buggy-daemon.conf index cad519c..4758406 100644 --- a/tests/unit_tests/server/configs/ut-server/buggy-daemon.conf +++ b/tests/unit_tests/server/configs/ut-server/buggy-daemon.conf @@ -1,9 +1,12 @@ { "containerConfigs" : ["containers/container1.conf", "missing/file/path/missing.conf", "containers/container3.conf"], "containersPath" : "/tmp", + "containerImagePath" : "", + "containerTemplatePath" : "no_need_for_templates_in_this_test", "runMountPointPrefix" : "", "foregroundId" : "ut-server-container1", "defaultId" : "ut-server-container1", + "containerNewConfigPrefix" : "", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-server/test-daemon.conf b/tests/unit_tests/server/configs/ut-server/test-daemon.conf index 868f12b..767b3a5 100644 --- a/tests/unit_tests/server/configs/ut-server/test-daemon.conf +++ b/tests/unit_tests/server/configs/ut-server/test-daemon.conf @@ -1,6 +1,9 @@ { "containerConfigs" : ["containers/container1.conf", "containers/container2.conf", "containers/container3.conf"], "containersPath" : "/tmp", + "containerImagePath" : "", + "containerTemplatePath" : "no_need_for_templates_in_this_test", + "containerNewConfigPrefix" : "", "runMountPointPrefix" : "", "foregroundId" : "ut-server-container1", "defaultId" : "ut-server-container1", diff --git a/tests/unit_tests/server/ut-containers-manager.cpp b/tests/unit_tests/server/ut-containers-manager.cpp index 54a34bb..528d744 100644 --- a/tests/unit_tests/server/ut-containers-manager.cpp +++ b/tests/unit_tests/server/ut-containers-manager.cpp @@ -40,6 +40,7 @@ #include "config/exception.hpp" #include "utils/latch.hpp" #include "utils/fs.hpp" +#include "utils/img.hpp" #include #include @@ -63,6 +64,8 @@ const std::string TEST_DBUS_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/buggy-daemon.conf"; const std::string BUGGY_FOREGROUND_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/buggy-foreground-daemon.conf"; const std::string BUGGY_DEFAULTID_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/buggy-default-daemon.conf"; +const std::string TEST_CONTAINER_CONF_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/containers/"; +const std::string TEST_CONTAINER_LIBVIRT_CONF_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/libvirt-config/"; const std::string MISSING_CONFIG_PATH = "/this/is/a/missing/file/path/missing-daemon.conf"; const int EVENT_TIMEOUT = 5000; const int TEST_DBUS_CONNECTION_CONTAINERS_COUNT = 3; @@ -81,6 +84,7 @@ public: typedef std::function TestApiMethodCallback; + typedef std::function AddContainerResultCallback; typedef std::map Dbuses; @@ -303,6 +307,25 @@ public: } + void callAsyncMethodAddContainer(const std::string& id, + const AddContainerResultCallback& result) + { + auto asyncResult = [result](dbus::AsyncMethodCallResult& asyncMethodCallResult) { + BOOST_CHECK(g_variant_is_of_type(asyncMethodCallResult.get(), G_VARIANT_TYPE_UNIT)); + result(); + }; + + assert(isHost()); + GVariant* parameters = g_variant_new("(s)", id.c_str()); + mClient->callMethodAsync(api::host::BUS_NAME, + api::host::OBJECT_PATH, + api::host::INTERFACE, + api::host::METHOD_ADD_CONTAINER, + parameters, + "()", + asyncResult); + } + private: const int mId; DbusConnection::Pointer mClient; @@ -331,6 +354,27 @@ std::function expectedMessage(const std::string& me }; } +class FileCleanerRAII { +public: + FileCleanerRAII(const std::vector& filePathsToClean): + mFilePathsToClean(filePathsToClean) + { } + + ~FileCleanerRAII() + { + namespace fs = boost::filesystem; + for (const auto& file : mFilePathsToClean) { + fs::path f(file); + if (fs::exists(f)) { + fs::remove(f); + } + } + } + +private: + const std::vector mFilePathsToClean; +}; + struct Fixture { security_containers::utils::ScopedGlibLoop mLoop; }; @@ -881,4 +925,34 @@ BOOST_AUTO_TEST_CASE(SetActiveContainerTest) DbusException); } +BOOST_AUTO_TEST_CASE(AddContainerTest) +{ + const std::string newContainerId = "test1234"; + const std::vector newContainerConfigs = { + TEST_CONTAINER_CONF_PATH + newContainerId + ".conf", + TEST_CONTAINER_LIBVIRT_CONF_PATH + newContainerId + ".xml", + TEST_CONTAINER_LIBVIRT_CONF_PATH + newContainerId + "-network.xml", + TEST_CONTAINER_LIBVIRT_CONF_PATH + newContainerId + "-nwfilter.xml", + }; + FileCleanerRAII cleaner(newContainerConfigs); + + ContainersManager cm(TEST_DBUS_CONFIG_PATH); + cm.startAll(); + + Latch callDone; + auto resultCallback = [&]() { + callDone.set(); + }; + + DbusAccessory dbus(DbusAccessory::HOST_ID); + + // create new container + dbus.callAsyncMethodAddContainer(newContainerId, resultCallback); + callDone.wait(EVENT_TIMEOUT); + + // focus new container + BOOST_REQUIRE_NO_THROW(cm.focus(newContainerId)); + BOOST_CHECK(cm.getRunningForegroundContainerId() == newContainerId); +} + BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/utils/ut-fs.cpp b/tests/unit_tests/utils/ut-fs.cpp index 8f7c965..43be58a 100644 --- a/tests/unit_tests/utils/ut-fs.cpp +++ b/tests/unit_tests/utils/ut-fs.cpp @@ -44,6 +44,12 @@ const std::string FILE_PATH = SC_TEST_CONFIG_INSTALL_DIR "/utils/ut-fs/file.txt" const std::string FILE_CONTENT = "File content\n" "Line 1\n" "Line 2\n"; +const std::string FILE_CONTENT_2 = "Some other content\n" + "Just to see if\n" + "everything is copied correctly\n"; +const std::string FILE_CONTENT_3 = "More content\n" + "More and more content\n" + "That's a lot of data to test\n"; const std::string BUGGY_FILE_PATH = "/some/missing/file/path/file.txt"; const std::string TMP_PATH = "/tmp"; const std::string FILE_PATH_RANDOM = @@ -52,6 +58,12 @@ const std::string MOUNT_POINT_RANDOM_1 = boost::filesystem::unique_path("/tmp/mountPoint-%%%%").string(); const std::string MOUNT_POINT_RANDOM_2 = boost::filesystem::unique_path("/tmp/mountPoint-%%%%").string(); +const std::string FILE_DIR_RANDOM_1 = + boost::filesystem::unique_path("testDir-%%%%").string(); +const std::string FILE_DIR_RANDOM_2 = + boost::filesystem::unique_path("testDir-%%%%").string(); +const std::string FILE_DIR_RANDOM_3 = + boost::filesystem::unique_path("testDir-%%%%").string(); const std::string FILE_NAME_RANDOM_1 = boost::filesystem::unique_path("testFile-%%%%").string(); const std::string FILE_NAME_RANDOM_2 = @@ -131,4 +143,43 @@ BOOST_AUTO_TEST_CASE(MoveFileTest) BOOST_REQUIRE(fs::remove(MOUNT_POINT_RANDOM_2, ec)); } +BOOST_AUTO_TEST_CASE(CopyDirContentsTest) +{ + namespace fs = boost::filesystem; + std::string src, src_inner, dst, dst_inner; + boost::system::error_code ec; + + src = TMP_PATH + "/" + FILE_DIR_RANDOM_1; + src_inner = src + "/" + FILE_DIR_RANDOM_3; + + dst = TMP_PATH + "/" + FILE_DIR_RANDOM_2; + dst_inner = dst + "/" + FILE_DIR_RANDOM_3; + + // create entire structure with files + BOOST_REQUIRE(fs::create_directory(src, ec)); + BOOST_REQUIRE(ec.value() == 0); + BOOST_REQUIRE(fs::create_directory(src_inner, ec)); + BOOST_REQUIRE(ec.value() == 0); + + BOOST_REQUIRE(saveFileContent(src + "/" + FILE_NAME_RANDOM_1, FILE_CONTENT)); + BOOST_REQUIRE(saveFileContent(src + "/" + FILE_NAME_RANDOM_2, FILE_CONTENT_2)); + BOOST_REQUIRE(saveFileContent(src_inner + "/" + FILE_NAME_RANDOM_1, FILE_CONTENT_3)); + + BOOST_REQUIRE(fs::create_directory(dst, ec)); + BOOST_REQUIRE(ec.value() == 0); + + // copy data + BOOST_CHECK(copyDirContents(src, dst)); + + // check if copy is successful + BOOST_CHECK(fs::exists(dst + "/" + FILE_NAME_RANDOM_1)); + BOOST_CHECK(fs::exists(dst + "/" + FILE_NAME_RANDOM_2)); + BOOST_CHECK(fs::exists(dst_inner)); + BOOST_CHECK(fs::exists(dst_inner + "/" + FILE_NAME_RANDOM_1)); + + BOOST_CHECK_EQUAL(readFileContent(dst + "/" + FILE_NAME_RANDOM_1), FILE_CONTENT); + BOOST_CHECK_EQUAL(readFileContent(dst + "/" + FILE_NAME_RANDOM_2), FILE_CONTENT_2); + BOOST_CHECK_EQUAL(readFileContent(dst_inner + "/" + FILE_NAME_RANDOM_1), FILE_CONTENT_3); +} + BOOST_AUTO_TEST_SUITE_END() -- 2.7.4 From 11ddb3bab10b043797aca9eaa491070aa8510f3d Mon Sep 17 00:00:00 2001 From: Piotr Bartosiewicz Date: Thu, 18 Sep 2014 10:07:15 +0200 Subject: [PATCH 03/16] New get_container_id_by_pid API function [Bug/Feature] Introduce new API function: sc_get_container_id_by_pid [Cause] N/A [Solution] N/A [Verification] Build, install, run tests Change-Id: I8bee78c062bcbbe29fc9e2c651989570c26869d1 --- client/security-containers-client-impl.cpp | 36 +++++++++ client/security-containers-client-impl.hpp | 5 ++ client/security-containers-client.cpp | 5 ++ client/security-containers-client.h | 11 +++ client/utils.cpp | 118 ++++++++++++++++++++++++++++ client/utils.hpp | 32 ++++++++ tests/unit_tests/client/ut-client-utils.cpp | 55 +++++++++++++ tests/unit_tests/client/ut-client.cpp | 37 +++++++++ 8 files changed, 299 insertions(+) create mode 100644 client/utils.cpp create mode 100644 client/utils.hpp create mode 100644 tests/unit_tests/client/ut-client-utils.cpp diff --git a/client/security-containers-client-impl.cpp b/client/security-containers-client-impl.cpp index 8486ae7..a2c51ba 100644 --- a/client/security-containers-client-impl.cpp +++ b/client/security-containers-client-impl.cpp @@ -25,6 +25,7 @@ #include #include "security-containers-client-impl.hpp" +#include "utils.hpp" #include #include #include @@ -33,6 +34,7 @@ #include #include +#include using namespace std; using namespace dbus; @@ -122,6 +124,17 @@ ScStatus toStatus(const std::exception& ex) return SCCLIENT_OTHER_ERROR; } +bool readFirstLineOfFile(const std::string& path, std::string& ret) +{ + std::ifstream file(path); + if (!file) { + return false; + } + + std::getline(file, ret); + return true; +} + } //namespace ScStatus Client::sc_start_glib_loop() noexcept @@ -309,6 +322,29 @@ ScStatus Client::sc_get_active_container_id(ScString* id) noexcept return ret; } +ScStatus Client::sc_get_container_id_by_pid(int pid, ScString* id) noexcept +{ + assert(id); + + const std::string path = "/proc/" + std::to_string(pid) + "/cpuset"; + + std::string cpuset; + if (!readFirstLineOfFile(path, cpuset)) { + mStatus = Status(SCCLIENT_INVALID_ARGUMENT, "Process not found"); + return sc_get_status(); + } + + std::string containerId; + if (!parseContainerIdFromCpuSet(cpuset, containerId)) { + mStatus = Status(SCCLIENT_OTHER_ERROR, "unknown format of cpuset"); + return sc_get_status(); + } + + *id = strdup(containerId.c_str()); + mStatus = Status(); + return sc_get_status();; +} + ScStatus Client::sc_set_active_container(const char* id) noexcept { assert(id); diff --git a/client/security-containers-client-impl.hpp b/client/security-containers-client-impl.hpp index 10aecaf..f1bfacb 100644 --- a/client/security-containers-client-impl.hpp +++ b/client/security-containers-client-impl.hpp @@ -117,6 +117,11 @@ public: ScStatus sc_get_active_container_id(ScString* id) noexcept; /** + * @see ::sc_get_container_id_by_pid + */ + ScStatus sc_get_container_id_by_pid(int pid, ScString* id) noexcept; + + /** * @see ::sc_set_active_container */ ScStatus sc_set_active_container(const char* id) noexcept; diff --git a/client/security-containers-client.cpp b/client/security-containers-client.cpp index b1eb521..cb22544 100644 --- a/client/security-containers-client.cpp +++ b/client/security-containers-client.cpp @@ -121,6 +121,11 @@ API ScStatus sc_get_active_container_id(ScClient client, ScString* id) return getClient(client).sc_get_active_container_id(id); } +API ScStatus sc_get_container_id_by_pid(ScClient client, int pid, ScString* id) +{ + return getClient(client).sc_get_container_id_by_pid(pid, id); +} + API ScStatus sc_set_active_container(ScClient client, const char* id) { return getClient(client).sc_set_active_container(id); diff --git a/client/security-containers-client.h b/client/security-containers-client.h index c56e9de..4d37c3c 100644 --- a/client/security-containers-client.h +++ b/client/security-containers-client.h @@ -247,6 +247,17 @@ ScStatus sc_get_container_ids(ScClient client, ScArrayString* array); ScStatus sc_get_active_container_id(ScClient client, ScString* id); /** + * Get container name of process with given pid. + * + * @param[in] client security-containers-server's client + * @param[in] pid process id + * @param[out] id active container name + * @return status of this function call + * @remark Use @p sc_string_free() to free memory occupied by @p id. + */ +ScStatus sc_get_container_id_by_pid(ScClient client, int pid, ScString* id); + +/** * Set active (foreground) container. * * @param[in] client security-containers-server's client diff --git a/client/utils.cpp b/client/utils.cpp new file mode 100644 index 0000000..98b6905 --- /dev/null +++ b/client/utils.cpp @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Utility functions definition + */ + +#include "config.hpp" +#include "utils.hpp" + +#include + +namespace { + +const std::string CPUSET_HOST = "/"; +const std::string CPUSET_LIBVIRT_PREFIX_OLD = "/machine/"; +const std::string CPUSET_LIBVIRT_SUFFIX_OLD = ".libvirt-lxc"; +const std::string CPUSET_LIBVIRT_PREFIX = "/machine.slice/machine-lxc\\x2d"; +const std::string CPUSET_LIBVIRT_SUFFIX = ".scope"; + +bool parseOldFormat(const std::string& cpuset, std::string& id) +{ + // '/machine/.libvirt-lxc' + if (!boost::starts_with(cpuset, CPUSET_LIBVIRT_PREFIX_OLD)) { + return false; + } + + if (!boost::ends_with(cpuset, CPUSET_LIBVIRT_SUFFIX_OLD)) { + return false; + } + + id.assign(cpuset, + CPUSET_LIBVIRT_PREFIX_OLD.size(), + cpuset.size() - CPUSET_LIBVIRT_PREFIX_OLD.size() - CPUSET_LIBVIRT_SUFFIX_OLD.size()); + return true; +} + +inline int unhex(char c) +{ + if (c >= '0' && c <= '9') { + return c - '0'; + } + if (c >= 'a' && c <= 'f') { + return c - 'a' + 10; + } + if (c >= 'A' && c <= 'F') { + return c - 'A' + 10; + } + return -1; +} + +void unescape(std::string& value) +{ + const size_t len = value.size(); + size_t inPos = 0; + size_t outPos = 0; + while (inPos < len) { + const char c = value[inPos++]; + if (c == '-') { + value[outPos++] = '/'; + } else if (c == '\\' && value[inPos] == 'x') { + const char a = unhex(value[inPos+1]); + const char b = unhex(value[inPos+2]); + value[outPos++] = (char) ((a << 4) | b); + inPos += 3; + } else { + value[outPos++] = c; + } + } + value.resize(outPos); +} + +bool parseNewFormat(const std::string& cpuset, std::string& id) +{ + // '/machine.slice/machine-lxc\x2d.scope' + if (!boost::starts_with(cpuset, CPUSET_LIBVIRT_PREFIX)) { + return false; + } + + if (!boost::ends_with(cpuset, CPUSET_LIBVIRT_SUFFIX)) { + return false; + } + + id = cpuset.substr(CPUSET_LIBVIRT_PREFIX.size(), + cpuset.size() - CPUSET_LIBVIRT_PREFIX.size() - CPUSET_LIBVIRT_SUFFIX.size()); + unescape(id); + return true; +} + +} // namespace + +bool parseContainerIdFromCpuSet(const std::string& cpuset, std::string& id) +{ + if (cpuset == CPUSET_HOST) { + id = "host"; + return true; + } + + return parseNewFormat(cpuset, id) || parseOldFormat(cpuset, id); +} + diff --git a/client/utils.hpp b/client/utils.hpp new file mode 100644 index 0000000..49b83c0 --- /dev/null +++ b/client/utils.hpp @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Utility functions declaration + */ + +#ifndef SECURITY_CONTAINERS_CLIENT_UTILS_HPP +#define SECURITY_CONTAINERS_CLIENT_UTILS_HPP + +#include + +bool parseContainerIdFromCpuSet(const std::string& cpuset, std::string& id); + +#endif // SECURITY_CONTAINERS_CLIENT_UTILS_HPP diff --git a/tests/unit_tests/client/ut-client-utils.cpp b/tests/unit_tests/client/ut-client-utils.cpp new file mode 100644 index 0000000..ac4c1fd --- /dev/null +++ b/tests/unit_tests/client/ut-client-utils.cpp @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Unit tests of the client utils + */ + +#include +#include "ut.hpp" +#include + + +BOOST_AUTO_TEST_SUITE(ClientUtils) + +BOOST_AUTO_TEST_CASE(ParseContainerIdFromCpuSetTest) +{ + auto testBad = [](const std::string& input) { + std::string ret; + BOOST_CHECK(!parseContainerIdFromCpuSet(input, ret)); + }; + + auto testOK = [](const std::string& input, const std::string& expected) { + std::string ret; + BOOST_CHECK(parseContainerIdFromCpuSet(input, ret)); + BOOST_CHECK_EQUAL(expected, ret); + }; + + testBad(""); + testBad("/foo"); + + testOK("/", "host"); + testOK("/machine/a-b.libvirt-lxc", "a-b"); + testOK("/machine.slice/machine-lxc\\x2da\\x2db.scope", "a-b"); + testOK("/machine.slice/machine-lxc\\x2da-b.scope", "a/b"); +} + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/client/ut-client.cpp b/tests/unit_tests/client/ut-client.cpp index bbf2013..574be39 100644 --- a/tests/unit_tests/client/ut-client.cpp +++ b/tests/unit_tests/client/ut-client.cpp @@ -256,4 +256,41 @@ BOOST_AUTO_TEST_CASE(NotificationTest) } } +BOOST_AUTO_TEST_CASE(GetContainerIdByPidTest1) +{ + ScClient client = sc_client_create(); + ScString container; + ScStatus status = sc_get_container_id_by_pid(client, 1, &container); + BOOST_REQUIRE_EQUAL(SCCLIENT_SUCCESS, status); + + BOOST_CHECK_EQUAL(container, std::string("host")); + + sc_string_free(container); + sc_client_free(client); +} + +BOOST_AUTO_TEST_CASE(GetContainerIdByPidTest2) +{ + std::set ids; + + ScClient client = sc_client_create(); + for (int n = 0; n < 100000; ++n) { + ScString container; + ScStatus status = sc_get_container_id_by_pid(client, n, &container); + if (status == SCCLIENT_SUCCESS) { + ids.insert(container); + sc_string_free(container); + } else { + BOOST_WARN_MESSAGE(status == SCCLIENT_INVALID_ARGUMENT, sc_get_status_message(client)); + } + } + sc_client_free(client); + + BOOST_CHECK(ids.count("host") == 1); + + for (const auto& dbus : EXPECTED_DBUSES_STARTED) { + BOOST_CHECK(ids.count(dbus.first) == 1); + } +} + BOOST_AUTO_TEST_SUITE_END() -- 2.7.4 From ca9fe3b7e0eb6a308dd1215fd427bd97369f04ac Mon Sep 17 00:00:00 2001 From: Jan Olszak Date: Wed, 24 Sep 2014 16:12:13 +0200 Subject: [PATCH 04/16] Adjusting tests to the changed KVStore [Bug/Feature] Added isEmpty() and exists() functions [Cause] N/A [Solution] N/A [Verification] Build, install, run tests Change-Id: Ied7f469599cfdb31104e4f0bc1b67b8cbc2a2cc0 --- tests/unit_tests/config/ut-configuration.cpp | 22 ++++++++++++++++--- tests/unit_tests/config/ut-kvstore.cpp | 32 +++++++++++----------------- 2 files changed, 32 insertions(+), 22 deletions(-) diff --git a/tests/unit_tests/config/ut-configuration.cpp b/tests/unit_tests/config/ut-configuration.cpp index 1e98d22..b205339 100644 --- a/tests/unit_tests/config/ut-configuration.cpp +++ b/tests/unit_tests/config/ut-configuration.cpp @@ -48,11 +48,13 @@ struct TestConfig { }; int intVal; + std::vector intVector; SubSubConfig subSubObj; CONFIG_REGISTER ( intVal, + intVector, subSubObj ) }; @@ -63,6 +65,7 @@ struct TestConfig { double doubleVal; bool boolVal; + std::vector emptyIntVector; std::vector intVector; std::vector stringVector; std::vector doubleVector; @@ -78,6 +81,7 @@ struct TestConfig { doubleVal, boolVal, + emptyIntVector, intVector, stringVector, doubleVector, @@ -98,12 +102,13 @@ const std::string jsonTestString = "\"stringVal\": \"blah\", " "\"doubleVal\": -1.234000, " "\"boolVal\": true, " + "\"emptyIntVector\": [ ], " "\"intVector\": [ 1, 2, 3 ], " "\"stringVector\": [ \"a\", \"b\" ], " "\"doubleVector\": [ 0.000000, 1.000000, 2.000000 ], " - "\"subObj\": { \"intVal\": 54321, \"subSubObj\": { \"intVal\": 234 } }, " - "\"subVector\": [ { \"intVal\": 123, \"subSubObj\": { \"intVal\": 345 } }, " - "{ \"intVal\": 456, \"subSubObj\": { \"intVal\": 567 } } ] }"; + "\"subObj\": { \"intVal\": 54321, \"intVector\": [ 1, 2 ], \"subSubObj\": { \"intVal\": 234 } }, " + "\"subVector\": [ { \"intVal\": 123, \"intVector\": [ 3, 4 ], \"subSubObj\": { \"intVal\": 345 } }, " + "{ \"intVal\": 456, \"intVector\": [ 5, 6 ], \"subSubObj\": { \"intVal\": 567 } } ] }"; // Floating point tolerance as a number of rounding errors const int TOLERANCE = 1; @@ -121,6 +126,8 @@ BOOST_AUTO_TEST_CASE(FromStringTest) BOOST_CHECK_CLOSE(-1.234, testConfig.doubleVal, TOLERANCE); BOOST_CHECK_EQUAL(true, testConfig.boolVal); + BOOST_REQUIRE_EQUAL(0, testConfig.emptyIntVector.size()); + BOOST_REQUIRE_EQUAL(3, testConfig.intVector.size()); BOOST_CHECK_EQUAL(1, testConfig.intVector[0]); BOOST_CHECK_EQUAL(2, testConfig.intVector[1]); @@ -136,12 +143,21 @@ BOOST_AUTO_TEST_CASE(FromStringTest) BOOST_CHECK_CLOSE(2.0, testConfig.doubleVector[2], TOLERANCE); BOOST_CHECK_EQUAL(54321, testConfig.subObj.intVal); + BOOST_CHECK_EQUAL(2, testConfig.subObj.intVector.size()); + BOOST_CHECK_EQUAL(1, testConfig.subObj.intVector[0]); + BOOST_CHECK_EQUAL(2, testConfig.subObj.intVector[1]); + BOOST_CHECK_EQUAL(234, testConfig.subObj.subSubObj.intVal); BOOST_REQUIRE_EQUAL(2, testConfig.subVector.size()); BOOST_CHECK_EQUAL(123, testConfig.subVector[0].intVal); BOOST_CHECK_EQUAL(456, testConfig.subVector[1].intVal); BOOST_CHECK_EQUAL(345, testConfig.subVector[0].subSubObj.intVal); BOOST_CHECK_EQUAL(567, testConfig.subVector[1].subSubObj.intVal); + BOOST_CHECK_EQUAL(3, testConfig.subVector[0].intVector[0]); + BOOST_CHECK_EQUAL(5, testConfig.subVector[1].intVector[0]); + BOOST_CHECK_EQUAL(4, testConfig.subVector[0].intVector[1]); + BOOST_CHECK_EQUAL(6, testConfig.subVector[1].intVector[1]); + } diff --git a/tests/unit_tests/config/ut-kvstore.cpp b/tests/unit_tests/config/ut-kvstore.cpp index 66efc2b..2c9a998 100644 --- a/tests/unit_tests/config/ut-kvstore.cpp +++ b/tests/unit_tests/config/ut-kvstore.cpp @@ -114,33 +114,29 @@ BOOST_AUTO_TEST_CASE(EscapedCharactersTest) std::string HARD_KEY = "[" + KEY; BOOST_CHECK_NO_THROW(c.set(HARD_KEY, "A")); BOOST_CHECK_NO_THROW(c.set(KEY, "B")); - BOOST_CHECK_EQUAL(c.count(HARD_KEY), 1); - BOOST_CHECK_EQUAL(c.count(KEY), 1); - BOOST_CHECK_EQUAL(c.size(), 2); + BOOST_CHECK(c.exists(HARD_KEY)); + BOOST_CHECK(c.exists(KEY)); BOOST_CHECK_NO_THROW(c.clear()); HARD_KEY = "]" + KEY; BOOST_CHECK_NO_THROW(c.set(HARD_KEY, "A")); BOOST_CHECK_NO_THROW(c.set(KEY, "B")); - BOOST_CHECK_EQUAL(c.count(HARD_KEY), 1); - BOOST_CHECK_EQUAL(c.count(KEY), 1); - BOOST_CHECK_EQUAL(c.size(), 2); + BOOST_CHECK(c.exists(HARD_KEY)); + BOOST_CHECK(c.exists(KEY)); BOOST_CHECK_NO_THROW(c.clear()); HARD_KEY = "?" + KEY; BOOST_CHECK_NO_THROW(c.set(HARD_KEY, "A")); BOOST_CHECK_NO_THROW(c.set(KEY, "B")); - BOOST_CHECK_EQUAL(c.count(HARD_KEY), 1); - BOOST_CHECK_EQUAL(c.count(KEY), 1); - BOOST_CHECK_EQUAL(c.size(), 2); + BOOST_CHECK(c.exists(HARD_KEY)); + BOOST_CHECK(c.exists(KEY)); BOOST_CHECK_NO_THROW(c.clear()); HARD_KEY = "*" + KEY; BOOST_CHECK_NO_THROW(c.set(HARD_KEY, "A")); BOOST_CHECK_NO_THROW(c.set(KEY, "B")); - BOOST_CHECK_EQUAL(c.count(HARD_KEY), 1); - BOOST_CHECK_EQUAL(c.count(KEY), 1); - BOOST_CHECK_EQUAL(c.size(), 2); + BOOST_CHECK(c.exists(HARD_KEY)); + BOOST_CHECK(c.exists(KEY)); } namespace { @@ -154,11 +150,11 @@ void testSingleValue(Fixture& f, const A& a, const B& b) // Update BOOST_CHECK_NO_THROW(f.c.set(KEY, b)); BOOST_CHECK_EQUAL(f.c.get(KEY), b); - BOOST_CHECK_EQUAL(f.c.count(KEY), 1); + BOOST_CHECK(f.c.exists(KEY)); // Remove BOOST_CHECK_NO_THROW(f.c.remove(KEY)); - BOOST_CHECK_EQUAL(f.c.count(KEY), 0); + BOOST_CHECK(!f.c.exists(KEY)); BOOST_CHECK_THROW(f.c.get(KEY), ConfigException); } } // namespace @@ -182,8 +178,6 @@ void setVector(Fixture& f, std::vector vec) BOOST_CHECK_NO_THROW(f.c.set(KEY, vec)); BOOST_CHECK_NO_THROW(storedVec = f.c.get >(KEY)) BOOST_CHECK_EQUAL_COLLECTIONS(storedVec.begin(), storedVec.end(), vec.begin(), vec.end()); - BOOST_CHECK_EQUAL(f.c.count(KEY), vec.size()); - BOOST_CHECK_EQUAL(f.c.size(), vec.size()); } template @@ -199,8 +193,8 @@ void testVectorOfValues(Fixture& f, // Remove BOOST_CHECK_NO_THROW(f.c.remove(KEY)); - BOOST_CHECK_EQUAL(f.c.count(KEY), 0); - BOOST_CHECK_EQUAL(f.c.size(), 0); + BOOST_CHECK(!f.c.exists(KEY)); + BOOST_CHECK(f.c.isEmpty()); BOOST_CHECK_THROW(f.c.get >(KEY), ConfigException); BOOST_CHECK_THROW(f.c.get(KEY), ConfigException); } @@ -221,7 +215,7 @@ BOOST_AUTO_TEST_CASE(ClearTest) std::vector vec = {"A", "B"}; BOOST_CHECK_NO_THROW(c.set(KEY, vec)); BOOST_CHECK_NO_THROW(c.clear()); - BOOST_CHECK_EQUAL(c.size(), 0); + BOOST_CHECK(c.isEmpty()); BOOST_CHECK_NO_THROW(c.remove(KEY)); BOOST_CHECK_THROW(c.get>(KEY), ConfigException); -- 2.7.4 From 2d2f8fe00f8c450895a2ef67a698746294d25a0b Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Thu, 25 Sep 2014 11:59:58 +0200 Subject: [PATCH 05/16] Implement switchingSequenceMonitorNotify and add VT switching support [Feature] switchingSequenceMonitorNotify function implementation and module to handle VT switching [Cause] Nothing happened when user provided input sequence to Input Monitor [Solution] Implemented switchingSequenceMonitorNotify and added VT switching to function ContainersManager::focus. [Verification] Build, install, run unit tests. Tests (especially FocusTest) should pass. Change-Id: Ie4aa7d1679bfaa5a0fdfaf238ebc14a3b8150006 --- CMakeLists.txt | 4 + common/utils/img.cpp | 2 +- common/utils/img.hpp | 2 +- common/utils/vt.cpp | 86 ++++++++++++++++++++++ common/utils/vt.hpp | 36 +++++++++ packaging/security-containers.spec | 7 +- server/CMakeLists.txt | 2 +- server/configs/containers/business.conf | 3 +- server/configs/containers/private.conf | 3 +- server/container-config.hpp | 6 ++ server/container.cpp | 12 +++ server/container.hpp | 7 ++ server/containers-manager.cpp | 28 ++++++- server/containers-manager.hpp | 6 ++ server/server.cpp | 11 ++- .../ut-client/containers/console1-dbus.conf | 1 + .../ut-client/containers/console2-dbus.conf | 1 + .../ut-client/containers/console3-dbus.conf | 1 + .../ut-container-admin/containers/buggy.conf.in | 1 + .../ut-container-admin/containers/missing.conf | 1 + .../containers/test-no-shutdown.conf.in | 1 + .../ut-container-admin/containers/test.conf.in | 1 + .../configs/ut-container/containers/buggy.conf | 1 + .../configs/ut-container/containers/test-dbus.conf | 1 + .../configs/ut-container/containers/test.conf | 1 + .../containers/console1-dbus.conf | 1 + .../ut-containers-manager/containers/console1.conf | 1 + .../containers/console2-dbus.conf | 1 + .../ut-containers-manager/containers/console2.conf | 1 + .../containers/console3-dbus.conf | 1 + .../ut-containers-manager/containers/console3.conf | 1 + .../ut-containers-manager/templates/template.conf | 1 + .../ut-network-admin/containers/buggy.conf.in | 1 + .../ut-network-admin/containers/missing.conf | 1 + .../ut-network-admin/containers/test.conf.in | 1 + .../configs/ut-server/containers/container1.conf | 1 + .../configs/ut-server/containers/container2.conf | 1 + .../configs/ut-server/containers/container3.conf | 1 + 38 files changed, 228 insertions(+), 10 deletions(-) create mode 100644 common/utils/vt.cpp create mode 100644 common/utils/vt.hpp diff --git a/CMakeLists.txt b/CMakeLists.txt index 9cb880a..c8e74c6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -72,11 +72,15 @@ ENDIF(NOT DEFINED INPUT_EVENT_GROUP) IF(NOT DEFINED DISK_GROUP) SET(DISK_GROUP "disk") ENDIF(NOT DEFINED DISK_GROUP) +IF(NOT DEFINED TTY_GROUP) + SET(TTY_GROUP "tty") +ENDIF(NOT DEFINED TTY_GROUP) ADD_DEFINITIONS(-DSECURITY_CONTAINERS_USER="${SECURITY_CONTAINERS_USER}") ADD_DEFINITIONS(-DLIBVIRT_GROUP="${LIBVIRT_GROUP}") ADD_DEFINITIONS(-DINPUT_EVENT_GROUP="${INPUT_EVENT_GROUP}") ADD_DEFINITIONS(-DDISK_GROUP="${DISK_GROUP}") +ADD_DEFINITIONS(-DTTY_GROUP="${TTY_GROUP}") ## Python packages directory ################################################### diff --git a/common/utils/img.cpp b/common/utils/img.cpp index 4d7de88..bc77491 100644 --- a/common/utils/img.cpp +++ b/common/utils/img.cpp @@ -17,7 +17,7 @@ */ /** - * @file img.hpp + * @file * @author Lukasz Kostyra (l.kostyra@samsung.com) * @brief Image utility functions declaration */ diff --git a/common/utils/img.hpp b/common/utils/img.hpp index d42300e..db47cc6 100644 --- a/common/utils/img.hpp +++ b/common/utils/img.hpp @@ -17,7 +17,7 @@ */ /** - * @file img.hpp + * @file * @author Lukasz Kostyra (l.kostyra@samsung.com) * @brief Image utility functions declaration */ diff --git a/common/utils/vt.cpp b/common/utils/vt.cpp new file mode 100644 index 0000000..22a697e --- /dev/null +++ b/common/utils/vt.cpp @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Lukasz Kostyra + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Lukasz Kostyra (l.kostyra@samsung.com) + * @brief VT-related utility functions + */ + +#include "config.hpp" +#include "utils/vt.hpp" +#include "logger/logger.hpp" + +#include +#include +#include +#include +#include +#include + +namespace { + +const std::string TTY_DEV = "/dev/tty0"; + +} // namespace + +namespace security_containers { +namespace utils { + +bool activateVT(const int& vt) +{ + int consoleFD = ::open(TTY_DEV.c_str(), O_WRONLY); + if (consoleFD < 0) { + LOGE("console open failed: " << errno << " (" << strerror(errno) << ")"); + return false; + } + + struct vt_stat vtstat; + vtstat.v_active = 0; + if (::ioctl(consoleFD, VT_GETSTATE, &vtstat)) { + LOGE("Failed to get vt state: " << errno << " (" << strerror(errno) << ")"); + ::close(consoleFD); + return false; + } + + if (vtstat.v_active == vt) { + LOGW("vt" << vt << " is already active."); + ::close(consoleFD); + return true; + } + + // activate vt + if (::ioctl(consoleFD, VT_ACTIVATE, vt)) { + LOGE("Failed to activate vt" << vt << ": " << errno << " (" << strerror(errno) << ")"); + ::close(consoleFD); + return false; + } + + // wait until activation is finished + if (::ioctl(consoleFD, VT_WAITACTIVE, vt)) { + LOGE("Failed to wait for vt" << vt << " activation: " << errno << " (" << strerror(errno) << ")"); + ::close(consoleFD); + return false; + } + + ::close(consoleFD); + return true; +} + +} // namespace utils +} // namespace security_containers diff --git a/common/utils/vt.hpp b/common/utils/vt.hpp new file mode 100644 index 0000000..d285806 --- /dev/null +++ b/common/utils/vt.hpp @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Lukasz Kostyra + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Lukasz Kostyra (l.kostyra@samsung.com) + * @brief VT-related utility functions + */ + +#ifndef COMMON_UTILS_VT_HPP +#define COMMON_UTILS_VT_HPP + +namespace security_containers { +namespace utils { + +bool activateVT(const int& vt); + +} // namespace utils +} // namespace security_containers + +#endif // COMMON_UTILS_VT_HPP diff --git a/packaging/security-containers.spec b/packaging/security-containers.spec index 97bf4d5..fc1c806 100644 --- a/packaging/security-containers.spec +++ b/packaging/security-containers.spec @@ -7,6 +7,8 @@ %define input_event_group video # The group has access to /dev/loop* devices. %define disk_group disk +# The group that has write access to /dev/tty* devices. +%define tty_group tty Name: security-containers Version: 0.1.1 @@ -71,7 +73,8 @@ between them. A process from inside a container can request a switch of context -DSECURITY_CONTAINERS_USER=%{scs_user} \ -DLIBVIRT_GROUP=%{libvirt_group} \ -DINPUT_EVENT_GROUP=%{input_event_group} \ - -DDISK_GROUP=%{disk_group} + -DDISK_GROUP=%{disk_group} \ + -DTTY_GROUP=%{tty_group} make -k %{?jobs:-j%jobs} %install @@ -88,7 +91,7 @@ if [ $1 == 1 ]; then systemctl daemon-reload || : fi # set needed caps on the binary to allow restart without loosing them -setcap CAP_SYS_ADMIN,CAP_MAC_OVERRIDE+ei %{_bindir}/security-containers-server +setcap CAP_SYS_ADMIN,CAP_MAC_OVERRIDE,CAP_SYS_TTY_CONFIG+ei %{_bindir}/security-containers-server %preun # Stop the service before uninstall diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index 3293307..2237f52 100644 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -45,4 +45,4 @@ ADD_SUBDIRECTORY(configs) INSTALL(TARGETS ${SERVER_CODENAME} DESTINATION bin) ## Set capabilities on server executable ####################################### -INSTALL(CODE "EXECUTE_PROCESS(COMMAND setcap CAP_SYS_ADMIN,CAP_MAC_OVERRIDE+ei \$ENV{DESTDIR}/${CMAKE_INSTALL_PREFIX}/bin/${SERVER_CODENAME})") +INSTALL(CODE "EXECUTE_PROCESS(COMMAND setcap CAP_SYS_ADMIN,CAP_MAC_OVERRIDE,CAP_SYS_TTY_CONFIG+ei \$ENV{DESTDIR}/${CMAKE_INSTALL_PREFIX}/bin/${SERVER_CODENAME})") diff --git a/server/configs/containers/business.conf b/server/configs/containers/business.conf index 1b3502a..600edb1 100644 --- a/server/configs/containers/business.conf +++ b/server/configs/containers/business.conf @@ -1,8 +1,9 @@ { "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, + "cpuQuotaBackground" : 10000, "enableDbusIntegration" : true, "privilege" : 1, + "vt" : 3, "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/business.xml", "networkConfig" : "../libvirt-config/business-network.xml", diff --git a/server/configs/containers/private.conf b/server/configs/containers/private.conf index 62c0f18..71d4bcb 100644 --- a/server/configs/containers/private.conf +++ b/server/configs/containers/private.conf @@ -1,8 +1,9 @@ { "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, + "cpuQuotaBackground" : 10000, "enableDbusIntegration" : true, "privilege" : 10, + "vt" : 2, "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/private.xml", "networkConfig" : "../libvirt-config/private-network.xml", diff --git a/server/container-config.hpp b/server/container-config.hpp index b506770..e0c6760 100644 --- a/server/container-config.hpp +++ b/server/container-config.hpp @@ -43,6 +43,11 @@ struct ContainerConfig { int privilege; /** + * Number of virtual terminal used by xserver inside container + */ + int vt; + + /** * Allow switching to default container after timeout. * Setting this to false will disable switching to default container after timeout. */ @@ -101,6 +106,7 @@ struct ContainerConfig { CONFIG_REGISTER ( privilege, + vt, switchToDefaultAfterTimeout, enableDbusIntegration, config, diff --git a/server/container.cpp b/server/container.cpp index 494b0ae..59328db 100644 --- a/server/container.cpp +++ b/server/container.cpp @@ -29,6 +29,7 @@ #include "logger/logger.hpp" #include "utils/paths.hpp" +#include "utils/vt.hpp" #include "config/manager.hpp" #include @@ -210,6 +211,17 @@ std::string Container::getDbusAddress() return mDbusAddress; } +bool Container::activateVT() +{ + Lock lock(mReconnectMutex); + + if (mConfig.vt >= 0) { + return utils::activateVT(mConfig.vt); + } + + return true; +} + void Container::goForeground() { Lock lock(mReconnectMutex); diff --git a/server/container.hpp b/server/container.hpp index f741464..6800f7a 100644 --- a/server/container.hpp +++ b/server/container.hpp @@ -101,6 +101,13 @@ public: void stop(); /** + * Activate this container's VT + * + * @return Was activation successful? + */ + bool activateVT(); + + /** * Setup this container to be put in the foreground. * I.e. set appropriate scheduler level. */ diff --git a/server/containers-manager.cpp b/server/containers-manager.cpp index 5dc909b..d8858ab 100644 --- a/server/containers-manager.cpp +++ b/server/containers-manager.cpp @@ -183,6 +183,11 @@ void ContainersManager::focus(const std::string& containerId) /* try to access the object first to throw immediately if it doesn't exist */ ContainerMap::mapped_type& foregroundContainer = mContainers.at(containerId); + if (!foregroundContainer->activateVT()) { + LOGE("Failed to activate containers VT. Aborting focus."); + return; + } + for (auto& container : mContainers) { LOGD(container.second->getId() << ": being sent to background"); container.second->goBackground(); @@ -240,10 +245,31 @@ std::string ContainersManager::getRunningForegroundContainerId() return std::string(); } +std::string ContainersManager::getNextToForegroundContainerId() +{ + // handles case where there is no next container + if (mContainers.size() < 2) { + return std::string(); + } + + for (auto it = mContainers.begin(); it != mContainers.end(); ++it) { + if (it->first == mConfig.foregroundId && + it->second->isRunning()) { + auto nextIt = std::next(it); + if (nextIt != mContainers.end()) { + return nextIt->first; + } + } + } + return mContainers.begin()->first; +} + void ContainersManager::switchingSequenceMonitorNotify() { LOGI("switchingSequenceMonitorNotify() called"); - // TODO: implement + + auto nextContainerId = getNextToForegroundContainerId(); + focus(nextContainerId); } diff --git a/server/containers-manager.hpp b/server/containers-manager.hpp index cd1194d..3cbf833 100644 --- a/server/containers-manager.hpp +++ b/server/containers-manager.hpp @@ -78,6 +78,12 @@ public: std::string getRunningForegroundContainerId(); /** + * @return id of next to currently focused/foreground container. If currently focused container + * is last in container map, id of fisrt container from map is returned. + */ + std::string getNextToForegroundContainerId(); + + /** * Set whether ContainersManager should detach containers on exit */ void setContainersDetachOnExit(); diff --git a/server/server.cpp b/server/server.cpp index 547d023..a9ad444 100644 --- a/server/server.cpp +++ b/server/server.cpp @@ -62,6 +62,10 @@ #error "DISK_GROUP must be defined!" #endif +#ifndef TTY_GROUP +#error "TTY_GROUP must be defined!" +#endif + extern char** environ; namespace security_containers { @@ -189,7 +193,7 @@ bool Server::prepareEnvironment(const std::string& configPath, bool runAsRoot) // INPUT_EVENT_GROUP provides access to /dev/input/event* devices used by InputMonitor. // DISK_GROUP provides access to /dev/loop* devices, needed when adding new container to copy // containers image - if (!utils::setSuppGroups({LIBVIRT_GROUP, INPUT_EVENT_GROUP, DISK_GROUP})) { + if (!utils::setSuppGroups({LIBVIRT_GROUP, INPUT_EVENT_GROUP, DISK_GROUP, TTY_GROUP})) { return false; } @@ -197,7 +201,10 @@ bool Server::prepareEnvironment(const std::string& configPath, bool runAsRoot) // NOTE: CAP_MAC_OVERRIDE is temporary and must be removed when "smack namespace" // is introduced. The capability is needed to allow modify SMACK labels of // "/var/run/containers//run" mount point. - return (runAsRoot || utils::dropRoot(uid, gid, {CAP_SYS_ADMIN, CAP_MAC_OVERRIDE})); + // CAP_SYS_TTY_CONFIG is needed to activate virtual terminals through ioctl calls + return (runAsRoot || utils::dropRoot(uid, gid, {CAP_SYS_ADMIN, + CAP_MAC_OVERRIDE, + CAP_SYS_TTY_CONFIG})); } diff --git a/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf index e16f7d6..b32dd81 100644 --- a/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf +++ b/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, "config" : "../libvirt-config/console1-dbus.xml", diff --git a/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf index 9aa8e51..3dda658 100644 --- a/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf +++ b/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : false, "enableDbusIntegration" : true, "config" : "../libvirt-config/console2-dbus.xml", diff --git a/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf index 09ef262..0128c09 100644 --- a/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf +++ b/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, "config" : "../libvirt-config/console3-dbus.xml", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in index 6a0ba2d..f9f553e 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/buggy.xml", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf index 4184401..8312204 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "/this/is/a/missing/file/path/missing.xml", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in index 995f5ff..135654c 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/test-no-shutdown.xml", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in index a1d3d53..de566ea 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/test.xml", diff --git a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf index 5992433..d0a307e 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "/missing/file/path/libvirt.xml", diff --git a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf index 6301a5a..a272aa1 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, "config" : "../libvirt-config/test-dbus.xml", diff --git a/tests/unit_tests/server/configs/ut-container/containers/test.conf b/tests/unit_tests/server/configs/ut-container/containers/test.conf index 111d9ee..bed56de 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/test.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/test.conf @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "../libvirt-config/test.xml", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf index e16f7d6..b32dd81 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, "config" : "../libvirt-config/console1-dbus.xml", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf index be47df6..884e56d 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "../libvirt-config/console1.xml", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf index 9aa8e51..3dda658 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : false, "enableDbusIntegration" : true, "config" : "../libvirt-config/console2-dbus.xml", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf index 4c88170..9928914 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "../libvirt-config/console2.xml", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf index 09ef262..0128c09 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, "config" : "../libvirt-config/console3-dbus.xml", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf index d6bc429..8a31b50 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf @@ -1,5 +1,6 @@ { "privilege" : 15, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "../libvirt-config/console3.xml", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf index 40dcacc..aeed716 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "config" : "../libvirt-config/~NAME~.xml", "networkConfig" : "../libvirt-config/~NAME~-network.xml", diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in index 414b920..695ed15 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "", diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf index 13ccc44..76492bb 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "", diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in index be65ee2..990da9a 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "", diff --git a/tests/unit_tests/server/configs/ut-server/containers/container1.conf b/tests/unit_tests/server/configs/ut-server/containers/container1.conf index 21fb52a..984e973 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container1.