|
func testUserNamespaces(t *testing.T, readonlyRootFS bool) { |
|
checkUserNS(t) |
|
|
|
client, err := newClient(t, address) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
defer client.Close() |
|
|
|
var ( |
|
image Image |
|
ctx, cancel = testContext(t) |
|
id = strings.Replace(t.Name(), "/", "-", -1) |
|
) |
|
defer cancel() |
|
|
|
image, err = client.GetImage(ctx, testImage) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
|
|
opts := []NewContainerOpts{WithNewSpec(oci.WithImageConfig(image), |
|
withExitStatus(7), |
|
oci.WithUserNamespace(0, 1000, 10000), |
|
)} |
|
if readonlyRootFS { |
|
opts = append([]NewContainerOpts{WithRemappedSnapshotView(id, image, 1000, 1000)}, opts...) |
|
} else { |
|
opts = append([]NewContainerOpts{WithRemappedSnapshot(id, image, 1000, 1000)}, opts...) |
|
} |
|
|
|
container, err := client.NewContainer(ctx, id, opts...) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
defer container.Delete(ctx, WithSnapshotCleanup) |
|
|
|
var copts interface{} |
|
if CheckRuntime(client.runtime, "io.containerd.runc") { |
|
copts = &options.Options{ |
|
IoUid: 1000, |
|
IoGid: 1000, |
|
} |
|
} else { |
|
copts = &runctypes.CreateOptions{ |
|
IoUid: 1000, |
|
IoGid: 1000, |
|
} |
|
} |
|
|
|
task, err := container.NewTask(ctx, cio.NewCreator(cio.WithStdio), func(_ context.Context, client *Client, r *TaskInfo) error { |
|
r.Options = copts |
|
return nil |
|
}) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
defer task.Delete(ctx) |
|
|
|
statusC, err := task.Wait(ctx) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
|
|
if pid := task.Pid(); pid < 1 { |
|
t.Errorf("invalid task pid %d", pid) |
|
} |
|
if err := task.Start(ctx); err != nil { |
|
t.Error(err) |
|
task.Delete(ctx) |
|
return |
|
} |
|
status := <-statusC |
|
code, _, err := status.Result() |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
if code != 7 { |
|
t.Errorf("expected status 7 from wait but received %d", code) |
|
} |
|
deleteStatus, err := task.Delete(ctx) |
|
if err != nil { |
|
t.Fatal(err) |
|
} |
|
if ec := deleteStatus.ExitCode(); ec != 7 { |
|
t.Errorf("expected status 7 from delete but received %d", ec) |
|
} |
|
} |
What is the problem you're trying to solve
Reduce chown overhead in user namespaces.
Describe the solution you'd like
Add support for mounting FUSE-OverlayFS without using chown in container_opts_unix.go
Additional context
We're students at the University of Texas at Austin working on this task currently, and we're quite new to the codebase. @AkihiroSuda has assigned us this task for a project we're doing for a class. Any help and guidance would be greatly appreciated.
We don't quite understand the withRemappedSnapshotBase() function in container_opts_unix.go [1]. We cannot invoke it other than running TestUserNamespaces() in container_linux_tests.go [2]. According to Akihiro, we should start by implementing this in
ctr. Could anyone please summarize what the function is for?[1]
containerd/container_opts_unix.go
Lines 45 to 96 in 257a749
[2]
containerd/container_linux_test.go
Lines 1342 to 1429 in 257a749