Added a test `NamespacesIsolatorTest.ROOT_SharePidNamespace`. Added a test `NamespacesIsolatorTest.ROOT_SharePidNamespace`.
Review: https://reviews.apache.org/r/61464/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/8ff09b2a Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/8ff09b2a Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/8ff09b2a Branch: refs/heads/1.4.x Commit: 8ff09b2ad0c36237d6d347fdb650f9b8054fac47 Parents: fc15de9 Author: Qian Zhang <zhq527...@gmail.com> Authored: Sun Aug 13 19:51:59 2017 -0700 Committer: Gilbert Song <songzihao1...@gmail.com> Committed: Mon Aug 14 21:30:45 2017 -0700 ---------------------------------------------------------------------- src/tests/containerizer/isolator_tests.cpp | 61 +++++++++++++++++++++++++ 1 file changed, 61 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/8ff09b2a/src/tests/containerizer/isolator_tests.cpp ---------------------------------------------------------------------- diff --git a/src/tests/containerizer/isolator_tests.cpp b/src/tests/containerizer/isolator_tests.cpp index a390038..f8860ae 100644 --- a/src/tests/containerizer/isolator_tests.cpp +++ b/src/tests/containerizer/isolator_tests.cpp @@ -30,6 +30,8 @@ #include <mesos/mesos.hpp> +#include <mesos/slave/containerizer.hpp> + #ifdef __linux__ #include "linux/ns.hpp" #endif @@ -105,6 +107,7 @@ TEST_F(NamespacesIsolatorTest, ROOT_PidNamespace) { Try<Owned<MesosContainerizer>> containerizer = createContainerizer("filesystem/linux,namespaces/pid"); + ASSERT_SOME(containerizer); // Write the command's pid namespace inode and init name to files. @@ -154,6 +157,63 @@ TEST_F(NamespacesIsolatorTest, ROOT_PidNamespace) } +// This test verifies a top-level container can share pid namespace +// with the agent when the field `share_pid_namespace` is set as +// true in `ContainerInfo.linux_info`. Please note that the agent flag +// `--disallow_sharing_agent_pid_namespace` is set to +// false by default, that means top-level container is allowed to share +// pid namespace with agent. +TEST_F(NamespacesIsolatorTest, ROOT_SharePidNamespace) +{ + Try<Owned<MesosContainerizer>> containerizer = + createContainerizer("filesystem/linux,namespaces/pid"); + + ASSERT_SOME(containerizer); + + // Write the command's pid namespace inode to file. + const string command = "stat -Lc %i /proc/self/ns/pid > ns"; + + mesos::slave::ContainerConfig containerConfig = createContainerConfig( + None(), + createExecutorInfo("executor", command), + directory); + + ContainerInfo* container = containerConfig.mutable_container_info(); + container->set_type(ContainerInfo::MESOS); + container->mutable_linux_info()->set_share_pid_namespace(true); + + process::Future<bool> launch = containerizer.get()->launch( + containerId, + containerConfig, + std::map<string, string>(), + None()); + + AWAIT_READY(launch); + ASSERT_TRUE(launch.get()); + + // Wait on the container. + Future<Option<ContainerTermination>> wait = + containerizer.get()->wait(containerId); + + AWAIT_READY(wait); + ASSERT_SOME(wait.get()); + + // Check the executor exited correctly. + EXPECT_TRUE(wait->get().has_status()); + EXPECT_EQ(0, wait->get().status()); + + // Check that the command was run in the same pid namespace. + Try<ino_t> testPidNamespace = ns::getns(::getpid(), "pid"); + ASSERT_SOME(testPidNamespace); + + Try<string> containerPidNamespace = os::read(path::join(directory, "ns")); + ASSERT_SOME(containerPidNamespace); + + EXPECT_EQ(stringify(testPidNamespace.get()), + strings::trim(containerPidNamespace.get())); +} + + // The IPC namespace has its own copy of the svipc(7) tunables. We verify // that we are correctly entering the IPC namespace by verifying that we // can set shmmax some different value than that of the host namespace. @@ -161,6 +221,7 @@ TEST_F(NamespacesIsolatorTest, ROOT_IPCNamespace) { Try<Owned<MesosContainerizer>> containerizer = createContainerizer("namespaces/ipc"); + ASSERT_SOME(containerizer); // Value we will set the child namespace shmmax to.