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container1.conf @@ -1,5 +1,6 @@ { "privilege" : 20, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "../libvirt-config/container1.xml", diff --git a/tests/unit_tests/server/configs/ut-server/containers/container2.conf b/tests/unit_tests/server/configs/ut-server/containers/container2.conf index 6302a39..d340530 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container2.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container2.conf @@ -1,5 +1,6 @@ { "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "../libvirt-config/container2.xml", diff --git a/tests/unit_tests/server/configs/ut-server/containers/container3.conf b/tests/unit_tests/server/configs/ut-server/containers/container3.conf index b445156..a9d9e97 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container3.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container3.conf @@ -1,5 +1,6 @@ { "privilege" : 15, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, "config" : "../libvirt-config/container3.xml", -- 2.7.4 From 634bae3b8623ea01c1204613d69122e280cf08e5 Mon Sep 17 00:00:00 2001 From: Jan Olszak Date: Fri, 3 Oct 2014 18:20:30 +0200 Subject: [PATCH 06/16] Tests of the serialization functions from libConfig [Bug/Feature] N/A [Cause] N/A [Solution] N/A [Verification] Build, install, run tests Change-Id: Ifa9e3397f4405cf4d9d1bcca2c891eb789cdf2ae --- tests/unit_tests/config/ut-configuration.cpp | 26 ++++++++++++++++++++++++++ tests/unit_tests/config/ut-kvstore.cpp | 1 + 2 files changed, 27 insertions(+) diff --git a/tests/unit_tests/config/ut-configuration.cpp b/tests/unit_tests/config/ut-configuration.cpp index b205339..1d72bd8 100644 --- a/tests/unit_tests/config/ut-configuration.cpp +++ b/tests/unit_tests/config/ut-configuration.cpp @@ -27,6 +27,9 @@ #include "ut.hpp" #include "config/fields.hpp" #include "config/manager.hpp" +#include +#include +#include #include namespace fs = boost::filesystem; @@ -316,6 +319,29 @@ BOOST_AUTO_TEST_CASE(FromToKVStoreTest) BOOST_CHECK_EQUAL(out, jsonTestString); fs::remove(dbPath); + fs::remove(dbPath + "-journal"); +} + +BOOST_AUTO_TEST_CASE(FromToFDTest) +{ + TestConfig config; + loadFromString(jsonTestString, config); + // Setup fd + std::string fifoPath = fs::unique_path("/tmp/fdstore-%%%%").string(); + BOOST_CHECK(::mkfifo(fifoPath.c_str(), S_IWUSR | S_IRUSR) >= 0); + int fd = ::open(fifoPath.c_str(), O_RDWR); + BOOST_REQUIRE(fd >= 0); + + // The test + saveToFD(fd, config); + TestConfig outConfig; + loadFromFD(fd, outConfig); + std::string out = saveToString(outConfig); + BOOST_CHECK_EQUAL(out, jsonTestString); + + // Cleanup + BOOST_CHECK(::close(fd) >= 0); + fs::remove(fifoPath); } BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/config/ut-kvstore.cpp b/tests/unit_tests/config/ut-kvstore.cpp index 2c9a998..ba95452 100644 --- a/tests/unit_tests/config/ut-kvstore.cpp +++ b/tests/unit_tests/config/ut-kvstore.cpp @@ -50,6 +50,7 @@ struct Fixture { ~Fixture() { fs::remove(dbPath); + fs::remove(dbPath + "-journal"); } }; -- 2.7.4 From 7ce7abac455827aef85ae5a8f369c25ba5331d4f Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Mon, 13 Oct 2014 14:02:40 +0200 Subject: [PATCH 07/16] Allow SCS to launch without any container [Bug] SCS segfaulted when launching without any containers provided in config. [Cause] Some functions assumed that certain config fields should never be empty [Solution] Additional checks to avoid segfault. [Verification] Build, install, run tests, launch SCS without any predefined containers. Try to switch between containers when less than two containers are present. Change-Id: I58a69d55807f686fb168057dfb1b447707351a46 --- server/containers-manager.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/server/containers-manager.cpp b/server/containers-manager.cpp index d8858ab..c9c7ff8 100644 --- a/server/containers-manager.cpp +++ b/server/containers-manager.cpp @@ -112,7 +112,7 @@ ContainersManager::ContainersManager(const std::string& managerConfigPath): mDet } // check if default container exists, throw ContainerOperationException if not found - if (mContainers.find(mConfig.defaultId) == mContainers.end()) { + if (!mConfig.defaultId.empty() && mContainers.find(mConfig.defaultId) == mContainers.end()) { LOGE("Provided default container ID " << mConfig.defaultId << " is invalid."); throw ContainerOperationException("Provided default container ID " + mConfig.defaultId + " is invalid."); @@ -219,9 +219,11 @@ void ContainersManager::startAll() return c1.second->getPrivilege() < c2.second->getPrivilege(); }); - mConfig.foregroundId = foregroundIterator->second->getId(); - LOGI(mConfig.foregroundId << ": no foreground container configured, setting one with highest priority"); - foregroundIterator->second->goForeground(); + if (foregroundIterator != mContainers.end()) { + mConfig.foregroundId = foregroundIterator->second->getId(); + LOGI(mConfig.foregroundId << ": no foreground container configured, setting one with highest priority"); + foregroundIterator->second->goForeground(); + } } } @@ -269,7 +271,10 @@ void ContainersManager::switchingSequenceMonitorNotify() LOGI("switchingSequenceMonitorNotify() called"); auto nextContainerId = getNextToForegroundContainerId(); - focus(nextContainerId); + + if (!nextContainerId.empty()) { + focus(nextContainerId); + } } -- 2.7.4 From b87e6f2d5cce61d806fc6f120b5d50e2f2fa3940 Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Wed, 15 Oct 2014 10:13:15 +0200 Subject: [PATCH 08/16] Update missing vt field in container template [Bug] Field 'vt' was missing in template used to add new containers. [Cause] N/A [Solution] N/A [Verification] Build, install, run freshly added container. SCS should not return "missing config field 'vt'" error. Change-Id: Iec9633d3e8a0e727f854a166d6ab7cfc65ccdf5b --- server/configs/templates/template.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/server/configs/templates/template.conf b/server/configs/templates/template.conf index 17480a0..b054fb1 100644 --- a/server/configs/templates/template.conf +++ b/server/configs/templates/template.conf @@ -2,6 +2,7 @@ "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "privilege" : 10, + "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, "config" : "../libvirt-config/~NAME~.xml", -- 2.7.4 From f3330a0e728c9421629d082121f3e3123550e2a9 Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Mon, 13 Oct 2014 14:49:29 +0200 Subject: [PATCH 09/16] Adjust configuration files for Tizen:Common profile [Feature] Configuration files modified for Tizen:Common profile. [Cause] Tizen:Common devices use different configuration than M0 devices. [Solution] Change configuration files. [Verification] Build, install on Tizen:Common device, run tests. Change-Id: Ib1db585f99ba4e8feecd1defa76de277e3fead0b --- packaging/security-containers.spec | 2 +- server/configs/daemon.conf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packaging/security-containers.spec b/packaging/security-containers.spec index fc1c806..3905904 100644 --- a/packaging/security-containers.spec +++ b/packaging/security-containers.spec @@ -4,7 +4,7 @@ %define libvirt_group libvirt # The group that has read and write access to /dev/input/event* devices. # It may vary between platforms. -%define input_event_group video +%define input_event_group input # The group has access to /dev/loop* devices. %define disk_group disk # The group that has write access to /dev/tty* devices. diff --git a/server/configs/daemon.conf b/server/configs/daemon.conf index db85284..dbfac95 100644 --- a/server/configs/daemon.conf +++ b/server/configs/daemon.conf @@ -8,9 +8,9 @@ "foregroundId" : "private", "defaultId" : "private", "inputConfig" : {"enabled" : true, - "device" : "gpio-keys", + "device" : "gpio_keys.6", "code" : 139, - "numberOfEvents" : 3, + "numberOfEvents" : 1, "timeWindowMs" : 500}, "proxyCallRules" : [] } -- 2.7.4 From e243eeb1fb3358b321dce9903865257ddaed8e23 Mon Sep 17 00:00:00 2001 From: Mateusz Malicki Date: Thu, 9 Oct 2014 19:10:11 +0200 Subject: [PATCH 10/16] Command line interface to SCS [Feature] Command line interface to SCS [Cause] Need to manage SCS from shell [Solution] Binary that use libsecurity-containers [Verification] Build, install, execute security-containers-cli (switch container), check SCS logs. Change-Id: Ia6cc1cc00295e19befd2e0987900b69e2d4e7bd3 --- CMakeLists.txt | 2 + cli/CMakeLists.txt | 37 ++++++++++++ cli/command-line-interface.cpp | 115 +++++++++++++++++++++++++++++++++++++ cli/command-line-interface.hpp | 109 +++++++++++++++++++++++++++++++++++ cli/main.cpp | 74 ++++++++++++++++++++++++ doc/doxygen.cfg | 2 +- packaging/security-containers.spec | 14 +++++ 7 files changed, 352 insertions(+), 1 deletion(-) create mode 100644 cli/CMakeLists.txt create mode 100644 cli/command-line-interface.cpp create mode 100644 cli/command-line-interface.hpp create mode 100644 cli/main.cpp diff --git a/CMakeLists.txt b/CMakeLists.txt index c8e74c6..f824f8f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -99,6 +99,7 @@ SET(CONTAINER_SUPPORT_FOLDER ${PROJECT_SOURCE_DIR}/container-support) SET(CONTAINER_DAEMON_FOLDER ${PROJECT_SOURCE_DIR}/container-daemon) SET(TESTS_FOLDER ${PROJECT_SOURCE_DIR}/tests) SET(UNIT_TESTS_FOLDER ${TESTS_FOLDER}/unit_tests) +SET(CLI_FOLDER ${PROJECT_SOURCE_DIR}/cli) IF(NOT DEFINED SYSCONF_INSTALL_DIR) SET(SYSCONF_INSTALL_DIR "/etc") @@ -132,4 +133,5 @@ ADD_SUBDIRECTORY(${SERVER_FOLDER}) ADD_SUBDIRECTORY(${CONTAINER_SUPPORT_FOLDER}) ADD_SUBDIRECTORY(${CONTAINER_DAEMON_FOLDER}) ADD_SUBDIRECTORY(${TESTS_FOLDER}) +ADD_SUBDIRECTORY(${CLI_FOLDER}) diff --git a/cli/CMakeLists.txt b/cli/CMakeLists.txt new file mode 100644 index 0000000..076dd94 --- /dev/null +++ b/cli/CMakeLists.txt @@ -0,0 +1,37 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# @file CMakeLists.txt +# @author Mateusz Malicki (m.malicki2@samsung.com) +# + +MESSAGE(STATUS "Generating makefile for the command line interface...") +FILE(GLOB cli_SRCS *.cpp *.hpp) + +## Setup target ################################################################ +SET(CLI_CODENAME "${PROJECT_NAME}-cli") +ADD_EXECUTABLE(${CLI_CODENAME} ${cli_SRCS}) + + +## Link libraries ############################################################## +PKG_CHECK_MODULES(LIB_DEPS REQUIRED security-containers) + +INCLUDE_DIRECTORIES(${CLIENT_FOLDER}) +INCLUDE_DIRECTORIES(${COMMON_FOLDER}) +TARGET_LINK_LIBRARIES(${CLI_CODENAME} ${LIB_DEPS_LIBRARIES} ${PROJECT_NAME}) + + +## Install ##################################################################### +INSTALL(TARGETS ${CLI_CODENAME} DESTINATION bin) diff --git a/cli/command-line-interface.cpp b/cli/command-line-interface.cpp new file mode 100644 index 0000000..02c867f --- /dev/null +++ b/cli/command-line-interface.cpp @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Mateusz Malicki + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Mateusz Malicki (m.malicki2@samsung.com) + * @brief Definition of CommandLineInterface class + */ + +#include "config.hpp" +#include "command-line-interface.hpp" +#include + +#include +#include +#include +#include + +using namespace std; + +namespace security_containers { +namespace cli { + +namespace { + +/** + * Invoke specific function on ScClient + * + * @param fun Function to be called. It must not throw any exception. + */ +void one_shot(const function& fun) +{ + string msg; + ScStatus status; + ScClient client; + + status = sc_start_glib_loop(); + if (SCCLIENT_SUCCESS != status) { + throw runtime_error("Can't start glib loop"); + } + + client = sc_client_create(); + if (NULL == client) { + msg = "Can't create client"; + goto finish; + } + + status = sc_connect(client); + if (SCCLIENT_SUCCESS != status) { + msg = sc_get_status_message(client); + goto finish; + } + + status = fun(client); + if (SCCLIENT_SUCCESS != status) { + msg = sc_get_status_message(client); + goto finish; + } + +finish: + sc_client_free(client); + sc_stop_glib_loop(); + if (! msg.empty()) { + throw runtime_error(msg); + } +} + +} // namespace + +void CommandLineInterface::printUsage(std::ostream& out) const +{ + out << mUsage << "\n\n" + << "\tDescription\n" + << "\t\t" << mUsageInfo << "\n\n" + << "\tOptions\n"; + for (const auto& args : mArgsSpec) { + out << "\t\t" << args.first << " -- " << args.second << "\n"; + } + out << "\n"; +} + +void CommandLineInterface::execute(int pos, int argc, const char** argv) +{ + mExecutorCallback(pos, argc, argv); +} + + +void set_active_container(int pos, int argc, const char** argv) +{ + using namespace std::placeholders; + + if (argc <= pos + 1) { + throw runtime_error("Not enough parameters"); + } + + one_shot(bind(sc_set_active_container, _1, argv[pos + 1])); +} + +} // namespace cli +} // namespace security_containers diff --git a/cli/command-line-interface.hpp b/cli/command-line-interface.hpp new file mode 100644 index 0000000..c193068 --- /dev/null +++ b/cli/command-line-interface.hpp @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Mateusz Malicki + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Mateusz Malicki (m.malicki2@samsung.com) + * @brief Declaration of CommandLineInterface class + */ +#ifndef CLI_COMMAND_LINE_INTERFACE_HPP +#define CLI_COMMAND_LINE_INTERFACE_HPP + +#include +#include +#include +#include + +namespace security_containers { +namespace cli { + +/** + * Class that implements command pattern. + */ +class CommandLineInterface { + +public: + /** + * @see CommandLineInterface::execute + */ + typedef std::function ExecutorCallback; + + /** + * @see CommandLineInterface::CommandLineInterface + */ + typedef std::map ArgsSpec; + + /** + * Dummy constructor (for stl usage) + */ + CommandLineInterface() {} + + /** + * Construct command + * + * @param executorCallback Callback function that will do the job + * @param usage Description of use + * @param usageInfo Description of the command + * @param argsSpec Description of arguments + */ + CommandLineInterface(const ExecutorCallback& executorCallback, + const std::string& usage, + const std::string& usageInfo, + const ArgsSpec& argsSpec) + : mExecutorCallback(executorCallback), + mUsage(usage), + mUsageInfo(usageInfo), + mArgsSpec(argsSpec) {} + + /** + * Print usage to stream + * + * @param out Output stream + */ + void printUsage(std::ostream& out) const; + + /** + * Do the work + * + * It calls the callback passed in constructor + * + * @param pos Points to element in argv where command was recognized (i.e. command name) + * @param argc Number of elements in argv + * @param argv Command line arguments + */ + void execute(int pos, int argc, const char** argv); + + +private: + const ExecutorCallback mExecutorCallback; + const std::string mUsage; + const std::string mUsageInfo; + const ArgsSpec mArgsSpec; +}; + +/** + * Parses command line arguments and call sc_set_active_container + * + * @see sc_set_active_container + */ +void set_active_container(int pos, int argc, const char** argv); + +} // namespace cli +} // namespace security_containers + +#endif /* CLI_COMMAND_LINE_INTERFACE_HPP */ diff --git a/cli/main.cpp b/cli/main.cpp new file mode 100644 index 0000000..e74f620 --- /dev/null +++ b/cli/main.cpp @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Mateusz Malicki + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Mateusz Malicki (m.malicki2@samsung.com) + * @brief Declaration of CommandLineInterface class + */ + +#include "command-line-interface.hpp" + +#include +#include +#include +#include +#include + +using namespace security_containers::cli; + +std::map commands = { + {"set_active_container", { + set_active_container, + "set_active_container container_id", + "Set active (foreground) container", + {{"container_id", "id container name"}}} + } +}; + +void printUsage(std::ostream& out, const std::string& name) +{ + out << "Usage: " << name << " [command [args]]\n\n" + << "command can be one of the following:\n"; + + for (const auto& command : commands) { + command.second.printUsage(out); + } +} + +int main(const int argc, const char** argv) +{ + if (argc < 2) { + printUsage(std::cout, argv[0]); + return EXIT_FAILURE; + } + if (commands.count(argv[1]) == 0) { + printUsage(std::cout, argv[0]); + return EXIT_FAILURE; + } + + CommandLineInterface& command = commands[argv[1]]; + try { + command.execute(1, argc, argv); + } catch (const std::runtime_error& ex) { + std::cerr << ex.what() << std::endl; + return EXIT_FAILURE; + } + return EXIT_SUCCESS; +} + diff --git a/doc/doxygen.cfg b/doc/doxygen.cfg index 7e304e5..e997623 100644 --- a/doc/doxygen.cfg +++ b/doc/doxygen.cfg @@ -647,7 +647,7 @@ WARN_LOGFILE = # directories like "/usr/src/myproject". Separate the files or directories # with spaces. -INPUT = ../common ../client ../server +INPUT = ../common ../client ../server ../cli # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is diff --git a/packaging/security-containers.spec b/packaging/security-containers.spec index 3905904..137f02b 100644 --- a/packaging/security-containers.spec +++ b/packaging/security-containers.spec @@ -186,6 +186,20 @@ Daemon running inside every container. /etc/dbus-1/system.d/org.tizen.containers.domain.daemon.conf +## Command Line Interface ###################################################### +%package cli +Summary: Security Containers Command Line Interface +Group: Security/Other +Requires: security-containers-client = %{version}-%{release} + +%description cli +Command Line Interface for security-containers. + +%files cli +%defattr(644,root,root,755) +%attr(755,root,root) %{_bindir}/security-containers-cli + + ## Test Package ################################################################ %package tests Summary: Security Containers Tests -- 2.7.4 From 353b978f2e09afa5a63dd31391049ea776df9b6f Mon Sep 17 00:00:00 2001 From: Piotr Bartosiewicz Date: Wed, 8 Oct 2014 09:55:48 +0200 Subject: [PATCH 11/16] Remove libvirt code (prepare to replace with lxc) Note configs are not removed yet [Bug/Feature] N/A [Cause] N/A [Solution] N/A [Verification] N/A Change-Id: Ibf61dfb56d6d6a413c4161d9dae69bd1e9de97a5 --- common/libvirt/connection.cpp | 70 --- common/libvirt/connection.hpp | 66 --- common/libvirt/domain.cpp | 72 --- common/libvirt/domain.hpp | 66 --- common/libvirt/exception.hpp | 47 -- common/libvirt/helpers.cpp | 217 --------- common/libvirt/helpers.hpp | 60 --- common/libvirt/network-filter.cpp | 81 ---- common/libvirt/network-filter.hpp | 67 --- common/libvirt/network.cpp | 73 --- common/libvirt/network.hpp | 62 --- server/CMakeLists.txt | 2 +- server/container-admin.cpp | 590 +++++++++++++------------ server/container-admin.hpp | 29 +- server/containers-manager.hpp | 1 - server/network-admin.cpp | 115 ++--- server/network-admin.hpp | 8 +- tests/unit_tests/CMakeLists.txt | 2 +- tests/unit_tests/libvirt/connection.cpp | 69 --- tests/unit_tests/libvirt/domain.cpp | 83 ---- tests/unit_tests/libvirt/network.cpp | 110 ----- tests/unit_tests/server/ut-container-admin.cpp | 542 +++++++++++------------ tests/unit_tests/server/ut-network-admin.cpp | 14 +- 23 files changed, 654 insertions(+), 1792 deletions(-) delete mode 100644 common/libvirt/connection.cpp delete mode 100644 common/libvirt/connection.hpp delete mode 100644 common/libvirt/domain.cpp delete mode 100644 common/libvirt/domain.hpp delete mode 100644 common/libvirt/exception.hpp delete mode 100644 common/libvirt/helpers.cpp delete mode 100644 common/libvirt/helpers.hpp delete mode 100644 common/libvirt/network-filter.cpp delete mode 100644 common/libvirt/network-filter.hpp delete mode 100644 common/libvirt/network.cpp delete mode 100644 common/libvirt/network.hpp delete mode 100644 tests/unit_tests/libvirt/connection.cpp delete mode 100644 tests/unit_tests/libvirt/domain.cpp delete mode 100644 tests/unit_tests/libvirt/network.cpp diff --git a/common/libvirt/connection.cpp b/common/libvirt/connection.cpp deleted file mode 100644 index 2fdaaa9..0000000 --- a/common/libvirt/connection.cpp +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief Implementation of the class wrapping connection to libvirtd - */ - -#include "config.hpp" -#include "logger/logger.hpp" -#include "libvirt/helpers.hpp" -#include "libvirt/connection.hpp" -#include "libvirt/exception.hpp" - - -namespace security_containers { -namespace libvirt { - - -LibvirtConnection::LibvirtConnection(const std::string& uri) - : mCon(nullptr) -{ - libvirtInitialize(); - - mCon = virConnectOpen(uri.c_str()); - - if (mCon == nullptr) { - LOGE("Failed to open a connection to the libvirtd:\n" - << libvirtFormatError()); - throw LibvirtOperationException(); - } -} - -LibvirtConnection::~LibvirtConnection() -{ - if (virConnectClose(mCon) < 0) { - LOGE("Error while disconnecting from the libvirtd:\n" - << libvirtFormatError()); - }; -} - -virConnectPtr LibvirtConnection::get() -{ - return mCon; -} - -LibvirtConnection::operator bool() const -{ - return mCon != nullptr; -} - - -} // namespace libvirt -} // namespace security_containers diff --git a/common/libvirt/connection.hpp b/common/libvirt/connection.hpp deleted file mode 100644 index 5a06d30..0000000 --- a/common/libvirt/connection.hpp +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief Declaration of the class wrapping connection to libvirtd - */ - -#ifndef COMMON_LIBVIRT_CONNECTION_HPP -#define COMMON_LIBVIRT_CONNECTION_HPP - -#include -#include - - -namespace security_containers { -namespace libvirt { - - -const std::string LIBVIRT_LXC_ADDRESS = "lxc://"; - -/** - * A class wrapping connection to libvirtd - */ -class LibvirtConnection { - -public: - LibvirtConnection(const std::string& uri); - ~LibvirtConnection(); - - /** - * @return The libvirt connection pointer - */ - virConnectPtr get(); - - /** - * @return connection pointer is not NULL - */ - operator bool() const; - -private: - virConnectPtr mCon; -}; - - -} // namespace libvirt -} // namespace security_containers - - -#endif // COMMON_LIBVIRT_CONNECTION_HPP diff --git a/common/libvirt/domain.cpp b/common/libvirt/domain.cpp deleted file mode 100644 index d9e4217..0000000 --- a/common/libvirt/domain.cpp +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief Implementation of the class wrapping libvirt domain - */ - -#include "config.hpp" -#include "logger/logger.hpp" -#include "libvirt/domain.hpp" -#include "libvirt/helpers.hpp" -#include "libvirt/exception.hpp" - - -namespace security_containers { -namespace libvirt { - - -LibvirtDomain::LibvirtDomain(const std::string& configXML) - : mCon(LIBVIRT_LXC_ADDRESS), mDom(nullptr) -{ - mDom = virDomainDefineXML(mCon.get(), configXML.c_str()); - - if (mDom == nullptr) { - LOGE("Error while defining a domain:\n" - << libvirtFormatError()); - throw LibvirtOperationException(); - } -} - -LibvirtDomain::~LibvirtDomain() -{ - if (virDomainUndefine(mDom) < 0) { - LOGE("Error while undefining the domain:\n" - << libvirtFormatError()); - } - - if (virDomainFree(mDom) < 0) { - LOGE("Error while destroying the domain object:\n" - << libvirtFormatError()); - } -} - -virDomainPtr LibvirtDomain::get() -{ - return mDom; -} - -LibvirtDomain::operator bool() const -{ - return mDom != nullptr; -} - -} // namespace libvirt -} // namespace security_containers diff --git a/common/libvirt/domain.hpp b/common/libvirt/domain.hpp deleted file mode 100644 index 6da6d48..0000000 --- a/common/libvirt/domain.hpp +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief Declaration of the class wrapping libvirt domain - */ - -#ifndef COMMON_LIBVIRT_DOMAIN_HPP -#define COMMON_LIBVIRT_DOMAIN_HPP - -#include "libvirt/connection.hpp" - -#include - - -namespace security_containers { -namespace libvirt { - - -/** - * A class wrapping libvirtd domain - */ -class LibvirtDomain { - -public: - LibvirtDomain(const std::string& configXML); - ~LibvirtDomain(); - - /** - * @return The libvirt domain pointer - */ - virDomainPtr get(); - - /** - * @return libvirt domain pointer is not NULL - */ - operator bool() const; - -private: - LibvirtConnection mCon; - virDomainPtr mDom; -}; - - -} // namespace libvirt -} // namespace security_containers - - -#endif // COMMON_LIBVIRT_DOMAIN_HPP diff --git a/common/libvirt/exception.hpp b/common/libvirt/exception.hpp deleted file mode 100644 index f207b56..0000000 --- a/common/libvirt/exception.hpp +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief Exceptions for the server - */ - - -#ifndef COMMON_LIBVIRT_EXCEPTION_HPP -#define COMMON_LIBVIRT_EXCEPTION_HPP - -#include "base-exception.hpp" - - -namespace security_containers { - - -/** - * Base class for exceptions in libvirt - */ -struct LibvirtOperationException: public SecurityContainersException { - - LibvirtOperationException(const std::string& error = "") : SecurityContainersException(error) {} -}; - - -} - - -#endif // COMMON_LIBVIRT_EXCEPTION_HPP diff --git a/common/libvirt/helpers.cpp b/common/libvirt/helpers.cpp deleted file mode 100644 index 8b096bb..0000000 --- a/common/libvirt/helpers.cpp +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief A function helpers for the libvirt library - */ - -#include "config.hpp" -#include "libvirt/helpers.hpp" -#include "logger/logger.hpp" - -#include -#include -#include - - -namespace security_containers { -namespace libvirt { - - -namespace { - -std::once_flag gInitFlag; - -/** - * This function intentionally is not displaying any errors, - * we log them ourselves elsewhere. - * It is however displaying warnings for the time being so we can - * learn whether such situations occur. - */ -void libvirtErrorFunction(void* /*userData*/, virErrorPtr error) -{ - if (error->level == VIR_ERR_WARNING) { - LOGW("LIBVIRT reported a warning: \n" << error->message); - } -} - -} // namespace - -void libvirtInitialize(void) -{ - std::call_once(gInitFlag, []() { - virInitialize(); - virSetErrorFunc(NULL, &libvirtErrorFunction); - gvir_event_register(); - }); -} - - -std::string libvirtFormatError(void) -{ - virErrorPtr error = virGetLastError(); - - if (error == NULL) { - return std::string(); - } - - return "Libvirt error: " + std::string(error->message); -} - -std::string libvirtEventToString(const int eventId) -{ - switch(eventId) { - case VIR_DOMAIN_EVENT_DEFINED: - return "Defined"; - case VIR_DOMAIN_EVENT_UNDEFINED: - return "Undefined"; - case VIR_DOMAIN_EVENT_STARTED: - return "Started"; - case VIR_DOMAIN_EVENT_SUSPENDED: - return "Suspended"; - case VIR_DOMAIN_EVENT_RESUMED: - return "Resumed"; - case VIR_DOMAIN_EVENT_STOPPED: - return "Stopped"; - case VIR_DOMAIN_EVENT_SHUTDOWN: - return "Shutdown"; - case VIR_DOMAIN_EVENT_PMSUSPENDED: - return "PM Suspended"; - case VIR_DOMAIN_EVENT_CRASHED: - return "Crashed"; - default: - return "Unknown EventId"; - } -} - -std::string libvirtEventDetailToString(const int eventId, const int detailId) -{ - switch (eventId) { - case VIR_DOMAIN_EVENT_DEFINED: - switch (detailId) { - case VIR_DOMAIN_EVENT_DEFINED_ADDED: - return "Added"; - case VIR_DOMAIN_EVENT_DEFINED_UPDATED: - return "Updated"; - default: - return "Unknown detail"; - } - case VIR_DOMAIN_EVENT_UNDEFINED: - switch (detailId) { - case VIR_DOMAIN_EVENT_UNDEFINED_REMOVED: - return "Removed"; - default: - return "Unknown detail"; - } - case VIR_DOMAIN_EVENT_STARTED: - switch (detailId) { - case VIR_DOMAIN_EVENT_STARTED_BOOTED: - return "Booted"; - case VIR_DOMAIN_EVENT_STARTED_MIGRATED: - return "Migrated"; - case VIR_DOMAIN_EVENT_STARTED_RESTORED: - return "Restored"; - case VIR_DOMAIN_EVENT_STARTED_FROM_SNAPSHOT: - return "From Snapshot"; - case VIR_DOMAIN_EVENT_STARTED_WAKEUP: - return "Wakeup"; - default: - return "Unknown detail"; - } - case VIR_DOMAIN_EVENT_SUSPENDED: - switch (detailId) { - case VIR_DOMAIN_EVENT_SUSPENDED_PAUSED: - return "Paused"; - case VIR_DOMAIN_EVENT_SUSPENDED_MIGRATED: - return "Migrated"; - case VIR_DOMAIN_EVENT_SUSPENDED_IOERROR: - return "IO Error"; - case VIR_DOMAIN_EVENT_SUSPENDED_WATCHDOG: - return "Watchdog"; - case VIR_DOMAIN_EVENT_SUSPENDED_RESTORED: - return "Restored"; - case VIR_DOMAIN_EVENT_SUSPENDED_FROM_SNAPSHOT: - return "From Snapshot"; - case VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR: - return "API Error"; - default: - return "Unknown detail"; - } - case VIR_DOMAIN_EVENT_RESUMED: - switch (detailId) { - case VIR_DOMAIN_EVENT_RESUMED_UNPAUSED: - return "Unpaused"; - case VIR_DOMAIN_EVENT_RESUMED_MIGRATED: - return "Migrated"; - case VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT: - return "From Snapshot"; - default: - return "Unknown detail"; - } - case VIR_DOMAIN_EVENT_STOPPED: - switch (detailId) { - case VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN: - return "Shutdown"; - case VIR_DOMAIN_EVENT_STOPPED_DESTROYED: - return "Destroyed"; - case VIR_DOMAIN_EVENT_STOPPED_CRASHED: - return "Crashed"; - case VIR_DOMAIN_EVENT_STOPPED_MIGRATED: - return "Migrated"; - case VIR_DOMAIN_EVENT_STOPPED_SAVED: - return "Failed"; - case VIR_DOMAIN_EVENT_STOPPED_FAILED: - return "Failed"; - case VIR_DOMAIN_EVENT_STOPPED_FROM_SNAPSHOT: - return "From Snapshot"; - default: - return "Unknown detail"; - } - case VIR_DOMAIN_EVENT_SHUTDOWN: - switch (detailId) { - case VIR_DOMAIN_EVENT_SHUTDOWN_FINISHED: - return "Finished"; - default: - return "Unknown detail"; - } - case VIR_DOMAIN_EVENT_PMSUSPENDED: - switch (detailId) { - case VIR_DOMAIN_EVENT_PMSUSPENDED_MEMORY: - return "Memory"; - case VIR_DOMAIN_EVENT_PMSUSPENDED_DISK: - return "Disk"; - default: - return "Unknown detail"; - } - case VIR_DOMAIN_EVENT_CRASHED: - switch (detailId) { - case VIR_DOMAIN_EVENT_CRASHED_PANICKED: - return "Panicked"; - default: - return "Unknown detail"; - } - default: - return "Unknown event"; - } -} - - -} // namespace libvirt -} // namespace security_containers diff --git a/common/libvirt/helpers.hpp b/common/libvirt/helpers.hpp deleted file mode 100644 index b68dd6e..0000000 --- a/common/libvirt/helpers.hpp +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief A function helpers for the libvirt library - */ - -#ifndef COMMON_LIBVIRT_HELPERS_HPP -#define COMMON_LIBVIRT_HELPERS_HPP - -#include - - -namespace security_containers { -namespace libvirt { - - -/** - * Initialize libvirt library in a thread safety manner - */ -void libvirtInitialize(void); - -/** - * Formats libvirt's last error. - */ -std::string libvirtFormatError(void); - -/** - * Converts an event ID to an event name. - */ -std::string libvirtEventToString(const int event); - -/** - * Converts an event's detail ID to an event's detail name. - */ -std::string libvirtEventDetailToString(const int event, const int detail); - - -} // namespace libvirt -} // namespace security_containers - - -#endif // COMMON_LIBVIRT_HELPERS_HPP diff --git a/common/libvirt/network-filter.cpp b/common/libvirt/network-filter.cpp deleted file mode 100644 index 94fd96d..0000000 --- a/common/libvirt/network-filter.cpp +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Jan Olszak - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Jan Olszak (j.olszak@samsung.com) - * @brief Implementation of the class wrapping libvirt network - */ - -#include "config.hpp" - -#include "logger/logger.hpp" -#include "libvirt/network-filter.hpp" -#include "libvirt/helpers.hpp" -#include "libvirt/exception.hpp" - - -namespace security_containers { -namespace libvirt { - -LibvirtNWFilter::LibvirtNWFilter(const std::string& configXML) - : mCon(LIBVIRT_LXC_ADDRESS), mNetFilter(nullptr), - mDetachOnExit(false) -{ - mNetFilter = virNWFilterDefineXML(mCon.get(), configXML.c_str()); - - if (mNetFilter == nullptr) { - LOGE("Error while definig a network filter:\n" - << libvirtFormatError()); - throw LibvirtOperationException(); - } -} - -LibvirtNWFilter::~LibvirtNWFilter() -{ - if (!mDetachOnExit) - { - if (virNWFilterUndefine(mNetFilter) < 0) { - LOGE("Error while undefining the network filter:\n" - << libvirtFormatError()); - } - } - - if (virNWFilterFree(mNetFilter) < 0) { - LOGE("Error while destroying the network filter object:\n" - << libvirtFormatError()); - } -} - -void LibvirtNWFilter::setDetachOnExit() -{ - mDetachOnExit = true; -} - -virNWFilterPtr LibvirtNWFilter::get() -{ - return mNetFilter; -} - -LibvirtNWFilter::operator bool() const -{ - return mNetFilter != nullptr; -} - -} // namespace libvirt -} // namespace security_containers diff --git a/common/libvirt/network-filter.hpp b/common/libvirt/network-filter.hpp deleted file mode 100644 index ad6d8c4..0000000 --- a/common/libvirt/network-filter.hpp +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Jan Olszak - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Jan Olszak (j.olszak@samsung.com) - * @brief Declaration of the class wrapping libvirt network - */ - -#ifndef COMMON_LIBVIRT_NETWORK_FILTER_HPP -#define COMMON_LIBVIRT_NETWORK_FILTER_HPP - -#include "libvirt/connection.hpp" - -#include - - -namespace security_containers { -namespace libvirt { - -class LibvirtNWFilter { - -public: - LibvirtNWFilter(const std::string& configXML); - ~LibvirtNWFilter(); - - /** - * @return The libvirt network pointer - */ - virNWFilterPtr get(); - - /** - * @return libvirt network pointer is not NULL - */ - operator bool() const; - - /** - * Set whether container should be detached on exit. - */ - void setDetachOnExit(); - -private: - LibvirtConnection mCon; - virNWFilterPtr mNetFilter; - bool mDetachOnExit; -}; - -} // namespace libvirt -} // namespace security_containers - - -#endif // COMMON_LIBVIRT_NETWORK_FILTER_HPP diff --git a/common/libvirt/network.cpp b/common/libvirt/network.cpp deleted file mode 100644 index 486ae63..0000000 --- a/common/libvirt/network.cpp +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Jan Olszak - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Jan Olszak (j.olszak@samsung.com) - * @brief Implementation of the class wrapping libvirt network - */ - -#include "config.hpp" - -#include "logger/logger.hpp" -#include "libvirt/network.hpp" -#include "libvirt/helpers.hpp" -#include "libvirt/exception.hpp" - - -namespace security_containers { -namespace libvirt { - - -LibvirtNetwork::LibvirtNetwork(const std::string& configXML) - : mCon(LIBVIRT_LXC_ADDRESS), mNet(nullptr) -{ - mNet = virNetworkDefineXML(mCon.get(), configXML.c_str()); - - if (mNet == nullptr) { - LOGE("Error while defining a network:\n" - << libvirtFormatError()); - throw LibvirtOperationException(); - } -} - -LibvirtNetwork::~LibvirtNetwork() -{ - if (virNetworkUndefine(mNet) < 0) { - LOGE("Error while undefining the network:\n" - << libvirtFormatError()); - } - - if (virNetworkFree(mNet) < 0) { - LOGE("Error while destroying the network object:\n" - << libvirtFormatError()); - } -} - -virNetworkPtr LibvirtNetwork::get() -{ - return mNet; -} - -LibvirtNetwork::operator bool() const -{ - return mNet != nullptr; -} - -} // namespace libvirt -} // namespace security_containers diff --git a/common/libvirt/network.hpp b/common/libvirt/network.hpp deleted file mode 100644 index 26e3b0a..0000000 --- a/common/libvirt/network.hpp +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Jan Olszak - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -/** - * @file - * @author Jan Olszak (j.olszak@samsung.com) - * @brief Declaration of the class wrapping libvirt network - */ - -#ifndef COMMON_LIBVIRT_NETWORK_HPP -#define COMMON_LIBVIRT_NETWORK_HPP - -#include "libvirt/connection.hpp" - -#include - - -namespace security_containers { -namespace libvirt { - - -class LibvirtNetwork { - -public: - LibvirtNetwork(const std::string& configXML); - ~LibvirtNetwork(); - - /** - * @return The libvirt network pointer - */ - virNetworkPtr get(); - - /** - * @return libvirt network pointer is not NULL - */ - operator bool() const; - -private: - LibvirtConnection mCon; - virNetworkPtr mNet; -}; - -} // namespace libvirt -} // namespace security_containers - - -#endif // COMMON_LIBVIRT_NETWORK_HPP diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index 2237f52..3ffefb6 100644 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -29,7 +29,7 @@ ADD_EXECUTABLE(${SERVER_CODENAME} ${project_SRCS} ${common_SRCS}) ## Link libraries ############################################################## FIND_PACKAGE(Boost COMPONENTS program_options system filesystem regex) -PKG_CHECK_MODULES(SERVER_DEPS REQUIRED libvirt libvirt-glib-1.0 json gio-2.0 libsystemd-journal +PKG_CHECK_MODULES(SERVER_DEPS REQUIRED json gio-2.0 libsystemd-journal libcap-ng libLogger libSimpleDbus libConfig) INCLUDE_DIRECTORIES(${COMMON_FOLDER}) diff --git a/server/container-admin.cpp b/server/container-admin.cpp index f60d942..a54d00a 100644 --- a/server/container-admin.cpp +++ b/server/container-admin.cpp @@ -27,7 +27,7 @@ #include "container-admin.hpp" #include "exception.hpp" -#include "libvirt/helpers.hpp" +//#include "libvirt/helpers.hpp" #include "logger/logger.hpp" #include "utils/fs.hpp" #include "utils/latch.hpp" @@ -47,19 +47,19 @@ namespace { // TODO: this should be in container's configuration file const int SHUTDOWN_WAIT = 10 * 1000; -std::string getDomainName(virDomainPtr dom) -{ - assert(dom); - - const char* name = virDomainGetName(dom); - if (name == nullptr) { - LOGE("Failed to get the domain's id:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - return name; -} +//std::string getDomainName(virDomainPtr dom) +//{ +// assert(dom); +// +// const char* name = virDomainGetName(dom); +// if (name == nullptr) { +// LOGE("Failed to get the domain's id:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// return name; +//} } // namespace @@ -68,72 +68,72 @@ const std::uint64_t DEFAULT_VCPU_PERIOD_MS = 100000; ContainerAdmin::ContainerAdmin(const ContainerConfig& config) : mConfig(config), - mDom(utils::readFileContent(mConfig.config)), - mId(getDomainName(mDom.get())), + //mDom(utils::readFileContent(mConfig.config)), + mId("TODO"),//mId(getDomainName(mDom.get())), mDetachOnExit(false), mLifecycleCallbackId(-1), mRebootCallbackId(-1), mNextIdForListener(1) { - LOGD(mId << ": Instantiating ContainerAdmin object"); - - // ContainerAdmin owns those callbacks - mLifecycleCallbackId = virConnectDomainEventRegisterAny(virDomainGetConnect(mDom.get()), - mDom.get(), - VIR_DOMAIN_EVENT_ID_LIFECYCLE, - VIR_DOMAIN_EVENT_CALLBACK(&ContainerAdmin::libvirtLifecycleCallback), - utils::createCallbackWrapper(this, mLibvirtGuard.spawn()), - &utils::deleteCallbackWrapper); - - if (mLifecycleCallbackId < 0) { - LOGE(mId << ": Failed to register a libvirt lifecycle callback"); - throw ContainerOperationException(mId + ": Failed to register a libvirt lifecycle callback"); - } - - LOGT(mId << ": registered lifecycle callback"); - - mRebootCallbackId = virConnectDomainEventRegisterAny(virDomainGetConnect(mDom.get()), - mDom.get(), - VIR_DOMAIN_EVENT_ID_REBOOT, - VIR_DOMAIN_EVENT_CALLBACK(&ContainerAdmin::libvirtRebootCallback), - utils::createCallbackWrapper(this, mLibvirtGuard.spawn()), - &utils::deleteCallbackWrapper); - - if (mRebootCallbackId < 0) { - LOGE(mId << ": Failed to register a libvirt reboot callback"); - virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), - mLifecycleCallbackId); - throw ContainerOperationException(mId + ": Failed to register a libvirt reboot callback"); - } - - LOGT(mId << ": registered reboot callback"); +// LOGD(mId << ": Instantiating ContainerAdmin object"); +// +// // ContainerAdmin owns those callbacks +// mLifecycleCallbackId = virConnectDomainEventRegisterAny(virDomainGetConnect(mDom.get()), +// mDom.get(), +// VIR_DOMAIN_EVENT_ID_LIFECYCLE, +// VIR_DOMAIN_EVENT_CALLBACK(&ContainerAdmin::libvirtLifecycleCallback), +// utils::createCallbackWrapper(this, mLibvirtGuard.spawn()), +// &utils::deleteCallbackWrapper); +// +// if (mLifecycleCallbackId < 0) { +// LOGE(mId << ": Failed to register a libvirt lifecycle callback"); +// throw ContainerOperationException(mId + ": Failed to register a libvirt lifecycle callback"); +// } +// +// LOGT(mId << ": registered lifecycle callback"); +// +// mRebootCallbackId = virConnectDomainEventRegisterAny(virDomainGetConnect(mDom.get()), +// mDom.get(), +// VIR_DOMAIN_EVENT_ID_REBOOT, +// VIR_DOMAIN_EVENT_CALLBACK(&ContainerAdmin::libvirtRebootCallback), +// utils::createCallbackWrapper(this, mLibvirtGuard.spawn()), +// &utils::deleteCallbackWrapper); +// +// if (mRebootCallbackId < 0) { +// LOGE(mId << ": Failed to register a libvirt reboot callback"); +// virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), +// mLifecycleCallbackId); +// throw ContainerOperationException(mId + ": Failed to register a libvirt reboot callback"); +// } +// +// LOGT(mId << ": registered reboot callback"); } ContainerAdmin::~ContainerAdmin() { - LOGD(mId << ": Destroying ContainerAdmin object..."); - - // Deregister callbacks - if (mLifecycleCallbackId >= 0) { - virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), - mLifecycleCallbackId); - } - if (mRebootCallbackId >= 0) { - virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), - mRebootCallbackId); - } - - // Try to forcefully stop - if (!mDetachOnExit) { - try { - destroy(); - } catch (ServerException&) { - LOGE(mId << ": Failed to destroy the container"); - } - } - - LOGD(mId << ": ContainerAdmin object destroyed"); +// LOGD(mId << ": Destroying ContainerAdmin object..."); +// +// // Deregister callbacks +// if (mLifecycleCallbackId >= 0) { +// virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), +// mLifecycleCallbackId); +// } +// if (mRebootCallbackId >= 0) { +// virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), +// mRebootCallbackId); +// } +// +// // Try to forcefully stop +// if (!mDetachOnExit) { +// try { +// destroy(); +// } catch (ServerException&) { +// LOGE(mId << ": Failed to destroy the container"); +// } +// } +// +// LOGD(mId << ": ContainerAdmin object destroyed"); } @@ -145,186 +145,190 @@ const std::string& ContainerAdmin::getId() const void ContainerAdmin::start() { - assert(mDom); - - LOGD(mId << ": Starting..."); - if (isRunning()) { - LOGD(mId << ": Already running - nothing to do..."); - return; - } - - // In order to update daemon without shutting down the containers - // autodestroy option must NOT be set. It's best to create domain - // without any flags. - u_int flags = VIR_DOMAIN_NONE; - - if (virDomainCreateWithFlags(mDom.get(), flags) < 0) { - LOGE(mId << ": Failed to start the container\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - LOGD(mId << ": Started"); +// assert(mDom); +// +// LOGD(mId << ": Starting..."); +// if (isRunning()) { +// LOGD(mId << ": Already running - nothing to do..."); +// return; +// } +// +// // In order to update daemon without shutting down the containers +// // autodestroy option must NOT be set. It's best to create domain +// // without any flags. +// u_int flags = VIR_DOMAIN_NONE; +// +// if (virDomainCreateWithFlags(mDom.get(), flags) < 0) { +// LOGE(mId << ": Failed to start the container\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// LOGD(mId << ": Started"); } void ContainerAdmin::stop() { - assert(mDom); - - LOGD(mId << ": Stopping procedure started..."); - if (isStopped()) { - LOGD(mId << ": Already crashed/down/off - nothing to do"); - return; - } - - utils::Latch stoppedOccured; - - LifecycleListener setStopped = [&](const int eventId, const int detailId) { - if (eventId == VIR_DOMAIN_EVENT_STOPPED) { - if (detailId != VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { - LOGW(mId << ": shutdown requested, but the container stopped with a different status: " - << libvirt::libvirtEventDetailToString(eventId, detailId)); - } - stoppedOccured.set(); - } - }; - - ListenerId id = registerLifecycleListener(setStopped, nullptr); - shutdown(); - bool stopped = stoppedOccured.wait(SHUTDOWN_WAIT); - removeListener(id); - - if (!stopped) { - LOGW(mId << ": Gracefull shutdown timed out, the container is still running, destroying"); - destroy(); - } - - LOGD(mId << ": Stopping procedure ended"); +// assert(mDom); +// +// LOGD(mId << ": Stopping procedure started..."); +// if (isStopped()) { +// LOGD(mId << ": Already crashed/down/off - nothing to do"); +// return; +// } +// +// utils::Latch stoppedOccured; +// +// LifecycleListener setStopped = [&](const int eventId, const int detailId) { +// if (eventId == VIR_DOMAIN_EVENT_STOPPED) { +// if (detailId != VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { +// LOGW(mId << ": shutdown requested, but the container stopped with a different status: " +// << libvirt::libvirtEventDetailToString(eventId, detailId)); +// } +// stoppedOccured.set(); +// } +// }; +// +// ListenerId id = registerLifecycleListener(setStopped, nullptr); +// shutdown(); +// bool stopped = stoppedOccured.wait(SHUTDOWN_WAIT); +// removeListener(id); +// +// if (!stopped) { +// LOGW(mId << ": Gracefull shutdown timed out, the container is still running, destroying"); +// destroy(); +// } +// +// LOGD(mId << ": Stopping procedure ended"); } void ContainerAdmin::destroy() { - assert(mDom); - - LOGD(mId << ": Destroying..."); - if (isStopped()) { - LOGD(mId << ": Already crashed/down/off - nothing to do"); - return; - } - - setSchedulerLevel(SchedulerLevel::FOREGROUND); - - // Forceful termination of the guest - u_int flags = VIR_DOMAIN_DESTROY_DEFAULT; - - if (virDomainDestroyFlags(mDom.get(), flags) < 0) { - LOGE(mId << ": Error while destroying the container:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - LOGD(mId << ": Destroyed"); +// assert(mDom); +// +// LOGD(mId << ": Destroying..."); +// if (isStopped()) { +// LOGD(mId << ": Already crashed/down/off - nothing to do"); +// return; +// } +// +// setSchedulerLevel(SchedulerLevel::FOREGROUND); +// +// // Forceful termination of the guest +// u_int flags = VIR_DOMAIN_DESTROY_DEFAULT; +// +// if (virDomainDestroyFlags(mDom.get(), flags) < 0) { +// LOGE(mId << ": Error while destroying the container:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// LOGD(mId << ": Destroyed"); } void ContainerAdmin::shutdown() { - assert(mDom); - - LOGD(mId << ": Shutting down..."); - if (isStopped()) { - LOGD(mId << ": Already crashed/down/off - nothing to do"); - return; - } - - setSchedulerLevel(SchedulerLevel::FOREGROUND); - - if (virDomainShutdownFlags(mDom.get(), VIR_DOMAIN_SHUTDOWN_SIGNAL) < 0) { - LOGE(mId << ": Error while shutting down the container:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - LOGD(mId << ": Shut down initiated (async)"); +// assert(mDom); +// +// LOGD(mId << ": Shutting down..."); +// if (isStopped()) { +// LOGD(mId << ": Already crashed/down/off - nothing to do"); +// return; +// } +// +// setSchedulerLevel(SchedulerLevel::FOREGROUND); +// +// if (virDomainShutdownFlags(mDom.get(), VIR_DOMAIN_SHUTDOWN_SIGNAL) < 0) { +// LOGE(mId << ": Error while shutting down the container:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// LOGD(mId << ": Shut down initiated (async)"); } bool ContainerAdmin::isRunning() { - return getState() == VIR_DOMAIN_RUNNING; +// return getState() == VIR_DOMAIN_RUNNING; + return false; } bool ContainerAdmin::isStopped() { - int state = getState(); - return state == VIR_DOMAIN_SHUTDOWN || - state == VIR_DOMAIN_SHUTOFF || - state == VIR_DOMAIN_CRASHED; +// int state = getState(); +// return state == VIR_DOMAIN_SHUTDOWN || +// state == VIR_DOMAIN_SHUTOFF || +// state == VIR_DOMAIN_CRASHED; + return false; } void ContainerAdmin::suspend() { - assert(mDom); - - LOGD(mId << ": Pausing..."); - if (isPaused()) { - LOGD(mId << ": Already paused - nothing to do..."); - return; - } - - if (virDomainSuspend(mDom.get()) < 0) { - LOGE(mId << ": Error while suspending the container:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - LOGD(mId << ": Paused"); +// assert(mDom); +// +// LOGD(mId << ": Pausing..."); +// if (isPaused()) { +// LOGD(mId << ": Already paused - nothing to do..."); +// return; +// } +// +// if (virDomainSuspend(mDom.get()) < 0) { +// LOGE(mId << ": Error while suspending the container:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// LOGD(mId << ": Paused"); } void ContainerAdmin::resume() { - assert(mDom); - - LOGD(mId << ": Resuming..."); - if (!isPaused()) { - LOGD(mId << ": Is not paused - nothing to do..."); - return; - } - - if (virDomainResume(mDom.get()) < 0) { - LOGE(mId << ": Error while resuming the container:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - LOGD(mId << ": Resumed"); +// assert(mDom); +// +// LOGD(mId << ": Resuming..."); +// if (!isPaused()) { +// LOGD(mId << ": Is not paused - nothing to do..."); +// return; +// } +// +// if (virDomainResume(mDom.get()) < 0) { +// LOGE(mId << ": Error while resuming the container:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// LOGD(mId << ": Resumed"); } bool ContainerAdmin::isPaused() { - return getState() == VIR_DOMAIN_PAUSED; +// return getState() == VIR_DOMAIN_PAUSED; + return false; } int ContainerAdmin::getState() { - assert(mDom); - - int state; - - if (virDomainGetState(mDom.get(), &state, NULL, 0)) { - LOGE(mId << ": Error while getting the container's state:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - return state; +// assert(mDom); +// +// int state; +// +// if (virDomainGetState(mDom.get(), &state, NULL, 0)) { +// LOGE(mId << ": Error while getting the container's state:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// return state; + return 0; } @@ -349,26 +353,27 @@ void ContainerAdmin::setSchedulerLevel(SchedulerLevel sched) } -void ContainerAdmin::setSchedulerParams(std::uint64_t cpuShares, std::uint64_t vcpuPeriod, std::int64_t vcpuQuota) +void ContainerAdmin::setSchedulerParams(std::uint64_t, std::uint64_t, std::int64_t) +//void ContainerAdmin::setSchedulerParams(std::uint64_t cpuShares, std::uint64_t vcpuPeriod, std::int64_t vcpuQuota) { - assert(mDom); - - int maxParams = 3; - int numParamsBuff = 0; - - std::unique_ptr params(new virTypedParameter[maxParams]); - - virTypedParameterPtr paramsTmp = params.get(); - - virTypedParamsAddULLong(¶msTmp, &numParamsBuff, &maxParams, VIR_DOMAIN_SCHEDULER_CPU_SHARES, cpuShares); - virTypedParamsAddULLong(¶msTmp, &numParamsBuff, &maxParams, VIR_DOMAIN_SCHEDULER_VCPU_PERIOD, vcpuPeriod); - virTypedParamsAddLLong(¶msTmp, &numParamsBuff, &maxParams, VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, vcpuQuota); - - if (virDomainSetSchedulerParameters(mDom.get(), params.get(), numParamsBuff) < 0) { - LOGE(mId << ": Error while setting the container's scheduler params:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } +// assert(mDom); +// +// int maxParams = 3; +// int numParamsBuff = 0; +// +// std::unique_ptr params(new virTypedParameter[maxParams]); +// +// virTypedParameterPtr paramsTmp = params.get(); +// +// virTypedParamsAddULLong(¶msTmp, &numParamsBuff, &maxParams, VIR_DOMAIN_SCHEDULER_CPU_SHARES, cpuShares); +// virTypedParamsAddULLong(¶msTmp, &numParamsBuff, &maxParams, VIR_DOMAIN_SCHEDULER_VCPU_PERIOD, vcpuPeriod); +// virTypedParamsAddLLong(¶msTmp, &numParamsBuff, &maxParams, VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, vcpuQuota); +// +// if (virDomainSetSchedulerParameters(mDom.get(), params.get(), numParamsBuff) < 0) { +// LOGE(mId << ": Error while setting the container's scheduler params:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } } void ContainerAdmin::setDetachOnExit() @@ -378,36 +383,37 @@ void ContainerAdmin::setDetachOnExit() std::int64_t ContainerAdmin::getSchedulerQuota() { - assert(mDom); - - int numParamsBuff; - std::unique_ptr type(virDomainGetSchedulerType(mDom.get(), &numParamsBuff), free); - - if (type == NULL || numParamsBuff <= 0 || strcmp(type.get(), "posix") != 0) { - LOGE(mId << ": Error while getting the container's scheduler type:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - std::unique_ptr params(new virTypedParameter[numParamsBuff]); - - if (virDomainGetSchedulerParameters(mDom.get(), params.get(), &numParamsBuff) < 0) { - LOGE(mId << ": Error while getting the container's scheduler params:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - long long quota; - if (virTypedParamsGetLLong(params.get(), - numParamsBuff, - VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, - "a) <= 0) { - LOGE(mId << ": Error while getting the container's scheduler quota param:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - return quota; +// assert(mDom); +// +// int numParamsBuff; +// std::unique_ptr type(virDomainGetSchedulerType(mDom.get(), &numParamsBuff), free); +// +// if (type == NULL || numParamsBuff <= 0 || strcmp(type.get(), "posix") != 0) { +// LOGE(mId << ": Error while getting the container's scheduler type:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// std::unique_ptr params(new virTypedParameter[numParamsBuff]); +// +// if (virDomainGetSchedulerParameters(mDom.get(), params.get(), &numParamsBuff) < 0) { +// LOGE(mId << ": Error while getting the container's scheduler params:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// long long quota; +// if (virTypedParamsGetLLong(params.get(), +// numParamsBuff, +// VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, +// "a) <= 0) { +// LOGE(mId << ": Error while getting the container's scheduler quota param:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// return quota; + return 0; } ContainerAdmin::ListenerId ContainerAdmin::registerLifecycleListener(const ContainerAdmin::LifecycleListener& listener, @@ -443,44 +449,44 @@ void ContainerAdmin::removeListener(const ContainerAdmin::ListenerId id) mRebootListeners.erase(id); } -int ContainerAdmin::libvirtLifecycleCallback(virConnectPtr /*con*/, - virDomainPtr /*dom*/, - int event, - int detail, - void* opaque) -{ - ContainerAdmin* thisPtr = utils::getCallbackFromPointer(opaque); - - LOGI(thisPtr->getId() - << ": Lifecycle event: " - << libvirt::libvirtEventToString(event) - << ": " - << libvirt::libvirtEventDetailToString(event, detail)); - - std::unique_lock lock(thisPtr->mListenerMutex); - for (auto& it : thisPtr->mLifecycleListeners) { - LifecycleListener f = it.second.get(); - f(event, detail); - } - - // ignored, libvirt's legacy - return 0; -} - -void ContainerAdmin::libvirtRebootCallback(virConnectPtr /*con*/, - virDomainPtr /*dom*/, - void* opaque) -{ - ContainerAdmin* thisPtr = utils::getCallbackFromPointer(opaque); - - LOGI(thisPtr->getId() << ": Reboot event"); - - std::unique_lock lock(thisPtr->mListenerMutex); - for (auto& it : thisPtr->mRebootListeners) { - RebootListener f = it.second.get(); - f(); - } -} +//int ContainerAdmin::libvirtLifecycleCallback(virConnectPtr /*con*/, +// virDomainPtr /*dom*/, +// int event, +// int detail, +// void* opaque) +//{ +// ContainerAdmin* thisPtr = utils::getCallbackFromPointer(opaque); +// +// LOGI(thisPtr->getId() +// << ": Lifecycle event: " +// << libvirt::libvirtEventToString(event) +// << ": " +// << libvirt::libvirtEventDetailToString(event, detail)); +// +// std::unique_lock lock(thisPtr->mListenerMutex); +// for (auto& it : thisPtr->mLifecycleListeners) { +// LifecycleListener f = it.second.get(); +// f(event, detail); +// } +// +// // ignored, libvirt's legacy +// return 0; +//} +// +//void ContainerAdmin::libvirtRebootCallback(virConnectPtr /*con*/, +// virDomainPtr /*dom*/, +// void* opaque) +//{ +// ContainerAdmin* thisPtr = utils::getCallbackFromPointer(opaque); +// +// LOGI(thisPtr->getId() << ": Reboot event"); +// +// std::unique_lock lock(thisPtr->mListenerMutex); +// for (auto& it : thisPtr->mRebootListeners) { +// RebootListener f = it.second.get(); +// f(); +// } +//} } // namespace security_containers diff --git a/server/container-admin.hpp b/server/container-admin.hpp index 3831a3a..1ee6027 100644 --- a/server/container-admin.hpp +++ b/server/container-admin.hpp @@ -30,14 +30,13 @@ #include "utils/callback-guard.hpp" #include "utils/callback-wrapper.hpp" -#include "libvirt/connection.hpp" -#include "libvirt/domain.hpp" +//#include "libvirt/connection.hpp" +//#include "libvirt/domain.hpp" #include #include #include #include -#include namespace security_containers { @@ -175,7 +174,7 @@ public: private: const ContainerConfig& mConfig; - libvirt::LibvirtDomain mDom; + //libvirt::LibvirtDomain mDom; const std::string mId; bool mDetachOnExit; @@ -187,17 +186,17 @@ private: int mLifecycleCallbackId; int mRebootCallbackId; - // virConnectDomainEventCallback - static int libvirtLifecycleCallback(virConnectPtr con, - virDomainPtr dom, - int event, - int detail, - void* opaque); - - // virConnectDomainEventGenericCallback - static void libvirtRebootCallback(virConnectPtr con, - virDomainPtr dom, - void* opaque); +// // virConnectDomainEventCallback +// static int libvirtLifecycleCallback(virConnectPtr con, +// virDomainPtr dom, +// int event, +// int detail, +// void* opaque); +// +// // virConnectDomainEventGenericCallback +// static void libvirtRebootCallback(virConnectPtr con, +// virDomainPtr dom, +// void* opaque); // for handling external listeners triggered from libvirt callbacks // TODO, the Listener type might not be unique, reimplement using proper listeners diff --git a/server/containers-manager.hpp b/server/containers-manager.hpp index 3cbf833..0d2654d 100644 --- a/server/containers-manager.hpp +++ b/server/containers-manager.hpp @@ -34,7 +34,6 @@ #include #include -#include #include diff --git a/server/network-admin.cpp b/server/network-admin.cpp index 6553d62..a649d48 100644 --- a/server/network-admin.cpp +++ b/server/network-admin.cpp @@ -27,7 +27,7 @@ #include "network-admin.hpp" #include "exception.hpp" -#include "libvirt/helpers.hpp" +//#include "libvirt/helpers.hpp" #include "logger/logger.hpp" #include "utils/fs.hpp" @@ -38,28 +38,28 @@ namespace security_containers { namespace { -std::string getNetworkName(virNetworkPtr net) -{ - assert(net); - - const char* name = virNetworkGetName(net); - if (name == nullptr) { - LOGE("Failed to get the network's id:\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - return name; -} +//std::string getNetworkName(virNetworkPtr net) +//{ +// assert(net); +// +// const char* name = virNetworkGetName(net); +// if (name == nullptr) { +// LOGE("Failed to get the network's id:\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// return name; +//} } // namespace NetworkAdmin::NetworkAdmin(const ContainerConfig& config) : mConfig(config), - mNWFilter(utils::readFileContent(mConfig.networkFilterConfig)), - mNetwork(utils::readFileContent(mConfig.networkConfig)), - mId(getNetworkName(mNetwork.get())), + //mNWFilter(utils::readFileContent(mConfig.networkFilterConfig)), + //mNetwork(utils::readFileContent(mConfig.networkConfig)), + mId("TODO"),//mId(getNetworkName(mNetwork.get())), mDetachOnExit(false) { LOGD(mId << ": Instantiating NetworkAdmin object"); @@ -90,61 +90,62 @@ const std::string& NetworkAdmin::getId() const void NetworkAdmin::start() { - assert(mNetwork); - - LOGD(mId << ": Starting..."); - if (isActive()) { - LOGD(mId << ": Already running - nothing to do..."); - return; - } - - if (virNetworkCreate(mNetwork.get()) < 0) { - LOGE(mId << ": Failed to start the network\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - LOGD(mId << ": Started"); +// assert(mNetwork); +// +// LOGD(mId << ": Starting..."); +// if (isActive()) { +// LOGD(mId << ": Already running - nothing to do..."); +// return; +// } +// +// if (virNetworkCreate(mNetwork.get()) < 0) { +// LOGE(mId << ": Failed to start the network\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// LOGD(mId << ": Started"); } void NetworkAdmin::stop() { - assert(mNetwork); - - LOGD(mId << ": Stopping procedure started..."); - if (!isActive()) { - LOGD(mId << ": Already crashed/down/off - nothing to do"); - return; - } - - if (virNetworkDestroy(mNetwork.get()) < 0) { - LOGE(mId << ": Failed to destroy the network\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - - LOGD(mId << ": Stopping procedure ended"); +// assert(mNetwork); +// +// LOGD(mId << ": Stopping procedure started..."); +// if (!isActive()) { +// LOGD(mId << ": Already crashed/down/off - nothing to do"); +// return; +// } +// +// if (virNetworkDestroy(mNetwork.get()) < 0) { +// LOGE(mId << ": Failed to destroy the network\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// +// LOGD(mId << ": Stopping procedure ended"); } bool NetworkAdmin::isActive() { - assert(mNetwork); - int ret = virNetworkIsActive(mNetwork.get()); - if (ret < 0) { - LOGE(mId << ": Failed to get network state\n" - << libvirt::libvirtFormatError()); - throw ContainerOperationException(); - } - return ret > 0; +// assert(mNetwork); +// int ret = virNetworkIsActive(mNetwork.get()); +// if (ret < 0) { +// LOGE(mId << ": Failed to get network state\n" +// << libvirt::libvirtFormatError()); +// throw ContainerOperationException(); +// } +// return ret > 0; + return false; } void NetworkAdmin::setDetachOnExit() { - mDetachOnExit = true; - mNWFilter.setDetachOnExit(); +// mDetachOnExit = true; +// mNWFilter.setDetachOnExit(); } diff --git a/server/network-admin.hpp b/server/network-admin.hpp index 0ec3a74..66a6f75 100644 --- a/server/network-admin.hpp +++ b/server/network-admin.hpp @@ -28,8 +28,8 @@ #include "container-config.hpp" -#include "libvirt/network-filter.hpp" -#include "libvirt/network.hpp" +//#include "libvirt/network-filter.hpp" +//#include "libvirt/network.hpp" namespace security_containers { @@ -70,8 +70,8 @@ public: private: const ContainerConfig& mConfig; - libvirt::LibvirtNWFilter mNWFilter; - libvirt::LibvirtNetwork mNetwork; + //libvirt::LibvirtNWFilter mNWFilter; + //libvirt::LibvirtNetwork mNetwork; const std::string mId; bool mDetachOnExit; }; diff --git a/tests/unit_tests/CMakeLists.txt b/tests/unit_tests/CMakeLists.txt index 3bb265d..939b6c1 100644 --- a/tests/unit_tests/CMakeLists.txt +++ b/tests/unit_tests/CMakeLists.txt @@ -35,7 +35,7 @@ ADD_EXECUTABLE(${UT_SERVER_CODENAME} ${project_SRCS} ${common_SRCS} ${server_SRC ## Link libraries ############################################################## FIND_PACKAGE (Boost COMPONENTS unit_test_framework system filesystem regex) -PKG_CHECK_MODULES(UT_SERVER_DEPS REQUIRED libvirt libvirt-glib-1.0 json gio-2.0 +PKG_CHECK_MODULES(UT_SERVER_DEPS REQUIRED json gio-2.0 libsystemd-journal libcap-ng libLogger libSimpleDbus libConfig) INCLUDE_DIRECTORIES(${COMMON_FOLDER} ${SERVER_FOLDER} ${UNIT_TESTS_FOLDER} ${CLIENT_FOLDER}) INCLUDE_DIRECTORIES(SYSTEM ${UT_SERVER_DEPS_INCLUDE_DIRS} ${Boost_INCLUDE_DIRS}) diff --git a/tests/unit_tests/libvirt/connection.cpp b/tests/unit_tests/libvirt/connection.cpp deleted file mode 100644 index 26f649b..0000000 --- a/tests/unit_tests/libvirt/connection.cpp +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief Unit tests of the LibvirtConnection class - */ - -#include "config.hpp" -#include "ut.hpp" - -#include "libvirt/connection.hpp" -#include "libvirt/exception.hpp" - -#include - -BOOST_AUTO_TEST_SUITE(LibvirtConnectionSuite) - - -using namespace security_containers; -using namespace security_containers::libvirt; - - -const std::string CORRECT_URI_STRING = LIBVIRT_LXC_ADDRESS; -const std::string BUGGY_URI_STRING = "some_random_string"; - - -BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) -{ - std::unique_ptr conPtr; - BOOST_REQUIRE_NO_THROW(conPtr.reset(new LibvirtConnection(CORRECT_URI_STRING))); - BOOST_REQUIRE_NO_THROW(conPtr.reset()); -} - -BOOST_AUTO_TEST_CASE(BuggyConfigTest) -{ - BOOST_REQUIRE_THROW(LibvirtConnection con(BUGGY_URI_STRING), LibvirtOperationException); -} - -BOOST_AUTO_TEST_CASE(ConnectionTest) -{ - LibvirtConnection con(CORRECT_URI_STRING); - BOOST_CHECK(con.get() != NULL); -} - -BOOST_AUTO_TEST_CASE(BoolTest) -{ - LibvirtConnection con(CORRECT_URI_STRING); - BOOST_CHECK(con); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/libvirt/domain.cpp b/tests/unit_tests/libvirt/domain.cpp deleted file mode 100644 index 5204fc7..0000000 --- a/tests/unit_tests/libvirt/domain.cpp +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Lukasz Pawelczyk - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - - -/** - * @file - * @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) - * @brief Unit tests of the LibvirtDomain class - */ - -#include "config.hpp" -#include "ut.hpp" - -#include "libvirt/domain.hpp" -#include "libvirt/exception.hpp" - -#include - -BOOST_AUTO_TEST_SUITE(LibvirtDomainSuite) - - -using namespace security_containers; -using namespace security_containers::libvirt; - - -namespace { - -const std::string CORRECT_CONFIG_XML = "" - " test-domain" - " 444d6e30-efdf-41b0-aafa-6684e6376831" - " 102400" - " " - " exe" - " /bin/sh" - " " - " " - " " - " " - ""; -const std::string BUGGY_CONFIG_XML = "<>"; - -} // namespace - -BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) -{ - std::unique_ptr domPtr; - BOOST_REQUIRE_NO_THROW(domPtr.reset(new LibvirtDomain(CORRECT_CONFIG_XML))); - BOOST_REQUIRE_NO_THROW(domPtr.reset()); -} - -BOOST_AUTO_TEST_CASE(BuggyConfigTest) -{ - BOOST_REQUIRE_THROW(LibvirtDomain dom(BUGGY_CONFIG_XML), LibvirtOperationException); -} - -BOOST_AUTO_TEST_CASE(DefinitionTest) -{ - LibvirtDomain dom(CORRECT_CONFIG_XML); - BOOST_CHECK(dom.get() != NULL); -} - -BOOST_AUTO_TEST_CASE(BoolTest) -{ - LibvirtDomain dom(CORRECT_CONFIG_XML); - BOOST_CHECK(dom); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/libvirt/network.cpp b/tests/unit_tests/libvirt/network.cpp deleted file mode 100644 index b158ecd..0000000 --- a/tests/unit_tests/libvirt/network.cpp +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Jan Olszak - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - - -/** - * @file - * @author Jan Olszak (j.olszak@samsung.com) - * @brief Unit tests of the LibvirtNetwork class - */ - -#include "config.hpp" -#include "ut.hpp" - -#include "libvirt/network-filter.hpp" -#include "libvirt/network.hpp" -#include "libvirt/exception.hpp" - -#include - -BOOST_AUTO_TEST_SUITE(LibvirtNetworkSuite) - - -using namespace security_containers; -using namespace security_containers::libvirt; - - -namespace { - -const std::string CORRECT_CONFIG_XML = "" - " test-network" - " 44089687-5004-4def-87f0-01c9565f74fd" - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - ""; - -const std::string CORRECT_CONFIG_FILTER_XML = "" - " " - " " - " " - " " - " " - " " - ""; - -const std::string BUGGY_CONFIG_XML = "<>"; - -const std::string BUGGY_CONFIG_FILTER_XML = "<> nwFilterPtr; - BOOST_REQUIRE_NO_THROW(nwFilterPtr.reset(new LibvirtNWFilter(CORRECT_CONFIG_FILTER_XML))); - BOOST_REQUIRE_NO_THROW(nwFilterPtr.reset()); - - std::unique_ptr netPtr; - BOOST_REQUIRE_NO_THROW(netPtr.reset(new LibvirtNetwork(CORRECT_CONFIG_XML))); - BOOST_REQUIRE_NO_THROW(netPtr.reset()); -} - -BOOST_AUTO_TEST_CASE(BuggyConfigTest) -{ - BOOST_REQUIRE_THROW(LibvirtNWFilter filter(BUGGY_CONFIG_FILTER_XML), LibvirtOperationException); - BOOST_REQUIRE_THROW(LibvirtNetwork net(BUGGY_CONFIG_XML), LibvirtOperationException); -} - -BOOST_AUTO_TEST_CASE(DefinitionTest) -{ - LibvirtNWFilter filter(CORRECT_CONFIG_FILTER_XML); - BOOST_CHECK(filter.get() != NULL); - - LibvirtNetwork net(CORRECT_CONFIG_XML); - BOOST_CHECK(net.get() != NULL); -} - -BOOST_AUTO_TEST_CASE(BoolTest) -{ - LibvirtNWFilter filter(CORRECT_CONFIG_FILTER_XML); - BOOST_CHECK(filter); - - LibvirtNetwork net(CORRECT_CONFIG_XML); - BOOST_CHECK(net); -} - -BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/server/ut-container-admin.cpp b/tests/unit_tests/server/ut-container-admin.cpp index b2bf5b9..2294b77 100644 --- a/tests/unit_tests/server/ut-container-admin.cpp +++ b/tests/unit_tests/server/ut-container-admin.cpp @@ -23,274 +23,274 @@ * @brief Unit tests of the ContainerAdmin class */ -#include "config.hpp" -#include "ut.hpp" - -#include "container-admin.hpp" -#include "exception.hpp" - -#include "utils/latch.hpp" -#include "utils/glib-loop.hpp" -#include "utils/exception.hpp" -#include "utils/callback-guard.hpp" -#include "libvirt/exception.hpp" -#include "config/manager.hpp" - -#include -#include -#include -#include - - -using namespace security_containers; - -namespace { - -const std::string TEST_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/test.conf"; -const std::string TEST_NO_SHUTDOWN_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/test-no-shutdown.conf"; -const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/buggy.conf"; -const std::string MISSING_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/missing.conf"; -const unsigned int WAIT_TIMEOUT = 5 * 1000; -const unsigned int WAIT_STOP_TIMEOUT = 15 * 1000; - -void ensureStarted() -{ - std::this_thread::sleep_for(std::chrono::milliseconds(200)); -} - -struct Fixture { - utils::ScopedGlibLoop mLoop; - utils::CallbackGuard mGuard; -}; - -} // namespace - - -BOOST_FIXTURE_TEST_SUITE(ContainerAdminSuite, Fixture) - -BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) -{ - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - std::unique_ptr admin; - BOOST_REQUIRE_NO_THROW(admin.reset(new ContainerAdmin(config))); - BOOST_REQUIRE_NO_THROW(admin.reset()); -} - -BOOST_AUTO_TEST_CASE(BuggyConfigTest) -{ - ContainerConfig config; - config::loadFromFile(BUGGY_CONFIG_PATH, config); - BOOST_REQUIRE_THROW(ContainerAdmin ca(config), LibvirtOperationException); -} - -BOOST_AUTO_TEST_CASE(MissingConfigTest) -{ - ContainerConfig config; - config::loadFromFile(MISSING_CONFIG_PATH, config); - BOOST_REQUIRE_THROW(ContainerAdmin ca(config), UtilsException); -} - -BOOST_AUTO_TEST_CASE(StartTest) -{ - utils::Latch booted; - ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - ContainerAdmin ca(config); - - ContainerAdmin::LifecycleListener bootedListener = [&](const int event, const int detail) { - if (event == VIR_DOMAIN_EVENT_STARTED && detail == VIR_DOMAIN_EVENT_STARTED_BOOTED) { - booted.set(); - } - }; - BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(bootedListener, mGuard.spawn())); - - BOOST_REQUIRE_NO_THROW(ca.start()); - ensureStarted(); - - BOOST_CHECK(booted.wait(WAIT_TIMEOUT)); - BOOST_CHECK(ca.isRunning()); - - BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -} - -BOOST_AUTO_TEST_CASE(ShutdownTest) -{ - utils::Latch shutdown; - ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - ContainerAdmin ca(config); - - ContainerAdmin::LifecycleListener shutdownListener = [&](const int event, const int detail) { - if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { - shutdown.set(); - } - }; - - BOOST_REQUIRE_NO_THROW(ca.start()); - ensureStarted(); - BOOST_REQUIRE(ca.isRunning()); - BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(shutdownListener, mGuard.spawn())); - - BOOST_REQUIRE_NO_THROW(ca.shutdown()); - BOOST_CHECK(shutdown.wait(WAIT_TIMEOUT)); - BOOST_CHECK(!ca.isRunning()); - BOOST_CHECK(ca.isStopped()); - - BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -} - -BOOST_AUTO_TEST_CASE(DestroyTest) -{ - utils::Latch destroyed; - ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - ContainerAdmin ca(config); - - ContainerAdmin::LifecycleListener destroyedListener = [&](const int event, const int detail) { - if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_DESTROYED) { - destroyed.set(); - } - }; - - BOOST_REQUIRE_NO_THROW(ca.start()); - ensureStarted(); - BOOST_REQUIRE(ca.isRunning()); - BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(destroyedListener, mGuard.spawn())); - - BOOST_REQUIRE_NO_THROW(ca.destroy()); - BOOST_CHECK(destroyed.wait(WAIT_TIMEOUT)); - BOOST_CHECK(!ca.isRunning()); - BOOST_CHECK(ca.isStopped()); - - BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -} - -BOOST_AUTO_TEST_CASE(StopShutdownTest) -{ - utils::Latch shutdown; - ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - ContainerAdmin ca(config); - - ContainerAdmin::LifecycleListener shutdownListener = [&](const int event, const int detail) { - if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { - shutdown.set(); - } - }; - - BOOST_REQUIRE_NO_THROW(ca.start()); - ensureStarted(); - BOOST_REQUIRE(ca.isRunning()); - BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(shutdownListener, mGuard.spawn())); - - BOOST_REQUIRE_NO_THROW(ca.stop()); - BOOST_CHECK(shutdown.wait(WAIT_TIMEOUT)); - BOOST_CHECK(!ca.isRunning()); - BOOST_CHECK(ca.isStopped()); - - BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -} - -// This test needs to wait for a shutdown timer in stop() method. This takes 10s+. -BOOST_AUTO_TEST_CASE(StopDestroyTest) -{ - utils::Latch destroyed; - ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; - ContainerConfig config; - config::loadFromFile(TEST_NO_SHUTDOWN_CONFIG_PATH, config); - ContainerAdmin ca(config); - - ContainerAdmin::LifecycleListener destroyedListener = [&](const int event, const int detail) { - if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_DESTROYED) { - destroyed.set(); - } - }; - - BOOST_REQUIRE_NO_THROW(ca.start()); - ensureStarted(); - BOOST_REQUIRE(ca.isRunning()); - BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(destroyedListener, mGuard.spawn())); - - BOOST_REQUIRE_NO_THROW(ca.stop()); - BOOST_CHECK(destroyed.wait(WAIT_STOP_TIMEOUT)); - BOOST_CHECK(!ca.isRunning()); - BOOST_CHECK(ca.isStopped()); - - BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -} - -BOOST_AUTO_TEST_CASE(SuspendTest) -{ - utils::Latch paused; - ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - ContainerAdmin ca(config); - - ContainerAdmin::LifecycleListener pausedListener = [&](const int event, const int detail) { - if (event == VIR_DOMAIN_EVENT_SUSPENDED && detail == VIR_DOMAIN_EVENT_SUSPENDED_PAUSED) { - paused.set(); - } - }; - - BOOST_REQUIRE_NO_THROW(ca.start()) - ensureStarted(); - BOOST_REQUIRE(ca.isRunning()); - BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(pausedListener, mGuard.spawn())); - - BOOST_REQUIRE_NO_THROW(ca.suspend()); - BOOST_CHECK(paused.wait(WAIT_TIMEOUT)); - BOOST_CHECK(!ca.isRunning()); - BOOST_CHECK(ca.isPaused()); - - BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -} - -BOOST_AUTO_TEST_CASE(ResumeTest) -{ - utils::Latch unpaused; - ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - ContainerAdmin ca(config); - - ContainerAdmin::LifecycleListener unpausedListener = [&](const int event, const int detail) { - if (event == VIR_DOMAIN_EVENT_RESUMED && detail == VIR_DOMAIN_EVENT_RESUMED_UNPAUSED) { - unpaused.set(); - } - }; - - BOOST_REQUIRE_NO_THROW(ca.start()); - ensureStarted(); - BOOST_REQUIRE(ca.isRunning()); - BOOST_REQUIRE_NO_THROW(ca.suspend()) - BOOST_REQUIRE(ca.isPaused()); - BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(unpausedListener, mGuard.spawn())); - - BOOST_REQUIRE_NO_THROW(ca.resume()); - BOOST_CHECK(unpaused.wait(WAIT_TIMEOUT)); - BOOST_CHECK(!ca.isPaused()); - BOOST_CHECK(ca.isRunning()); - - BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -} - -BOOST_AUTO_TEST_CASE(SchedulerLevelTest) -{ - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - ContainerAdmin ca(config); - BOOST_REQUIRE_NO_THROW(ca.start()); - ensureStarted(); - BOOST_REQUIRE_NO_THROW(ca.setSchedulerLevel(SchedulerLevel::FOREGROUND)); - BOOST_REQUIRE(ca.getSchedulerQuota() == config.cpuQuotaForeground); - BOOST_REQUIRE_NO_THROW(ca.setSchedulerLevel(SchedulerLevel::BACKGROUND)); - BOOST_REQUIRE(ca.getSchedulerQuota() == config.cpuQuotaBackground); -} - -BOOST_AUTO_TEST_SUITE_END() +//#include "config.hpp" +//#include "ut.hpp" +// +//#include "container-admin.hpp" +//#include "exception.hpp" +// +//#include "utils/latch.hpp" +//#include "utils/glib-loop.hpp" +//#include "utils/exception.hpp" +//#include "utils/callback-guard.hpp" +//#include "libvirt/exception.hpp" +//#include "config/manager.hpp" +// +//#include +//#include +//#include +//#include +// +// +//using namespace security_containers; +// +//namespace { +// +//const std::string TEST_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/test.conf"; +//const std::string TEST_NO_SHUTDOWN_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/test-no-shutdown.conf"; +//const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/buggy.conf"; +//const std::string MISSING_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/missing.conf"; +//const unsigned int WAIT_TIMEOUT = 5 * 1000; +//const unsigned int WAIT_STOP_TIMEOUT = 15 * 1000; +// +//void ensureStarted() +//{ +// std::this_thread::sleep_for(std::chrono::milliseconds(200)); +//} +// +//struct Fixture { +// utils::ScopedGlibLoop mLoop; +// utils::CallbackGuard mGuard; +//}; +// +//} // namespace +// +// +//BOOST_FIXTURE_TEST_SUITE(ContainerAdminSuite, Fixture) +// +//BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) +//{ +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// std::unique_ptr admin; +// BOOST_REQUIRE_NO_THROW(admin.reset(new ContainerAdmin(config))); +// BOOST_REQUIRE_NO_THROW(admin.reset()); +//} +// +//BOOST_AUTO_TEST_CASE(BuggyConfigTest) +//{ +// ContainerConfig config; +// config::loadFromFile(BUGGY_CONFIG_PATH, config); +// BOOST_REQUIRE_THROW(ContainerAdmin ca(config), LibvirtOperationException); +//} +// +//BOOST_AUTO_TEST_CASE(MissingConfigTest) +//{ +// ContainerConfig config; +// config::loadFromFile(MISSING_CONFIG_PATH, config); +// BOOST_REQUIRE_THROW(ContainerAdmin ca(config), UtilsException); +//} +// +//BOOST_AUTO_TEST_CASE(StartTest) +//{ +// utils::Latch booted; +// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// ContainerAdmin ca(config); +// +// ContainerAdmin::LifecycleListener bootedListener = [&](const int event, const int detail) { +// if (event == VIR_DOMAIN_EVENT_STARTED && detail == VIR_DOMAIN_EVENT_STARTED_BOOTED) { +// booted.set(); +// } +// }; +// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(bootedListener, mGuard.spawn())); +// +// BOOST_REQUIRE_NO_THROW(ca.start()); +// ensureStarted(); +// +// BOOST_CHECK(booted.wait(WAIT_TIMEOUT)); +// BOOST_CHECK(ca.isRunning()); +// +// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); +//} +// +//BOOST_AUTO_TEST_CASE(ShutdownTest) +//{ +// utils::Latch shutdown; +// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// ContainerAdmin ca(config); +// +// ContainerAdmin::LifecycleListener shutdownListener = [&](const int event, const int detail) { +// if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { +// shutdown.set(); +// } +// }; +// +// BOOST_REQUIRE_NO_THROW(ca.start()); +// ensureStarted(); +// BOOST_REQUIRE(ca.isRunning()); +// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(shutdownListener, mGuard.spawn())); +// +// BOOST_REQUIRE_NO_THROW(ca.shutdown()); +// BOOST_CHECK(shutdown.wait(WAIT_TIMEOUT)); +// BOOST_CHECK(!ca.isRunning()); +// BOOST_CHECK(ca.isStopped()); +// +// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); +//} +// +//BOOST_AUTO_TEST_CASE(DestroyTest) +//{ +// utils::Latch destroyed; +// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// ContainerAdmin ca(config); +// +// ContainerAdmin::LifecycleListener destroyedListener = [&](const int event, const int detail) { +// if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_DESTROYED) { +// destroyed.set(); +// } +// }; +// +// BOOST_REQUIRE_NO_THROW(ca.start()); +// ensureStarted(); +// BOOST_REQUIRE(ca.isRunning()); +// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(destroyedListener, mGuard.spawn())); +// +// BOOST_REQUIRE_NO_THROW(ca.destroy()); +// BOOST_CHECK(destroyed.wait(WAIT_TIMEOUT)); +// BOOST_CHECK(!ca.isRunning()); +// BOOST_CHECK(ca.isStopped()); +// +// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); +//} +// +//BOOST_AUTO_TEST_CASE(StopShutdownTest) +//{ +// utils::Latch shutdown; +// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// ContainerAdmin ca(config); +// +// ContainerAdmin::LifecycleListener shutdownListener = [&](const int event, const int detail) { +// if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { +// shutdown.set(); +// } +// }; +// +// BOOST_REQUIRE_NO_THROW(ca.start()); +// ensureStarted(); +// BOOST_REQUIRE(ca.isRunning()); +// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(shutdownListener, mGuard.spawn())); +// +// BOOST_REQUIRE_NO_THROW(ca.stop()); +// BOOST_CHECK(shutdown.wait(WAIT_TIMEOUT)); +// BOOST_CHECK(!ca.isRunning()); +// BOOST_CHECK(ca.isStopped()); +// +// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); +//} +// +//// This test needs to wait for a shutdown timer in stop() method. This takes 10s+. +//BOOST_AUTO_TEST_CASE(StopDestroyTest) +//{ +// utils::Latch destroyed; +// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; +// ContainerConfig config; +// config::loadFromFile(TEST_NO_SHUTDOWN_CONFIG_PATH, config); +// ContainerAdmin ca(config); +// +// ContainerAdmin::LifecycleListener destroyedListener = [&](const int event, const int detail) { +// if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_DESTROYED) { +// destroyed.set(); +// } +// }; +// +// BOOST_REQUIRE_NO_THROW(ca.start()); +// ensureStarted(); +// BOOST_REQUIRE(ca.isRunning()); +// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(destroyedListener, mGuard.spawn())); +// +// BOOST_REQUIRE_NO_THROW(ca.stop()); +// BOOST_CHECK(destroyed.wait(WAIT_STOP_TIMEOUT)); +// BOOST_CHECK(!ca.isRunning()); +// BOOST_CHECK(ca.isStopped()); +// +// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); +//} +// +//BOOST_AUTO_TEST_CASE(SuspendTest) +//{ +// utils::Latch paused; +// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// ContainerAdmin ca(config); +// +// ContainerAdmin::LifecycleListener pausedListener = [&](const int event, const int detail) { +// if (event == VIR_DOMAIN_EVENT_SUSPENDED && detail == VIR_DOMAIN_EVENT_SUSPENDED_PAUSED) { +// paused.set(); +// } +// }; +// +// BOOST_REQUIRE_NO_THROW(ca.start()) +// ensureStarted(); +// BOOST_REQUIRE(ca.isRunning()); +// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(pausedListener, mGuard.spawn())); +// +// BOOST_REQUIRE_NO_THROW(ca.suspend()); +// BOOST_CHECK(paused.wait(WAIT_TIMEOUT)); +// BOOST_CHECK(!ca.isRunning()); +// BOOST_CHECK(ca.isPaused()); +// +// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); +//} +// +//BOOST_AUTO_TEST_CASE(ResumeTest) +//{ +// utils::Latch unpaused; +// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// ContainerAdmin ca(config); +// +// ContainerAdmin::LifecycleListener unpausedListener = [&](const int event, const int detail) { +// if (event == VIR_DOMAIN_EVENT_RESUMED && detail == VIR_DOMAIN_EVENT_RESUMED_UNPAUSED) { +// unpaused.set(); +// } +// }; +// +// BOOST_REQUIRE_NO_THROW(ca.start()); +// ensureStarted(); +// BOOST_REQUIRE(ca.isRunning()); +// BOOST_REQUIRE_NO_THROW(ca.suspend()) +// BOOST_REQUIRE(ca.isPaused()); +// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(unpausedListener, mGuard.spawn())); +// +// BOOST_REQUIRE_NO_THROW(ca.resume()); +// BOOST_CHECK(unpaused.wait(WAIT_TIMEOUT)); +// BOOST_CHECK(!ca.isPaused()); +// BOOST_CHECK(ca.isRunning()); +// +// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); +//} +// +//BOOST_AUTO_TEST_CASE(SchedulerLevelTest) +//{ +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// ContainerAdmin ca(config); +// BOOST_REQUIRE_NO_THROW(ca.start()); +// ensureStarted(); +// BOOST_REQUIRE_NO_THROW(ca.setSchedulerLevel(SchedulerLevel::FOREGROUND)); +// BOOST_REQUIRE(ca.getSchedulerQuota() == config.cpuQuotaForeground); +// BOOST_REQUIRE_NO_THROW(ca.setSchedulerLevel(SchedulerLevel::BACKGROUND)); +// BOOST_REQUIRE(ca.getSchedulerQuota() == config.cpuQuotaBackground); +//} +// +//BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/server/ut-network-admin.cpp b/tests/unit_tests/server/ut-network-admin.cpp index ef44c67..9406a96 100644 --- a/tests/unit_tests/server/ut-network-admin.cpp +++ b/tests/unit_tests/server/ut-network-admin.cpp @@ -29,7 +29,7 @@ #include "network-admin.hpp" #include "utils/exception.hpp" -#include "libvirt/exception.hpp" +//#include "libvirt/exception.hpp" #include "config/manager.hpp" @@ -55,12 +55,12 @@ BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) BOOST_REQUIRE_NO_THROW(admin.reset()); } -BOOST_AUTO_TEST_CASE(BuggyConfigTest) -{ - ContainerConfig config; - config::loadFromFile(BUGGY_CONFIG_PATH, config); - BOOST_REQUIRE_THROW(NetworkAdmin na(config), LibvirtOperationException); -} +//BOOST_AUTO_TEST_CASE(BuggyConfigTest) +//{ +// ContainerConfig config; +// config::loadFromFile(BUGGY_CONFIG_PATH, config); +// BOOST_REQUIRE_THROW(NetworkAdmin na(config), LibvirtOperationException); +//} BOOST_AUTO_TEST_CASE(MissingConfigTest) { -- 2.7.4 From 620ad304f43b8deb251da865ce523381dcdcaaae Mon Sep 17 00:00:00 2001 From: Piotr Bartosiewicz Date: Tue, 21 Oct 2014 11:19:58 +0200 Subject: [PATCH 12/16] LxcDomain class with tests [Bug/Feature] N/A [Cause] N/A [Solution] N/A [Verification] N/A Change-Id: Ibfd0593d92cb9cd4bc52430e4207b93a1a53ecf8 --- common/lxc/domain.cpp | 132 ++++++++++++++++++++++++ common/lxc/domain.hpp | 73 +++++++++++++ common/lxc/exception.hpp | 47 +++++++++ packaging/security-containers.spec | 8 +- server/CMakeLists.txt | 2 +- tests/unit_tests/CMakeLists.txt | 5 +- tests/unit_tests/lxc/templates/CMakeLists.txt | 23 +++++ tests/unit_tests/lxc/templates/minimal.sh | 65 ++++++++++++ tests/unit_tests/lxc/ut-domain.cpp | 142 ++++++++++++++++++++++++++ 9 files changed, 491 insertions(+), 6 deletions(-) create mode 100644 common/lxc/domain.cpp create mode 100644 common/lxc/domain.hpp create mode 100644 common/lxc/exception.hpp create mode 100644 tests/unit_tests/lxc/templates/CMakeLists.txt create mode 100755 tests/unit_tests/lxc/templates/minimal.sh create mode 100644 tests/unit_tests/lxc/ut-domain.cpp diff --git a/common/lxc/domain.cpp b/common/lxc/domain.cpp new file mode 100644 index 0000000..2e70eee --- /dev/null +++ b/common/lxc/domain.cpp @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Lxc domain + */ + +#include "config.hpp" +#include "logger/logger.hpp" +#include "lxc/domain.hpp" +#include "lxc/exception.hpp" + +#include +#include + +namespace security_containers { +namespace lxc { + + +LxcDomain::LxcDomain(const std::string& lxcPath, const std::string& domainName) + : mContainer(nullptr) +{ + mContainer = lxc_container_new(domainName.c_str(), lxcPath.c_str()); + if (!mContainer) { + LOGE("Could not initialize lxc domain " << domainName << " in path " << lxcPath); + throw LxcException("Could not initialize lxc domain"); + } +} + +LxcDomain::~LxcDomain() +{ + lxc_container_put(mContainer); +} + +std::string LxcDomain::getName() const +{ + return mContainer->name; +} + +std::string LxcDomain::getConfigItem(const std::string& key) +{ + char buffer[1024]; + int len = mContainer->get_config_item(mContainer, key.c_str(), buffer, sizeof(buffer)); + if (len < 0) { + LOGE("Key '" + key + "' not found in domain " + getName()); + throw LxcException("Key not found"); + } + return buffer; +} + +bool LxcDomain::isDefined() +{ + return mContainer->is_defined(mContainer); +} + +bool LxcDomain::isRunning() +{ + return mContainer->is_running(mContainer); +} + +std::string LxcDomain::getState() +{ + return mContainer->state(mContainer); +} + +void LxcDomain::create(const std::string& templatePath) +{ + if (!mContainer->create(mContainer, templatePath.c_str(), NULL, NULL, 0, NULL)) { + LOGE("Could not create domain " + getName()); + throw LxcException("Could not create domain"); + } +} + +void LxcDomain::destroy() +{ + if (!mContainer->destroy(mContainer)) { + LOGE("Could not destroy domain " + getName()); + throw LxcException("Could not destroy domain"); + } +} + +void LxcDomain::start(const char* argv[]) +{ + if (!mContainer->start(mContainer, false, const_cast(argv))) { + LOGE("Could not start domain " + getName()); + throw LxcException("Could not start domain"); + } +} + +void LxcDomain::stop() +{ + if (!mContainer->stop(mContainer)) { + LOGE("Could not stop domain " + getName()); + throw LxcException("Stop domain failed"); + } +} + +void LxcDomain::reboot() +{ + if (!mContainer->reboot(mContainer)) { + LOGE("Could not reboot domain " + getName()); + throw LxcException("Reboot domain failed"); + } +} + +void LxcDomain::shutdown(int timeout) +{ + if (!mContainer->shutdown(mContainer, timeout)) { + LOGE("Could not gracefully shutdown domain " + getName() + " in " << timeout << "s"); + throw LxcException("Shutdown domain failed"); + } +} + +} // namespace lxc +} // namespace security_containers diff --git a/common/lxc/domain.hpp b/common/lxc/domain.hpp new file mode 100644 index 0000000..53049a0 --- /dev/null +++ b/common/lxc/domain.hpp @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Lxc domain + */ + +#ifndef COMMON_LXC_DOMAIN_HPP +#define COMMON_LXC_DOMAIN_HPP + +#include + +// fwd declaration of lxc internals +struct lxc_container; + +namespace security_containers { +namespace lxc { + + +/** + * A class wwapping lxc container + */ +class LxcDomain { +public: + LxcDomain(const std::string& lxcPath, const std::string& domainName); + ~LxcDomain(); + + LxcDomain(const LxcDomain&) = delete; + LxcDomain& operator=(const LxcDomain&) = delete; + + std::string getName() const; + + std::string getConfigItem(const std::string& key); + + bool isDefined(); + bool isRunning(); + + std::string getState(); + + void create(const std::string& templatePath); + void destroy(); + + void start(const char* argv[]); + void stop(); + void reboot(); + void shutdown(int timeout); +private: + lxc_container* mContainer; +}; + + +} // namespace lxc +} // namespace security_containers + + +#endif // COMMON_LXC_DOMAIN_HPP diff --git a/common/lxc/exception.hpp b/common/lxc/exception.hpp new file mode 100644 index 0000000..31248b5 --- /dev/null +++ b/common/lxc/exception.hpp @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Lxc exception + */ + + +#ifndef COMMON_LXC_EXCEPTION_HPP +#define COMMON_LXC_EXCEPTION_HPP + +#include "base-exception.hpp" + + +namespace security_containers { + + +/** + * Base class for exceptions in utils + */ +struct LxcException: public SecurityContainersException { + + LxcException(const std::string& error) : SecurityContainersException(error) {} +}; + + +} + + +#endif // COMMON_UTILS_EXCEPTION_HPP diff --git a/packaging/security-containers.spec b/packaging/security-containers.spec index 137f02b..1ef5da4 100644 --- a/packaging/security-containers.spec +++ b/packaging/security-containers.spec @@ -19,17 +19,15 @@ Group: Security/Other Summary: Daemon for managing containers BuildRequires: cmake BuildRequires: boost-devel -BuildRequires: libvirt-devel BuildRequires: libjson-devel >= 0.10 BuildRequires: libcap-ng-devel +BuildRequires: lxc-devel BuildRequires: pkgconfig(libConfig) BuildRequires: pkgconfig(libLogger) BuildRequires: pkgconfig(libSimpleDbus) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(libsystemd-journal) -BuildRequires: pkgconfig(libvirt-glib-1.0) BuildRequires: pkgconfig(sqlite3) -Requires: libvirt-daemon >= 1.2.4 Requires(post): libcap-tools %description @@ -207,6 +205,7 @@ Group: Development/Libraries Requires: security-containers = %{version}-%{release} Requires: security-containers-client = %{version}-%{release} Requires: python +Requires: python-xml Requires: boost-test %description tests @@ -220,6 +219,7 @@ Unit tests for both: server and client and integration tests. %attr(755,root,root) %{script_dir}/sc_int_tests.py %attr(755,root,root) %{script_dir}/sc_launch_test.py %{script_dir}/sc_test_parser.py -%{_datadir}/security-containers +%{_datadir}/security-containers/tests +%attr(755,root,root) %{_datadir}/security-containers/lxc-templates %{python_sitelib}/sc_integration_tests /etc/dbus-1/system.d/org.tizen.containers.tests.conf diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index 3ffefb6..0eab83b 100644 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -29,7 +29,7 @@ ADD_EXECUTABLE(${SERVER_CODENAME} ${project_SRCS} ${common_SRCS}) ## Link libraries ############################################################## FIND_PACKAGE(Boost COMPONENTS program_options system filesystem regex) -PKG_CHECK_MODULES(SERVER_DEPS REQUIRED json gio-2.0 libsystemd-journal +PKG_CHECK_MODULES(SERVER_DEPS REQUIRED lxc json gio-2.0 libsystemd-journal libcap-ng libLogger libSimpleDbus libConfig) INCLUDE_DIRECTORIES(${COMMON_FOLDER}) diff --git a/tests/unit_tests/CMakeLists.txt b/tests/unit_tests/CMakeLists.txt index 939b6c1..38d268a 100644 --- a/tests/unit_tests/CMakeLists.txt +++ b/tests/unit_tests/CMakeLists.txt @@ -35,7 +35,7 @@ ADD_EXECUTABLE(${UT_SERVER_CODENAME} ${project_SRCS} ${common_SRCS} ${server_SRC ## Link libraries ############################################################## FIND_PACKAGE (Boost COMPONENTS unit_test_framework system filesystem regex) -PKG_CHECK_MODULES(UT_SERVER_DEPS REQUIRED json gio-2.0 +PKG_CHECK_MODULES(UT_SERVER_DEPS REQUIRED lxc json gio-2.0 libsystemd-journal libcap-ng libLogger libSimpleDbus libConfig) INCLUDE_DIRECTORIES(${COMMON_FOLDER} ${SERVER_FOLDER} ${UNIT_TESTS_FOLDER} ${CLIENT_FOLDER}) INCLUDE_DIRECTORIES(SYSTEM ${UT_SERVER_DEPS_INCLUDE_DIRS} ${Boost_INCLUDE_DIRS}) @@ -44,12 +44,15 @@ TARGET_LINK_LIBRARIES(${UT_SERVER_CODENAME} ${UT_SERVER_DEPS_LIBRARIES} ${Boost_ ## Subdirectories ############################################################## SET(SC_TEST_CONFIG_INSTALL_DIR ${SC_DATA_INSTALL_DIR}/tests) +SET(SC_TEST_LXC_TEMPLATES_INSTALL_DIR ${SC_DATA_INSTALL_DIR}/lxc-templates/tests) ADD_DEFINITIONS(-DSC_TEST_CONFIG_INSTALL_DIR="${SC_TEST_CONFIG_INSTALL_DIR}") +ADD_DEFINITIONS(-DSC_TEST_LXC_TEMPLATES_INSTALL_DIR="${SC_TEST_LXC_TEMPLATES_INSTALL_DIR}") ADD_SUBDIRECTORY(dbus/configs) ADD_SUBDIRECTORY(server/configs) ADD_SUBDIRECTORY(utils/configs) ADD_SUBDIRECTORY(client/configs) +ADD_SUBDIRECTORY(lxc/templates) ## Install ##################################################################### diff --git a/tests/unit_tests/lxc/templates/CMakeLists.txt b/tests/unit_tests/lxc/templates/CMakeLists.txt new file mode 100644 index 0000000..139cf49 --- /dev/null +++ b/tests/unit_tests/lxc/templates/CMakeLists.txt @@ -0,0 +1,23 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# @file +# @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) +# + +FILE(GLOB LXC_TEMPLATES *.sh) + +INSTALL(PROGRAMS ${LXC_TEMPLATES} + DESTINATION ${SC_TEST_LXC_TEMPLATES_INSTALL_DIR}) diff --git a/tests/unit_tests/lxc/templates/minimal.sh b/tests/unit_tests/lxc/templates/minimal.sh new file mode 100755 index 0000000..64f6da7 --- /dev/null +++ b/tests/unit_tests/lxc/templates/minimal.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +echo UnitTest LXC template, args: $@ + +options=$(getopt -o p:n: -l rootfs:,path:,name: -- "$@") +if [ $? -ne 0 ]; then + exit 1 +fi +eval set -- "$options" + +while true +do + case "$1" in + -p|--path) path=$2; shift 2;; + --rootfs) rootfs=$2; shift 2;; + -n|--name) name=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +# Prepare container rootfs +ROOTFS_DIRS="\ +${rootfs}/bin \ +${rootfs}/dev \ +${rootfs}/etc \ +${rootfs}/home \ +${rootfs}/lib \ +${rootfs}/lib64 \ +${rootfs}/proc \ +${rootfs}/root \ +${rootfs}/run \ +${rootfs}/sbin \ +${rootfs}/sys \ +${rootfs}/tmp \ +${rootfs}/usr +" +/bin/mkdir ${ROOTFS_DIRS} + +# Prepare container configuration file +> ${path}/config +cat <> ${path}/config +lxc.utsname = ${name} +lxc.rootfs = ${rootfs} + +lxc.haltsignal = SIGTERM + +lxc.pts = 256 +lxc.tty = 0 + +lxc.mount.auto = proc sys cgroup +lxc.mount.entry = /bin bin none ro,bind 0 0 +lxc.mount.entry = /etc etc none ro,bind 0 0 +lxc.mount.entry = /lib lib none ro,bind 0 0 +lxc.mount.entry = /sbin sbin none ro,bind 0 0 +lxc.mount.entry = /usr usr none ro,rbind 0 0 +lxc.mount.entry = devtmpfs dev devtmpfs rw,relatime,mode=755 0 0 +EOF + +if [ "$(uname -m)" = "x86_64" ]; then +cat <> $path/config +lxc.mount.entry = /lib64 lib64 none ro,bind 0 0 +EOF +fi + diff --git a/tests/unit_tests/lxc/ut-domain.cpp b/tests/unit_tests/lxc/ut-domain.cpp new file mode 100644 index 0000000..0e1b863 --- /dev/null +++ b/tests/unit_tests/lxc/ut-domain.cpp @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Unit tests of LxcDomain class + */ + +#include "config.hpp" +#include "ut.hpp" + +#include "lxc/domain.hpp" +#include "lxc/exception.hpp" + +#include +#include +#include + +namespace { + +using namespace security_containers; +using namespace security_containers::lxc; +namespace fs = boost::filesystem; + +const std::string LXC_PATH = "/tmp/ut-lxc/"; +const std::string DOMAIN_NAME = "ut-domain"; +const std::string TEMPLATE = SC_TEST_LXC_TEMPLATES_INSTALL_DIR "/minimal.sh"; + +struct Fixture { + Fixture() + { + fs::create_directory(LXC_PATH); + cleanup(); + } + + ~Fixture() + { + cleanup(); + fs::remove_all(LXC_PATH); + } + + void cleanup() + { + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + if (lxc.isDefined()) { + if (lxc.isRunning()) { + lxc.stop(); + } + lxc.destroy(); + } + } +}; + +} // namespace + +BOOST_FIXTURE_TEST_SUITE(LxcDomainSuite, Fixture) + +BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) +{ + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); +} + +BOOST_AUTO_TEST_CASE(CreateDestroyTest) +{ + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + BOOST_CHECK(!lxc.isDefined()); + + lxc.create(TEMPLATE); + + BOOST_CHECK(lxc.isDefined()); + BOOST_CHECK_EQUAL(lxc.getConfigItem("lxc.rootfs"), LXC_PATH + DOMAIN_NAME + "/rootfs"); + BOOST_CHECK_THROW(lxc.getConfigItem("xxx"), LxcException); + + lxc.destroy(); + + BOOST_CHECK(!lxc.isDefined()); +} + +BOOST_AUTO_TEST_CASE(StartShutdownTest) +{ + { + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + lxc.create(TEMPLATE); + } + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + BOOST_CHECK_EQUAL("STOPPED", lxc.getState()); + const char* argv[] = { + "/bin/sh", + "-c", + "trap exit SIGTERM; read", + NULL + }; + lxc.start(argv); + // wait for bash to be able to trap SIGTERM + std::this_thread::sleep_for(std::chrono::milliseconds(200)); + BOOST_CHECK_EQUAL("RUNNING", lxc.getState()); + lxc.shutdown(2); + BOOST_CHECK_EQUAL("STOPPED", lxc.getState()); + + lxc.destroy(); +} + +BOOST_AUTO_TEST_CASE(StartStopTest) +{ + { + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + lxc.create(TEMPLATE); + } + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + BOOST_CHECK_EQUAL("STOPPED", lxc.getState()); + const char* argv[] = { + "/bin/sh", + NULL + }; + lxc.start(argv); + BOOST_CHECK_EQUAL("RUNNING", lxc.getState()); + BOOST_CHECK_THROW(lxc.shutdown(1), LxcException); + BOOST_CHECK_EQUAL("RUNNING", lxc.getState()); + lxc.stop(); + BOOST_CHECK_EQUAL("STOPPED", lxc.getState()); + + lxc.destroy(); +} + +BOOST_AUTO_TEST_SUITE_END() -- 2.7.4 From 99cf2a3624b25ce0a1f61fbb8bc95eb240c3e0ba Mon Sep 17 00:00:00 2001 From: Piotr Bartosiewicz Date: Thu, 23 Oct 2014 13:56:44 +0200 Subject: [PATCH 13/16] Get rid of libvirt configs [Bug/Feature] N/A [Cause] N/A [Solution] N/A [Verification] N/A Change-Id: Ibefee41db18ace8e000671f7bedd6a075e9ce8db --- CMakeLists.txt | 4 - cli/CMakeLists.txt | 1 + client/CMakeLists.txt | 1 + container-daemon/CMakeLists.txt | 1 + container-support/CMakeLists.txt | 1 + packaging/security-containers.spec | 7 -- server/CMakeLists.txt | 1 + server/configs/CMakeLists.txt | 8 -- server/configs/containers/business.conf | 3 - server/configs/containers/private.conf | 3 - server/configs/libvirt-config/business-network.xml | 12 -- .../configs/libvirt-config/business-nwfilter.xml | 8 -- server/configs/libvirt-config/business.xml | 123 --------------------- server/configs/libvirt-config/private-network.xml | 12 -- server/configs/libvirt-config/private-nwfilter.xml | 8 -- server/configs/libvirt-config/private.xml | 123 --------------------- .../configs/systemd/security-containers.service.in | 2 - server/configs/templates/template-network.xml | 12 -- server/configs/templates/template-nwfilter.xml | 9 -- server/configs/templates/template.conf | 3 - server/configs/templates/template.xml | 123 --------------------- server/container-config.hpp | 20 ---- server/container.cpp | 12 +- server/containers-manager.cpp | 17 --- server/server.cpp | 7 +- tests/integration_tests/CMakeLists.txt | 1 + tests/unit_tests/CMakeLists.txt | 1 + tests/unit_tests/client/configs/CMakeLists.txt | 15 +-- .../ut-client/containers/console1-dbus.conf | 3 - .../ut-client/containers/console2-dbus.conf | 3 - .../ut-client/containers/console3-dbus.conf | 3 - .../ut-client/libvirt-config/console1-dbus.xml.in | 15 --- .../ut-client/libvirt-config/console2-dbus.xml.in | 15 --- .../ut-client/libvirt-config/console3-dbus.xml.in | 15 --- .../ut-client/libvirt-config/network1-filter.xml | 3 - .../configs/ut-client/libvirt-config/network1.xml | 4 - .../ut-client/libvirt-config/network2-filter.xml | 3 - .../configs/ut-client/libvirt-config/network2.xml | 4 - .../ut-client/libvirt-config/network3-filter.xml | 3 - .../configs/ut-client/libvirt-config/network3.xml | 4 - tests/unit_tests/dbus/configs/CMakeLists.txt | 2 +- tests/unit_tests/server/configs/CMakeLists.txt | 41 +------ .../ut-container-admin/containers/buggy.conf.in | 3 - .../ut-container-admin/containers/missing.conf | 3 - .../containers/test-no-shutdown.conf.in | 3 - .../ut-container-admin/containers/test.conf.in | 3 - .../ut-container-admin/libvirt-config/buggy.xml | 1 - .../libvirt-config/test-no-shutdown.xml | 12 -- .../ut-container-admin/libvirt-config/test.xml | 14 --- .../configs/ut-container/containers/buggy.conf | 3 - .../configs/ut-container/containers/test-dbus.conf | 3 - .../configs/ut-container/containers/test.conf | 3 - .../ut-container/libvirt-config/network-filter.xml | 4 - .../ut-container/libvirt-config/network.xml | 4 - .../ut-container/libvirt-config/test-dbus.xml.in | 22 ---- .../configs/ut-container/libvirt-config/test.xml | 18 --- .../containers/console1-dbus.conf | 3 - .../ut-containers-manager/containers/console1.conf | 3 - .../containers/console2-dbus.conf | 3 - .../ut-containers-manager/containers/console2.conf | 3 - .../containers/console3-dbus.conf | 3 - .../ut-containers-manager/containers/console3.conf | 3 - .../libvirt-config/console1-dbus.xml.in | 15 --- .../libvirt-config/console1.xml | 18 --- .../libvirt-config/console2-dbus.xml.in | 15 --- .../libvirt-config/console2.xml | 18 --- .../libvirt-config/console3-dbus.xml.in | 15 --- .../libvirt-config/console3.xml | 18 --- .../libvirt-config/network1-filter.xml | 3 - .../libvirt-config/network1.xml | 4 - .../libvirt-config/network2-filter.xml | 3 - .../libvirt-config/network2.xml | 4 - .../libvirt-config/network3-filter.xml | 3 - .../libvirt-config/network3.xml | 4 - .../templates/template-network.xml | 4 - .../templates/template-nwfilter.xml | 3 - .../ut-containers-manager/templates/template.conf | 3 - .../templates/template.xml.in | 15 --- .../ut-network-admin/containers/buggy.conf.in | 3 - .../ut-network-admin/containers/missing.conf | 3 - .../ut-network-admin/containers/test.conf.in | 3 - .../libvirt-config/buggy-network-filter.xml | 1 - .../libvirt-config/buggy-network.xml | 1 - .../libvirt-config/network-filter.xml | 4 - .../ut-network-admin/libvirt-config/network.xml | 4 - .../configs/ut-server/containers/container1.conf | 3 - .../configs/ut-server/containers/container2.conf | 3 - .../configs/ut-server/containers/container3.conf | 3 - .../ut-server/libvirt-config/container1.xml | 18 --- .../ut-server/libvirt-config/container2.xml | 18 --- .../ut-server/libvirt-config/container3.xml | 18 --- .../ut-server/libvirt-config/network1-filter.xml | 3 - .../configs/ut-server/libvirt-config/network1.xml | 4 - .../ut-server/libvirt-config/network2-filter.xml | 3 - .../configs/ut-server/libvirt-config/network2.xml | 4 - .../ut-server/libvirt-config/network3-filter.xml | 3 - .../configs/ut-server/libvirt-config/network3.xml | 4 - tests/unit_tests/server/ut-containers-manager.cpp | 4 - tests/unit_tests/utils/configs/CMakeLists.txt | 2 +- 99 files changed, 19 insertions(+), 1005 deletions(-) delete mode 100644 server/configs/libvirt-config/business-network.xml delete mode 100644 server/configs/libvirt-config/business-nwfilter.xml delete mode 100644 server/configs/libvirt-config/business.xml delete mode 100644 server/configs/libvirt-config/private-network.xml delete mode 100644 server/configs/libvirt-config/private-nwfilter.xml delete mode 100644 server/configs/libvirt-config/private.xml delete mode 100644 server/configs/templates/template-network.xml delete mode 100644 server/configs/templates/template-nwfilter.xml delete mode 100644 server/configs/templates/template.xml delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/console1-dbus.xml.in delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/console2-dbus.xml.in delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/console3-dbus.xml.in delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/network1-filter.xml delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/network1.xml delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/network2-filter.xml delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/network2.xml delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/network3-filter.xml delete mode 100644 tests/unit_tests/client/configs/ut-client/libvirt-config/network3.xml delete mode 100644 tests/unit_tests/server/configs/ut-container-admin/libvirt-config/buggy.xml delete mode 100644 tests/unit_tests/server/configs/ut-container-admin/libvirt-config/test-no-shutdown.xml delete mode 100644 tests/unit_tests/server/configs/ut-container-admin/libvirt-config/test.xml delete mode 100644 tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-container/libvirt-config/network.xml delete mode 100644 tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in delete mode 100644 tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1-dbus.xml.in delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2-dbus.xml.in delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3-dbus.xml.in delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/templates/template-network.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/templates/template-nwfilter.xml delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/templates/template.xml.in delete mode 100644 tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network.xml delete mode 100644 tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network1.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network2.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml delete mode 100644 tests/unit_tests/server/configs/ut-server/libvirt-config/network3.xml diff --git a/CMakeLists.txt b/CMakeLists.txt index f824f8f..b998b20 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -63,9 +63,6 @@ ADD_DEFINITIONS(-DPROJECT_SOURCE_DIR="${PROJECT_SOURCE_DIR}") IF(NOT DEFINED SECURITY_CONTAINERS_USER) SET(SECURITY_CONTAINERS_USER "security-containers") ENDIF(NOT DEFINED SECURITY_CONTAINERS_USER) -IF(NOT DEFINED LIBVIRT_GROUP) - SET(LIBVIRT_GROUP "libvirt") -ENDIF(NOT DEFINED LIBVIRT_GROUP) IF(NOT DEFINED INPUT_EVENT_GROUP) SET(INPUT_EVENT_GROUP "input") ENDIF(NOT DEFINED INPUT_EVENT_GROUP) @@ -77,7 +74,6 @@ IF(NOT DEFINED TTY_GROUP) ENDIF(NOT DEFINED TTY_GROUP) ADD_DEFINITIONS(-DSECURITY_CONTAINERS_USER="${SECURITY_CONTAINERS_USER}") -ADD_DEFINITIONS(-DLIBVIRT_GROUP="${LIBVIRT_GROUP}") ADD_DEFINITIONS(-DINPUT_EVENT_GROUP="${INPUT_EVENT_GROUP}") ADD_DEFINITIONS(-DDISK_GROUP="${DISK_GROUP}") ADD_DEFINITIONS(-DTTY_GROUP="${TTY_GROUP}") diff --git a/cli/CMakeLists.txt b/cli/CMakeLists.txt index 076dd94..ff1075b 100644 --- a/cli/CMakeLists.txt +++ b/cli/CMakeLists.txt @@ -17,6 +17,7 @@ # @author Mateusz Malicki (m.malicki2@samsung.com) # +MESSAGE(STATUS "") MESSAGE(STATUS "Generating makefile for the command line interface...") FILE(GLOB cli_SRCS *.cpp *.hpp) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 48cefea..3d8eb5d 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -17,6 +17,7 @@ # @author Mateusz Malicki (m.malicki2@samsung.com) # +MESSAGE(STATUS "") MESSAGE(STATUS "Generating makefile for the Client...") FILE(GLOB project_SRCS *.cpp *.hpp *.h) FILE(GLOB common_SRCS ${COMMON_FOLDER}/utils/callback-guard.hpp diff --git a/container-daemon/CMakeLists.txt b/container-daemon/CMakeLists.txt index c264a38..769eb7f 100644 --- a/container-daemon/CMakeLists.txt +++ b/container-daemon/CMakeLists.txt @@ -17,6 +17,7 @@ # @author Jan Olszak (j.olszak@samsung.com) # +MESSAGE(STATUS "") MESSAGE(STATUS "Generating makefile for the Container Daemon...") FILE(GLOB project_SRCS *.cpp *.hpp) FILE(GLOB common_SRCS ${COMMON_FOLDER}/dbus/*.cpp ${COMMON_FOLDER}/dbus/*.hpp diff --git a/container-support/CMakeLists.txt b/container-support/CMakeLists.txt index 8d9c159..3b26157 100644 --- a/container-support/CMakeLists.txt +++ b/container-support/CMakeLists.txt @@ -17,6 +17,7 @@ # @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) # +MESSAGE(STATUS "") MESSAGE(STATUS "Generating makefile for the Container Support...") diff --git a/packaging/security-containers.spec b/packaging/security-containers.spec index 1ef5da4..e73694c 100644 --- a/packaging/security-containers.spec +++ b/packaging/security-containers.spec @@ -1,7 +1,6 @@ %define script_dir %{_sbindir} # Security Containers Server's user info - it should already exist in the system %define scs_user security-containers -%define libvirt_group libvirt # The group that has read and write access to /dev/input/event* devices. # It may vary between platforms. %define input_event_group input @@ -41,13 +40,8 @@ between them. A process from inside a container can request a switch of context %attr(755,root,root) %{_bindir}/security-containers-server %dir /etc/security-containers %dir /etc/security-containers/containers -%dir /etc/security-containers/libvirt-config -%dir /etc/security-containers/templates %config /etc/security-containers/daemon.conf %config /etc/security-containers/containers/*.conf -%config /etc/security-containers/libvirt-config/*.xml -%config /etc/security-containers/templates/*.conf -%config /etc/security-containers/templates/*.xml %{_unitdir}/security-containers.service %{_unitdir}/multi-user.target.wants/security-containers.service /etc/dbus-1/system.d/org.tizen.containers.host.conf @@ -69,7 +63,6 @@ between them. A process from inside a container can request a switch of context -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DPYTHON_SITELIB=%{python_sitelib} \ -DSECURITY_CONTAINERS_USER=%{scs_user} \ - -DLIBVIRT_GROUP=%{libvirt_group} \ -DINPUT_EVENT_GROUP=%{input_event_group} \ -DDISK_GROUP=%{disk_group} \ -DTTY_GROUP=%{tty_group} diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index 0eab83b..3c1d89c 100644 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -17,6 +17,7 @@ # @author Jan Olszak (j.olszak@samsung.com) # +MESSAGE(STATUS "") MESSAGE(STATUS "Generating makefile for the Server...") FILE(GLOB project_SRCS *.cpp *.hpp) FILE(GLOB_RECURSE common_SRCS ${COMMON_FOLDER}/*.cpp ${COMMON_FOLDER}/*.hpp) diff --git a/server/configs/CMakeLists.txt b/server/configs/CMakeLists.txt index 81859c1..310f407 100644 --- a/server/configs/CMakeLists.txt +++ b/server/configs/CMakeLists.txt @@ -20,8 +20,6 @@ MESSAGE(STATUS "Installing configs to " ${SC_CONFIG_INSTALL_DIR}) FILE(GLOB container_CONF containers/*.conf) -FILE(GLOB admin_CONF libvirt-config/*.xml) -FILE(GLOB template_CONF templates/*.conf templates/*.xml) ## Generate #################################################################### CONFIGURE_FILE(systemd/security-containers.service.in @@ -42,11 +40,5 @@ INSTALL(FILES ${CMAKE_BINARY_DIR}/dbus-1/system.d/org.tizen.containers.hos INSTALL(FILES ${container_CONF} DESTINATION ${SC_CONFIG_INSTALL_DIR}/containers) -INSTALL(FILES ${admin_CONF} - DESTINATION ${SC_CONFIG_INSTALL_DIR}/libvirt-config) - -INSTALL(FILES ${template_CONF} - DESTINATION ${SC_CONFIG_INSTALL_DIR}/templates) - INSTALL(FILES ${CMAKE_BINARY_DIR}/systemd/security-containers.service DESTINATION ${SYSTEMD_UNIT_DIR}) diff --git a/server/configs/containers/business.conf b/server/configs/containers/business.conf index 600edb1..c7b1fb4 100644 --- a/server/configs/containers/business.conf +++ b/server/configs/containers/business.conf @@ -5,9 +5,6 @@ "privilege" : 1, "vt" : 3, "switchToDefaultAfterTimeout" : true, - "config" : "../libvirt-config/business.xml", - "networkConfig" : "../libvirt-config/business-network.xml", - "networkFilterConfig" : "../libvirt-config/business-nwfilter.xml", "runMountPoint" : "business/run", "permittedToSend" : [ "/tmp/.*" ], "permittedToRecv" : [ "/tmp/.*" ] diff --git a/server/configs/containers/private.conf b/server/configs/containers/private.conf index 71d4bcb..a741c64 100644 --- a/server/configs/containers/private.conf +++ b/server/configs/containers/private.conf @@ -5,9 +5,6 @@ "privilege" : 10, "vt" : 2, "switchToDefaultAfterTimeout" : true, - "config" : "../libvirt-config/private.xml", - "networkConfig" : "../libvirt-config/private-network.xml", - "networkFilterConfig" : "../libvirt-config/private-nwfilter.xml", "runMountPoint" : "private/run", "permittedToSend" : [ "/tmp/.*" ], "permittedToRecv" : [ "/tmp/.*" ] diff --git a/server/configs/libvirt-config/business-network.xml b/server/configs/libvirt-config/business-network.xml deleted file mode 100644 index dbfc6c4..0000000 --- a/server/configs/libvirt-config/business-network.xml +++ /dev/null @@ -1,12 +0,0 @@ - - business - cc0951f9-3397-4272-ae05-66c19229accf - - - - - - - - - diff --git a/server/configs/libvirt-config/business-nwfilter.xml b/server/configs/libvirt-config/business-nwfilter.xml deleted file mode 100644 index 6548f58..0000000 --- a/server/configs/libvirt-config/business-nwfilter.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - diff --git a/server/configs/libvirt-config/business.xml b/server/configs/libvirt-config/business.xml deleted file mode 100644 index 7564d8b..0000000 --- a/server/configs/libvirt-config/business.xml +++ /dev/null @@ -1,123 +0,0 @@ - - business - df00c906-c223-46bd-a49e-b573f694c3a5 - 102400 - - exe - /usr/lib/systemd/systemd - - destroy - restart - destroy - - - - - /dev/fb0 - - - - - /dev/tty2 - - - - - /dev/tty3 - - - - - /dev/tty4 - - - - - /dev/tty5 - - - - - /dev/input/event0 - - - - - /dev/input/event1 - - - - - /dev/input/event2 - - - - - /dev/input/event3 - - - - - /dev/input/event4 - - - - - /dev/input/mice - - - - - /dev/input/mouse0 - - - - - - - /dev/log_events - - - - - /dev/log_main - - - - - /dev/log_radio - - - - - /dev/log_system - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/server/configs/libvirt-config/private-network.xml b/server/configs/libvirt-config/private-network.xml deleted file mode 100644 index 7dec5a9..0000000 --- a/server/configs/libvirt-config/private-network.xml +++ /dev/null @@ -1,12 +0,0 @@ - - private - 5b25f83d-ccb6-45f0-9d5c-c05199c261bd - - - - - - - - - diff --git a/server/configs/libvirt-config/private-nwfilter.xml b/server/configs/libvirt-config/private-nwfilter.xml deleted file mode 100644 index 12dc793..0000000 --- a/server/configs/libvirt-config/private-nwfilter.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - diff --git a/server/configs/libvirt-config/private.xml b/server/configs/libvirt-config/private.xml deleted file mode 100644 index b665a80..0000000 --- a/server/configs/libvirt-config/private.xml +++ /dev/null @@ -1,123 +0,0 @@ - - private - 5890186c-0a85-4b27-bd0f-b3505c3bbea8 - 102400 - - exe - /usr/lib/systemd/systemd - - destroy - restart - destroy - - - - - /dev/fb0 - - - - - /dev/tty2 - - - - - /dev/tty3 - - - - - /dev/tty4 - - - - - /dev/tty5 - - - - - /dev/input/event0 - - - - - /dev/input/event1 - - - - - /dev/input/event2 - - - - - /dev/input/event3 - - - - - /dev/input/event4 - - - - - /dev/input/mice - - - - - /dev/input/mouse0 - - - - - - - /dev/log_events - - - - - /dev/log_main - - - - - /dev/log_radio - - - - - /dev/log_system - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/server/configs/systemd/security-containers.service.in b/server/configs/systemd/security-containers.service.in index c271341..a1b8af0 100644 --- a/server/configs/systemd/security-containers.service.in +++ b/server/configs/systemd/security-containers.service.in @@ -1,7 +1,5 @@ [Unit] Description=Security Containers Server -After=libvirtd.service -Requires=libvirtd.service ConditionVirtualization=no [Service] diff --git a/server/configs/templates/template-network.xml b/server/configs/templates/template-network.xml deleted file mode 100644 index f5ec171..0000000 --- a/server/configs/templates/template-network.xml +++ /dev/null @@ -1,12 +0,0 @@ - - ~NAME~ - ~UUID~ - - - - - - - - - diff --git a/server/configs/templates/template-nwfilter.xml b/server/configs/templates/template-nwfilter.xml deleted file mode 100644 index 82ea8cc..0000000 --- a/server/configs/templates/template-nwfilter.xml +++ /dev/null @@ -1,9 +0,0 @@ - - ~UUID~ - - - - - - - diff --git a/server/configs/templates/template.conf b/server/configs/templates/template.conf index b054fb1..a8f47fc 100644 --- a/server/configs/templates/template.conf +++ b/server/configs/templates/template.conf @@ -5,9 +5,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, - "config" : "../libvirt-config/~NAME~.xml", - "networkConfig" : "../libvirt-config/~NAME~-network.xml", - "networkFilterConfig" : "../libvirt-config/~NAME~-nwfilter.xml", "runMountPoint" : "~NAME~/run", "permittedToSend" : [ "/tmp/.*" ], "permittedToRecv" : [ "/tmp/.*" ] diff --git a/server/configs/templates/template.xml b/server/configs/templates/template.xml deleted file mode 100644 index bdb452d..0000000 --- a/server/configs/templates/template.xml +++ /dev/null @@ -1,123 +0,0 @@ - - ~NAME~ - ~UUID~ - 102400 - - exe - /usr/lib/systemd/systemd - - destroy - restart - destroy - - - - - /dev/fb0 - - - - - /dev/tty2 - - - - - /dev/tty3 - - - - - /dev/tty4 - - - - - /dev/tty5 - - - - - /dev/input/event0 - - - - - /dev/input/event1 - - - - - /dev/input/event2 - - - - - /dev/input/event3 - - - - - /dev/input/event4 - - - - - /dev/input/mice - - - - - /dev/input/mouse0 - - - - - - - /dev/log_events - - - - - /dev/log_main - - - - - /dev/log_radio - - - - - /dev/log_system - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/server/container-config.hpp b/server/container-config.hpp index e0c6760..e8d44c1 100644 --- a/server/container-config.hpp +++ b/server/container-config.hpp @@ -60,23 +60,6 @@ struct ContainerConfig { bool enableDbusIntegration; /** - * Container's libvirt (XML) config file. - * Location can be relative to the Container's config file. - */ - std::string config; - - /** - * Container's libvirt (XML) network config file. - */ - std::string networkConfig; - - /** - * - * Container's libvirt (XML) network filter config file. - */ - std::string networkFilterConfig; - - /** * Container's CFS quota in us when it's in the foreground */ std::int64_t cpuQuotaForeground; @@ -109,9 +92,6 @@ struct ContainerConfig { vt, switchToDefaultAfterTimeout, enableDbusIntegration, - config, - networkConfig, - networkFilterConfig, cpuQuotaForeground, cpuQuotaBackground, runMountPoint, diff --git a/server/container.cpp b/server/container.cpp index 59328db..c69cd46 100644 --- a/server/container.cpp +++ b/server/container.cpp @@ -65,17 +65,17 @@ Container::Container(const std::string& containerConfigPath, } const std::string baseConfigPath = utils::dirName(containerConfigPath); - mConfig.config = fs::absolute(mConfig.config, baseConfigPath).string(); - mConfig.networkConfig = fs::absolute(mConfig.networkConfig, baseConfigPath).string(); - mConfig.networkFilterConfig = fs::absolute(mConfig.networkFilterConfig, - baseConfigPath).string(); + //mConfig.config = fs::absolute(mConfig.config, baseConfigPath).string(); + //mConfig.networkConfig = fs::absolute(mConfig.networkConfig, baseConfigPath).string(); + //mConfig.networkFilterConfig = fs::absolute(mConfig.networkFilterConfig, + // baseConfigPath).string(); if (!mConfig.runMountPoint.empty()) { mRunMountPoint = fs::absolute(mConfig.runMountPoint, baseRunMountPointPath).string(); } - LOGT("Creating Network Admin " << mConfig.networkConfig); + //LOGT("Creating Network Admin " << mConfig.networkConfig); mNetworkAdmin.reset(new NetworkAdmin(mConfig)); - LOGT("Creating Container Admin " << mConfig.config); + //LOGT("Creating Container Admin " << mConfig.config); mAdmin.reset(new ContainerAdmin(mConfig)); } diff --git a/server/containers-manager.cpp b/server/containers-manager.cpp index c9c7ff8..321bec0 100644 --- a/server/containers-manager.cpp +++ b/server/containers-manager.cpp @@ -67,9 +67,6 @@ bool regexMatchVector(const std::string& str, const std::vector& v const std::string HOST_ID = "host"; const std::string CONTAINER_TEMPLATE_CONFIG_PATH = "template.conf"; -const std::string CONTAINER_TEMPLATE_LIBVIRT_CONFIG_PATH = "template.xml"; -const std::string CONTAINER_TEMPLATE_LIBVIRT_NETWORK_PATH = "template-network.xml"; -const std::string CONTAINER_TEMPLATE_LIBVIRT_NETWORK_FILTER_PATH = "template-nwfilter.xml"; const boost::regex CONTAINER_NAME_REGEX("~NAME~"); const boost::regex CONTAINER_UUID_REGEX("~UUID~"); @@ -606,12 +603,6 @@ void ContainersManager::handleAddContainerCall(const std::string& id, std::string configPath = utils::createFilePath(templateDir, "/", CONTAINER_TEMPLATE_CONFIG_PATH); std::string newConfigPath = utils::createFilePath(configDir, "/containers/", id + ".conf"); - std::string libvirtConfigPath = utils::createFilePath(templateDir, "/", CONTAINER_TEMPLATE_LIBVIRT_CONFIG_PATH); - std::string newLibvirtConfigPath = utils::createFilePath(configDir, "/libvirt-config/", id + ".xml"); - std::string libvirtNetworkPath = utils::createFilePath(templateDir, "/", CONTAINER_TEMPLATE_LIBVIRT_NETWORK_PATH); - std::string newLibvirtNetworkPath = utils::createFilePath(configDir, "/libvirt-config/", id + "-network.xml"); - std::string libvirtNetworkFilterPath = utils::createFilePath(templateDir, "/", CONTAINER_TEMPLATE_LIBVIRT_NETWORK_FILTER_PATH); - std::string newLibvirtNetworkFilterPath = utils::createFilePath(configDir, "/libvirt-config/", id + "-nwfilter.xml"); auto removeAllWrapper = [](const std::string& path) { try { @@ -626,14 +617,6 @@ void ContainersManager::handleAddContainerCall(const std::string& id, LOGI("Generating config from " << configPath << " to " << newConfigPath); generateNewConfig(id, configPath, newConfigPath); - LOGI("Generating config from " << libvirtConfigPath << " to " << newLibvirtConfigPath); - generateNewConfig(id, libvirtConfigPath, newLibvirtConfigPath); - - LOGI("Generating config from " << libvirtNetworkPath << " to " << newLibvirtNetworkPath); - generateNewConfig(id, libvirtNetworkPath, newLibvirtNetworkPath); - - LOGI("Generating config from " << libvirtNetworkFilterPath << " to " << newLibvirtNetworkFilterPath); - generateNewConfig(id, libvirtNetworkFilterPath, newLibvirtNetworkFilterPath); } catch (SecurityContainersException& e) { LOGE(e.what()); removeAllWrapper(containerPathStr); diff --git a/server/server.cpp b/server/server.cpp index a9ad444..8fb6b57 100644 --- a/server/server.cpp +++ b/server/server.cpp @@ -54,10 +54,6 @@ #error "INPUT_EVENT_GROUP must be defined!" #endif -#ifndef LIBVIRT_GROUP -#error "LIBVIRT_GROUP must be defined!" -#endif - #ifndef DISK_GROUP #error "DISK_GROUP must be defined!" #endif @@ -189,11 +185,10 @@ bool Server::prepareEnvironment(const std::string& configPath, bool runAsRoot) return true; } - // LIBVIRT_GROUP provides access to libvirt's daemon socket. // INPUT_EVENT_GROUP provides access to /dev/input/event* devices used by InputMonitor. // DISK_GROUP provides access to /dev/loop* devices, needed when adding new container to copy // containers image - if (!utils::setSuppGroups({LIBVIRT_GROUP, INPUT_EVENT_GROUP, DISK_GROUP, TTY_GROUP})) { + if (!utils::setSuppGroups({INPUT_EVENT_GROUP, DISK_GROUP, TTY_GROUP})) { return false; } diff --git a/tests/integration_tests/CMakeLists.txt b/tests/integration_tests/CMakeLists.txt index c0289c3..7330049 100644 --- a/tests/integration_tests/CMakeLists.txt +++ b/tests/integration_tests/CMakeLists.txt @@ -17,6 +17,7 @@ # @author Lukasz Kostyra (l.kostyra@samsung.com) # +MESSAGE(STATUS "") MESSAGE(STATUS "Generating makefile for Integration Tests...") diff --git a/tests/unit_tests/CMakeLists.txt b/tests/unit_tests/CMakeLists.txt index 38d268a..ec795db 100644 --- a/tests/unit_tests/CMakeLists.txt +++ b/tests/unit_tests/CMakeLists.txt @@ -17,6 +17,7 @@ # @author Jan Olszak (j.olszak@samsung.com) # +MESSAGE(STATUS "") MESSAGE(STATUS "Generating makefile for the Unit Tests...") FILE(GLOB_RECURSE project_SRCS *.cpp *.hpp) FILE(GLOB_RECURSE common_SRCS ${COMMON_FOLDER}/*.cpp ${COMMON_FOLDER}/*.hpp) diff --git a/tests/unit_tests/client/configs/CMakeLists.txt b/tests/unit_tests/client/configs/CMakeLists.txt index 112d979..c6f67a7 100644 --- a/tests/unit_tests/client/configs/CMakeLists.txt +++ b/tests/unit_tests/client/configs/CMakeLists.txt @@ -17,28 +17,15 @@ # @author Mateusz Malicki (m.malicki2@samsung.com) # -MESSAGE(STATUS "Installing configs for the Client Unit Tests to " ${SC_CONFIG_INSTALL_DIR}) +MESSAGE(STATUS "Installing configs for the Client Unit Tests to " ${SC_TEST_CONFIG_INSTALL_DIR}) FILE(GLOB client_manager_CONF ut-client/*.conf) FILE(GLOB client_container_CONF ut-client/containers/*.conf) -FILE(GLOB client_admin_CONF ut-client/libvirt-config/*.xml) ## Generate #################################################################### -CONFIGURE_FILE(ut-client/libvirt-config/console1-dbus.xml.in - ${CMAKE_BINARY_DIR}/ut-client/libvirt-config/console1-dbus.xml @ONLY) -CONFIGURE_FILE(ut-client/libvirt-config/console2-dbus.xml.in - ${CMAKE_BINARY_DIR}/ut-client/libvirt-config/console2-dbus.xml @ONLY) -CONFIGURE_FILE(ut-client/libvirt-config/console3-dbus.xml.in - ${CMAKE_BINARY_DIR}/ut-client/libvirt-config/console3-dbus.xml @ONLY) -FILE(GLOB client_admin_CONF_GEN ${CMAKE_BINARY_DIR}/ut-client/libvirt-config/*.xml) - ## Install ##################################################################### INSTALL(FILES ${client_manager_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/client/ut-client) INSTALL(FILES ${client_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/client/ut-client/containers) -INSTALL(FILES ${client_admin_CONF} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/client/ut-client/libvirt-config) -INSTALL(FILES ${client_admin_CONF_GEN} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/client/ut-client/libvirt-config) diff --git a/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf index b32dd81..8f6f37d 100644 --- a/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf +++ b/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, - "config" : "../libvirt-config/console1-dbus.xml", - "networkConfig" : "../libvirt-config/network1.xml", - "networkFilterConfig" : "../libvirt-config/network1-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console1-dbus", diff --git a/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf index 3dda658..f62fac0 100644 --- a/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf +++ b/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : false, "enableDbusIntegration" : true, - "config" : "../libvirt-config/console2-dbus.xml", - "networkConfig" : "../libvirt-config/network2.xml", - "networkFilterConfig" : "../libvirt-config/network2-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console2-dbus", diff --git a/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf index 0128c09..e91ecd9 100644 --- a/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf +++ b/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, - "config" : "../libvirt-config/console3-dbus.xml", - "networkConfig" : "../libvirt-config/network3.xml", - "networkFilterConfig" : "../libvirt-config/network3-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console3-dbus", diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/console1-dbus.xml.in b/tests/unit_tests/client/configs/ut-client/libvirt-config/console1-dbus.xml.in deleted file mode 100644 index 3bce659..