runtimetest: correctly check for a readable directory #625
Conversation
|
With this branch, I get correctly formatted TAP output for both But I get this test failure with Is it a bug in the test or in |
|
I think this needs 2 changes:
The rationale is the same as explained in the comment of |
dongsupark
force-pushed
the
dongsu/fix-readable-dir
branch
from
bb2ceb4 to
76d61a3
Compare
|
@alban Done. |
|
@dongsupark This is because |
dongsupark
force-pushed
the
dongsu/fix-readable-dir
branch
from
76d61a3 to
c736b62
Compare
|
I didn't test correctly before... It works for me now: |
cmd/runtimetest/main.go
Outdated
| // In case of a directory, we should check its readability in a special way. | ||
| // In other files, we should not check its Mode explicitly, because the runtime | ||
| // spec does not mandate the type of masked files. It could be a regular file | ||
| // or a character file (/dev/null), which is the case for runtimes like runc. |
There was a problem hiding this comment.
I'd rather continue to test the mode. For example, the runtime may use a permission change to make a symlink read-only (or not read/writable at all), and we don't want to use testFileReadAccess to test symlink readability. I'd rather support /dev/null and other character devices with logic like:
switch fi.Mode&os.ModeType {
case 0, os.ModeDevice|os.ModeCharDevice:
return testFileReadAccess(path)
case os.ModeDir:
return restDirectoryReadAccess(path)
}
return false, fmt.Errorf("cannot test read access for %q (mode %d)", path, fi.Mode())
cmd/runtimetest/main.go
Outdated
| if files, err := ioutil.ReadDir(path); err != nil || len(files) == 0 { | ||
| // err from reading from a directory should not be considered as test failure, | ||
| // it just means that the test program successfully assessed that | ||
| // the directory is not readable. |
There was a problem hiding this comment.
I don't think we want to mask all errors like this. For example, we expect readonlyPaths entries to be readable, and I expect the tests should exit nonzero if, for example, this call returns an IsNotExist error. Can we follow testFileReadAccess and whitelist some errors as acceptable blockers (e.g. EACCES)? And can we also follow testFileReadAccess by only using non-empty test directories and treating successful-but-empty reads as “not readable”?
cmd/runtimetest/main.go
Outdated
| // In case of a directory, we should check its readability in a special way. | ||
| // In other files, we should not check its Mode explicitly, because the runtime | ||
| // spec does not mandate the type of masked files. It could be a regular file | ||
| // or a character file (/dev/null), which is the case for runtimes like runc. |
There was a problem hiding this comment.
I prefer keeping the explicit mode checks to avoid calling testFileWriteAccess on types where its logic doesn't make sense. And if runtimes seek to block write access by binding /dev/null over the path in question, we'll need a more sophisticated check than what testFileWriteAccess does now, because you can certainly write a byte to /dev/null.
There was a problem hiding this comment.
@wking I'm not sure I understand. Can you please elaborate how we can do a more sophisticated check for writeability of /dev/null?
I don't see a general way to check if a character device can be written. AFAIK the read/write behavior varies a lot for each character device. The best we can do is to check for the file mode, isn't it?
|
@wking I pushed a commit to address your review comments as much as possible. I hope it looks ok to you. |
validation/linux_readonly_paths.go
Outdated
| if err != nil { | ||
| return err | ||
| } | ||
| defer tmpfile.Close() |
There was a problem hiding this comment.
I didn't understand why do that. I tested it as if it had no effect on the results.
There was a problem hiding this comment.
@q384566678 You're right.
What I wanted to do was defer os.Remove(tmpfile.Name()). Fixed it.
So far tests linux_masked_paths.t & linux_readonly_paths.t have failed with error messages like `cannot test read access for "/dirname"`. That's because `testReadAccess()` only checked if the given path is a regular file, returning an error for every other case. `testReadAccess()` should actually take care of another case of a given path being a directory, to be able to correctly check for its readability. Also run `testFileReadAccess()` or `testFileWriteAccess()` for all file types, not only a normal file, because the runtime spec does not mandate the type of masked files. It could be actually a character device like `/dev/null`, especially in case of runc. Found by @alban. Signed-off-by: Dongsu Park <[email protected]>
Instead of calling `testFileReadAccess()` for all file types, we should strictly check for file types, to return `errAccess` for other file types. This error will be skipped during error checks in `validateMaskedPaths()` and `validateReadonlyPaths()`, so that further tests can be done even when a single test failed. Suggested by @wking Signed-off-by: Dongsu Park <[email protected]>
dongsupark
force-pushed
the
dongsu/fix-readable-dir
branch
from
04fc4ac to
708de67
Compare
|
LGTM @dongsupark Merge it first, and then you can rebase #644. Maybe we can also change |
Sorry, I didn't notice that you had already done it. Well done! |
So far tests linux_masked_paths.t & linux_readonly_paths.t have failed with error messages like
cannot test read access for "/dirname". That's becausetestReadAccess()only checked if the given path is a regular file, returning an error for every other case.testReadAccess()should actually take care of another case of a givenpath being a directory, to be able to correctly check for its readability.
Also run
testFileReadAccess()ortestFileWriteAccess()for all file types, not only a normal file, because the runtime spec does not mandate the type of masked files. It could be actually any file, including a character device like/dev/null, especially in case of runc.Found by @alban.
Signed-off-by: Dongsu Park [email protected]