Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

critest: Add test for pid namespace #267

Merged
merged 1 commit into from
Mar 15, 2018
Merged

critest: Add test for pid namespace #267

merged 1 commit into from
Mar 15, 2018

Conversation

umohnani8
Copy link
Contributor

@umohnani8 umohnani8 commented Mar 15, 2018
edited
Loading

Add test for pid namespace = container
Add test for pid namespace = pod

Addresses issue #237

Signed-off-by: umohnani8 [email protected]

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 15, 2018
@umohnani8
Copy link
Contributor Author

@mrunalp PTAL

mrunalp
mrunalp reviewed Mar 15, 2018
View reviewed changes
pkg/validate/security_context.go Outdated
By("get nginx container pid")
command := []string{"cat", "/proc/1/cmdline"}
output := execSyncContainer(rc, containerID, command)
Expect(string(output)).To(ContainSubstring("pause"))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pause depends upon what container is being used by the runtime. I guess doing a not of "master process" will be more portable across runtimes and different pod infra containers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, fixed.

mrunalp
mrunalp reviewed Mar 15, 2018
View reviewed changes
pkg/validate/streaming.go Outdated
checkExec(rc, req, "hello\n", false)
})

It("runtime should support exec with -it flags", func() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should make a different PR for exec tests. Also we should add a test for exec without -it in that PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the exec test, will open another PR with those tests.

@umohnani8
critest: Add test for pid namespace options
f06076f 
Add test for pid namespace = container
Add test for pid namespace = pod

Signed-off-by: umohnani8 <[email protected]>
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 15, 2018
feiskyer
feiskyer reviewed Mar 15, 2018
View reviewed changes
Copy link
Member

@feiskyer feiskyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 15, 2018
@feiskyer feiskyer merged commit c01e20f into kubernetes-sigs:master Mar 15, 2018
@Random-Liu
Copy link
Contributor

@feiskyer What is the difference between these 2 test cases? Shouldn't we test one container can/can't not access pid in another container?

@Random-Liu
Copy link
Contributor

Random-Liu commented Mar 15, 2018
edited
Loading

I see. One is contain, another is not contain. :)
LGTM then.

@umohnani8 umohnani8 changed the title critest: Add test for pid namespace and exec critest: Add test for pid namespace Mar 15, 2018
@umohnani8 umohnani8 mentioned this pull request Mar 1, 2019
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@feiskyer feiskyer feiskyer left review comments

@mrunalp mrunalp mrunalp left review comments

Assignees

@feiskyer feiskyer

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@umohnani8 @Random-Liu @mrunalp @feiskyer @k8s-ci-robot