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/console1-dbus.xml.in +++ /dev/null @@ -1,15 +0,0 @@ - - ut-containers-manager-console1-dbus - 58184009-b278-4d01-975d-708393690084 - 102400 - - exe - /usr/bin/dbus-daemon - --nofork - --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf - --address=unix:path=/tmp/ut-containers-manager/console1-dbus/dbus/system_bus_socket - - - - - diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/console2-dbus.xml.in b/tests/unit_tests/client/configs/ut-client/libvirt-config/console2-dbus.xml.in deleted file mode 100644 index f98c9bd..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/console2-dbus.xml.in +++ /dev/null @@ -1,15 +0,0 @@ - - ut-containers-manager-console2-dbus - 3d18323e-4ada-4a1b-a907-836701891306 - 102400 - - exe - /usr/bin/dbus-daemon - --nofork - --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf - --address=unix:path=/tmp/ut-containers-manager/console2-dbus/dbus/system_bus_socket - - - - - diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/console3-dbus.xml.in b/tests/unit_tests/client/configs/ut-client/libvirt-config/console3-dbus.xml.in deleted file mode 100644 index 8175bcf..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/console3-dbus.xml.in +++ /dev/null @@ -1,15 +0,0 @@ - - ut-containers-manager-console3-dbus - 71cb8511-7474-4e90-865a-3360b7f77254 - 102400 - - exe - /usr/bin/dbus-daemon - --nofork - --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf - --address=unix:path=/tmp/ut-containers-manager/console3-dbus/dbus/system_bus_socket - - - - - diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/network1-filter.xml b/tests/unit_tests/client/configs/ut-client/libvirt-config/network1-filter.xml deleted file mode 100644 index bf39965..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/network1-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - abc79a77-0209-41a2-ab82-f767dfa5897e - diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/network1.xml b/tests/unit_tests/client/configs/ut-client/libvirt-config/network1.xml deleted file mode 100644 index 23a5edd..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/network1.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-1 - 372720ef-258b-4b27-baf6-d08341b15353 - diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/network2-filter.xml b/tests/unit_tests/client/configs/ut-client/libvirt-config/network2-filter.xml deleted file mode 100644 index f33c816..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/network2-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 703f53eb-c602-4383-9de9-62bbe843ba31 - diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/network2.xml b/tests/unit_tests/client/configs/ut-client/libvirt-config/network2.xml deleted file mode 100644 index c3b4f04..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/network2.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-2 - 95b9c647-ed3f-4586-886e-0a7b24e683a8 - diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/network3-filter.xml b/tests/unit_tests/client/configs/ut-client/libvirt-config/network3-filter.xml deleted file mode 100644 index 04310bd..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/network3-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 40943fcc-faec-4bfe-9e89-104945164d35 - diff --git a/tests/unit_tests/client/configs/ut-client/libvirt-config/network3.xml b/tests/unit_tests/client/configs/ut-client/libvirt-config/network3.xml deleted file mode 100644 index 7b3f730..0000000 --- a/tests/unit_tests/client/configs/ut-client/libvirt-config/network3.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-3 - 962b061d-7f3e-410b-8990-3f1267d77656 - diff --git a/tests/unit_tests/dbus/configs/CMakeLists.txt b/tests/unit_tests/dbus/configs/CMakeLists.txt index 9db7753..99daa2f 100644 --- a/tests/unit_tests/dbus/configs/CMakeLists.txt +++ b/tests/unit_tests/dbus/configs/CMakeLists.txt @@ -17,7 +17,7 @@ # @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) # -MESSAGE(STATUS "Installing configs for the DBus Unit Tests to " ${SC_CONFIG_INSTALL_DIR}) +MESSAGE(STATUS "Installing configs for the DBus Unit Tests to " ${SC_TEST_CONFIG_INSTALL_DIR}) FILE(GLOB dbus_CONF ut-connection/*.conf) diff --git a/tests/unit_tests/server/configs/CMakeLists.txt b/tests/unit_tests/server/configs/CMakeLists.txt index ee1c7d9..a8bad91 100644 --- a/tests/unit_tests/server/configs/CMakeLists.txt +++ b/tests/unit_tests/server/configs/CMakeLists.txt @@ -17,27 +17,21 @@ # @author Jan Olszak (j.olszak@samsung.com) # -MESSAGE(STATUS "Installing configs for the Server Unit Tests to " ${SC_CONFIG_INSTALL_DIR}) +MESSAGE(STATUS "Installing configs for the Server Unit Tests to " ${SC_TEST_CONFIG_INSTALL_DIR}) FILE(GLOB server_manager_CONF ut-server/*.conf) FILE(GLOB server_container_CONF ut-server/containers/*.conf) -FILE(GLOB server_admin_CONF ut-server/libvirt-config/*.xml) FILE(GLOB manager_manager_CONF ut-containers-manager/*.conf) FILE(GLOB manager_container_CONF ut-containers-manager/containers/*.conf) -FILE(GLOB manager_admin_CONF ut-containers-manager/libvirt-config/*.xml) -FILE(GLOB manager_admin_TEMPLATE ut-containers-manager/templates/*.conf - ut-containers-manager/templates/*.xml) +FILE(GLOB manager_admin_TEMPLATE ut-containers-manager/templates/*.conf) FILE(GLOB container_CONF ut-container/*.conf) FILE(GLOB container_container_CONF ut-container/containers/*.conf) -FILE(GLOB container_admin_CONF ut-container/libvirt-config/*.xml) FILE(GLOB admin_container_CONF ut-container-admin/containers/*.conf) -FILE(GLOB admin_admin_CONF ut-container-admin/libvirt-config/*.xml) FILE(GLOB network_container_CONF ut-network-admin/containers/*.conf) -FILE(GLOB network_admin_CONF ut-network-admin/libvirt-config/*.xml) FILE(GLOB connection_CONF ut-container-connection/*.conf) @@ -57,65 +51,34 @@ CONFIGURE_FILE(ut-network-admin/containers/buggy.conf.in ${CMAKE_BINARY_DIR}/ut-network-admin/containers/buggy.conf @ONLY) FILE(GLOB network_container_CONF_GEN ${CMAKE_BINARY_DIR}/ut-network-admin/containers/*.conf) -CONFIGURE_FILE(ut-containers-manager/libvirt-config/console1-dbus.xml.in - ${CMAKE_BINARY_DIR}/ut-containers-manager/libvirt-config/console1-dbus.xml @ONLY) -CONFIGURE_FILE(ut-containers-manager/libvirt-config/console2-dbus.xml.in - ${CMAKE_BINARY_DIR}/ut-containers-manager/libvirt-config/console2-dbus.xml @ONLY) -CONFIGURE_FILE(ut-containers-manager/libvirt-config/console3-dbus.xml.in - ${CMAKE_BINARY_DIR}/ut-containers-manager/libvirt-config/console3-dbus.xml @ONLY) -CONFIGURE_FILE(ut-containers-manager/templates/template.xml.in - ${CMAKE_BINARY_DIR}/ut-containers-manager/templates/template.xml @ONLY) -FILE(GLOB manager_admin_CONF_GEN ${CMAKE_BINARY_DIR}/ut-containers-manager/libvirt-config/*.xml) -FILE(GLOB manager_admin_TEMPLATE_GEN ${CMAKE_BINARY_DIR}/ut-containers-manager/templates/*.xml) - -CONFIGURE_FILE(ut-container/libvirt-config/test-dbus.xml.in - ${CMAKE_BINARY_DIR}/ut-container/libvirt-config/test-dbus.xml @ONLY) -FILE(GLOB container_admin_CONF_GEN ${CMAKE_BINARY_DIR}/ut-container/libvirt-config/*.xml) - ## Install ##################################################################### INSTALL(FILES ${server_manager_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-server) INSTALL(FILES ${server_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-server/containers) -INSTALL(FILES ${server_admin_CONF} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-server/libvirt-config) INSTALL(FILES ${manager_manager_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager) INSTALL(FILES ${manager_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/containers) -INSTALL(FILES ${manager_admin_CONF} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/libvirt-config) -INSTALL(FILES ${manager_admin_CONF_GEN} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/libvirt-config) INSTALL(FILES ${manager_admin_TEMPLATE} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/templates) -INSTALL(FILES ${manager_admin_TEMPLATE_GEN} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/templates) INSTALL(FILES ${container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container) INSTALL(FILES ${container_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container/containers) -INSTALL(FILES ${container_admin_CONF} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container/libvirt-config) -INSTALL(FILES ${container_admin_CONF_GEN} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container/libvirt-config) INSTALL(FILES ${admin_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container-admin/containers) INSTALL(FILES ${admin_container_CONF_GEN} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container-admin/containers) -INSTALL(FILES ${admin_admin_CONF} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container-admin/libvirt-config) INSTALL(FILES ${network_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-network-admin/containers) INSTALL(FILES ${network_container_CONF_GEN} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-network-admin/containers) -INSTALL(FILES ${network_admin_CONF} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-network-admin/libvirt-config) INSTALL(FILES ${connection_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container-connection) diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in index f9f553e..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/buggy.xml", - "networkConfig" : "", - "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf index 8312204..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "/this/is/a/missing/file/path/missing.xml", - "networkConfig" : "", - "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in index 135654c..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/test-no-shutdown.xml", - "networkConfig" : "", - "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in index de566ea..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container-admin/libvirt-config/test.xml", - "networkConfig" : "", - "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/buggy.xml b/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/buggy.xml deleted file mode 100644 index de0f81e..0000000 --- a/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/buggy.xml +++ /dev/null @@ -1 +0,0 @@ -<> diff --git a/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/test-no-shutdown.xml b/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/test-no-shutdown.xml deleted file mode 100644 index 609e155..0000000 --- a/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/test-no-shutdown.xml +++ /dev/null @@ -1,12 +0,0 @@ - - ut-container-admin-test - f6924d8d-faa4-4cd3-8b47-383f45a4c0c8 - 102400 - - exe - /bin/sh - - - - - diff --git a/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/test.xml b/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/test.xml deleted file mode 100644 index ac9916d..0000000 --- a/tests/unit_tests/server/configs/ut-container-admin/libvirt-config/test.xml +++ /dev/null @@ -1,14 +0,0 @@ - - ut-container-admin-test - a1299273-bce2-4d1f-8369-54b75a791279 - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; read - - - - - diff --git a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf index d0a307e..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "/missing/file/path/libvirt.xml", - "networkConfig" : "../libvirt-config/network.xml", - "networkFilterConfig" : "../libvirt-config/network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf index a272aa1..d745818 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, - "config" : "../libvirt-config/test-dbus.xml", - "networkConfig" : "../libvirt-config/network.xml", - "networkFilterConfig" : "../libvirt-config/network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-container", diff --git a/tests/unit_tests/server/configs/ut-container/containers/test.conf b/tests/unit_tests/server/configs/ut-container/containers/test.conf index bed56de..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/test.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/test.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "../libvirt-config/test.xml", - "networkConfig" : "../libvirt-config/network.xml", - "networkFilterConfig" : "../libvirt-config/network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml b/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml deleted file mode 100644 index fa1490e..0000000 --- a/tests/unit_tests/server/configs/ut-container/libvirt-config/network-filter.xml +++ /dev/null @@ -1,4 +0,0 @@ - - 37ec6a98-a8f2-4033-8146-a71deb1f0008 - - diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/network.xml b/tests/unit_tests/server/configs/ut-container/libvirt-config/network.xml deleted file mode 100644 index 42eed9c..0000000 --- a/tests/unit_tests/server/configs/ut-container/libvirt-config/network.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test_network - 6c4977c0-90f3-46eb-98ec-0bcf95619e67 - diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in b/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in deleted file mode 100644 index d927f11..0000000 --- a/tests/unit_tests/server/configs/ut-container/libvirt-config/test-dbus.xml.in +++ /dev/null @@ -1,22 +0,0 @@ - - ut-container-test-dbus - 35bb7989-f222-4b63-b0b1-facbdb05b495 - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; /usr/bin/dbus-daemon --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container/ut-dbus.conf --fork; read - - - - - - - - - - - - - diff --git a/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml b/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml deleted file mode 100644 index a6bab81..0000000 --- a/tests/unit_tests/server/configs/ut-container/libvirt-config/test.xml +++ /dev/null @@ -1,18 +0,0 @@ - - ut-container-test - be2e7a5e-c59f-4264-aeab-390cedf47922 - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; read - - - - - - - - - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf index b32dd81..8f6f37d 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, - "config" : "../libvirt-config/console1-dbus.xml", - "networkConfig" : "../libvirt-config/network1.xml", - "networkFilterConfig" : "../libvirt-config/network1-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console1-dbus", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf index 884e56d..02ecd65 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "../libvirt-config/console1.xml", - "networkConfig" : "../libvirt-config/network1.xml", - "networkFilterConfig" : "../libvirt-config/network1-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf index 3dda658..f62fac0 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : false, "enableDbusIntegration" : true, - "config" : "../libvirt-config/console2-dbus.xml", - "networkConfig" : "../libvirt-config/network2.xml", - "networkFilterConfig" : "../libvirt-config/network2-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console2-dbus", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf index 9928914..bbd1cb5 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "../libvirt-config/console2.xml", - "networkConfig" : "../libvirt-config/network2.xml", - "networkFilterConfig" : "../libvirt-config/network2-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf index 0128c09..e91ecd9 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : true, - "config" : "../libvirt-config/console3-dbus.xml", - "networkConfig" : "../libvirt-config/network3.xml", - "networkFilterConfig" : "../libvirt-config/network3-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/console3-dbus", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf index 8a31b50..cdba7db 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "../libvirt-config/console3.xml", - "networkConfig" : "../libvirt-config/network3.xml", - "networkFilterConfig" : "../libvirt-config/network3-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1-dbus.xml.in b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1-dbus.xml.in deleted file mode 100644 index 3bce659..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1-dbus.xml.in +++ /dev/null @@ -1,15 +0,0 @@ - - ut-containers-manager-console1-dbus - 58184009-b278-4d01-975d-708393690084 - 102400 - - exe - /usr/bin/dbus-daemon - --nofork - --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf - --address=unix:path=/tmp/ut-containers-manager/console1-dbus/dbus/system_bus_socket - - - - - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml deleted file mode 100644 index 81ded84..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console1.xml +++ /dev/null @@ -1,18 +0,0 @@ - - ut-containers-manager-console1 - d0404a44-426b-40ea-af79-dec41400596f - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; read - - - - - - - - - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2-dbus.xml.in b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2-dbus.xml.in deleted file mode 100644 index f98c9bd..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2-dbus.xml.in +++ /dev/null @@ -1,15 +0,0 @@ - - ut-containers-manager-console2-dbus - 3d18323e-4ada-4a1b-a907-836701891306 - 102400 - - exe - /usr/bin/dbus-daemon - --nofork - --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf - --address=unix:path=/tmp/ut-containers-manager/console2-dbus/dbus/system_bus_socket - - - - - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml deleted file mode 100644 index 90abf67..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console2.xml +++ /dev/null @@ -1,18 +0,0 @@ - - ut-containers-manager-console2 - a51ff2fa-cad1-47f8-adbc-09fa5700817a - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; read - - - - - - - - - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3-dbus.xml.in b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3-dbus.xml.in deleted file mode 100644 index 8175bcf..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3-dbus.xml.in +++ /dev/null @@ -1,15 +0,0 @@ - - ut-containers-manager-console3-dbus - 71cb8511-7474-4e90-865a-3360b7f77254 - 102400 - - exe - /usr/bin/dbus-daemon - --nofork - --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf - --address=unix:path=/tmp/ut-containers-manager/console3-dbus/dbus/system_bus_socket - - - - - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml deleted file mode 100644 index 3c08bb2..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/console3.xml +++ /dev/null @@ -1,18 +0,0 @@ - - ut-containers-manager-console3 - a36f0f39-097e-49fa-a4c9-124b622fba8d - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; read - - - - - - - - - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml deleted file mode 100644 index df0befd..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 37ec6a98-a8f2-4033-8146-a71deb1f0003 - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1.xml deleted file mode 100644 index 23a5edd..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network1.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-1 - 372720ef-258b-4b27-baf6-d08341b15353 - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml deleted file mode 100644 index 68d7dab..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 37ec6a98-a8f2-4033-8146-a71deb1f0002 - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2.xml deleted file mode 100644 index c3b4f04..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network2.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-2 - 95b9c647-ed3f-4586-886e-0a7b24e683a8 - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml deleted file mode 100644 index 5e44805..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 37ec6a98-a8f2-4033-8146-a71deb1f0004 - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3.xml b/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3.xml deleted file mode 100644 index 7b3f730..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/libvirt-config/network3.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-3 - 962b061d-7f3e-410b-8990-3f1267d77656 - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template-network.xml b/tests/unit_tests/server/configs/ut-containers-manager/templates/template-network.xml deleted file mode 100644 index b357c0e..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/templates/template-network.xml +++ /dev/null @@ -1,4 +0,0 @@ - - ~NAME~-network - ~UUID~ - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template-nwfilter.xml b/tests/unit_tests/server/configs/ut-containers-manager/templates/template-nwfilter.xml deleted file mode 100644 index b96197b..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/templates/template-nwfilter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - ~UUID~ - diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf index aeed716..1229c12 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.conf @@ -2,9 +2,6 @@ "privilege" : 20, "vt" : -1, "switchToDefaultAfterTimeout" : true, - "config" : "../libvirt-config/~NAME~.xml", - "networkConfig" : "../libvirt-config/~NAME~-network.xml", - "networkFilterConfig" : "../libvirt-config/~NAME~-nwfilter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "/tmp/ut-containers-manager/~NAME~-dbus", diff --git a/tests/unit_tests/server/configs/ut-containers-manager/templates/template.xml.in b/tests/unit_tests/server/configs/ut-containers-manager/templates/template.xml.in deleted file mode 100644 index fbb12a5..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/templates/template.xml.in +++ /dev/null @@ -1,15 +0,0 @@ - - ~NAME~ - ~UUID~ - 102400 - - exe - /usr/bin/dbus-daemon - --nofork - --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf - --address=unix:path=/tmp/ut-containers-manager/~NAME~-dbus/dbus/system_bus_socket - - - - - diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in index 695ed15..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/buggy.conf.in @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "", - "networkConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/buggy-network.xml", - "networkFilterConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/buggy-network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf index 76492bb..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/missing.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "", - "networkConfig" : "", - "networkFilterConfig" : "", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in index 990da9a..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in +++ b/tests/unit_tests/server/configs/ut-network-admin/containers/test.conf.in @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "", - "networkConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/network.xml", - "networkFilterConfig" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-network-admin/libvirt-config/network-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml deleted file mode 100644 index de0f81e..0000000 --- a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network-filter.xml +++ /dev/null @@ -1 +0,0 @@ -<> diff --git a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network.xml b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network.xml deleted file mode 100644 index de0f81e..0000000 --- a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/buggy-network.xml +++ /dev/null @@ -1 +0,0 @@ -<> diff --git a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml deleted file mode 100644 index 658c129..0000000 --- a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network-filter.xml +++ /dev/null @@ -1,4 +0,0 @@ - - 37ec6a98-a8f2-4033-8146-a71deb1f0001 - - diff --git a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network.xml b/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network.xml deleted file mode 100644 index 573b489..0000000 --- a/tests/unit_tests/server/configs/ut-network-admin/libvirt-config/network.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test_network - e377280a-06b0-40ee-8042-707481af34de - diff --git a/tests/unit_tests/server/configs/ut-server/containers/container1.conf b/tests/unit_tests/server/configs/ut-server/containers/container1.conf index 984e973..dfe7855 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container1.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container1.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "../libvirt-config/container1.xml", - "networkConfig" : "../libvirt-config/network1.xml", - "networkFilterConfig" : "../libvirt-config/network1-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-server/containers/container2.conf b/tests/unit_tests/server/configs/ut-server/containers/container2.conf index d340530..f4be18d 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container2.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container2.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "../libvirt-config/container2.xml", - "networkConfig" : "../libvirt-config/network2.xml", - "networkFilterConfig" : "../libvirt-config/network2-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-server/containers/container3.conf b/tests/unit_tests/server/configs/ut-server/containers/container3.conf index a9d9e97..c52e57d 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container3.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container3.conf @@ -3,9 +3,6 @@ "vt" : -1, "switchToDefaultAfterTimeout" : true, "enableDbusIntegration" : false, - "config" : "../libvirt-config/container3.xml", - "networkConfig" : "../libvirt-config/network3.xml", - "networkFilterConfig" : "../libvirt-config/network3-filter.xml", "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 1000, "runMountPoint" : "", diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml deleted file mode 100644 index 913168b..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container1.xml +++ /dev/null @@ -1,18 +0,0 @@ - - ut-server-container1 - ad0785fb-33d7-468d-83a3-948e57418f95 - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; read - - - - - - - - - diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml deleted file mode 100644 index 904765e..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container2.xml +++ /dev/null @@ -1,18 +0,0 @@ - - ut-server-container2 - 1f8ddc96-511f-476c-8491-141ba6dfdfab - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; read - - - - - - - - - diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml deleted file mode 100644 index 569c592..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/container3.xml +++ /dev/null @@ -1,18 +0,0 @@ - - ut-server-container3 - 42b4984e-a3f3-4c25-add0-21786594d1e9 - 102400 - - exe - /bin/sh - -c - trap exit SIGTERM; read - - - - - - - - - diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml deleted file mode 100644 index b1dc861..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/network1-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 37ec6a98-a8f2-4033-8146-a71deb1f0006 - diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network1.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network1.xml deleted file mode 100644 index 8be267d..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/network1.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-1 - 9df94a88-ab94-4750-98f6-54befefc9ebb - diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml deleted file mode 100644 index 45911ce..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/network2-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 37ec6a98-a8f2-4033-8146-a71deb1f0005 - diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network2.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network2.xml deleted file mode 100644 index e061d01..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/network2.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-2 - e471be8c-7687-4e19-8bb0-c0a448e1e975 - diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml deleted file mode 100644 index 84416fb..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/network3-filter.xml +++ /dev/null @@ -1,3 +0,0 @@ - - 37ec6a98-a8f2-4033-8146-a71deb1f0007 - diff --git a/tests/unit_tests/server/configs/ut-server/libvirt-config/network3.xml b/tests/unit_tests/server/configs/ut-server/libvirt-config/network3.xml deleted file mode 100644 index aa20c71..0000000 --- a/tests/unit_tests/server/configs/ut-server/libvirt-config/network3.xml +++ /dev/null @@ -1,4 +0,0 @@ - - test-network-3 - 188e15f0-4176-4f93-a113-1a9640de6b66 - diff --git a/tests/unit_tests/server/ut-containers-manager.cpp b/tests/unit_tests/server/ut-containers-manager.cpp index 528d744..40281b8 100644 --- a/tests/unit_tests/server/ut-containers-manager.cpp +++ b/tests/unit_tests/server/ut-containers-manager.cpp @@ -65,7 +65,6 @@ const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-con const std::string BUGGY_FOREGROUND_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/buggy-foreground-daemon.conf"; const std::string BUGGY_DEFAULTID_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/buggy-default-daemon.conf"; const std::string TEST_CONTAINER_CONF_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/containers/"; -const std::string TEST_CONTAINER_LIBVIRT_CONF_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-containers-manager/libvirt-config/"; const std::string MISSING_CONFIG_PATH = "/this/is/a/missing/file/path/missing-daemon.conf"; const int EVENT_TIMEOUT = 5000; const int TEST_DBUS_CONNECTION_CONTAINERS_COUNT = 3; @@ -930,9 +929,6 @@ BOOST_AUTO_TEST_CASE(AddContainerTest) const std::string newContainerId = "test1234"; const std::vector newContainerConfigs = { TEST_CONTAINER_CONF_PATH + newContainerId + ".conf", - TEST_CONTAINER_LIBVIRT_CONF_PATH + newContainerId + ".xml", - TEST_CONTAINER_LIBVIRT_CONF_PATH + newContainerId + "-network.xml", - TEST_CONTAINER_LIBVIRT_CONF_PATH + newContainerId + "-nwfilter.xml", }; FileCleanerRAII cleaner(newContainerConfigs); diff --git a/tests/unit_tests/utils/configs/CMakeLists.txt b/tests/unit_tests/utils/configs/CMakeLists.txt index 5914cc7..a752d77 100644 --- a/tests/unit_tests/utils/configs/CMakeLists.txt +++ b/tests/unit_tests/utils/configs/CMakeLists.txt @@ -17,7 +17,7 @@ # @author Lukasz Pawelczyk (l.pawelczyk@partner.samsung.com) # -MESSAGE(STATUS "Installing configs for the Utils Unit Tests to " ${SC_CONFIG_INSTALL_DIR}) +MESSAGE(STATUS "Installing configs for the Utils Unit Tests to " ${SC_TEST_CONFIG_INSTALL_DIR}) FILE(GLOB fs_CONF ut-fs/*.txt) -- 2.7.4 From 4cb2d8abe6d102214cce7356293188c7637025ca Mon Sep 17 00:00:00 2001 From: Piotr Bartosiewicz Date: Wed, 29 Oct 2014 16:48:00 +0100 Subject: [PATCH 14/16] Bind LxcDomain to the logic [Bug/Feature] N/A [Cause] N/A [Solution] N/A [Verification] All tests should pass Change-Id: I212f4cfa2b377ed03c0cd08d03bba0772524da1b --- client/utils.cpp | 19 ++- common/lxc/domain.cpp | 4 +- common/lxc/domain.hpp | 2 +- server/configs/containers/business.conf | 3 + server/configs/containers/private.conf | 3 + server/configs/daemon.conf | 3 +- server/container-admin.cpp | 177 ++++++++++++--------- server/container-admin.hpp | 15 +- server/container-config.hpp | 19 +++ server/container.cpp | 8 +- server/container.hpp | 13 +- server/containers-manager-config.hpp | 6 + server/containers-manager.cpp | 4 +- tests/unit_tests/client/configs/CMakeLists.txt | 18 ++- .../ut-client/containers/console1-dbus.conf | 11 -- .../ut-client/containers/console1-dbus.conf.in | 14 ++ .../ut-client/containers/console2-dbus.conf | 11 -- .../ut-client/containers/console2-dbus.conf.in | 14 ++ .../ut-client/containers/console3-dbus.conf | 11 -- .../ut-client/containers/console3-dbus.conf.in | 14 ++ ...t-dbus-daemon.conf => test-dbus-daemon.conf.in} | 3 +- tests/unit_tests/client/ut-client-utils.cpp | 2 + tests/unit_tests/client/ut-client.cpp | 13 +- tests/unit_tests/lxc/templates/minimal-dbus1.sh | 68 ++++++++ tests/unit_tests/lxc/templates/minimal-dbus2.sh | 68 ++++++++ tests/unit_tests/lxc/templates/minimal-dbus3.sh | 68 ++++++++ tests/unit_tests/lxc/ut-domain.cpp | 6 +- tests/unit_tests/server/configs/CMakeLists.txt | 38 +++++ .../configs/ut-container/containers/buggy.conf | 3 + .../configs/ut-container/containers/test-dbus.conf | 11 -- .../ut-container/containers/test-dbus.conf.in | 14 ++ .../configs/ut-container/containers/test.conf | 3 + .../server/configs/ut-container/ut-dbus.conf | 2 +- .../{buggy-daemon.conf => buggy-daemon.conf.in} | 5 +- ...lt-daemon.conf => buggy-default-daemon.conf.in} | 5 +- ...daemon.conf => buggy-foreground-daemon.conf.in} | 5 +- .../containers/console1-dbus.conf | 11 -- .../containers/console1-dbus.conf.in | 14 ++ .../ut-containers-manager/containers/console1.conf | 3 + .../containers/console2-dbus.conf | 11 -- .../containers/console2-dbus.conf.in | 14 ++ .../ut-containers-manager/containers/console2.conf | 3 + .../containers/console3-dbus.conf | 11 -- .../containers/console3-dbus.conf.in | 14 ++ .../ut-containers-manager/containers/console3.conf | 3 + .../{test-daemon.conf => test-daemon.conf.in} | 5 +- ...t-dbus-daemon.conf => test-dbus-daemon.conf.in} | 5 +- .../configs/ut-containers-manager/ut-dbus.conf | 2 +- .../{buggy-daemon.conf => buggy-daemon.conf.in} | 5 +- .../configs/ut-server/containers/container1.conf | 3 + .../configs/ut-server/containers/container2.conf | 3 + .../configs/ut-server/containers/container3.conf | 3 + .../{test-daemon.conf => test-daemon.conf.in} | 3 +- tests/unit_tests/server/ut-container.cpp | 43 +++-- tests/unit_tests/server/ut-containers-manager.cpp | 132 +++++++-------- tests/unit_tests/server/ut-network-admin.cpp | 114 ++++++------- tests/unit_tests/server/ut-server.cpp | 24 ++- tests/unit_tests/utils/scoped-dir.cpp | 70 ++++++++ tests/unit_tests/utils/scoped-dir.hpp | 64 ++++++++ 59 files changed, 903 insertions(+), 340 deletions(-) delete mode 100644 tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf create mode 100644 tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf.in delete mode 100644 tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf create mode 100644 tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf.in delete mode 100644 tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf create mode 100644 tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf.in rename tests/unit_tests/client/configs/ut-client/{test-dbus-daemon.conf => test-dbus-daemon.conf.in} (89%) create mode 100755 tests/unit_tests/lxc/templates/minimal-dbus1.sh create mode 100755 tests/unit_tests/lxc/templates/minimal-dbus2.sh create mode 100755 tests/unit_tests/lxc/templates/minimal-dbus3.sh delete mode 100644 tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf create mode 100644 tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf.in rename tests/unit_tests/server/configs/ut-containers-manager/{buggy-daemon.conf => buggy-daemon.conf.in} (73%) rename tests/unit_tests/server/configs/ut-containers-manager/{buggy-default-daemon.conf => buggy-default-daemon.conf.in} (73%) rename tests/unit_tests/server/configs/ut-containers-manager/{buggy-foreground-daemon.conf => buggy-foreground-daemon.conf.in} (73%) delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf.in delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf.in delete mode 100644 tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf create mode 100644 tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf.in rename tests/unit_tests/server/configs/ut-containers-manager/{test-daemon.conf => test-daemon.conf.in} (73%) rename tests/unit_tests/server/configs/ut-containers-manager/{test-dbus-daemon.conf => test-dbus-daemon.conf.in} (81%) rename tests/unit_tests/server/configs/ut-server/{buggy-daemon.conf => buggy-daemon.conf.in} (84%) rename tests/unit_tests/server/configs/ut-server/{test-daemon.conf => test-daemon.conf.in} (84%) create mode 100644 tests/unit_tests/utils/scoped-dir.cpp create mode 100644 tests/unit_tests/utils/scoped-dir.hpp diff --git a/client/utils.cpp b/client/utils.cpp index 98b6905..d6157c4 100644 --- a/client/utils.cpp +++ b/client/utils.cpp @@ -30,12 +30,23 @@ namespace { const std::string CPUSET_HOST = "/"; +const std::string CPUSET_LXC_PREFIX = "/lxc/"; const std::string CPUSET_LIBVIRT_PREFIX_OLD = "/machine/"; const std::string CPUSET_LIBVIRT_SUFFIX_OLD = ".libvirt-lxc"; const std::string CPUSET_LIBVIRT_PREFIX = "/machine.slice/machine-lxc\\x2d"; const std::string CPUSET_LIBVIRT_SUFFIX = ".scope"; -bool parseOldFormat(const std::string& cpuset, std::string& id) +bool parseLxcFormat(const std::string& cpuset, std::string& id) +{ + // /lxc/ + if (!boost::starts_with(cpuset, CPUSET_LXC_PREFIX)) { + return false; + } + id.assign(cpuset, CPUSET_LXC_PREFIX.size(), cpuset.size() - CPUSET_LXC_PREFIX.size()); + return true; +} + +bool parseOldLibvirtFormat(const std::string& cpuset, std::string& id) { // '/machine/.libvirt-lxc' if (!boost::starts_with(cpuset, CPUSET_LIBVIRT_PREFIX_OLD)) { @@ -87,7 +98,7 @@ void unescape(std::string& value) value.resize(outPos); } -bool parseNewFormat(const std::string& cpuset, std::string& id) +bool parseNewLibvirtFormat(const std::string& cpuset, std::string& id) { // '/machine.slice/machine-lxc\x2d.scope' if (!boost::starts_with(cpuset, CPUSET_LIBVIRT_PREFIX)) { @@ -113,6 +124,8 @@ bool parseContainerIdFromCpuSet(const std::string& cpuset, std::string& id) return true; } - return parseNewFormat(cpuset, id) || parseOldFormat(cpuset, id); + return parseLxcFormat(cpuset, id) || + parseNewLibvirtFormat(cpuset, id) || + parseOldLibvirtFormat(cpuset, id); } diff --git a/common/lxc/domain.cpp b/common/lxc/domain.cpp index 2e70eee..07b7c77 100644 --- a/common/lxc/domain.cpp +++ b/common/lxc/domain.cpp @@ -96,9 +96,9 @@ void LxcDomain::destroy() } } -void LxcDomain::start(const char* argv[]) +void LxcDomain::start(const char* const* argv) { - if (!mContainer->start(mContainer, false, const_cast(argv))) { + if (!mContainer->start(mContainer, false, const_cast(argv))) { LOGE("Could not start domain " + getName()); throw LxcException("Could not start domain"); } diff --git a/common/lxc/domain.hpp b/common/lxc/domain.hpp index 53049a0..2f0cbf8 100644 --- a/common/lxc/domain.hpp +++ b/common/lxc/domain.hpp @@ -57,7 +57,7 @@ public: void create(const std::string& templatePath); void destroy(); - void start(const char* argv[]); + void start(const char* const* argv); void stop(); void reboot(); void shutdown(int timeout); diff --git a/server/configs/containers/business.conf b/server/configs/containers/business.conf index c7b1fb4..c141111 100644 --- a/server/configs/containers/business.conf +++ b/server/configs/containers/business.conf @@ -1,4 +1,7 @@ { + "name" : "business", + "lxcTemplate" : "", + "initWithArgs" : [], "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 10000, "enableDbusIntegration" : true, diff --git a/server/configs/containers/private.conf b/server/configs/containers/private.conf index a741c64..94261b8 100644 --- a/server/configs/containers/private.conf +++ b/server/configs/containers/private.conf @@ -1,4 +1,7 @@ { + "name" : "private", + "lxcTemplate" : "", + "initWithArgs" : [], "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 10000, "enableDbusIntegration" : true, diff --git a/server/configs/daemon.conf b/server/configs/daemon.conf index dbfac95..116b32e 100644 --- a/server/configs/daemon.conf +++ b/server/configs/daemon.conf @@ -1,5 +1,5 @@ { - "containerConfigs" : ["containers/private.conf", "containers/business.conf" ], + "containerConfigs" : ["containers/private.conf", "containers/business.conf"], "containersPath" : "/opt/usr/containers", "containerImagePath" : "/opt/usr/containers/img/system-data.img", "containerTemplatePath" : "templates", @@ -7,6 +7,7 @@ "runMountPointPrefix" : "/var/run/containers", "foregroundId" : "private", "defaultId" : "private", + "lxcTemplatePrefix" : "TODO", "inputConfig" : {"enabled" : true, "device" : "gpio_keys.6", "code" : 139, diff --git a/server/container-admin.cpp b/server/container-admin.cpp index a54d00a..11c88fd 100644 --- a/server/container-admin.cpp +++ b/server/container-admin.cpp @@ -27,9 +27,9 @@ #include "container-admin.hpp" #include "exception.hpp" -//#include "libvirt/helpers.hpp" #include "logger/logger.hpp" #include "utils/fs.hpp" +#include "utils/paths.hpp" #include "utils/latch.hpp" #include "utils/callback-wrapper.hpp" @@ -47,36 +47,62 @@ namespace { // TODO: this should be in container's configuration file const int SHUTDOWN_WAIT = 10 * 1000; -//std::string getDomainName(virDomainPtr dom) -//{ -// assert(dom); -// -// const char* name = virDomainGetName(dom); -// if (name == nullptr) { -// LOGE("Failed to get the domain's id:\n" -// << libvirt::libvirtFormatError()); -// throw ContainerOperationException(); -// } -// -// return name; -//} +class Args { +public: + Args(const std::vector& args) + { + mArgs.reserve(args.size() + 1); + for (const std::string& arg : args) { + mArgs.push_back(arg.c_str()); + } + mArgs.push_back(NULL); + } + bool empty() const + { + return mArgs.size() == 1; + } + const char* const* getAsCArray() const + { + return mArgs.data(); + } + friend std::ostream& operator<<(std::ostream& os, const Args& a) + { + for (const char* arg : a.mArgs) { + if (arg != NULL) { + os << "'" << arg << "' "; + } + } + return os; + } +private: + std::vector mArgs; +}; } // namespace const std::uint64_t DEFAULT_CPU_SHARES = 1024; const std::uint64_t DEFAULT_VCPU_PERIOD_MS = 100000; -ContainerAdmin::ContainerAdmin(const ContainerConfig& config) +ContainerAdmin::ContainerAdmin(const std::string& containersPath, + const std::string& lxcTemplatePrefix, + const ContainerConfig& config) : mConfig(config), - //mDom(utils::readFileContent(mConfig.config)), - mId("TODO"),//mId(getDomainName(mDom.get())), + mDom(containersPath, config.name), + mId(mDom.getName()), mDetachOnExit(false), mLifecycleCallbackId(-1), mRebootCallbackId(-1), mNextIdForListener(1) { -// LOGD(mId << ": Instantiating ContainerAdmin object"); -// + LOGD(mId << ": Instantiating ContainerAdmin object"); + + if (!mDom.isDefined()) { + + std::string lxcTemplate = utils::getAbsolutePath(config.lxcTemplate, lxcTemplatePrefix); + LOGI(mId << ": Creating domain from template: " << lxcTemplate); + mDom.create(lxcTemplate); + } + // // ContainerAdmin owns those callbacks // mLifecycleCallbackId = virConnectDomainEventRegisterAny(virDomainGetConnect(mDom.get()), // mDom.get(), @@ -112,8 +138,8 @@ ContainerAdmin::ContainerAdmin(const ContainerConfig& config) ContainerAdmin::~ContainerAdmin() { -// LOGD(mId << ": Destroying ContainerAdmin object..."); -// + LOGD(mId << ": Destroying ContainerAdmin object..."); + // // Deregister callbacks // if (mLifecycleCallbackId >= 0) { // virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), @@ -124,16 +150,16 @@ ContainerAdmin::~ContainerAdmin() // mRebootCallbackId); // } // -// // Try to forcefully stop -// if (!mDetachOnExit) { -// try { -// destroy(); -// } catch (ServerException&) { -// LOGE(mId << ": Failed to destroy the container"); -// } -// } -// -// LOGD(mId << ": ContainerAdmin object destroyed"); + // Try to forcefully stop + if (!mDetachOnExit) { + try { + destroy(); + } catch (ServerException&) { + LOGE(mId << ": Failed to destroy the container"); + } + } + + LOGD(mId << ": ContainerAdmin object destroyed"); } @@ -145,14 +171,20 @@ const std::string& ContainerAdmin::getId() const void ContainerAdmin::start() { -// assert(mDom); -// -// LOGD(mId << ": Starting..."); -// if (isRunning()) { -// LOGD(mId << ": Already running - nothing to do..."); -// return; -// } -// + LOGD(mId << ": Starting..."); + if (isRunning()) { + LOGD(mId << ": Already running - nothing to do..."); + return; + } + + Args args(mConfig.initWithArgs); + if (args.empty()) { + mDom.start(NULL); + } else { + LOGD(mId << ": Init: " << args); + mDom.start(args.getAsCArray()); + } + // // In order to update daemon without shutting down the containers // // autodestroy option must NOT be set. It's best to create domain // // without any flags. @@ -164,20 +196,20 @@ void ContainerAdmin::start() // throw ContainerOperationException(); // } // -// LOGD(mId << ": Started"); + LOGD(mId << ": Started"); } void ContainerAdmin::stop() { -// assert(mDom); -// -// LOGD(mId << ": Stopping procedure started..."); -// if (isStopped()) { -// LOGD(mId << ": Already crashed/down/off - nothing to do"); -// return; -// } -// + LOGD(mId << ": Stopping procedure started..."); + if (isStopped()) { + LOGD(mId << ": Already crashed/down/off - nothing to do"); + return; + } + + mDom.stop(); + // utils::Latch stoppedOccured; // // LifecycleListener setStopped = [&](const int eventId, const int detailId) { @@ -200,20 +232,20 @@ void ContainerAdmin::stop() // destroy(); // } // -// LOGD(mId << ": Stopping procedure ended"); + LOGD(mId << ": Stopping procedure ended"); } void ContainerAdmin::destroy() { -// assert(mDom); -// -// LOGD(mId << ": Destroying..."); -// if (isStopped()) { -// LOGD(mId << ": Already crashed/down/off - nothing to do"); -// return; -// } -// + LOGD(mId << ": Destroying..."); + if (isStopped()) { + LOGD(mId << ": Already crashed/down/off - nothing to do"); + return; + } + + mDom.stop();//TODO + // setSchedulerLevel(SchedulerLevel::FOREGROUND); // // // Forceful termination of the guest @@ -225,20 +257,20 @@ void ContainerAdmin::destroy() // throw ContainerOperationException(); // } // -// LOGD(mId << ": Destroyed"); + LOGD(mId << ": Destroyed"); } void ContainerAdmin::shutdown() { -// assert(mDom); -// -// LOGD(mId << ": Shutting down..."); -// if (isStopped()) { -// LOGD(mId << ": Already crashed/down/off - nothing to do"); -// return; -// } -// + LOGD(mId << ": Shutting down..."); + if (isStopped()) { + LOGD(mId << ": Already crashed/down/off - nothing to do"); + return; + } + + mDom.stop(); //TODO + // setSchedulerLevel(SchedulerLevel::FOREGROUND); // // if (virDomainShutdownFlags(mDom.get(), VIR_DOMAIN_SHUTDOWN_SIGNAL) < 0) { @@ -247,24 +279,19 @@ void ContainerAdmin::shutdown() // throw ContainerOperationException(); // } // -// LOGD(mId << ": Shut down initiated (async)"); + LOGD(mId << ": Shut down initiated (async)"); } bool ContainerAdmin::isRunning() { -// return getState() == VIR_DOMAIN_RUNNING; - return false; + return mDom.isRunning(); } bool ContainerAdmin::isStopped() { -// int state = getState(); -// return state == VIR_DOMAIN_SHUTDOWN || -// state == VIR_DOMAIN_SHUTOFF || -// state == VIR_DOMAIN_CRASHED; - return false; + return !mDom.isRunning();//TODO } @@ -311,7 +338,7 @@ void ContainerAdmin::resume() bool ContainerAdmin::isPaused() { // return getState() == VIR_DOMAIN_PAUSED; - return false; + return false;//TODO } diff --git a/server/container-admin.hpp b/server/container-admin.hpp index 1ee6027..f2ca5f9 100644 --- a/server/container-admin.hpp +++ b/server/container-admin.hpp @@ -30,8 +30,7 @@ #include "utils/callback-guard.hpp" #include "utils/callback-wrapper.hpp" -//#include "libvirt/connection.hpp" -//#include "libvirt/domain.hpp" +#include "lxc/domain.hpp" #include #include @@ -70,7 +69,15 @@ public: */ typedef std::function RebootListener; - ContainerAdmin(const ContainerConfig& config); + /** + * ContainerAdmin constructor + * @param containersPath directory where containers are defined (lxc configs, rootfs etc) + * @param lxcTemplatePrefix directory where templates are stored + * @param config containers config + */ + ContainerAdmin(const std::string& containersPath, + const std::string& lxcTemplatePrefix, + const ContainerConfig& config); virtual ~ContainerAdmin(); /** @@ -174,7 +181,7 @@ public: private: const ContainerConfig& mConfig; - //libvirt::LibvirtDomain mDom; + lxc::LxcDomain mDom; const std::string mId; bool mDetachOnExit; diff --git a/server/container-config.hpp b/server/container-config.hpp index e8d44c1..95030e0 100644 --- a/server/container-config.hpp +++ b/server/container-config.hpp @@ -36,6 +36,22 @@ namespace security_containers { struct ContainerConfig { + + /** + * Container name + */ + std::string name; + + /** + * Lxc template name (relative to lxcTemplatePrefix) + */ + std::string lxcTemplate; + + /** + * Init program with args (empty means default /sbin/init) + */ + std::vector initWithArgs; + /** * Privilege of the container. * The smaller the value the more important the container @@ -88,6 +104,9 @@ struct ContainerConfig { CONFIG_REGISTER ( + name, + lxcTemplate, + initWithArgs, privilege, vt, switchToDefaultAfterTimeout, diff --git a/server/container.cpp b/server/container.cpp index c69cd46..17d383e 100644 --- a/server/container.cpp +++ b/server/container.cpp @@ -52,7 +52,9 @@ const int RECONNECT_DELAY = 1 * 1000; } // namespace -Container::Container(const std::string& containerConfigPath, +Container::Container(const std::string& containersPath, + const std::string& containerConfigPath, + const std::string& lxcTemplatePrefix, const std::string& baseRunMountPointPath) { config::loadFromFile(containerConfigPath, mConfig); @@ -64,7 +66,7 @@ Container::Container(const std::string& containerConfigPath, mPermittedToRecv.push_back(boost::regex(r)); } - const std::string baseConfigPath = utils::dirName(containerConfigPath); + //const std::string baseConfigPath = utils::dirName(containerConfigPath); //mConfig.config = fs::absolute(mConfig.config, baseConfigPath).string(); //mConfig.networkConfig = fs::absolute(mConfig.networkConfig, baseConfigPath).string(); //mConfig.networkFilterConfig = fs::absolute(mConfig.networkFilterConfig, @@ -76,7 +78,7 @@ Container::Container(const std::string& containerConfigPath, //LOGT("Creating Network Admin " << mConfig.networkConfig); mNetworkAdmin.reset(new NetworkAdmin(mConfig)); //LOGT("Creating Container Admin " << mConfig.config); - mAdmin.reset(new ContainerAdmin(mConfig)); + mAdmin.reset(new ContainerAdmin(containersPath, lxcTemplatePrefix, mConfig)); } Container::~Container() diff --git a/server/container.hpp b/server/container.hpp index 6800f7a..0fcd837 100644 --- a/server/container.hpp +++ b/server/container.hpp @@ -45,8 +45,17 @@ namespace security_containers { class Container { public: - Container(const std::string& containerConfigPath, - const std::string& baseRunMountPointPath = ""); + /** + * Container constructor + * @param containersPath directory where containers are defined (lxc configs, rootfs etc) + * @param containerConfigPath path for containers config + * @param lxcTemplatePrefix directory where templates are stored + * @param baseRunMountPointPath base directory for run mount point + */ + Container(const std::string& containersPath, + const std::string& containerConfigPath, + const std::string& lxcTemplatePrefix, + const std::string& baseRunMountPointPath); Container(Container&&) = default; virtual ~Container(); diff --git a/server/containers-manager-config.hpp b/server/containers-manager-config.hpp index 06b83be..83c8901 100644 --- a/server/containers-manager-config.hpp +++ b/server/containers-manager-config.hpp @@ -78,6 +78,11 @@ struct ContainersManagerConfig { */ std::string containerNewConfigPrefix; + /** + * Path prefix for lxc templates + */ + std::string lxcTemplatePrefix; + /* * Parameters describing input device used to switch between containers */ @@ -102,6 +107,7 @@ struct ContainersManagerConfig { containerImagePath, containerTemplatePath, containerNewConfigPrefix, + lxcTemplatePrefix, inputConfig, runMountPointPrefix, proxyCallRules diff --git a/server/containers-manager.cpp b/server/containers-manager.cpp index 321bec0..6f76ee6 100644 --- a/server/containers-manager.cpp +++ b/server/containers-manager.cpp @@ -149,7 +149,9 @@ void ContainersManager::addContainer(const std::string& containerConfig) std::string containerConfigPath = utils::getAbsolutePath(containerConfig, baseConfigPath); LOGT("Creating Container " << containerConfigPath); - std::unique_ptr c(new Container(containerConfigPath, + std::unique_ptr c(new Container(mConfig.containersPath, + containerConfigPath, + mConfig.lxcTemplatePrefix, mConfig.runMountPointPrefix)); const std::string id = c->getId(); if (id == HOST_ID) { diff --git a/tests/unit_tests/client/configs/CMakeLists.txt b/tests/unit_tests/client/configs/CMakeLists.txt index c6f67a7..72ec622 100644 --- a/tests/unit_tests/client/configs/CMakeLists.txt +++ b/tests/unit_tests/client/configs/CMakeLists.txt @@ -19,13 +19,21 @@ MESSAGE(STATUS "Installing configs for the Client Unit Tests to " ${SC_TEST_CONFIG_INSTALL_DIR}) -FILE(GLOB client_manager_CONF ut-client/*.conf) -FILE(GLOB client_container_CONF ut-client/containers/*.conf) - ## Generate #################################################################### +CONFIGURE_FILE(ut-client/test-dbus-daemon.conf.in + ${CMAKE_BINARY_DIR}/ut-client/test-dbus-daemon.conf @ONLY) +FILE(GLOB client_manager_CONF_GEN ${CMAKE_BINARY_DIR}/ut-client/*.conf) + +CONFIGURE_FILE(ut-client/containers/console1-dbus.conf.in + ${CMAKE_BINARY_DIR}/ut-client/containers/console1-dbus.conf @ONLY) +CONFIGURE_FILE(ut-client/containers/console2-dbus.conf.in + ${CMAKE_BINARY_DIR}/ut-client/containers/console2-dbus.conf @ONLY) +CONFIGURE_FILE(ut-client/containers/console3-dbus.conf.in + ${CMAKE_BINARY_DIR}/ut-client/containers/console3-dbus.conf @ONLY) +FILE(GLOB client_container_CONF_GEN ${CMAKE_BINARY_DIR}/ut-client/containers/*.conf) ## Install ##################################################################### -INSTALL(FILES ${client_manager_CONF} +INSTALL(FILES ${client_manager_CONF_GEN} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/client/ut-client) -INSTALL(FILES ${client_container_CONF} +INSTALL(FILES ${client_container_CONF_GEN} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/client/ut-client/containers) diff --git a/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf deleted file mode 100644 index 8f6f37d..0000000 --- a/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "privilege" : 20, - "vt" : -1, - "switchToDefaultAfterTimeout" : true, - "enableDbusIntegration" : true, - "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, - "runMountPoint" : "/tmp/ut-containers-manager/console1-dbus", - "permittedToSend" : [ "/tmp/.*", "/etc/secret2" ], - "permittedToRecv" : [ "/tmp/.*" ] -} diff --git a/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf.in b/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf.in new file mode 100644 index 0000000..6855a28 --- /dev/null +++ b/tests/unit_tests/client/configs/ut-client/containers/console1-dbus.conf.in @@ -0,0 +1,14 @@ +{ + "name" : "ut-containers-manager-console1-dbus", + "lxcTemplate" : "minimal-dbus1.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; /usr/bin/dbus-daemon --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf --fork; read"], + "privilege" : 20, + "vt" : -1, + "switchToDefaultAfterTimeout" : true, + "enableDbusIntegration" : true, + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "runMountPoint" : "/tmp/ut-run1", + "permittedToSend" : [ "/tmp/.*", "/etc/secret2" ], + "permittedToRecv" : [ "/tmp/.*" ] +} diff --git a/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf deleted file mode 100644 index f62fac0..0000000 --- a/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "privilege" : 20, - "vt" : -1, - "switchToDefaultAfterTimeout" : false, - "enableDbusIntegration" : true, - "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, - "runMountPoint" : "/tmp/ut-containers-manager/console2-dbus", - "permittedToSend" : [ "/tmp/.*" ], - "permittedToRecv" : [ "/tmp/.*", "/etc/secret1" ] -} diff --git a/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf.in b/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf.in new file mode 100644 index 0000000..728522a --- /dev/null +++ b/tests/unit_tests/client/configs/ut-client/containers/console2-dbus.conf.in @@ -0,0 +1,14 @@ +{ + "name" : "ut-containers-manager-console2-dbus", + "lxcTemplate" : "minimal-dbus2.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; /usr/bin/dbus-daemon --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf --fork; read"], + "privilege" : 20, + "vt" : -1, + "switchToDefaultAfterTimeout" : false, + "enableDbusIntegration" : true, + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "runMountPoint" : "/tmp/ut-run2", + "permittedToSend" : [ "/tmp/.*" ], + "permittedToRecv" : [ "/tmp/.*", "/etc/secret1" ] +} diff --git a/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf b/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf deleted file mode 100644 index e91ecd9..0000000 --- a/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "privilege" : 20, - "vt" : -1, - "switchToDefaultAfterTimeout" : true, - "enableDbusIntegration" : true, - "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, - "runMountPoint" : "/tmp/ut-containers-manager/console3-dbus", - "permittedToSend" : [ "/tmp/.*" ], - "permittedToRecv" : [ "/tmp/.*" ] -} diff --git a/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf.in b/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf.in new file mode 100644 index 0000000..d273e57 --- /dev/null +++ b/tests/unit_tests/client/configs/ut-client/containers/console3-dbus.conf.in @@ -0,0 +1,14 @@ +{ + "name" : "ut-containers-manager-console3-dbus", + "lxcTemplate" : "minimal-dbus3.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; /usr/bin/dbus-daemon --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf --fork; read"], + "privilege" : 20, + "vt" : -1, + "switchToDefaultAfterTimeout" : true, + "enableDbusIntegration" : true, + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "runMountPoint" : "/tmp/ut-run3", + "permittedToSend" : [ "/tmp/.*" ], + "permittedToRecv" : [ "/tmp/.*" ] +} diff --git a/tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf b/tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf.in similarity index 89% rename from tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf rename to tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf.in index 707be02..f65c013 100644 --- a/tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf +++ b/tests/unit_tests/client/configs/ut-client/test-dbus-daemon.conf.in @@ -4,11 +4,12 @@ "containers/console3-dbus.conf"], "foregroundId" : "ut-containers-manager-console1-dbus", "defaultId" : "ut-containers-manager-console1-dbus", - "containersPath" : "/tmp", + "containersPath" : "/tmp/ut-containers", "containerImagePath" : "", "containerTemplatePath" : "", "containerNewConfigPrefix" : "", "runMountPointPrefix" : "", + "lxcTemplatePrefix" : "@SC_TEST_LXC_TEMPLATES_INSTALL_DIR@", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/client/ut-client-utils.cpp b/tests/unit_tests/client/ut-client-utils.cpp index ac4c1fd..334d7bf 100644 --- a/tests/unit_tests/client/ut-client-utils.cpp +++ b/tests/unit_tests/client/ut-client-utils.cpp @@ -50,6 +50,8 @@ BOOST_AUTO_TEST_CASE(ParseContainerIdFromCpuSetTest) testOK("/machine/a-b.libvirt-lxc", "a-b"); testOK("/machine.slice/machine-lxc\\x2da\\x2db.scope", "a-b"); testOK("/machine.slice/machine-lxc\\x2da-b.scope", "a/b"); + + testOK("/lxc/test", "test"); } BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/client/ut-client.cpp b/tests/unit_tests/client/ut-client.cpp index 574be39..9847a92 100644 --- a/tests/unit_tests/client/ut-client.cpp +++ b/tests/unit_tests/client/ut-client.cpp @@ -28,6 +28,7 @@ #include #include "utils/latch.hpp" +#include "utils/scoped-dir.hpp" #include "containers-manager.hpp" #include "container-dbus-definitions.hpp" @@ -46,6 +47,7 @@ namespace { const std::string TEST_DBUS_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/client/ut-client/test-dbus-daemon.conf"; +const std::string CONTAINERS_PATH = "/tmp/ut-containers"; // the same as in daemon.conf struct Loop { Loop() { sc_start_glib_loop(); } @@ -54,6 +56,11 @@ struct Loop { struct Fixture { Loop loop; + utils::ScopedDir mContainersPathGuard = CONTAINERS_PATH; + utils::ScopedDir mRun1Guard = utils::ScopedDir("/tmp/ut-run1"); + utils::ScopedDir mRun2Guard = utils::ScopedDir("/tmp/ut-run2"); + utils::ScopedDir mRun3Guard = utils::ScopedDir("/tmp/ut-run3"); + ContainersManager cm; Fixture(): cm(TEST_DBUS_CONFIG_PATH) @@ -65,11 +72,11 @@ struct Fixture { const int EVENT_TIMEOUT = 5000; ///< ms const std::map EXPECTED_DBUSES_STARTED = { {"ut-containers-manager-console1-dbus", - "unix:path=/tmp/ut-containers-manager/console1-dbus/dbus/system_bus_socket"}, + "unix:path=/tmp/ut-run1/dbus/system_bus_socket"}, {"ut-containers-manager-console2-dbus", - "unix:path=/tmp/ut-containers-manager/console2-dbus/dbus/system_bus_socket"}, + "unix:path=/tmp/ut-run2/dbus/system_bus_socket"}, {"ut-containers-manager-console3-dbus", - "unix:path=/tmp/ut-containers-manager/console3-dbus/dbus/system_bus_socket"}}; + "unix:path=/tmp/ut-run3/dbus/system_bus_socket"}}; void convertDictToMap(ScArrayString keys, ScArrayString values, diff --git a/tests/unit_tests/lxc/templates/minimal-dbus1.sh b/tests/unit_tests/lxc/templates/minimal-dbus1.sh new file mode 100755 index 0000000..6f967e5 --- /dev/null +++ b/tests/unit_tests/lxc/templates/minimal-dbus1.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +echo UnitTest LXC template, args: $@ + +options=$(getopt -o p:n: -l rootfs:,path:,name: -- "$@") +if [ $? -ne 0 ]; then + exit 1 +fi +eval set -- "$options" + +while true +do + case "$1" in + -p|--path) path=$2; shift 2;; + --rootfs) rootfs=$2; shift 2;; + -n|--name) name=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +# Prepare container rootfs +ROOTFS_DIRS="\ +${rootfs}/bin \ +${rootfs}/dev \ +${rootfs}/etc \ +${rootfs}/home \ +${rootfs}/lib \ +${rootfs}/lib64 \ +${rootfs}/proc \ +${rootfs}/root \ +${rootfs}/run \ +${rootfs}/sbin \ +${rootfs}/sys \ +${rootfs}/tmp \ +${rootfs}/usr \ +${rootfs}/var \ +${rootfs}/var/run +" +/bin/mkdir ${ROOTFS_DIRS} + +# Prepare container configuration file +> ${path}/config +cat <> ${path}/config +lxc.utsname = ${name} +lxc.rootfs = ${rootfs} + +lxc.haltsignal = SIGTERM + +lxc.pts = 256 +lxc.tty = 0 + +lxc.mount.auto = proc sys cgroup +lxc.mount.entry = /bin bin none ro,bind 0 0 +lxc.mount.entry = /etc etc none ro,bind 0 0 +lxc.mount.entry = /lib lib none ro,bind 0 0 +lxc.mount.entry = /sbin sbin none ro,bind 0 0 +lxc.mount.entry = /usr usr none ro,rbind 0 0 +lxc.mount.entry = devtmpfs dev devtmpfs rw,relatime,mode=755 0 0 +lxc.mount.entry = /tmp/ut-run1 var/run none rw,bind 0 0 +EOF + +if [ "$(uname -m)" = "x86_64" ]; then +cat <> $path/config +lxc.mount.entry = /lib64 lib64 none ro,bind 0 0 +EOF +fi + diff --git a/tests/unit_tests/lxc/templates/minimal-dbus2.sh b/tests/unit_tests/lxc/templates/minimal-dbus2.sh new file mode 100755 index 0000000..1b5bf57 --- /dev/null +++ b/tests/unit_tests/lxc/templates/minimal-dbus2.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +echo UnitTest LXC template, args: $@ + +options=$(getopt -o p:n: -l rootfs:,path:,name: -- "$@") +if [ $? -ne 0 ]; then + exit 1 +fi +eval set -- "$options" + +while true +do + case "$1" in + -p|--path) path=$2; shift 2;; + --rootfs) rootfs=$2; shift 2;; + -n|--name) name=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +# Prepare container rootfs +ROOTFS_DIRS="\ +${rootfs}/bin \ +${rootfs}/dev \ +${rootfs}/etc \ +${rootfs}/home \ +${rootfs}/lib \ +${rootfs}/lib64 \ +${rootfs}/proc \ +${rootfs}/root \ +${rootfs}/run \ +${rootfs}/sbin \ +${rootfs}/sys \ +${rootfs}/tmp \ +${rootfs}/usr \ +${rootfs}/var \ +${rootfs}/var/run +" +/bin/mkdir ${ROOTFS_DIRS} + +# Prepare container configuration file +> ${path}/config +cat <> ${path}/config +lxc.utsname = ${name} +lxc.rootfs = ${rootfs} + +lxc.haltsignal = SIGTERM + +lxc.pts = 256 +lxc.tty = 0 + +lxc.mount.auto = proc sys cgroup +lxc.mount.entry = /bin bin none ro,bind 0 0 +lxc.mount.entry = /etc etc none ro,bind 0 0 +lxc.mount.entry = /lib lib none ro,bind 0 0 +lxc.mount.entry = /sbin sbin none ro,bind 0 0 +lxc.mount.entry = /usr usr none ro,rbind 0 0 +lxc.mount.entry = devtmpfs dev devtmpfs rw,relatime,mode=755 0 0 +lxc.mount.entry = /tmp/ut-run2 var/run none rw,bind 0 0 +EOF + +if [ "$(uname -m)" = "x86_64" ]; then +cat <> $path/config +lxc.mount.entry = /lib64 lib64 none ro,bind 0 0 +EOF +fi + diff --git a/tests/unit_tests/lxc/templates/minimal-dbus3.sh b/tests/unit_tests/lxc/templates/minimal-dbus3.sh new file mode 100755 index 0000000..9ace1c6 --- /dev/null +++ b/tests/unit_tests/lxc/templates/minimal-dbus3.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +echo UnitTest LXC template, args: $@ + +options=$(getopt -o p:n: -l rootfs:,path:,name: -- "$@") +if [ $? -ne 0 ]; then + exit 1 +fi +eval set -- "$options" + +while true +do + case "$1" in + -p|--path) path=$2; shift 2;; + --rootfs) rootfs=$2; shift 2;; + -n|--name) name=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +# Prepare container rootfs +ROOTFS_DIRS="\ +${rootfs}/bin \ +${rootfs}/dev \ +${rootfs}/etc \ +${rootfs}/home \ +${rootfs}/lib \ +${rootfs}/lib64 \ +${rootfs}/proc \ +${rootfs}/root \ +${rootfs}/run \ +${rootfs}/sbin \ +${rootfs}/sys \ +${rootfs}/tmp \ +${rootfs}/usr \ +${rootfs}/var \ +${rootfs}/var/run +" +/bin/mkdir ${ROOTFS_DIRS} + +# Prepare container configuration file +> ${path}/config +cat <> ${path}/config +lxc.utsname = ${name} +lxc.rootfs = ${rootfs} + +lxc.haltsignal = SIGTERM + +lxc.pts = 256 +lxc.tty = 0 + +lxc.mount.auto = proc sys cgroup +lxc.mount.entry = /bin bin none ro,bind 0 0 +lxc.mount.entry = /etc etc none ro,bind 0 0 +lxc.mount.entry = /lib lib none ro,bind 0 0 +lxc.mount.entry = /sbin sbin none ro,bind 0 0 +lxc.mount.entry = /usr usr none ro,rbind 0 0 +lxc.mount.entry = devtmpfs dev devtmpfs rw,relatime,mode=755 0 0 +lxc.mount.entry = /tmp/ut-run3 var/run none rw,bind 0 0 +EOF + +if [ "$(uname -m)" = "x86_64" ]; then +cat <> $path/config +lxc.mount.entry = /lib64 lib64 none ro,bind 0 0 +EOF +fi + diff --git a/tests/unit_tests/lxc/ut-domain.cpp b/tests/unit_tests/lxc/ut-domain.cpp index 0e1b863..b3b693a 100644 --- a/tests/unit_tests/lxc/ut-domain.cpp +++ b/tests/unit_tests/lxc/ut-domain.cpp @@ -28,6 +28,7 @@ #include "lxc/domain.hpp" #include "lxc/exception.hpp" +#include "utils/scoped-dir.hpp" #include #include @@ -37,23 +38,22 @@ namespace { using namespace security_containers; using namespace security_containers::lxc; -namespace fs = boost::filesystem; const std::string LXC_PATH = "/tmp/ut-lxc/"; const std::string DOMAIN_NAME = "ut-domain"; const std::string TEMPLATE = SC_TEST_LXC_TEMPLATES_INSTALL_DIR "/minimal.sh"; struct Fixture { + utils::ScopedDir mLxcDirGuard = LXC_PATH; + Fixture() { - fs::create_directory(LXC_PATH); cleanup(); } ~Fixture() { cleanup(); - fs::remove_all(LXC_PATH); } void cleanup() diff --git a/tests/unit_tests/server/configs/CMakeLists.txt b/tests/unit_tests/server/configs/CMakeLists.txt index a8bad91..49cb292 100644 --- a/tests/unit_tests/server/configs/CMakeLists.txt +++ b/tests/unit_tests/server/configs/CMakeLists.txt @@ -37,6 +37,12 @@ FILE(GLOB connection_CONF ut-container-connection/*.conf) ## Generate #################################################################### +CONFIGURE_FILE(ut-server/test-daemon.conf.in + ${CMAKE_BINARY_DIR}/ut-server/test-daemon.conf @ONLY) +CONFIGURE_FILE(ut-server/buggy-daemon.conf.in + ${CMAKE_BINARY_DIR}/ut-server/buggy-daemon.conf @ONLY) +FILE(GLOB server_manager_CONF_GEN ${CMAKE_BINARY_DIR}/ut-server/*.conf) + CONFIGURE_FILE(ut-container-admin/containers/buggy.conf.in ${CMAKE_BINARY_DIR}/ut-container-admin/containers/buggy.conf @ONLY) CONFIGURE_FILE(ut-container-admin/containers/test.conf.in @@ -51,17 +57,47 @@ CONFIGURE_FILE(ut-network-admin/containers/buggy.conf.in ${CMAKE_BINARY_DIR}/ut-network-admin/containers/buggy.conf @ONLY) FILE(GLOB network_container_CONF_GEN ${CMAKE_BINARY_DIR}/ut-network-admin/containers/*.conf) +CONFIGURE_FILE(ut-container/containers/test-dbus.conf.in + ${CMAKE_BINARY_DIR}/ut-container/containers/test-dbus.conf @ONLY) +FILE(GLOB container_container_CONF_GEN ${CMAKE_BINARY_DIR}/ut-container/containers/*.conf) + +CONFIGURE_FILE(ut-containers-manager/test-daemon.conf.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/test-daemon.conf @ONLY) +CONFIGURE_FILE(ut-containers-manager/buggy-daemon.conf.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/buggy-daemon.conf @ONLY) +CONFIGURE_FILE(ut-containers-manager/buggy-default-daemon.conf.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/buggy-default-daemon.conf @ONLY) +CONFIGURE_FILE(ut-containers-manager/buggy-foreground-daemon.conf.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/buggy-foreground-daemon.conf @ONLY) +CONFIGURE_FILE(ut-containers-manager/test-dbus-daemon.conf.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/test-dbus-daemon.conf @ONLY) +FILE(GLOB manager_manager_CONF_GEN ${CMAKE_BINARY_DIR}/ut-containers-manager/*.conf) + +CONFIGURE_FILE(ut-containers-manager/containers/console1-dbus.conf.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/containers/console1-dbus.conf @ONLY) +CONFIGURE_FILE(ut-containers-manager/containers/console2-dbus.conf.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/containers/console2-dbus.conf @ONLY) +CONFIGURE_FILE(ut-containers-manager/containers/console3-dbus.conf.in + ${CMAKE_BINARY_DIR}/ut-containers-manager/containers/console3-dbus.conf @ONLY) +FILE(GLOB manager_container_CONF_GEN ${CMAKE_BINARY_DIR}/ut-containers-manager/containers/*.conf) + ## Install ##################################################################### INSTALL(FILES ${server_manager_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-server) +INSTALL(FILES ${server_manager_CONF_GEN} + DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-server) INSTALL(FILES ${server_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-server/containers) INSTALL(FILES ${manager_manager_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager) +INSTALL(FILES ${manager_manager_CONF_GEN} + DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager) INSTALL(FILES ${manager_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/containers) +INSTALL(FILES ${manager_container_CONF_GEN} + DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/containers) INSTALL(FILES ${manager_admin_TEMPLATE} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-containers-manager/templates) @@ -69,6 +105,8 @@ INSTALL(FILES ${container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container) INSTALL(FILES ${container_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container/containers) +INSTALL(FILES ${container_container_CONF_GEN} + DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container/containers) INSTALL(FILES ${admin_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container-admin/containers) diff --git a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf index f4be18d..c31efc5 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/buggy.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/buggy.conf @@ -1,4 +1,7 @@ { + "name" : "ut-container-test", + "lxcTemplate" : "/buggy/path", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 10, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf deleted file mode 100644 index d745818..0000000 --- a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "privilege" : 10, - "vt" : -1, - "switchToDefaultAfterTimeout" : true, - "enableDbusIntegration" : true, - "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, - "runMountPoint" : "/tmp/ut-container", - "permittedToSend" : [], - "permittedToRecv" : [] -} diff --git a/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf.in b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf.in new file mode 100644 index 0000000..e3eaf9b --- /dev/null +++ b/tests/unit_tests/server/configs/ut-container/containers/test-dbus.conf.in @@ -0,0 +1,14 @@ +{ + "name" : "ut-container-test-dbus", + "lxcTemplate" : "minimal-dbus1.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; /usr/bin/dbus-daemon --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-container/ut-dbus.conf --fork; read"], + "privilege" : 10, + "vt" : -1, + "switchToDefaultAfterTimeout" : true, + "enableDbusIntegration" : true, + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "runMountPoint" : "/tmp/ut-run1", + "permittedToSend" : [], + "permittedToRecv" : [] +} diff --git a/tests/unit_tests/server/configs/ut-container/containers/test.conf b/tests/unit_tests/server/configs/ut-container/containers/test.conf index f4be18d..ec6bf54 100644 --- a/tests/unit_tests/server/configs/ut-container/containers/test.conf +++ b/tests/unit_tests/server/configs/ut-container/containers/test.conf @@ -1,4 +1,7 @@ { + "name" : "ut-container-test", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 10, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-container/ut-dbus.conf b/tests/unit_tests/server/configs/ut-container/ut-dbus.conf index e52a825..520a14f 100644 --- a/tests/unit_tests/server/configs/ut-container/ut-dbus.conf +++ b/tests/unit_tests/server/configs/ut-container/ut-dbus.conf @@ -5,7 +5,7 @@ custom - unix:path=/tmp/ut-container/dbus/system_bus_socket + unix:path=/var/run/dbus/system_bus_socket diff --git a/tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf.in similarity index 73% rename from tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf rename to tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf.in index 5ec98cc..c848165 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/buggy-daemon.conf.in @@ -3,10 +3,11 @@ "runMountPointPrefix" : "", "foregroundId" : "ut-containers-manager-console1", "defaultId" : "ut-containers-manager-console1", - "containersPath" : "/tmp", + "containersPath" : "/tmp/ut-containers", "containerImagePath" : "", "containerTemplatePath" : "templates", - "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", + "containerNewConfigPrefix" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/", + "lxcTemplatePrefix" : "@SC_TEST_LXC_TEMPLATES_INSTALL_DIR@", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf.in similarity index 73% rename from tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf rename to tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf.in index ef5a597..590ea73 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/buggy-default-daemon.conf.in @@ -3,10 +3,11 @@ "runMountPointPrefix" : "", "foregroundId" : "ut-containers-manager-console1", "defaultId" : "in_no_way_there_is_a_valid_id_here", - "containersPath" : "/tmp", + "containersPath" : "/tmp/ut-containers", "containerImagePath" : "", "containerTemplatePath" : "templates", - "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", + "containerNewConfigPrefix" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/", + "lxcTemplatePrefix" : "@SC_TEST_LXC_TEMPLATES_INSTALL_DIR@", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf.in similarity index 73% rename from tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf rename to tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf.in index 3faa0f7..cb3eb30 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/buggy-foreground-daemon.conf.in @@ -3,10 +3,11 @@ "runMountPointPrefix" : "", "foregroundId" : "this_id_does_not_exist", "defaultId" : "ut-containers-manager-console1", - "containersPath" : "/tmp", + "containersPath" : "/tmp/ut-containers", "containerImagePath" : "", "containerTemplatePath" : "templates", - "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", + "containerNewConfigPrefix" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/", + "lxcTemplatePrefix" : "@SC_TEST_LXC_TEMPLATES_INSTALL_DIR@", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf deleted file mode 100644 index 8f6f37d..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "privilege" : 20, - "vt" : -1, - "switchToDefaultAfterTimeout" : true, - "enableDbusIntegration" : true, - "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, - "runMountPoint" : "/tmp/ut-containers-manager/console1-dbus", - "permittedToSend" : [ "/tmp/.*", "/etc/secret2" ], - "permittedToRecv" : [ "/tmp/.*" ] -} diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf.in b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf.in new file mode 100644 index 0000000..6855a28 --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1-dbus.conf.in @@ -0,0 +1,14 @@ +{ + "name" : "ut-containers-manager-console1-dbus", + "lxcTemplate" : "minimal-dbus1.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; /usr/bin/dbus-daemon --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf --fork; read"], + "privilege" : 20, + "vt" : -1, + "switchToDefaultAfterTimeout" : true, + "enableDbusIntegration" : true, + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "runMountPoint" : "/tmp/ut-run1", + "permittedToSend" : [ "/tmp/.*", "/etc/secret2" ], + "permittedToRecv" : [ "/tmp/.*" ] +} diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf index 02ecd65..2bc7251 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console1.conf @@ -1,4 +1,7 @@ { + "name" : "ut-containers-manager-console1", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 20, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf deleted file mode 100644 index f62fac0..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "privilege" : 20, - "vt" : -1, - "switchToDefaultAfterTimeout" : false, - "enableDbusIntegration" : true, - "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, - "runMountPoint" : "/tmp/ut-containers-manager/console2-dbus", - "permittedToSend" : [ "/tmp/.*" ], - "permittedToRecv" : [ "/tmp/.*", "/etc/secret1" ] -} diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf.in b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf.in new file mode 100644 index 0000000..728522a --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2-dbus.conf.in @@ -0,0 +1,14 @@ +{ + "name" : "ut-containers-manager-console2-dbus", + "lxcTemplate" : "minimal-dbus2.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; /usr/bin/dbus-daemon --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf --fork; read"], + "privilege" : 20, + "vt" : -1, + "switchToDefaultAfterTimeout" : false, + "enableDbusIntegration" : true, + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "runMountPoint" : "/tmp/ut-run2", + "permittedToSend" : [ "/tmp/.*" ], + "permittedToRecv" : [ "/tmp/.*", "/etc/secret1" ] +} diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf index bbd1cb5..9a0134f 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console2.conf @@ -1,4 +1,7 @@ { + "name" : "ut-containers-manager-console2", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 10, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf deleted file mode 100644 index e91ecd9..0000000 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf +++ /dev/null @@ -1,11 +0,0 @@ -{ - "privilege" : 20, - "vt" : -1, - "switchToDefaultAfterTimeout" : true, - "enableDbusIntegration" : true, - "cpuQuotaForeground" : -1, - "cpuQuotaBackground" : 1000, - "runMountPoint" : "/tmp/ut-containers-manager/console3-dbus", - "permittedToSend" : [ "/tmp/.*" ], - "permittedToRecv" : [ "/tmp/.*" ] -} diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf.in b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf.in new file mode 100644 index 0000000..d273e57 --- /dev/null +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3-dbus.conf.in @@ -0,0 +1,14 @@ +{ + "name" : "ut-containers-manager-console3-dbus", + "lxcTemplate" : "minimal-dbus3.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; /usr/bin/dbus-daemon --config-file=@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/ut-dbus.conf --fork; read"], + "privilege" : 20, + "vt" : -1, + "switchToDefaultAfterTimeout" : true, + "enableDbusIntegration" : true, + "cpuQuotaForeground" : -1, + "cpuQuotaBackground" : 1000, + "runMountPoint" : "/tmp/ut-run3", + "permittedToSend" : [ "/tmp/.