Skip to content

Commit

Permalink
update/add some tests for rlimit
Browse files Browse the repository at this point in the history
issues:
opencontainers#4195
opencontainers#4265 (comment)

Signed-off-by: lifubang <[email protected]>
(cherry picked from commit 4ea0bf8)
Signed-off-by: lfbzhm <[email protected]>
  • Loading branch information
lifubang committed May 10, 2024
1 parent 35d3ec0 commit cb01f3b
Show file tree
Hide file tree
Showing 2 changed files with 92 additions and 2 deletions.
6 changes: 4 additions & 2 deletions libcontainer/integration/exec_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -135,11 +135,13 @@ func testRlimit(t *testing.T, userns bool) {

config := newTemplateConfig(t, &tParam{userns: userns})

// ensure limit is lower than what the config requests to test that in a user namespace
// Ensure limit is lower than what the config requests to test that in a user namespace
// the Setrlimit call happens early enough that we still have permissions to raise the limit.
// Do not change the Cur value to be equal to the Max value, please see:
// https://github.com/opencontainers/runc/pull/4265#discussion_r1589666444
ok(t, unix.Setrlimit(unix.RLIMIT_NOFILE, &unix.Rlimit{
Max: 1024,
Cur: 1024,
Cur: 512,
}))

out := runContainerOk(t, config, "/bin/sh", "-c", "ulimit -n")
Expand Down
88 changes: 88 additions & 0 deletions tests/integration/rlimits.bats
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
#!/usr/bin/env bats

load helpers

function setup() {
# Do not change the Cur value to be equal to the Max value
# Because in some environments, the soft and hard nofile limit have the same value.
[ $EUID -eq 0 ] && prlimit --nofile=1024:65536 -p $$
setup_busybox
}

function teardown() {
teardown_bundle
}

# Set and check rlimit_nofile for runc run. Arguments are:
# $1: soft limit;
# $2: hard limit.
function run_check_nofile() {
soft="$1"
hard="$2"
update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"soft\": ${soft}, \"hard\": ${hard}}]"
update_config '.process.args = ["/bin/sh", "-c", "ulimit -n; ulimit -H -n"]'

runc run test_rlimit
[ "$status" -eq 0 ]
[[ "${lines[0]}" == "${soft}" ]]
[[ "${lines[1]}" == "${hard}" ]]
}

# Set and check rlimit_nofile for runc exec. Arguments are:
# $1: soft limit;
# $2: hard limit.
function exec_check_nofile() {
soft="$1"
hard="$2"
update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"soft\": ${soft}, \"hard\": ${hard}}]"

runc run -d --console-socket "$CONSOLE_SOCKET" test_rlimit
[ "$status" -eq 0 ]

runc exec test_rlimit /bin/sh -c "ulimit -n; ulimit -H -n"
[ "$status" -eq 0 ]
[[ "${lines[0]}" == "${soft}" ]]
[[ "${lines[1]}" == "${hard}" ]]
}

@test "runc run with RLIMIT_NOFILE(The same as system's hard value)" {
hard=$(ulimit -n -H)
soft="$hard"
run_check_nofile "$soft" "$hard"
}

@test "runc run with RLIMIT_NOFILE(Bigger than system's hard value)" {
requires root
limit=$(ulimit -n -H)
soft=$((limit + 1))
hard=$soft
run_check_nofile "$soft" "$hard"
}

@test "runc run with RLIMIT_NOFILE(Smaller than system's hard value)" {
limit=$(ulimit -n -H)
soft=$((limit - 1))
hard=$soft
run_check_nofile "$soft" "$hard"
}

@test "runc exec with RLIMIT_NOFILE(The same as system's hard value)" {
hard=$(ulimit -n -H)
soft="$hard"
exec_check_nofile "$soft" "$hard"
}

@test "runc exec with RLIMIT_NOFILE(Bigger than system's hard value)" {
requires root
limit=$(ulimit -n -H)
soft=$((limit + 1))
hard=$soft
exec_check_nofile "$soft" "$hard"
}

@test "runc exec with RLIMIT_NOFILE(Smaller than system's hard value)" {
limit=$(ulimit -n -H)
soft=$((limit - 1))
hard=$soft
exec_check_nofile "$soft" "$hard"
}

0 comments on commit cb01f3b

Please sign in to comment.