fix check_masked_rel_paths

Signed-off-by: nayuta-ai <[email protected]>
youki-dev · Nov 24, 2024 · c471733 · c471733
1 parent e067ac0
commit c471733
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 28 deletions.
diff --git a/tests/contest/contest/src/tests/linux_masked_paths/masked_paths.rs b/tests/contest/contest/src/tests/linux_masked_paths/masked_paths.rs
@@ -79,33 +79,19 @@ fn check_masked_paths() -> TestResult {
 fn check_masked_rel_paths() -> TestResult {
     // Deliberately set a relative path to be masked,
     // and expect an error
-    let masked_rel_path = "masked_rel_path";
+    let masked_rel_path = "../masked_rel_path";
     let masked_paths = vec![masked_rel_path.to_string()];
     let spec = get_spec(masked_paths);
 
-    // We expect the container creation to succeed, but don't mask the path because relative paths are not supported
-    // ref: https://github.com/opencontainers/runtime-tools/blob/master/validation/linux_masked_paths/linux_masked_paths.go#L67-L90
-    test_inside_container(spec, &|bundle_path| {
-        use std::{fs, io};
-        let test_file = bundle_path.join(masked_rel_path);
-        match fs::metadata(&test_file) {
-            io::Result::Ok(md) => {
-                bail!(
-                    "reading path {:?} should have given error, found {:?} instead",
-                    test_file,
-                    md
-                )
-            }
-            io::Result::Err(e) => {
-                let err = e.kind();
-                if let io::ErrorKind::NotFound = err {
-                    Ok(())
-                } else {
-                    bail!("expected not found error, got {:?}", err);
-                }
-            }
-        }
-    })
+    let res = test_inside_container(spec, &|_bundle_path| Ok(()));
+    // If the container creation succeeds, we expect an error since the masked paths does not support relative paths.
+    if let TestResult::Passed = res {
+        TestResult::Failed(anyhow!(
+            "expected error in container creation with invalid symlink, found no error"
+        ))
+    } else {
+        TestResult::Passed
+    }
 }
 
 fn check_masked_symlinks() -> TestResult {

diff --git a/tests/contest/runtimetest/src/tests.rs b/tests/contest/runtimetest/src/tests.rs
@@ -720,11 +720,15 @@ pub fn validate_masked_paths(spec: &Spec) {
         return;
     }
 
-    for path in masked_paths {
-        match test_read_access(path) {
+    for path_str in masked_paths {
+        let path = Path::new(path_str);
+        if !path.is_absolute() {
+            eprintln!("in masked paths, the path must be absolute.")
+        }
+        match test_read_access(path_str) {
             Ok(true) => {
                 eprintln!(
-                    "in masked paths, expected path {path} to be masked, but was found readable"
+                    "in masked paths, expected path {path_str} to be masked, but was found readable"
                 );
                 return;
             }
@@ -735,7 +739,7 @@ pub fn validate_masked_paths(spec: &Spec) {
                     /* This is expected */
                 } else {
                     eprintln!(
-                        "in masked paths, error in testing read access for path {path} : {errno:?}"
+                        "in masked paths, error in testing read access for path {path_str} : {errno:?}"
                     );
                     return;
                 }