From d9b27465b91295c4a6842d6fb5492629db1c7a11 Mon Sep 17 00:00:00 2001
From: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Date: Thu, 26 May 2016 16:00:44 +0800
Subject: [PATCH] runtimetest: add root filesystem validation

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
---
 cmd/runtimetest/main.go | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/cmd/runtimetest/main.go b/cmd/runtimetest/main.go
index d8c9e283e..874a027c4 100644
--- a/cmd/runtimetest/main.go
+++ b/cmd/runtimetest/main.go
@@ -191,6 +191,30 @@ func validateSysctls(spec *rspec.Spec) error {
 	return nil
 }
 
+func testWriteAccess(path string) error {
+	tmpfile, err := ioutil.TempFile(path, "Test")
+	if err != nil {
+		return err
+	}
+
+	tmpfile.Close()
+	os.RemoveAll(filepath.Join(path, tmpfile.Name()))
+
+	return nil
+}
+
+func validateRootFS(spec *rspec.Spec) error {
+	fmt.Println("validating root")
+	if spec.Root.Readonly {
+		err := testWriteAccess("/")
+		if err == nil {
+			return fmt.Errorf("Rootfs should be readonly")
+		}
+	}
+
+	return nil
+}
+
 func main() {
 	spec, err := loadSpecConfig()
 	if err != nil {
@@ -198,6 +222,7 @@ func main() {
 	}
 
 	validations := []validation{
+		validateRootFS,
 		validateProcess,
 		validateCapabilities,
 		validateHostname,