84ded28c6d
When volumes.enable flag is off in Docker driver, disable all mounts of paths outside alloc dir.
73 lines
1.5 KiB
Go
73 lines
1.5 KiB
Go
package docker
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestValidateCgroupPermission(t *testing.T) {
|
|
positiveCases := []string{
|
|
"r",
|
|
"rw",
|
|
"rwm",
|
|
"mr",
|
|
"mrw",
|
|
"",
|
|
}
|
|
|
|
for _, c := range positiveCases {
|
|
t.Run("positive case: "+c, func(t *testing.T) {
|
|
require.True(t, validateCgroupPermission(c))
|
|
})
|
|
}
|
|
|
|
negativeCases := []string{
|
|
"q",
|
|
"asdf",
|
|
"rq",
|
|
}
|
|
|
|
for _, c := range negativeCases {
|
|
t.Run("negative case: "+c, func(t *testing.T) {
|
|
require.False(t, validateCgroupPermission(c))
|
|
})
|
|
}
|
|
|
|
}
|
|
|
|
func TestExpandPath(t *testing.T) {
|
|
cases := []struct {
|
|
base string
|
|
target string
|
|
expected string
|
|
}{
|
|
{"/tmp/alloc/task", "/home/user", "/home/user"},
|
|
{"/tmp/alloc/task", "/home/user/..", "/home"},
|
|
|
|
{"/tmp/alloc/task", ".", "/tmp/alloc/task"},
|
|
{"/tmp/alloc/task", "..", "/tmp/alloc"},
|
|
|
|
{"/tmp/alloc/task", "d1/d2", "/tmp/alloc/task/d1/d2"},
|
|
{"/tmp/alloc/task", "../d1/d2", "/tmp/alloc/d1/d2"},
|
|
{"/tmp/alloc/task", "../../d1/d2", "/tmp/d1/d2"},
|
|
}
|
|
|
|
for _, c := range cases {
|
|
t.Run(c.expected, func(t *testing.T) {
|
|
require.Equal(t, c.expected, expandPath(c.base, c.target))
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestIsParentPath(t *testing.T) {
|
|
require.True(t, isParentPath("/a/b/c", "/a/b/c"))
|
|
require.True(t, isParentPath("/a/b/c", "/a/b/c/d"))
|
|
require.True(t, isParentPath("/a/b/c", "/a/b/c/d/e"))
|
|
|
|
require.False(t, isParentPath("/a/b/c", "/a/b/d"))
|
|
require.False(t, isParentPath("/a/b/c", "/a/b/cd"))
|
|
require.False(t, isParentPath("/a/b/c", "/a/d/c"))
|
|
require.False(t, isParentPath("/a/b/c", "/d/e/c"))
|
|
}
|