*" ], + "permittedToRecv" : [ "/tmp/.*" ] +} diff --git a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf index cdba7db..6ff8900 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/containers/console3.conf @@ -1,4 +1,7 @@ { + "name" : "ut-containers-manager-console3", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 15, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf.in similarity index 73% rename from tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf rename to tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf.in index 9317b9d..359066d 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/test-daemon.conf.in @@ -3,10 +3,11 @@ "runMountPointPrefix" : "", "foregroundId" : "ut-containers-manager-console1", "defaultId" : "ut-containers-manager-console1", - "containersPath" : "/tmp", + "containersPath" : "/tmp/ut-containers", "containerImagePath" : "", "containerTemplatePath" : "templates", - "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", + "containerNewConfigPrefix" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/", + "lxcTemplatePrefix" : "@SC_TEST_LXC_TEMPLATES_INSTALL_DIR@", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf b/tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf.in similarity index 81% rename from tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf rename to tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf.in index af183a1..4421d62 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/test-dbus-daemon.conf.in @@ -4,11 +4,12 @@ "containers/console3-dbus.conf"], "foregroundId" : "ut-containers-manager-console1-dbus", "defaultId" : "ut-containers-manager-console1-dbus", - "containersPath" : "/tmp", + "containersPath" : "/tmp/ut-containers", "containerImagePath" : "", "containerTemplatePath" : "templates", - "containerNewConfigPrefix" : "/usr/share/security-containers/tests/server/ut-containers-manager/", + "containerNewConfigPrefix" : "@SC_TEST_CONFIG_INSTALL_DIR@/server/ut-containers-manager/", "runMountPointPrefix" : "", + "lxcTemplatePrefix" : "@SC_TEST_LXC_TEMPLATES_INSTALL_DIR@", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-containers-manager/ut-dbus.conf b/tests/unit_tests/server/configs/ut-containers-manager/ut-dbus.conf index 865d15f..520a14f 100644 --- a/tests/unit_tests/server/configs/ut-containers-manager/ut-dbus.conf +++ b/tests/unit_tests/server/configs/ut-containers-manager/ut-dbus.conf @@ -5,7 +5,7 @@ custom - unix:path=/tmp/ut-containers-manager/dbus/system_bus_socket + unix:path=/var/run/dbus/system_bus_socket diff --git a/tests/unit_tests/server/configs/ut-server/buggy-daemon.conf b/tests/unit_tests/server/configs/ut-server/buggy-daemon.conf.in similarity index 84% rename from tests/unit_tests/server/configs/ut-server/buggy-daemon.conf rename to tests/unit_tests/server/configs/ut-server/buggy-daemon.conf.in index 4758406..3b7702f 100644 --- a/tests/unit_tests/server/configs/ut-server/buggy-daemon.conf +++ b/tests/unit_tests/server/configs/ut-server/buggy-daemon.conf.in @@ -1,12 +1,13 @@ { "containerConfigs" : ["containers/container1.conf", "missing/file/path/missing.conf", "containers/container3.conf"], - "containersPath" : "/tmp", + "containersPath" : "/tmp/ut-containers", "containerImagePath" : "", "containerTemplatePath" : "no_need_for_templates_in_this_test", + "containerNewConfigPrefix" : "", "runMountPointPrefix" : "", "foregroundId" : "ut-server-container1", "defaultId" : "ut-server-container1", - "containerNewConfigPrefix" : "", + "lxcTemplatePrefix" : "@SC_TEST_LXC_TEMPLATES_INSTALL_DIR@", "inputConfig" : {"enabled" : false, "device" : "/dev/doesnotexist", "code" : 139, diff --git a/tests/unit_tests/server/configs/ut-server/containers/container1.conf b/tests/unit_tests/server/configs/ut-server/containers/container1.conf index dfe7855..d232bc3 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container1.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container1.conf @@ -1,4 +1,7 @@ { + "name" : "ut-server-container1", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 20, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-server/containers/container2.conf b/tests/unit_tests/server/configs/ut-server/containers/container2.conf index f4be18d..650782f 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container2.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container2.conf @@ -1,4 +1,7 @@ { + "name" : "ut-server-container2", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 10, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-server/containers/container3.conf b/tests/unit_tests/server/configs/ut-server/containers/container3.conf index c52e57d..0d9f947 100644 --- a/tests/unit_tests/server/configs/ut-server/containers/container3.conf +++ b/tests/unit_tests/server/configs/ut-server/containers/container3.conf @@ -1,4 +1,7 @@ { + "name" : "ut-server-container3", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 15, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-server/test-daemon.conf b/tests/unit_tests/server/configs/ut-server/test-daemon.conf.in similarity index 84% rename from tests/unit_tests/server/configs/ut-server/test-daemon.conf rename to tests/unit_tests/server/configs/ut-server/test-daemon.conf.in index 767b3a5..d6d7e2a 100644 --- a/tests/unit_tests/server/configs/ut-server/test-daemon.conf +++ b/tests/unit_tests/server/configs/ut-server/test-daemon.conf.in @@ -1,12 +1,13 @@ { "containerConfigs" : ["containers/container1.conf", "containers/container2.conf", "containers/container3.conf"], - "containersPath" : "/tmp", + "containersPath" : "/tmp/ut-containers", "containerImagePath" : "", "containerTemplatePath" : "no_need_for_templates_in_this_test", "containerNewConfigPrefix" : "", "runMountPointPrefix" : "", "foregroundId" : "ut-server-container1", "defaultId" : "ut-server-container1", + "lxcTemplatePrefix" : "@SC_TEST_LXC_TEMPLATES_INSTALL_DIR@", "inputConfig" : {"enabled" : false, "device" : "gpio-keys.4", "code" : 139, diff --git a/tests/unit_tests/server/ut-container.cpp b/tests/unit_tests/server/ut-container.cpp index e636276..dc2db18 100644 --- a/tests/unit_tests/server/ut-container.cpp +++ b/tests/unit_tests/server/ut-container.cpp @@ -31,6 +31,7 @@ #include "utils/exception.hpp" #include "utils/glib-loop.hpp" +#include "utils/scoped-dir.hpp" #include "config/exception.hpp" #include @@ -48,6 +49,8 @@ const std::string TEST_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-cont const std::string TEST_DBUS_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container/containers/test-dbus.conf"; const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container/containers/buggy.conf"; const std::string MISSING_CONFIG_PATH = "/this/is/a/missing/file/path/config.conf"; +const std::string CONTAINERS_PATH = "/tmp/ut-containers"; +const std::string LXC_TEMPLATES_PATH = SC_TEST_LXC_TEMPLATES_INSTALL_DIR; void ensureStarted() { @@ -56,6 +59,16 @@ void ensureStarted() struct Fixture { utils::ScopedGlibLoop mLoop; + utils::ScopedDir mContainersPathGuard = CONTAINERS_PATH; + utils::ScopedDir mRunGuard; + + std::unique_ptr create(const std::string& configPath) + { + return std::unique_ptr(new Container(CONTAINERS_PATH, + configPath, + LXC_TEMPLATES_PATH, + "")); + } }; } // namespace @@ -63,42 +76,38 @@ struct Fixture { BOOST_FIXTURE_TEST_SUITE(ContainerSuite, Fixture) -BOOST_AUTO_TEST_CASE(ConstructorTest) +BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) { - BOOST_REQUIRE_NO_THROW(Container c(TEST_CONFIG_PATH)); -} - -BOOST_AUTO_TEST_CASE(DestructorTest) -{ - std::unique_ptr c(new Container(TEST_CONFIG_PATH)); - BOOST_REQUIRE_NO_THROW(c.reset()); + auto c = create(TEST_CONFIG_PATH); + c.reset(); } BOOST_AUTO_TEST_CASE(BuggyConfigTest) { - BOOST_REQUIRE_THROW(Container c(BUGGY_CONFIG_PATH), UtilsException); + BOOST_REQUIRE_THROW(create(BUGGY_CONFIG_PATH), std::exception);//TODO which one? } BOOST_AUTO_TEST_CASE(MissingConfigTest) { - BOOST_REQUIRE_THROW(Container c(MISSING_CONFIG_PATH), ConfigException); + BOOST_REQUIRE_THROW(create(MISSING_CONFIG_PATH), ConfigException); } BOOST_AUTO_TEST_CASE(StartStopTest) { - std::unique_ptr c(new Container(TEST_CONFIG_PATH)); - BOOST_REQUIRE_NO_THROW(c->start()); + auto c = create(TEST_CONFIG_PATH); + c->start(); ensureStarted(); - BOOST_REQUIRE_NO_THROW(c->stop()); + c->stop(); } BOOST_AUTO_TEST_CASE(DbusConnectionTest) { - std::unique_ptr c; - BOOST_REQUIRE_NO_THROW(c.reset(new Container(TEST_DBUS_CONFIG_PATH))); - BOOST_REQUIRE_NO_THROW(c->start()); + mRunGuard.create("/tmp/ut-run1"); // the same path as in lxc template + + auto c = create(TEST_DBUS_CONFIG_PATH); + c->start(); ensureStarted(); - BOOST_REQUIRE_NO_THROW(c->stop()); + c->stop(); } // TODO: DbusReconnectionTest diff --git a/tests/unit_tests/server/ut-containers-manager.cpp b/tests/unit_tests/server/ut-containers-manager.cpp index 40281b8..317981d 100644 --- a/tests/unit_tests/server/ut-containers-manager.cpp +++ b/tests/unit_tests/server/ut-containers-manager.cpp @@ -41,6 +41,7 @@ #include "utils/latch.hpp" #include "utils/fs.hpp" #include "utils/img.hpp" +#include "utils/scoped-dir.hpp" #include #include @@ -75,6 +76,7 @@ const std::string FILE_CONTENT = "File content\n" "Line 1\n" "Line 2\n"; const std::string NON_EXISTANT_CONTAINER_ID = "NON_EXISTANT_CONTAINER_ID"; +const std::string CONTAINERS_PATH = "/tmp/ut-containers"; // the same as in daemon.conf class DbusAccessory { public: @@ -342,8 +344,8 @@ private: if (isHost()) { return "unix:path=/var/run/dbus/system_bus_socket"; } - return "unix:path=/tmp/ut-containers-manager/console" + std::to_string(mId) + - "-dbus/dbus/system_bus_socket"; + return "unix:path=/tmp/ut-run" + std::to_string(mId) + + "/dbus/system_bus_socket"; } }; @@ -376,6 +378,11 @@ private: struct Fixture { security_containers::utils::ScopedGlibLoop mLoop; + + utils::ScopedDir mContainersPathGuard = CONTAINERS_PATH; + utils::ScopedDir mRun1Guard = utils::ScopedDir("/tmp/ut-run1"); + utils::ScopedDir mRun2Guard = utils::ScopedDir("/tmp/ut-run2"); + utils::ScopedDir mRun3Guard = utils::ScopedDir("/tmp/ut-run3"); }; } // namespace @@ -386,8 +393,8 @@ BOOST_FIXTURE_TEST_SUITE(ContainersManagerSuite, Fixture) BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) { std::unique_ptr cm; - BOOST_REQUIRE_NO_THROW(cm.reset(new ContainersManager(TEST_CONFIG_PATH))); - BOOST_REQUIRE_NO_THROW(cm.reset()); + cm.reset(new ContainersManager(TEST_CONFIG_PATH)); + cm.reset(); } BOOST_AUTO_TEST_CASE(BuggyConfigTest) @@ -403,14 +410,14 @@ BOOST_AUTO_TEST_CASE(MissingConfigTest) BOOST_AUTO_TEST_CASE(StartAllTest) { ContainersManager cm(TEST_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(cm.startAll()); + cm.startAll(); BOOST_CHECK(cm.getRunningForegroundContainerId() == "ut-containers-manager-console1"); } BOOST_AUTO_TEST_CASE(BuggyForegroundTest) { ContainersManager cm(BUGGY_FOREGROUND_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(cm.startAll()); + cm.startAll(); BOOST_CHECK(cm.getRunningForegroundContainerId() == "ut-containers-manager-console2"); } @@ -423,8 +430,8 @@ BOOST_AUTO_TEST_CASE(BuggyDefaultTest) BOOST_AUTO_TEST_CASE(StopAllTest) { ContainersManager cm(TEST_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(cm.startAll()); - BOOST_REQUIRE_NO_THROW(cm.stopAll()); + cm.startAll(); + cm.stopAll(); BOOST_CHECK(cm.getRunningForegroundContainerId().empty()); } @@ -432,24 +439,24 @@ BOOST_AUTO_TEST_CASE(DetachOnExitTest) { { ContainersManager cm(TEST_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(cm.startAll()); + cm.startAll(); cm.setContainersDetachOnExit(); } { ContainersManager cm(TEST_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(cm.startAll()); + cm.startAll(); } } BOOST_AUTO_TEST_CASE(FocusTest) { ContainersManager cm(TEST_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(cm.startAll()); - BOOST_REQUIRE_NO_THROW(cm.focus("ut-containers-manager-console2")); + cm.startAll(); + cm.focus("ut-containers-manager-console2"); BOOST_CHECK(cm.getRunningForegroundContainerId() == "ut-containers-manager-console2"); - BOOST_REQUIRE_NO_THROW(cm.focus("ut-containers-manager-console1")); + cm.focus("ut-containers-manager-console1"); BOOST_CHECK(cm.getRunningForegroundContainerId() == "ut-containers-manager-console1"); - BOOST_REQUIRE_NO_THROW(cm.focus("ut-containers-manager-console3")); + cm.focus("ut-containers-manager-console3"); BOOST_CHECK(cm.getRunningForegroundContainerId() == "ut-containers-manager-console3"); } @@ -523,7 +530,7 @@ BOOST_AUTO_TEST_CASE(NotifyActiveContainerTest) BOOST_AUTO_TEST_CASE(DisplayOffTest) { ContainersManager cm(TEST_DBUS_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(cm.startAll()); + cm.startAll(); std::vector> clients; for (int i = 1; i <= TEST_DBUS_CONNECTION_CONTAINERS_COUNT; ++i) { @@ -544,13 +551,13 @@ BOOST_AUTO_TEST_CASE(DisplayOffTest) for (auto& client : clients) { // TEST SWITCHING TO DEFAULT CONTAINER // focus non-default container - BOOST_REQUIRE_NO_THROW(cm.focus("ut-containers-manager-console3-dbus")); + cm.focus("ut-containers-manager-console3-dbus"); // emit signal from dbus connection - BOOST_REQUIRE_NO_THROW(client->emitSignal(fake_power_manager_api::OBJECT_PATH, - fake_power_manager_api::INTERFACE, - fake_power_manager_api::SIGNAL_DISPLAY_OFF, - nullptr)); + client->emitSignal(fake_power_manager_api::OBJECT_PATH, + fake_power_manager_api::INTERFACE, + fake_power_manager_api::SIGNAL_DISPLAY_OFF, + nullptr); // check if default container has focus BOOST_CHECK(Condition.wait_for(Lock, std::chrono::milliseconds(EVENT_TIMEOUT), cond)); @@ -598,7 +605,7 @@ BOOST_AUTO_TEST_CASE(MoveFileTest) // subscribe the second (destination) container for notifications dbuses.at(2)->signalSubscribe(handler); - const std::string TMP = "/tmp"; + const std::string TMP = "/tmp/ut-containers"; const std::string NO_PATH = "path_doesnt_matter_here"; const std::string BUGGY_PATH = TMP + "/this_file_does_not_exist"; const std::string BUGGY_CONTAINER = "this-container-does-not-exist"; @@ -658,7 +665,7 @@ BOOST_AUTO_TEST_CASE(MoveFileTest) BOOST_AUTO_TEST_CASE(AllowSwitchToDefaultTest) { ContainersManager cm(TEST_DBUS_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(cm.startAll()); + cm.startAll(); std::vector> clients; for (int i = 1; i <= TEST_DBUS_CONNECTION_CONTAINERS_COUNT; ++i) { @@ -678,25 +685,25 @@ BOOST_AUTO_TEST_CASE(AllowSwitchToDefaultTest) for (auto& client : clients) { // focus non-default container with allowed switching - BOOST_REQUIRE_NO_THROW(cm.focus("ut-containers-manager-console3-dbus")); + cm.focus("ut-containers-manager-console3-dbus"); // emit signal from dbus connection - BOOST_REQUIRE_NO_THROW(client->emitSignal(fake_power_manager_api::OBJECT_PATH, - fake_power_manager_api::INTERFACE, - fake_power_manager_api::SIGNAL_DISPLAY_OFF, - nullptr)); + client->emitSignal(fake_power_manager_api::OBJECT_PATH, + fake_power_manager_api::INTERFACE, + fake_power_manager_api::SIGNAL_DISPLAY_OFF, + nullptr); // check if default container has focus BOOST_CHECK(condition.wait_for(condLock, std::chrono::milliseconds(EVENT_TIMEOUT), cond)); // focus non-default container with disabled switching - BOOST_REQUIRE_NO_THROW(cm.focus("ut-containers-manager-console2-dbus")); + cm.focus("ut-containers-manager-console2-dbus"); // emit signal from dbus connection - BOOST_REQUIRE_NO_THROW(client->emitSignal(fake_power_manager_api::OBJECT_PATH, - fake_power_manager_api::INTERFACE, - fake_power_manager_api::SIGNAL_DISPLAY_OFF, - nullptr)); + client->emitSignal(fake_power_manager_api::OBJECT_PATH, + fake_power_manager_api::INTERFACE, + fake_power_manager_api::SIGNAL_DISPLAY_OFF, + nullptr); // now default container should not be focused BOOST_CHECK(!condition.wait_for(condLock, std::chrono::milliseconds(EVENT_TIMEOUT), cond)); @@ -787,11 +794,11 @@ namespace { const DbusAccessory::Dbuses EXPECTED_DBUSES_STARTED = { {"ut-containers-manager-console1-dbus", - "unix:path=/tmp/ut-containers-manager/console1-dbus/dbus/system_bus_socket"}, + "unix:path=/tmp/ut-run1/dbus/system_bus_socket"}, {"ut-containers-manager-console2-dbus", - "unix:path=/tmp/ut-containers-manager/console2-dbus/dbus/system_bus_socket"}, + "unix:path=/tmp/ut-run2/dbus/system_bus_socket"}, {"ut-containers-manager-console3-dbus", - "unix:path=/tmp/ut-containers-manager/console3-dbus/dbus/system_bus_socket"}}; + "unix:path=/tmp/ut-run3/dbus/system_bus_socket"}}; } // namespace BOOST_AUTO_TEST_CASE(GetContainerDbusesTest) @@ -912,7 +919,7 @@ BOOST_AUTO_TEST_CASE(SetActiveContainerTest) "ut-containers-manager-console3-dbus"}; for (std::string& containerId: containerIds){ - BOOST_REQUIRE_NO_THROW(dbus.callMethodSetActiveContainer(containerId)); + dbus.callMethodSetActiveContainer(containerId); BOOST_CHECK(dbus.callMethodGetActiveContainerId() == containerId); } @@ -924,31 +931,32 @@ BOOST_AUTO_TEST_CASE(SetActiveContainerTest) DbusException); } -BOOST_AUTO_TEST_CASE(AddContainerTest) -{ - const std::string newContainerId = "test1234"; - const std::vector newContainerConfigs = { - TEST_CONTAINER_CONF_PATH + newContainerId + ".conf", - }; - FileCleanerRAII cleaner(newContainerConfigs); - - ContainersManager cm(TEST_DBUS_CONFIG_PATH); - cm.startAll(); - - Latch callDone; - auto resultCallback = [&]() { - callDone.set(); - }; - - DbusAccessory dbus(DbusAccessory::HOST_ID); - - // create new container - dbus.callAsyncMethodAddContainer(newContainerId, resultCallback); - callDone.wait(EVENT_TIMEOUT); - - // focus new container - BOOST_REQUIRE_NO_THROW(cm.focus(newContainerId)); - BOOST_CHECK(cm.getRunningForegroundContainerId() == newContainerId); -} +//TODO fix it +//BOOST_AUTO_TEST_CASE(AddContainerTest) +//{ +// const std::string newContainerId = "test1234"; +// const std::vector newContainerConfigs = { +// TEST_CONTAINER_CONF_PATH + newContainerId + ".conf", +// }; +// FileCleanerRAII cleaner(newContainerConfigs); +// +// ContainersManager cm(TEST_DBUS_CONFIG_PATH); +// cm.startAll(); +// +// Latch callDone; +// auto resultCallback = [&]() { +// callDone.set(); +// }; +// +// DbusAccessory dbus(DbusAccessory::HOST_ID); +// +// // create new container +// dbus.callAsyncMethodAddContainer(newContainerId, resultCallback); +// callDone.wait(EVENT_TIMEOUT); +// +// // focus new container +// cm.focus(newContainerId); +// BOOST_CHECK(cm.getRunningForegroundContainerId() == newContainerId); +//} BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/server/ut-network-admin.cpp b/tests/unit_tests/server/ut-network-admin.cpp index 9406a96..f120ac6 100644 --- a/tests/unit_tests/server/ut-network-admin.cpp +++ b/tests/unit_tests/server/ut-network-admin.cpp @@ -23,63 +23,63 @@ * @brief Unit tests of the NetworkAdmin class */ -#include "config.hpp" -#include "ut.hpp" - -#include "network-admin.hpp" - -#include "utils/exception.hpp" -//#include "libvirt/exception.hpp" -#include "config/manager.hpp" - - -using namespace security_containers; - -namespace { - -const std::string TEST_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-network-admin/containers/test.conf"; -const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-network-admin/containers/buggy.conf"; -const std::string MISSING_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-network-admin/containers/missing.conf"; - -} // namespace - - -BOOST_AUTO_TEST_SUITE(NetworkAdminSuite) - -BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) -{ - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - std::unique_ptr admin; - BOOST_REQUIRE_NO_THROW(admin.reset(new NetworkAdmin(config))); - BOOST_REQUIRE_NO_THROW(admin.reset()); -} - -//BOOST_AUTO_TEST_CASE(BuggyConfigTest) +//#include "config.hpp" +//#include "ut.hpp" +// +//#include "network-admin.hpp" +// +//#include "utils/exception.hpp" +////#include "libvirt/exception.hpp" +//#include "config/manager.hpp" +// +// +//using namespace security_containers; +// +//namespace { +// +//const std::string TEST_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-network-admin/containers/test.conf"; +//const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-network-admin/containers/buggy.conf"; +//const std::string MISSING_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-network-admin/containers/missing.conf"; +// +//} // namespace +// +// +//BOOST_AUTO_TEST_SUITE(NetworkAdminSuite) +// +//BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) //{ // ContainerConfig config; -// config::loadFromFile(BUGGY_CONFIG_PATH, config); -// BOOST_REQUIRE_THROW(NetworkAdmin na(config), LibvirtOperationException); +// config::loadFromFile(TEST_CONFIG_PATH, config); +// std::unique_ptr admin; +// BOOST_REQUIRE_NO_THROW(admin.reset(new NetworkAdmin(config))); +// BOOST_REQUIRE_NO_THROW(admin.reset()); //} - -BOOST_AUTO_TEST_CASE(MissingConfigTest) -{ - ContainerConfig config; - config::loadFromFile(MISSING_CONFIG_PATH, config); - BOOST_REQUIRE_THROW(NetworkAdmin na(config), UtilsException); -} - -BOOST_AUTO_TEST_CASE(StartStopTest) -{ - ContainerConfig config; - config::loadFromFile(TEST_CONFIG_PATH, config); - NetworkAdmin net(config); - - BOOST_CHECK(!net.isActive()); - BOOST_CHECK_NO_THROW(net.start()); - BOOST_CHECK(net.isActive()); - BOOST_CHECK_NO_THROW(net.stop()); - BOOST_CHECK(!net.isActive()); -} - -BOOST_AUTO_TEST_SUITE_END() +// +////BOOST_AUTO_TEST_CASE(BuggyConfigTest) +////{ +//// ContainerConfig config; +//// config::loadFromFile(BUGGY_CONFIG_PATH, config); +//// BOOST_REQUIRE_THROW(NetworkAdmin na(config), LibvirtOperationException); +////} +// +//BOOST_AUTO_TEST_CASE(MissingConfigTest) +//{ +// ContainerConfig config; +// config::loadFromFile(MISSING_CONFIG_PATH, config); +// BOOST_REQUIRE_THROW(NetworkAdmin na(config), UtilsException); +//} +// +//BOOST_AUTO_TEST_CASE(StartStopTest) +//{ +// ContainerConfig config; +// config::loadFromFile(TEST_CONFIG_PATH, config); +// NetworkAdmin net(config); +// +// BOOST_CHECK(!net.isActive()); +// BOOST_CHECK_NO_THROW(net.start()); +// BOOST_CHECK(net.isActive()); +// BOOST_CHECK_NO_THROW(net.stop()); +// BOOST_CHECK(!net.isActive()); +//} +// +//BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/server/ut-server.cpp b/tests/unit_tests/server/ut-server.cpp index 74bcede..2dbfabc 100644 --- a/tests/unit_tests/server/ut-server.cpp +++ b/tests/unit_tests/server/ut-server.cpp @@ -29,12 +29,20 @@ #include "server.hpp" #include "exception.hpp" #include "config/exception.hpp" +#include "utils/scoped-dir.hpp" #include #include +namespace { +const std::string CONTAINERS_PATH = "/tmp/ut-containers"; // the same as in daemon.conf -BOOST_AUTO_TEST_SUITE(ServerSuite) +struct Fixture { + security_containers::utils::ScopedDir mContainersPathGuard = CONTAINERS_PATH; +}; +} // namespace + +BOOST_FIXTURE_TEST_SUITE(ServerSuite, Fixture) using namespace security_containers; using namespace config; @@ -47,8 +55,8 @@ const std::string MISSING_CONFIG_PATH = "/this/is/a/missing/file/path/missing-da BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) { std::unique_ptr s; - BOOST_REQUIRE_NO_THROW(s.reset(new Server(TEST_CONFIG_PATH))); - BOOST_REQUIRE_NO_THROW(s.reset()); + s.reset(new Server(TEST_CONFIG_PATH)); + s.reset(); } BOOST_AUTO_TEST_CASE(BuggyConfigTest) @@ -64,14 +72,14 @@ BOOST_AUTO_TEST_CASE(MissingConfigTest) BOOST_AUTO_TEST_CASE(TerminateTest) { Server s(TEST_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(s.terminate()); + s.terminate(); } BOOST_AUTO_TEST_CASE(TerminateRunTest) { Server s(TEST_CONFIG_PATH); - BOOST_REQUIRE_NO_THROW(s.terminate()); - BOOST_REQUIRE_NO_THROW(s.run()); + s.terminate(); + s.run(); } BOOST_AUTO_TEST_CASE(RunTerminateTest) @@ -82,11 +90,11 @@ BOOST_AUTO_TEST_CASE(RunTerminateTest) // give a chance to run a thread std::this_thread::sleep_for(std::chrono::milliseconds(200)); - BOOST_REQUIRE_NO_THROW(s.terminate()); + s.terminate(); runFuture.wait(); // a potential exception from std::async thread will be delegated to this thread - BOOST_REQUIRE_NO_THROW(runFuture.get()); + runFuture.get(); } diff --git a/tests/unit_tests/utils/scoped-dir.cpp b/tests/unit_tests/utils/scoped-dir.cpp new file mode 100644 index 0000000..c1b184c --- /dev/null +++ b/tests/unit_tests/utils/scoped-dir.cpp @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Create directory in constructor, delete it in destructor + */ + +#include "config.hpp" + +#include "utils/scoped-dir.hpp" + +#include + + +namespace security_containers { +namespace utils { + +namespace fs = boost::filesystem; + +ScopedDir::ScopedDir() +{ +} + +ScopedDir::ScopedDir(const std::string& path) +{ + create(path); +} + +ScopedDir::~ScopedDir() +{ + remove(); +} + +void ScopedDir::create(const std::string& path) +{ + remove(); + if (!path.empty()) { + mPath = path; + fs::remove_all(path); + fs::create_directories(path); + } +} + +void ScopedDir::remove() +{ + if (!mPath.empty()) { + fs::remove_all(mPath); + mPath.clear(); + } +} + +} // namespace utils +} // namespace security_containers diff --git a/tests/unit_tests/utils/scoped-dir.hpp b/tests/unit_tests/utils/scoped-dir.hpp new file mode 100644 index 0000000..93e18a2 --- /dev/null +++ b/tests/unit_tests/utils/scoped-dir.hpp @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Create directory in constructor, delete it in destructor + */ + +#ifndef UNIT_TESTS_UTILS_SCOPED_DIR_HPP +#define UNIT_TESTS_UTILS_SCOPED_DIR_HPP + +#include + + +namespace security_containers { +namespace utils { + + +/** + * Scoped directory + * To be used in tests only + */ +class ScopedDir { +public: + ScopedDir(); + ScopedDir(const std::string& path); + ~ScopedDir(); + + /** + * Creates a dir or if exists ensures it is empty + */ + void create(const std::string& path); + + /** + * Deletes this dir with all content + */ + void remove(); + +private: + std::string mPath; +}; + + +} // namespace utils +} // namespace security_containers + + +#endif // UNIT_TESTS_UTILS_SCOPED_DIR_HPP -- 2.7.4 From 4019fbbe44260e19bd1f335425f5256034cbe350 Mon Sep 17 00:00:00 2001 From: Piotr Bartosiewicz Date: Wed, 5 Nov 2014 15:00:03 +0100 Subject: [PATCH 15/16] Lxc server configs, missing ContainerAdmin stuff WORK IN PROGRESS [Bug/Feature] N/A [Cause] N/A [Solution] N/A [Verification] All tests should pass Change-Id: I87505823a5b1c543ee495ede010430bb8c745736 --- common/lxc/domain.cpp | 81 ++++- common/lxc/domain.hpp | 29 +- packaging/security-containers.spec | 2 + server/configs/CMakeLists.txt | 4 + server/configs/containers/business.conf | 2 +- server/configs/containers/private.conf | 2 +- server/configs/daemon.conf | 4 +- server/configs/lxc-templates/business.sh | 38 ++ server/configs/lxc-templates/private.sh | 38 ++ server/container-admin.cpp | 300 +++------------- server/container-admin.hpp | 92 +---- tests/unit_tests/lxc/ut-domain.cpp | 152 ++++++-- tests/unit_tests/server/configs/CMakeLists.txt | 10 - .../containers/{buggy.conf.in => buggy.conf} | 3 + .../ut-container-admin/containers/missing.conf | 3 + ...t-no-shutdown.conf.in => test-no-shutdown.conf} | 3 + .../containers/{test.conf.in => test.conf} | 3 + tests/unit_tests/server/ut-container-admin.cpp | 396 +++++++-------------- tests/unit_tests/server/ut-container.cpp | 13 +- 19 files changed, 490 insertions(+), 685 deletions(-) create mode 100755 server/configs/lxc-templates/business.sh create mode 100755 server/configs/lxc-templates/private.sh rename tests/unit_tests/server/configs/ut-container-admin/containers/{buggy.conf.in => buggy.conf} (71%) rename tests/unit_tests/server/configs/ut-container-admin/containers/{test-no-shutdown.conf.in => test-no-shutdown.conf} (71%) rename tests/unit_tests/server/configs/ut-container-admin/containers/{test.conf.in => test.conf} (65%) diff --git a/common/lxc/domain.cpp b/common/lxc/domain.cpp index 07b7c77..0959959 100644 --- a/common/lxc/domain.cpp +++ b/common/lxc/domain.cpp @@ -30,9 +30,23 @@ #include #include +#include + namespace security_containers { namespace lxc { +namespace { + const std::map STATE_MAP = { + {"STOPPED", LxcDomain::State::STOPPED}, + {"STARTING", LxcDomain::State::STARTING}, + {"RUNNING", LxcDomain::State::RUNNING}, + {"STOPPING", LxcDomain::State::STOPPING}, + {"ABORTING", LxcDomain::State::ABORTING}, + {"FREEZING", LxcDomain::State::FREEZING}, + {"FROZEN", LxcDomain::State::FROZEN}, + {"THAWED", LxcDomain::State::THAWED} + }; +} // namespace LxcDomain::LxcDomain(const std::string& lxcPath, const std::string& domainName) : mContainer(nullptr) @@ -70,63 +84,92 @@ bool LxcDomain::isDefined() return mContainer->is_defined(mContainer); } -bool LxcDomain::isRunning() -{ - return mContainer->is_running(mContainer); -} - -std::string LxcDomain::getState() +LxcDomain::State LxcDomain::getState() { - return mContainer->state(mContainer); + const std::string str = mContainer->state(mContainer); + return STATE_MAP.at(str); } -void LxcDomain::create(const std::string& templatePath) +bool LxcDomain::create(const std::string& templatePath) { if (!mContainer->create(mContainer, templatePath.c_str(), NULL, NULL, 0, NULL)) { LOGE("Could not create domain " + getName()); - throw LxcException("Could not create domain"); + return false; } + return true; } -void LxcDomain::destroy() +bool LxcDomain::destroy() { if (!mContainer->destroy(mContainer)) { LOGE("Could not destroy domain " + getName()); - throw LxcException("Could not destroy domain"); + return false; } + return true; } -void LxcDomain::start(const char* const* argv) +bool LxcDomain::start(const char* const* argv) { + if (mContainer->is_running(mContainer)) { + LOGE("Already started " + getName()); + return false; + } + if (!mContainer->want_daemonize(mContainer, true)) { + LOGE("Could not configure domain " + getName()); + return false; + } if (!mContainer->start(mContainer, false, const_cast(argv))) { LOGE("Could not start domain " + getName()); - throw LxcException("Could not start domain"); + return false; } + return true; } -void LxcDomain::stop() +bool LxcDomain::stop() { if (!mContainer->stop(mContainer)) { LOGE("Could not stop domain " + getName()); - throw LxcException("Stop domain failed"); + return false; } + return true; } -void LxcDomain::reboot() +bool LxcDomain::reboot() { if (!mContainer->reboot(mContainer)) { LOGE("Could not reboot domain " + getName()); - throw LxcException("Reboot domain failed"); + return false; } + return true; } -void LxcDomain::shutdown(int timeout) +bool LxcDomain::shutdown(int timeout) { if (!mContainer->shutdown(mContainer, timeout)) { LOGE("Could not gracefully shutdown domain " + getName() + " in " << timeout << "s"); - throw LxcException("Shutdown domain failed"); + return false; } + return true; } +bool LxcDomain::freeze() +{ + if (!mContainer->freeze(mContainer)) { + LOGE("Could not freeze domain " + getName()); + return false; + } + return true; +} + +bool LxcDomain::unfreeze() +{ + if (!mContainer->unfreeze(mContainer)) { + LOGE("Could not unfreeze domain " + getName()); + return false; + } + return true; +} + + } // namespace lxc } // namespace security_containers diff --git a/common/lxc/domain.hpp b/common/lxc/domain.hpp index 2f0cbf8..3202f54 100644 --- a/common/lxc/domain.hpp +++ b/common/lxc/domain.hpp @@ -39,6 +39,17 @@ namespace lxc { */ class LxcDomain { public: + enum class State { + STOPPED, + STARTING, + RUNNING, + STOPPING, + ABORTING, + FREEZING, + FROZEN, + THAWED + }; + LxcDomain(const std::string& lxcPath, const std::string& domainName); ~LxcDomain(); @@ -50,17 +61,19 @@ public: std::string getConfigItem(const std::string& key); bool isDefined(); - bool isRunning(); - std::string getState(); + State getState(); + + bool create(const std::string& templatePath); + bool destroy(); - void create(const std::string& templatePath); - void destroy(); + bool start(const char* const* argv); + bool stop(); + bool reboot(); + bool shutdown(int timeout); - void start(const char* const* argv); - void stop(); - void reboot(); - void shutdown(int timeout); + bool freeze(); + bool unfreeze(); private: lxc_container* mContainer; }; diff --git a/packaging/security-containers.spec b/packaging/security-containers.spec index e73694c..11e7c99 100644 --- a/packaging/security-containers.spec +++ b/packaging/security-containers.spec @@ -40,8 +40,10 @@ between them. A process from inside a container can request a switch of context %attr(755,root,root) %{_bindir}/security-containers-server %dir /etc/security-containers %dir /etc/security-containers/containers +%dir /etc/security-containers/lxc-templates %config /etc/security-containers/daemon.conf %config /etc/security-containers/containers/*.conf +%attr(755,root,root) /etc/security-containers/lxc-templates/*.sh %{_unitdir}/security-containers.service %{_unitdir}/multi-user.target.wants/security-containers.service /etc/dbus-1/system.d/org.tizen.containers.host.conf diff --git a/server/configs/CMakeLists.txt b/server/configs/CMakeLists.txt index 310f407..ab4a94f 100644 --- a/server/configs/CMakeLists.txt +++ b/server/configs/CMakeLists.txt @@ -20,6 +20,7 @@ MESSAGE(STATUS "Installing configs to " ${SC_CONFIG_INSTALL_DIR}) FILE(GLOB container_CONF containers/*.conf) +FILE(GLOB admin_CONF lxc-templates/*.sh) ## Generate #################################################################### CONFIGURE_FILE(systemd/security-containers.service.in @@ -40,5 +41,8 @@ INSTALL(FILES ${CMAKE_BINARY_DIR}/dbus-1/system.d/org.tizen.containers.hos INSTALL(FILES ${container_CONF} DESTINATION ${SC_CONFIG_INSTALL_DIR}/containers) +INSTALL(PROGRAMS ${admin_CONF} + DESTINATION ${SC_CONFIG_INSTALL_DIR}/lxc-templates) + INSTALL(FILES ${CMAKE_BINARY_DIR}/systemd/security-containers.service DESTINATION ${SYSTEMD_UNIT_DIR}) diff --git a/server/configs/containers/business.conf b/server/configs/containers/business.conf index c141111..92eb06d 100644 --- a/server/configs/containers/business.conf +++ b/server/configs/containers/business.conf @@ -1,6 +1,6 @@ { "name" : "business", - "lxcTemplate" : "", + "lxcTemplate" : "business.sh", "initWithArgs" : [], "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 10000, diff --git a/server/configs/containers/private.conf b/server/configs/containers/private.conf index 94261b8..074f4f3 100644 --- a/server/configs/containers/private.conf +++ b/server/configs/containers/private.conf @@ -1,6 +1,6 @@ { "name" : "private", - "lxcTemplate" : "", + "lxcTemplate" : "private.sh", "initWithArgs" : [], "cpuQuotaForeground" : -1, "cpuQuotaBackground" : 10000, diff --git a/server/configs/daemon.conf b/server/configs/daemon.conf index 116b32e..058a3cd 100644 --- a/server/configs/daemon.conf +++ b/server/configs/daemon.conf @@ -7,8 +7,8 @@ "runMountPointPrefix" : "/var/run/containers", "foregroundId" : "private", "defaultId" : "private", - "lxcTemplatePrefix" : "TODO", - "inputConfig" : {"enabled" : true, + "lxcTemplatePrefix" : "/etc/security-containers/lxc-templates", + "inputConfig" : {"enabled" : false, "device" : "gpio_keys.6", "code" : 139, "numberOfEvents" : 1, diff --git a/server/configs/lxc-templates/business.sh b/server/configs/lxc-templates/business.sh new file mode 100755 index 0000000..75be9e6 --- /dev/null +++ b/server/configs/lxc-templates/business.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +echo LXC template, args: $@ + +options=$(getopt -o p:n: -l rootfs:,path:,name: -- "$@") +if [ $? -ne 0 ]; then + exit 1 +fi +eval set -- "$options" + +while true +do + case "$1" in + -p|--path) path=$2; shift 2;; + --rootfs) rootfs=$2; shift 2;; + -n|--name) name=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +# XXX assume rootfs if mounted from iso + +# Prepare container configuration file +> ${path}/config +cat <> ${path}/config +lxc.utsname = ${name} +lxc.rootfs = ${rootfs} + +lxc.haltsignal = SIGTERM + +lxc.pts = 256 +lxc.tty = 0 + +lxc.mount.auto = proc sys cgroup +lxc.mount.entry = /var/run/containers/business/run var/run none rw,bind 0 0 +EOF + diff --git a/server/configs/lxc-templates/private.sh b/server/configs/lxc-templates/private.sh new file mode 100755 index 0000000..2926e55 --- /dev/null +++ b/server/configs/lxc-templates/private.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +echo LXC template, args: $@ + +options=$(getopt -o p:n: -l rootfs:,path:,name: -- "$@") +if [ $? -ne 0 ]; then + exit 1 +fi +eval set -- "$options" + +while true +do + case "$1" in + -p|--path) path=$2; shift 2;; + --rootfs) rootfs=$2; shift 2;; + -n|--name) name=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +# XXX assume rootfs if mounted from iso + +# Prepare container configuration file +> ${path}/config +cat <> ${path}/config +lxc.utsname = ${name} +lxc.rootfs = ${rootfs} + +lxc.haltsignal = SIGTERM + +lxc.pts = 256 +lxc.tty = 0 + +lxc.mount.auto = proc sys cgroup +lxc.mount.entry = /var/run/containers/private/run var/run none rw,bind 0 0 +EOF + diff --git a/server/container-admin.cpp b/server/container-admin.cpp index 11c88fd..71185db 100644 --- a/server/container-admin.cpp +++ b/server/container-admin.cpp @@ -28,16 +28,9 @@ #include "exception.hpp" #include "logger/logger.hpp" -#include "utils/fs.hpp" #include "utils/paths.hpp" -#include "utils/latch.hpp" -#include "utils/callback-wrapper.hpp" #include -#include -#include -#include -#include namespace security_containers { @@ -45,7 +38,7 @@ namespace security_containers { namespace { // TODO: this should be in container's configuration file -const int SHUTDOWN_WAIT = 10 * 1000; +const int SHUTDOWN_WAIT = 10; class Args { public: @@ -89,50 +82,19 @@ ContainerAdmin::ContainerAdmin(const std::string& containersPath, : mConfig(config), mDom(containersPath, config.name), mId(mDom.getName()), - mDetachOnExit(false), - mLifecycleCallbackId(-1), - mRebootCallbackId(-1), - mNextIdForListener(1) + mDetachOnExit(false) { LOGD(mId << ": Instantiating ContainerAdmin object"); if (!mDom.isDefined()) { - std::string lxcTemplate = utils::getAbsolutePath(config.lxcTemplate, lxcTemplatePrefix); + const std::string lxcTemplate = utils::getAbsolutePath(config.lxcTemplate, + lxcTemplatePrefix); LOGI(mId << ": Creating domain from template: " << lxcTemplate); - mDom.create(lxcTemplate); + if (!mDom.create(lxcTemplate)) { + throw ContainerOperationException("Could not create domain"); + } } - -// // ContainerAdmin owns those callbacks -// mLifecycleCallbackId = virConnectDomainEventRegisterAny(virDomainGetConnect(mDom.get()), -// mDom.get(), -// VIR_DOMAIN_EVENT_ID_LIFECYCLE, -// VIR_DOMAIN_EVENT_CALLBACK(&ContainerAdmin::libvirtLifecycleCallback), -// utils::createCallbackWrapper(this, mLibvirtGuard.spawn()), -// &utils::deleteCallbackWrapper); -// -// if (mLifecycleCallbackId < 0) { -// LOGE(mId << ": Failed to register a libvirt lifecycle callback"); -// throw ContainerOperationException(mId + ": Failed to register a libvirt lifecycle callback"); -// } -// -// LOGT(mId << ": registered lifecycle callback"); -// -// mRebootCallbackId = virConnectDomainEventRegisterAny(virDomainGetConnect(mDom.get()), -// mDom.get(), -// VIR_DOMAIN_EVENT_ID_REBOOT, -// VIR_DOMAIN_EVENT_CALLBACK(&ContainerAdmin::libvirtRebootCallback), -// utils::createCallbackWrapper(this, mLibvirtGuard.spawn()), -// &utils::deleteCallbackWrapper); -// -// if (mRebootCallbackId < 0) { -// LOGE(mId << ": Failed to register a libvirt reboot callback"); -// virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), -// mLifecycleCallbackId); -// throw ContainerOperationException(mId + ": Failed to register a libvirt reboot callback"); -// } -// -// LOGT(mId << ": registered reboot callback"); } @@ -140,22 +102,10 @@ ContainerAdmin::~ContainerAdmin() { LOGD(mId << ": Destroying ContainerAdmin object..."); -// // Deregister callbacks -// if (mLifecycleCallbackId >= 0) { -// virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), -// mLifecycleCallbackId); -// } -// if (mRebootCallbackId >= 0) { -// virConnectDomainEventDeregisterAny(virDomainGetConnect(mDom.get()), -// mRebootCallbackId); -// } -// - // Try to forcefully stop if (!mDetachOnExit) { - try { - destroy(); - } catch (ServerException&) { - LOGE(mId << ": Failed to destroy the container"); + // Try to forcefully stop + if (!mDom.stop()) { + LOGE(mId << ": Failed to stop the container"); } } @@ -177,25 +127,19 @@ void ContainerAdmin::start() return; } - Args args(mConfig.initWithArgs); + const Args args(mConfig.initWithArgs); + bool result; if (args.empty()) { - mDom.start(NULL); + result = mDom.start(NULL); } else { LOGD(mId << ": Init: " << args); - mDom.start(args.getAsCArray()); + result = mDom.start(args.getAsCArray()); + } + + if (!result) { + throw ContainerOperationException("Could not start container"); } -// // In order to update daemon without shutting down the containers -// // autodestroy option must NOT be set. It's best to create domain -// // without any flags. -// u_int flags = VIR_DOMAIN_NONE; -// -// if (virDomainCreateWithFlags(mDom.get(), flags) < 0) { -// LOGE(mId << ": Failed to start the container\n" -// << libvirt::libvirtFormatError()); -// throw ContainerOperationException(); -// } -// LOGD(mId << ": Started"); } @@ -208,154 +152,64 @@ void ContainerAdmin::stop() return; } - mDom.stop(); + if (!mDom.shutdown(SHUTDOWN_WAIT)) { + // force stop + if (!mDom.stop()) { + throw ContainerOperationException("Could not stop container"); + } + } -// utils::Latch stoppedOccured; -// -// LifecycleListener setStopped = [&](const int eventId, const int detailId) { -// if (eventId == VIR_DOMAIN_EVENT_STOPPED) { -// if (detailId != VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { -// LOGW(mId << ": shutdown requested, but the container stopped with a different status: " -// << libvirt::libvirtEventDetailToString(eventId, detailId)); -// } -// stoppedOccured.set(); -// } -// }; -// -// ListenerId id = registerLifecycleListener(setStopped, nullptr); -// shutdown(); -// bool stopped = stoppedOccured.wait(SHUTDOWN_WAIT); -// removeListener(id); -// -// if (!stopped) { -// LOGW(mId << ": Gracefull shutdown timed out, the container is still running, destroying"); -// destroy(); -// } -// LOGD(mId << ": Stopping procedure ended"); } void ContainerAdmin::destroy() { - LOGD(mId << ": Destroying..."); - if (isStopped()) { - LOGD(mId << ": Already crashed/down/off - nothing to do"); - return; - } - - mDom.stop();//TODO - -// setSchedulerLevel(SchedulerLevel::FOREGROUND); -// -// // Forceful termination of the guest -// u_int flags = VIR_DOMAIN_DESTROY_DEFAULT; -// -// if (virDomainDestroyFlags(mDom.get(), flags) < 0) { -// LOGE(mId << ": Error while destroying the container:\n" -// << libvirt::libvirtFormatError()); -// throw ContainerOperationException(); -// } -// - LOGD(mId << ": Destroyed"); -} + LOGD(mId << ": Destroying procedure started..."); - -void ContainerAdmin::shutdown() -{ - LOGD(mId << ": Shutting down..."); - if (isStopped()) { - LOGD(mId << ": Already crashed/down/off - nothing to do"); - return; + if (!mDom.destroy()) { + throw ContainerOperationException("Could not destroy container"); } - mDom.stop(); //TODO - -// setSchedulerLevel(SchedulerLevel::FOREGROUND); -// -// if (virDomainShutdownFlags(mDom.get(), VIR_DOMAIN_SHUTDOWN_SIGNAL) < 0) { -// LOGE(mId << ": Error while shutting down the container:\n" -// << libvirt::libvirtFormatError()); -// throw ContainerOperationException(); -// } -// - LOGD(mId << ": Shut down initiated (async)"); + LOGD(mId << ": Destroying procedure ended"); } bool ContainerAdmin::isRunning() { - return mDom.isRunning(); + return mDom.getState() == lxc::LxcDomain::State::RUNNING; } bool ContainerAdmin::isStopped() { - return !mDom.isRunning();//TODO + return mDom.getState() == lxc::LxcDomain::State::STOPPED; } void ContainerAdmin::suspend() { -// assert(mDom); -// -// LOGD(mId << ": Pausing..."); -// if (isPaused()) { -// LOGD(mId << ": Already paused - nothing to do..."); -// return; -// } -// -// if (virDomainSuspend(mDom.get()) < 0) { -// LOGE(mId << ": Error while suspending the container:\n" -// << libvirt::libvirtFormatError()); -// throw ContainerOperationException(); -// } -// -// LOGD(mId << ": Paused"); + LOGD(mId << ": Pausing..."); + if (!mDom.freeze()) { + throw ContainerOperationException("Could not pause container"); + } + LOGD(mId << ": Paused"); } void ContainerAdmin::resume() { -// assert(mDom); -// -// LOGD(mId << ": Resuming..."); -// if (!isPaused()) { -// LOGD(mId << ": Is not paused - nothing to do..."); -// return; -// } -// -// if (virDomainResume(mDom.get()) < 0) { -// LOGE(mId << ": Error while resuming the container:\n" -// << libvirt::libvirtFormatError()); -// throw ContainerOperationException(); -// } -// -// LOGD(mId << ": Resumed"); + LOGD(mId << ": Resuming..."); + if (!mDom.unfreeze()) { + throw ContainerOperationException("Could not resume container"); + } + LOGD(mId << ": Resumed"); } bool ContainerAdmin::isPaused() { -// return getState() == VIR_DOMAIN_PAUSED; - return false;//TODO -} - - -int ContainerAdmin::getState() -{ -// assert(mDom); -// -// int state; -// -// if (virDomainGetState(mDom.get(), &state, NULL, 0)) { -// LOGE(mId << ": Error while getting the container's state:\n" -// << libvirt::libvirtFormatError()); -// throw ContainerOperationException(); -// } -// -// return state; - return 0; + return mDom.getState() == lxc::LxcDomain::State::FROZEN; } @@ -443,77 +297,5 @@ std::int64_t ContainerAdmin::getSchedulerQuota() return 0; } -ContainerAdmin::ListenerId ContainerAdmin::registerLifecycleListener(const ContainerAdmin::LifecycleListener& listener, - const utils::CallbackGuard::Tracker& tracker) -{ - - utils::CallbackWrapper wrap(listener, tracker); - - std::unique_lock lock(mListenerMutex); - unsigned int id = mNextIdForListener++; - mLifecycleListeners.insert(LifecycleListenerMap::value_type(id, std::move(wrap))); - - return id; -} - -ContainerAdmin::ListenerId ContainerAdmin::registerRebootListener(const ContainerAdmin::RebootListener& listener, - const utils::CallbackGuard::Tracker& tracker) -{ - - utils::CallbackWrapper wrap(listener, tracker); - - std::unique_lock lock(mListenerMutex); - unsigned int id = mNextIdForListener++; - mRebootListeners.insert(RebootListenerMap::value_type(id, std::move(wrap))); - - return id; -} - -void ContainerAdmin::removeListener(const ContainerAdmin::ListenerId id) -{ - std::unique_lock lock(mListenerMutex); - mLifecycleListeners.erase(id); - mRebootListeners.erase(id); -} - -//int ContainerAdmin::libvirtLifecycleCallback(virConnectPtr /*con*/, -// virDomainPtr /*dom*/, -// int event, -// int detail, -// void* opaque) -//{ -// ContainerAdmin* thisPtr = utils::getCallbackFromPointer(opaque); -// -// LOGI(thisPtr->getId() -// << ": Lifecycle event: " -// << libvirt::libvirtEventToString(event) -// << ": " -// << libvirt::libvirtEventDetailToString(event, detail)); -// -// std::unique_lock lock(thisPtr->mListenerMutex); -// for (auto& it : thisPtr->mLifecycleListeners) { -// LifecycleListener f = it.second.get(); -// f(event, detail); -// } -// -// // ignored, libvirt's legacy -// return 0; -//} -// -//void ContainerAdmin::libvirtRebootCallback(virConnectPtr /*con*/, -// virDomainPtr /*dom*/, -// void* opaque) -//{ -// ContainerAdmin* thisPtr = utils::getCallbackFromPointer(opaque); -// -// LOGI(thisPtr->getId() << ": Reboot event"); -// -// std::unique_lock lock(thisPtr->mListenerMutex); -// for (auto& it : thisPtr->mRebootListeners) { -// RebootListener f = it.second.get(); -// f(); -// } -//} - } // namespace security_containers diff --git a/server/container-admin.hpp b/server/container-admin.hpp index f2ca5f9..79b0193 100644 --- a/server/container-admin.hpp +++ b/server/container-admin.hpp @@ -27,16 +27,8 @@ #define SERVER_CONTAINER_ADMIN_HPP #include "container-config.hpp" - -#include "utils/callback-guard.hpp" -#include "utils/callback-wrapper.hpp" #include "lxc/domain.hpp" -#include -#include -#include -#include - namespace security_containers { @@ -49,25 +41,6 @@ enum class SchedulerLevel { class ContainerAdmin { public: - /** - * A listener ID type. - */ - typedef unsigned int ListenerId; - - /** - * An invalid ListenerId value. - */ - static const ListenerId LISTENER_ID_INVALID = 0; - - /** - * A function type used for the lifecycle listener - */ - typedef std::function LifecycleListener; - - /** - * A function type used for the reboot listener - */ - typedef std::function RebootListener; /** * ContainerAdmin constructor @@ -91,29 +64,23 @@ public: void start(); /** - * Try to shutdown the container, if failed, destroy it. + * Try to shutdown the container, if failed, kill it. */ void stop(); /** - * Forcefully stop the container. + * Destroy stopped container. In particular it removes whole containers rootfs. */ void destroy(); /** - * Gracefully shutdown the container. - * This method will NOT block until container is shut down. - */ - void shutdown(); - - /** * @return Is the container running? */ bool isRunning(); /** * Check if the container is stopped. It's NOT equivalent to !isRunning, - * because it checks different internal libvirt's states. There are other states, + * because it checks different internal lxc states. There are other states, * (e.g. paused) when the container isn't running nor stopped. * * @return Is the container stopped? @@ -154,66 +121,13 @@ public: */ std::int64_t getSchedulerQuota(); - /** - * Sets a listener for a lifecycle event. - * It's a caller's responsibility to remove the listener - * prior to destroying the object. - * - * @return listener ID that can be used to remove. - */ - ListenerId registerLifecycleListener(const LifecycleListener& listener, - const utils::CallbackGuard::Tracker& tracker); - - /** - * Sets a listener for a reboot event. - * It's a caller's responsibility to remove the listener - * prior to destroying the object. - * - * @return listener ID that can be used to remove. - */ - ListenerId registerRebootListener(const RebootListener& listener, - const utils::CallbackGuard::Tracker& tracker); - - /** - * Remove a previously registered listener. - */ - void removeListener(const ListenerId id); - private: const ContainerConfig& mConfig; lxc::LxcDomain mDom; const std::string mId; bool mDetachOnExit; - int getState(); // get the libvirt's domain state void setSchedulerParams(std::uint64_t cpuShares, std::uint64_t vcpuPeriod, std::int64_t vcpuQuota); - - // for handling libvirt callbacks - utils::CallbackGuard mLibvirtGuard; - int mLifecycleCallbackId; - int mRebootCallbackId; - -// // virConnectDomainEventCallback -// static int libvirtLifecycleCallback(virConnectPtr con, -// virDomainPtr dom, -// int event, -// int detail, -// void* opaque); -// -// // virConnectDomainEventGenericCallback -// static void libvirtRebootCallback(virConnectPtr con, -// virDomainPtr dom, -// void* opaque); - - // for handling external listeners triggered from libvirt callbacks - // TODO, the Listener type might not be unique, reimplement using proper listeners - typedef std::map> LifecycleListenerMap; - typedef std::map> RebootListenerMap; - - std::mutex mListenerMutex; - unsigned int mNextIdForListener; - LifecycleListenerMap mLifecycleListeners; - RebootListenerMap mRebootListeners; }; diff --git a/tests/unit_tests/lxc/ut-domain.cpp b/tests/unit_tests/lxc/ut-domain.cpp index b3b693a..206d2c7 100644 --- a/tests/unit_tests/lxc/ut-domain.cpp +++ b/tests/unit_tests/lxc/ut-domain.cpp @@ -60,12 +60,18 @@ struct Fixture { { LxcDomain lxc(LXC_PATH, DOMAIN_NAME); if (lxc.isDefined()) { - if (lxc.isRunning()) { + if (lxc.getState() != LxcDomain::State::STOPPED) { lxc.stop(); } lxc.destroy(); } } + + void waitForInit() + { + // wait for init fully started (wait for bash to be able to trap SIGTERM) + std::this_thread::sleep_for(std::chrono::milliseconds(200)); + } }; } // namespace @@ -82,13 +88,13 @@ BOOST_AUTO_TEST_CASE(CreateDestroyTest) LxcDomain lxc(LXC_PATH, DOMAIN_NAME); BOOST_CHECK(!lxc.isDefined()); - lxc.create(TEMPLATE); + BOOST_CHECK(lxc.create(TEMPLATE)); BOOST_CHECK(lxc.isDefined()); BOOST_CHECK_EQUAL(lxc.getConfigItem("lxc.rootfs"), LXC_PATH + DOMAIN_NAME + "/rootfs"); BOOST_CHECK_THROW(lxc.getConfigItem("xxx"), LxcException); - lxc.destroy(); + BOOST_CHECK(lxc.destroy()); BOOST_CHECK(!lxc.isDefined()); } @@ -97,46 +103,146 @@ BOOST_AUTO_TEST_CASE(StartShutdownTest) { { LxcDomain lxc(LXC_PATH, DOMAIN_NAME); - lxc.create(TEMPLATE); + BOOST_CHECK(lxc.create(TEMPLATE)); } LxcDomain lxc(LXC_PATH, DOMAIN_NAME); - BOOST_CHECK_EQUAL("STOPPED", lxc.getState()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); const char* argv[] = { "/bin/sh", "-c", "trap exit SIGTERM; read", NULL }; - lxc.start(argv); - // wait for bash to be able to trap SIGTERM - std::this_thread::sleep_for(std::chrono::milliseconds(200)); - BOOST_CHECK_EQUAL("RUNNING", lxc.getState()); - lxc.shutdown(2); - BOOST_CHECK_EQUAL("STOPPED", lxc.getState()); - - lxc.destroy(); + BOOST_CHECK(lxc.start(argv)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + waitForInit(); + BOOST_CHECK(lxc.shutdown(2)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + + BOOST_CHECK(lxc.destroy()); } BOOST_AUTO_TEST_CASE(StartStopTest) { { LxcDomain lxc(LXC_PATH, DOMAIN_NAME); - lxc.create(TEMPLATE); + BOOST_CHECK(lxc.create(TEMPLATE)); + } + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + const char* argv[] = { + "/bin/sh", + NULL + }; + BOOST_CHECK(lxc.start(argv)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + BOOST_CHECK(!lxc.shutdown(1)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + BOOST_CHECK(lxc.stop()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + + BOOST_CHECK(lxc.destroy()); +} + +BOOST_AUTO_TEST_CASE(StartHasStoppedTest) +{ + { + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + BOOST_CHECK(lxc.create(TEMPLATE)); } LxcDomain lxc(LXC_PATH, DOMAIN_NAME); - BOOST_CHECK_EQUAL("STOPPED", lxc.getState()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + const char* argv[] = { + "/bin/sh", + "-c", + "echo", + NULL + }; + BOOST_CHECK(lxc.start(argv)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + waitForInit(); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + + BOOST_CHECK(lxc.destroy()); +} + +BOOST_AUTO_TEST_CASE(FreezeUnfreezeTest) +{ + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + BOOST_CHECK(lxc.create(TEMPLATE)); + const char* argv[] = { + "/bin/sh", + "-c", + "trap exit SIGTERM; read", + NULL + }; + BOOST_CHECK(lxc.start(argv)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + waitForInit(); + BOOST_CHECK(lxc.freeze()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::FROZEN); + BOOST_CHECK(lxc.unfreeze()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + BOOST_CHECK(lxc.shutdown(2)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + + BOOST_CHECK(lxc.destroy()); +} + +BOOST_AUTO_TEST_CASE(FreezeStopTest) +{ + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + BOOST_CHECK(lxc.create(TEMPLATE)); + const char* argv[] = { + "/bin/sh", + "-c", + "trap exit SIGTERM; read", + NULL + }; + BOOST_CHECK(lxc.start(argv)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + waitForInit(); + BOOST_CHECK(lxc.freeze()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::FROZEN); + BOOST_CHECK(!lxc.shutdown(1)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::FROZEN); + BOOST_CHECK(lxc.stop()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + + BOOST_CHECK(lxc.destroy()); +} + +BOOST_AUTO_TEST_CASE(RepeatTest) +{ + LxcDomain lxc(LXC_PATH, DOMAIN_NAME); + BOOST_CHECK(lxc.create(TEMPLATE)); + BOOST_CHECK(!lxc.create(TEMPLATE));// forbidden const char* argv[] = { "/bin/sh", + "-c", + "trap exit SIGTERM; read", NULL }; - lxc.start(argv); - BOOST_CHECK_EQUAL("RUNNING", lxc.getState()); - BOOST_CHECK_THROW(lxc.shutdown(1), LxcException); - BOOST_CHECK_EQUAL("RUNNING", lxc.getState()); - lxc.stop(); - BOOST_CHECK_EQUAL("STOPPED", lxc.getState()); - - lxc.destroy(); + BOOST_CHECK(lxc.start(argv)); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + waitForInit(); + BOOST_CHECK(!lxc.start(argv)); // forbidden + BOOST_CHECK(lxc.freeze()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::FROZEN); + BOOST_CHECK(lxc.freeze()); // repeat is nop + BOOST_CHECK(lxc.getState() == LxcDomain::State::FROZEN); + BOOST_CHECK(lxc.unfreeze()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + BOOST_CHECK(lxc.unfreeze()); // repeat is nop + BOOST_CHECK(lxc.getState() == LxcDomain::State::RUNNING); + BOOST_CHECK(lxc.stop()); + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + BOOST_CHECK(lxc.stop()); // repeat is nop + BOOST_CHECK(lxc.getState() == LxcDomain::State::STOPPED); + + BOOST_CHECK(lxc.destroy()); + BOOST_CHECK(!lxc.isDefined()); + BOOST_CHECK(!lxc.destroy()); // forbidden (why?) } BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/server/configs/CMakeLists.txt b/tests/unit_tests/server/configs/CMakeLists.txt index 49cb292..b3f8a70 100644 --- a/tests/unit_tests/server/configs/CMakeLists.txt +++ b/tests/unit_tests/server/configs/CMakeLists.txt @@ -43,14 +43,6 @@ CONFIGURE_FILE(ut-server/buggy-daemon.conf.in ${CMAKE_BINARY_DIR}/ut-server/buggy-daemon.conf @ONLY) FILE(GLOB server_manager_CONF_GEN ${CMAKE_BINARY_DIR}/ut-server/*.conf) -CONFIGURE_FILE(ut-container-admin/containers/buggy.conf.in - ${CMAKE_BINARY_DIR}/ut-container-admin/containers/buggy.conf @ONLY) -CONFIGURE_FILE(ut-container-admin/containers/test.conf.in - ${CMAKE_BINARY_DIR}/ut-container-admin/containers/test.conf @ONLY) -CONFIGURE_FILE(ut-container-admin/containers/test-no-shutdown.conf.in - ${CMAKE_BINARY_DIR}/ut-container-admin/containers/test-no-shutdown.conf @ONLY) -FILE(GLOB admin_container_CONF_GEN ${CMAKE_BINARY_DIR}/ut-container-admin/containers/*.conf) - CONFIGURE_FILE(ut-network-admin/containers/test.conf.in ${CMAKE_BINARY_DIR}/ut-network-admin/containers/test.conf @ONLY) CONFIGURE_FILE(ut-network-admin/containers/buggy.conf.in @@ -110,8 +102,6 @@ INSTALL(FILES ${container_container_CONF_GEN} INSTALL(FILES ${admin_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container-admin/containers) -INSTALL(FILES ${admin_container_CONF_GEN} - DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-container-admin/containers) INSTALL(FILES ${network_container_CONF} DESTINATION ${SC_TEST_CONFIG_INSTALL_DIR}/server/ut-network-admin/containers) diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf similarity index 71% rename from tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in rename to tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf index f4be18d..22f5810 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/buggy.conf @@ -1,4 +1,7 @@ { + "name" : "ut-container-admin-test", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/foo"], "privilege" : 10, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf index f4be18d..6ff36fe 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/missing.conf @@ -1,4 +1,7 @@ { + "name" : "ut-container-admin-test", + "lxcTemplate" : "missing.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 10, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf similarity index 71% rename from tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in rename to tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf index f4be18d..7877f8e 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test-no-shutdown.conf @@ -1,4 +1,7 @@ { + "name" : "ut-container-admin-test", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh"], "privilege" : 10, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf similarity index 65% rename from tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in rename to tests/unit_tests/server/configs/ut-container-admin/containers/test.conf index f4be18d..a7cf00d 100644 --- a/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf.in +++ b/tests/unit_tests/server/configs/ut-container-admin/containers/test.conf @@ -1,4 +1,7 @@ { + "name" : "ut-container-admin-test", + "lxcTemplate" : "minimal.sh", + "initWithArgs" : ["/bin/sh", "-c", "trap exit SIGTERM; read"], "privilege" : 10, "vt" : -1, "switchToDefaultAfterTimeout" : true, diff --git a/tests/unit_tests/server/ut-container-admin.cpp b/tests/unit_tests/server/ut-container-admin.cpp index 2294b77..6d2ba6c 100644 --- a/tests/unit_tests/server/ut-container-admin.cpp +++ b/tests/unit_tests/server/ut-container-admin.cpp @@ -23,274 +23,136 @@ * @brief Unit tests of the ContainerAdmin class */ -//#include "config.hpp" -//#include "ut.hpp" -// -//#include "container-admin.hpp" -//#include "exception.hpp" -// -//#include "utils/latch.hpp" -//#include "utils/glib-loop.hpp" -//#include "utils/exception.hpp" -//#include "utils/callback-guard.hpp" -//#include "libvirt/exception.hpp" -//#include "config/manager.hpp" -// -//#include -//#include -//#include -//#include -// -// -//using namespace security_containers; -// -//namespace { -// -//const std::string TEST_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/test.conf"; -//const std::string TEST_NO_SHUTDOWN_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/test-no-shutdown.conf"; -//const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/buggy.conf"; -//const std::string MISSING_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/missing.conf"; -//const unsigned int WAIT_TIMEOUT = 5 * 1000; -//const unsigned int WAIT_STOP_TIMEOUT = 15 * 1000; -// -//void ensureStarted() -//{ -// std::this_thread::sleep_for(std::chrono::milliseconds(200)); -//} -// -//struct Fixture { -// utils::ScopedGlibLoop mLoop; -// utils::CallbackGuard mGuard; -//}; -// -//} // namespace -// -// -//BOOST_FIXTURE_TEST_SUITE(ContainerAdminSuite, Fixture) -// -//BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) -//{ -// ContainerConfig config; -// config::loadFromFile(TEST_CONFIG_PATH, config); -// std::unique_ptr admin; -// BOOST_REQUIRE_NO_THROW(admin.reset(new ContainerAdmin(config))); -// BOOST_REQUIRE_NO_THROW(admin.reset()); -//} -// -//BOOST_AUTO_TEST_CASE(BuggyConfigTest) -//{ -// ContainerConfig config; -// config::loadFromFile(BUGGY_CONFIG_PATH, config); -// BOOST_REQUIRE_THROW(ContainerAdmin ca(config), LibvirtOperationException); -//} -// -//BOOST_AUTO_TEST_CASE(MissingConfigTest) -//{ -// ContainerConfig config; -// config::loadFromFile(MISSING_CONFIG_PATH, config); -// BOOST_REQUIRE_THROW(ContainerAdmin ca(config), UtilsException); -//} -// -//BOOST_AUTO_TEST_CASE(StartTest) -//{ -// utils::Latch booted; -// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; -// ContainerConfig config; -// config::loadFromFile(TEST_CONFIG_PATH, config); -// ContainerAdmin ca(config); -// -// ContainerAdmin::LifecycleListener bootedListener = [&](const int event, const int detail) { -// if (event == VIR_DOMAIN_EVENT_STARTED && detail == VIR_DOMAIN_EVENT_STARTED_BOOTED) { -// booted.set(); -// } -// }; -// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(bootedListener, mGuard.spawn())); -// -// BOOST_REQUIRE_NO_THROW(ca.start()); -// ensureStarted(); -// -// BOOST_CHECK(booted.wait(WAIT_TIMEOUT)); -// BOOST_CHECK(ca.isRunning()); -// -// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -//} -// -//BOOST_AUTO_TEST_CASE(ShutdownTest) -//{ -// utils::Latch shutdown; -// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; -// ContainerConfig config; -// config::loadFromFile(TEST_CONFIG_PATH, config); -// ContainerAdmin ca(config); -// -// ContainerAdmin::LifecycleListener shutdownListener = [&](const int event, const int detail) { -// if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { -// shutdown.set(); -// } -// }; -// -// BOOST_REQUIRE_NO_THROW(ca.start()); -// ensureStarted(); -// BOOST_REQUIRE(ca.isRunning()); -// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(shutdownListener, mGuard.spawn())); -// -// BOOST_REQUIRE_NO_THROW(ca.shutdown()); -// BOOST_CHECK(shutdown.wait(WAIT_TIMEOUT)); -// BOOST_CHECK(!ca.isRunning()); -// BOOST_CHECK(ca.isStopped()); -// -// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -//} -// -//BOOST_AUTO_TEST_CASE(DestroyTest) -//{ -// utils::Latch destroyed; -// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; -// ContainerConfig config; -// config::loadFromFile(TEST_CONFIG_PATH, config); -// ContainerAdmin ca(config); -// -// ContainerAdmin::LifecycleListener destroyedListener = [&](const int event, const int detail) { -// if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_DESTROYED) { -// destroyed.set(); -// } -// }; -// -// BOOST_REQUIRE_NO_THROW(ca.start()); -// ensureStarted(); -// BOOST_REQUIRE(ca.isRunning()); -// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(destroyedListener, mGuard.spawn())); -// -// BOOST_REQUIRE_NO_THROW(ca.destroy()); -// BOOST_CHECK(destroyed.wait(WAIT_TIMEOUT)); -// BOOST_CHECK(!ca.isRunning()); -// BOOST_CHECK(ca.isStopped()); -// -// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -//} -// -//BOOST_AUTO_TEST_CASE(StopShutdownTest) -//{ -// utils::Latch shutdown; -// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; -// ContainerConfig config; -// config::loadFromFile(TEST_CONFIG_PATH, config); -// ContainerAdmin ca(config); -// -// ContainerAdmin::LifecycleListener shutdownListener = [&](const int event, const int detail) { -// if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN) { -// shutdown.set(); -// } -// }; -// -// BOOST_REQUIRE_NO_THROW(ca.start()); -// ensureStarted(); -// BOOST_REQUIRE(ca.isRunning()); -// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(shutdownListener, mGuard.spawn())); -// -// BOOST_REQUIRE_NO_THROW(ca.stop()); -// BOOST_CHECK(shutdown.wait(WAIT_TIMEOUT)); -// BOOST_CHECK(!ca.isRunning()); -// BOOST_CHECK(ca.isStopped()); -// -// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -//} -// -//// This test needs to wait for a shutdown timer in stop() method. This takes 10s+. -//BOOST_AUTO_TEST_CASE(StopDestroyTest) -//{ -// utils::Latch destroyed; -// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; -// ContainerConfig config; -// config::loadFromFile(TEST_NO_SHUTDOWN_CONFIG_PATH, config); -// ContainerAdmin ca(config); -// -// ContainerAdmin::LifecycleListener destroyedListener = [&](const int event, const int detail) { -// if (event == VIR_DOMAIN_EVENT_STOPPED && detail == VIR_DOMAIN_EVENT_STOPPED_DESTROYED) { -// destroyed.set(); -// } -// }; -// -// BOOST_REQUIRE_NO_THROW(ca.start()); -// ensureStarted(); -// BOOST_REQUIRE(ca.isRunning()); -// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(destroyedListener, mGuard.spawn())); -// -// BOOST_REQUIRE_NO_THROW(ca.stop()); -// BOOST_CHECK(destroyed.wait(WAIT_STOP_TIMEOUT)); -// BOOST_CHECK(!ca.isRunning()); -// BOOST_CHECK(ca.isStopped()); -// -// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -//} -// -//BOOST_AUTO_TEST_CASE(SuspendTest) -//{ -// utils::Latch paused; -// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; -// ContainerConfig config; -// config::loadFromFile(TEST_CONFIG_PATH, config); -// ContainerAdmin ca(config); -// -// ContainerAdmin::LifecycleListener pausedListener = [&](const int event, const int detail) { -// if (event == VIR_DOMAIN_EVENT_SUSPENDED && detail == VIR_DOMAIN_EVENT_SUSPENDED_PAUSED) { -// paused.set(); -// } -// }; -// -// BOOST_REQUIRE_NO_THROW(ca.start()) -// ensureStarted(); -// BOOST_REQUIRE(ca.isRunning()); -// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(pausedListener, mGuard.spawn())); -// -// BOOST_REQUIRE_NO_THROW(ca.suspend()); -// BOOST_CHECK(paused.wait(WAIT_TIMEOUT)); -// BOOST_CHECK(!ca.isRunning()); -// BOOST_CHECK(ca.isPaused()); -// -// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -//} -// -//BOOST_AUTO_TEST_CASE(ResumeTest) -//{ -// utils::Latch unpaused; -// ContainerAdmin::ListenerId id = ContainerAdmin::LISTENER_ID_INVALID; -// ContainerConfig config; -// config::loadFromFile(TEST_CONFIG_PATH, config); -// ContainerAdmin ca(config); -// -// ContainerAdmin::LifecycleListener unpausedListener = [&](const int event, const int detail) { -// if (event == VIR_DOMAIN_EVENT_RESUMED && detail == VIR_DOMAIN_EVENT_RESUMED_UNPAUSED) { -// unpaused.set(); -// } -// }; -// -// BOOST_REQUIRE_NO_THROW(ca.start()); -// ensureStarted(); -// BOOST_REQUIRE(ca.isRunning()); -// BOOST_REQUIRE_NO_THROW(ca.suspend()) -// BOOST_REQUIRE(ca.isPaused()); -// BOOST_REQUIRE_NO_THROW(id = ca.registerLifecycleListener(unpausedListener, mGuard.spawn())); -// -// BOOST_REQUIRE_NO_THROW(ca.resume()); -// BOOST_CHECK(unpaused.wait(WAIT_TIMEOUT)); -// BOOST_CHECK(!ca.isPaused()); -// BOOST_CHECK(ca.isRunning()); -// -// BOOST_REQUIRE_NO_THROW(ca.removeListener(id)); -//} -// +#include "config.hpp" +#include "ut.hpp" + +#include "container-admin.hpp" +#include "exception.hpp" + +#include "utils/glib-loop.hpp" +#include "utils/scoped-dir.hpp" +#include "config/manager.hpp" + +using namespace security_containers; + +namespace { + +const std::string TEST_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/test.conf"; +const std::string TEST_NO_SHUTDOWN_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/test-no-shutdown.conf"; +const std::string BUGGY_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/buggy.conf"; +const std::string MISSING_CONFIG_PATH = SC_TEST_CONFIG_INSTALL_DIR "/server/ut-container-admin/containers/missing.conf"; +const std::string CONTAINERS_PATH = "/tmp/ut-containers"; +const std::string LXC_TEMPLATES_PATH = SC_TEST_LXC_TEMPLATES_INSTALL_DIR; + +struct Fixture { + utils::ScopedGlibLoop mLoop; + utils::ScopedDir mContainersPathGuard = CONTAINERS_PATH; + + ContainerConfig mConfig; + + std::unique_ptr create(const std::string& configPath) + { + config::loadFromFile(configPath, mConfig); + return std::unique_ptr(new ContainerAdmin(CONTAINERS_PATH, + LXC_TEMPLATES_PATH, + mConfig)); + } + + void ensureStarted() + { + // wait for containers init to fully start + std::this_thread::sleep_for(std::chrono::milliseconds(200)); + } +}; + +} // namespace + + +BOOST_FIXTURE_TEST_SUITE(ContainerAdminSuite, Fixture) + +BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) +{ + auto admin = create(TEST_CONFIG_PATH); + admin.reset(); +} + +BOOST_AUTO_TEST_CASE(MissingConfigTest) +{ + BOOST_REQUIRE_THROW(create(MISSING_CONFIG_PATH), ContainerOperationException); +} + +BOOST_AUTO_TEST_CASE(StartTest) +{ + auto admin = create(TEST_CONFIG_PATH); + + admin->start(); + ensureStarted(); + + BOOST_CHECK(admin->isRunning()); +} + +BOOST_AUTO_TEST_CASE(StartBuggyTest) +{ + auto admin = create(BUGGY_CONFIG_PATH); + BOOST_REQUIRE_THROW(admin->start(), ContainerOperationException); +} + +BOOST_AUTO_TEST_CASE(StopShutdownTest) +{ + auto admin = create(TEST_CONFIG_PATH); + + admin->start(); + ensureStarted(); + BOOST_REQUIRE(admin->isRunning()); + + admin->stop(); + BOOST_CHECK(!admin->isRunning()); + BOOST_CHECK(admin->isStopped()); +} + +// This test needs to wait for a shutdown timer in stop() method. This takes 10s+. +BOOST_AUTO_TEST_CASE(StopDestroyTest) +{ + auto admin = create(TEST_NO_SHUTDOWN_CONFIG_PATH); + + admin->start(); + ensureStarted(); + BOOST_REQUIRE(admin->isRunning()); + + admin->stop(); + BOOST_CHECK(!admin->isRunning()); + BOOST_CHECK(admin->isStopped()); +} + +BOOST_AUTO_TEST_CASE(SuspendResumeTest) +{ + auto admin = create(TEST_NO_SHUTDOWN_CONFIG_PATH); + + admin->start(); + ensureStarted(); + BOOST_REQUIRE(admin->isRunning()); + + admin->suspend(); + BOOST_CHECK(!admin->isRunning()); + BOOST_CHECK(!admin->isStopped()); + BOOST_CHECK(admin->isPaused()); + + admin->resume(); + BOOST_CHECK(!admin->isPaused()); + BOOST_CHECK(!admin->isStopped()); + BOOST_CHECK(admin->isRunning()); +} + //BOOST_AUTO_TEST_CASE(SchedulerLevelTest) //{ -// ContainerConfig config; -// config::loadFromFile(TEST_CONFIG_PATH, config); -// ContainerAdmin ca(config); -// BOOST_REQUIRE_NO_THROW(ca.start()); +// auto admin = create(TEST_CONFIG_PATH); +// +// admin->start(); // ensureStarted(); -// BOOST_REQUIRE_NO_THROW(ca.setSchedulerLevel(SchedulerLevel::FOREGROUND)); -// BOOST_REQUIRE(ca.getSchedulerQuota() == config.cpuQuotaForeground); -// BOOST_REQUIRE_NO_THROW(ca.setSchedulerLevel(SchedulerLevel::BACKGROUND)); -// BOOST_REQUIRE(ca.getSchedulerQuota() == config.cpuQuotaBackground); +// BOOST_REQUIRE_NO_THROW(admin->setSchedulerLevel(SchedulerLevel::FOREGROUND)); +// BOOST_REQUIRE(admin->getSchedulerQuota() == config.cpuQuotaForeground); +// BOOST_REQUIRE_NO_THROW(admin->setSchedulerLevel(SchedulerLevel::BACKGROUND)); +// BOOST_REQUIRE(admin->getSchedulerQuota() == config.cpuQuotaBackground); //} -// -//BOOST_AUTO_TEST_SUITE_END() + +BOOST_AUTO_TEST_SUITE_END() diff --git a/tests/unit_tests/server/ut-container.cpp b/tests/unit_tests/server/ut-container.cpp index dc2db18..fe5aa64 100644 --- a/tests/unit_tests/server/ut-container.cpp +++ b/tests/unit_tests/server/ut-container.cpp @@ -52,11 +52,6 @@ const std::string MISSING_CONFIG_PATH = "/this/is/a/missing/file/path/config.con const std::string CONTAINERS_PATH = "/tmp/ut-containers"; const std::string LXC_TEMPLATES_PATH = SC_TEST_LXC_TEMPLATES_INSTALL_DIR; -void ensureStarted() -{ - std::this_thread::sleep_for(std::chrono::milliseconds(200)); -} - struct Fixture { utils::ScopedGlibLoop mLoop; utils::ScopedDir mContainersPathGuard = CONTAINERS_PATH; @@ -69,6 +64,12 @@ struct Fixture { LXC_TEMPLATES_PATH, "")); } + + void ensureStarted() + { + // wait for containers init to fully start + std::this_thread::sleep_for(std::chrono::milliseconds(200)); + } }; } // namespace @@ -84,7 +85,7 @@ BOOST_AUTO_TEST_CASE(ConstructorDestructorTest) BOOST_AUTO_TEST_CASE(BuggyConfigTest) { - BOOST_REQUIRE_THROW(create(BUGGY_CONFIG_PATH), std::exception);//TODO which one? + BOOST_REQUIRE_THROW(create(BUGGY_CONFIG_PATH), ContainerOperationException); } BOOST_AUTO_TEST_CASE(MissingConfigTest) -- 2.7.4 From 34e721714c319bad60e60cbbf6e22f37ccb996b7 Mon Sep 17 00:00:00 2001 From: Piotr Bartosiewicz Date: Fri, 14 Nov 2014 12:20:04 +0100 Subject: [PATCH 16/16] Fix shutdown for systemd init [Bug/Feature] Systemd does not shutdown on signal [Cause] N/A [Solution] N/A [Verification] Build, install, run tests, run container Change-Id: Ic4b617c1a35a260803961fb17aba1da51c3af013 --- common/lxc/domain.cpp | 43 ++++++++++++ common/lxc/domain.hpp | 2 + common/utils/initctl.cpp | 90 +++++++++++++++++++++++++ common/utils/initctl.hpp | 44 ++++++++++++ server/configs/lxc-templates/business.sh | 4 +- server/configs/lxc-templates/private.sh | 4 +- tests/unit_tests/lxc/templates/minimal-dbus1.sh | 7 +- tests/unit_tests/lxc/templates/minimal-dbus2.sh | 7 +- tests/unit_tests/lxc/templates/minimal-dbus3.sh | 7 +- tests/unit_tests/lxc/templates/minimal.sh | 7 +- 10 files changed, 209 insertions(+), 6 deletions(-) create mode 100644 common/utils/initctl.cpp create mode 100644 common/utils/initctl.hpp diff --git a/common/lxc/domain.cpp b/common/lxc/domain.cpp index 0959959..57228c0 100644 --- a/common/lxc/domain.cpp +++ b/common/lxc/domain.cpp @@ -30,6 +30,9 @@ #include #include +#include +#include + #include namespace security_containers { @@ -145,6 +148,26 @@ bool LxcDomain::reboot() bool LxcDomain::shutdown(int timeout) { + State state = getState(); + if (state == State::STOPPED) { + return true; + } + if (state != State::RUNNING) { + LOGE("Could not gracefully shutdown domain " << getName()); + return false; + } + + // try shutdown by sending poweroff to init + if (setRunLevel(utils::RUNLEVEL_POWEROFF)) { + if (!mContainer->wait(mContainer, "STOPPED", timeout)) { + LOGE("Could not gracefully shutdown domain " + getName() + " in " << timeout << "s"); + return false; + } + return true; + } + LOGW("SetRunLevel failed for domain " + getName()); + + // fallback for other inits like bash: lxc sends 'lxc.haltsignal' signal to init if (!mContainer->shutdown(mContainer, timeout)) { LOGE("Could not gracefully shutdown domain " + getName() + " in " << timeout << "s"); return false; @@ -170,6 +193,26 @@ bool LxcDomain::unfreeze() return true; } +bool LxcDomain::setRunLevel(int runLevel) +{ + auto callback = [](void* param) { + utils::RunLevel runLevel = *reinterpret_cast(param); + return utils::setRunLevel(runLevel) ? 0 : 1; + }; + + lxc_attach_options_t options = LXC_ATTACH_OPTIONS_DEFAULT; + pid_t pid; + int ret = mContainer->attach(mContainer, callback, &runLevel, &options, &pid); + if (ret != 0) { + return false; + } + int status; + if (waitpid(pid, &status, 0) < 0) { + return false; + } + return status == 0; +} + } // namespace lxc } // namespace security_containers diff --git a/common/lxc/domain.hpp b/common/lxc/domain.hpp index 3202f54..8421d6d 100644 --- a/common/lxc/domain.hpp +++ b/common/lxc/domain.hpp @@ -76,6 +76,8 @@ public: bool unfreeze(); private: lxc_container* mContainer; + + bool setRunLevel(int runLevel); }; diff --git a/common/utils/initctl.cpp b/common/utils/initctl.cpp new file mode 100644 index 0000000..cfdea77 --- /dev/null +++ b/common/utils/initctl.cpp @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Api for talking to init via initctl + */ + +#include "config.hpp" +#include "utils/initctl.hpp" + +#include +#include +#include +#include + +namespace security_containers { +namespace utils { + +namespace { + struct InitctlRequest { + int magic; + int cmd; + int runlevel; + int sleeptime; + char data[368]; + }; + const int INITCTL_MAGIC = 0x03091969; + const int INITCTL_CMD_RUNLVL = 1; + + bool write(int fd, const void* data, size_t size) + { + while (size > 0) { + ssize_t r = ::write(fd, data, size); + if (r < 0) { + if (errno == EINTR) { + continue; + } + return false; + } + size -= r; + data = reinterpret_cast(data) + r; + } + return true; + } + + void close(int fd) + { + while (::close(fd) == -1 && errno == EINTR) {} + } +} + +bool setRunLevel(RunLevel runLevel) +{ + int fd = ::open("/dev/initctl", O_WRONLY|O_NONBLOCK|O_CLOEXEC|O_NOCTTY); + if (fd < 0) { + return false; + } + + InitctlRequest req; + memset(&req, 0, sizeof(req)); + req.magic = INITCTL_MAGIC; + req.cmd = INITCTL_CMD_RUNLVL; + req.runlevel = '0' + runLevel; + req.sleeptime = 0; + + bool ret = write(fd, &req, sizeof(req)); + close(fd); + return ret; +} + + +} // namespace utils +} // namespace security_containers diff --git a/common/utils/initctl.hpp b/common/utils/initctl.hpp new file mode 100644 index 0000000..2b97dd2 --- /dev/null +++ b/common/utils/initctl.hpp @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Piotr Bartosiewicz + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * @file + * @author Piotr Bartosiewicz (p.bartosiewi@partner.samsung.com) + * @brief Api for talking to init via initctl + */ + +#ifndef COMMON_UTILS_INITCTL_HPP +#define COMMON_UTILS_INITCTL_HPP + + +namespace security_containers { +namespace utils { + +enum RunLevel : int { + RUNLEVEL_POWEROFF = 0, + RUNLEVEL_REBOOT = 6 +}; + +bool setRunLevel(RunLevel runLevel); + + +} // namespace utils +} // namespace security_containers + + +#endif // COMMON_UTILS_INITCTL_HPP diff --git a/server/configs/lxc-templates/business.sh b/server/configs/lxc-templates/business.sh index 75be9e6..09d67ca 100755 --- a/server/configs/lxc-templates/business.sh +++ b/server/configs/lxc-templates/business.sh @@ -27,7 +27,9 @@ cat <> ${path}/config lxc.utsname = ${name} lxc.rootfs = ${rootfs} -lxc.haltsignal = SIGTERM +# userns 1-to-1 mapping +#lxc.id_map = u 0 0 65536 +#lxc.id_map = g 0 0 65536 lxc.pts = 256 lxc.tty = 0 diff --git a/server/configs/lxc-templates/private.sh b/server/configs/lxc-templates/private.sh index 2926e55..731ff72 100755 --- a/server/configs/lxc-templates/private.sh +++ b/server/configs/lxc-templates/private.sh @@ -27,7 +27,9 @@ cat <> ${path}/config lxc.utsname = ${name} lxc.rootfs = ${rootfs} -lxc.haltsignal = SIGTERM +# userns 1-to-1 mapping +#lxc.id_map = u 0 0 65536 +#lxc.id_map = g 0 0 65536 lxc.pts = 256 lxc.tty = 0 diff --git a/tests/unit_tests/lxc/templates/minimal-dbus1.sh b/tests/unit_tests/lxc/templates/minimal-dbus1.sh index 6f967e5..35f816f 100755 --- a/tests/unit_tests/lxc/templates/minimal-dbus1.sh +++ b/tests/unit_tests/lxc/templates/minimal-dbus1.sh @@ -45,18 +45,23 @@ cat <> ${path}/config lxc.utsname = ${name} lxc.rootfs = ${rootfs} +# userns 1-to-1 mapping +lxc.id_map = u 0 0 65536 +lxc.id_map = g 0 0 65536 + lxc.haltsignal = SIGTERM lxc.pts = 256 lxc.tty = 0 +lxc.cgroup.devices.deny = a + lxc.mount.auto = proc sys cgroup lxc.mount.entry = /bin bin none ro,bind 0 0 lxc.mount.entry = /etc etc none ro,bind 0 0 lxc.mount.entry = /lib lib none ro,bind 0 0 lxc.mount.entry = /sbin sbin none ro,bind 0 0 lxc.mount.entry = /usr usr none ro,rbind 0 0 -lxc.mount.entry = devtmpfs dev devtmpfs rw,relatime,mode=755 0 0 lxc.mount.entry = /tmp/ut-run1 var/run none rw,bind 0 0 EOF diff --git a/tests/unit_tests/lxc/templates/minimal-dbus2.sh b/tests/unit_tests/lxc/templates/minimal-dbus2.sh index 1b5bf57..f8f963e 100755 --- a/tests/unit_tests/lxc/templates/minimal-dbus2.sh +++ b/tests/unit_tests/lxc/templates/minimal-dbus2.sh @@ -45,18 +45,23 @@ cat <> ${path}/config lxc.utsname = ${name} lxc.rootfs = ${rootfs} +# userns 1-to-1 mapping +lxc.id_map = u 0 0 65536 +lxc.id_map = g 0 0 65536 + lxc.haltsignal = SIGTERM lxc.pts = 256 lxc.tty = 0 +lxc.cgroup.devices.deny = a + lxc.mount.auto = proc sys cgroup lxc.mount.entry = /bin bin none ro,bind 0 0 lxc.mount.entry = /etc etc none ro,bind 0 0 lxc.mount.entry = /lib lib none ro,bind 0 0 lxc.mount.entry = /sbin sbin none ro,bind 0 0 lxc.mount.entry = /usr usr none ro,rbind 0 0 -lxc.mount.entry = devtmpfs dev devtmpfs rw,relatime,mode=755 0 0 lxc.mount.entry = /tmp/ut-run2 var/run none rw,bind 0 0 EOF diff --git a/tests/unit_tests/lxc/templates/minimal-dbus3.sh b/tests/unit_tests/lxc/templates/minimal-dbus3.sh index 9ace1c6..68f4f11 100755 --- a/tests/unit_tests/lxc/templates/minimal-dbus3.sh +++ b/tests/unit_tests/lxc/templates/minimal-dbus3.sh @@ -45,18 +45,23 @@ cat <> ${path}/config lxc.utsname = ${name} lxc.rootfs = ${rootfs} +# userns 1-to-1 mapping +lxc.id_map = u 0 0 65536 +lxc.id_map = g 0 0 65536 + lxc.haltsignal = SIGTERM lxc.pts = 256 lxc.tty = 0 +lxc.cgroup.devices.deny = a + lxc.mount.auto = proc sys cgroup lxc.mount.entry = /bin bin none ro,bind 0 0 lxc.mount.entry = /etc etc none ro,bind 0 0 lxc.mount.entry = /lib lib none ro,bind 0 0 lxc.mount.entry = /sbin sbin none ro,bind 0 0 lxc.mount.entry = /usr usr none ro,rbind 0 0 -lxc.mount.entry = devtmpfs dev devtmpfs rw,relatime,mode=755 0 0 lxc.mount.entry = /tmp/ut-run3 var/run none rw,bind 0 0 EOF diff --git a/tests/unit_tests/lxc/templates/minimal.sh b/tests/unit_tests/lxc/templates/minimal.sh index 64f6da7..547661e 100755 --- a/tests/unit_tests/lxc/templates/minimal.sh +++ b/tests/unit_tests/lxc/templates/minimal.sh @@ -43,18 +43,23 @@ cat <> ${path}/config lxc.utsname = ${name} lxc.rootfs = ${rootfs} +# userns 1-to-1 mapping +lxc.id_map = u 0 0 65536 +lxc.id_map = g 0 0 65536 + lxc.haltsignal = SIGTERM lxc.pts = 256 lxc.tty = 0 +lxc.cgroup.devices.deny = a + lxc.mount.auto = proc sys cgroup lxc.mount.entry = /bin bin none ro,bind 0 0 lxc.mount.entry = /etc etc none ro,bind 0 0 lxc.mount.entry = /lib lib none ro,bind 0 0 lxc.mount.entry = /sbin sbin none ro,bind 0 0 lxc.mount.entry = /usr usr none ro,rbind 0 0 -lxc.mount.entry = devtmpfs dev devtmpfs rw,relatime,mode=755 0 0 EOF if [ "$(uname -m)" = "x86_64" ]; then -- 2.7.4