martin-mat
commented
4 months ago There seems to be unfinished implementation in k8s_kernel_introspection's verify_single_proc_tree https://github.com/cnf-testsuite/k8s_kernel_introspection/blob/main/src/kernel_introspection/k8s.cr#L41
if current_pid == original_parent_pid && ppid != "" &&
status_name != name
# todo exclude tini, init, dumbinit?, from violations
Log.info { "top level parent (i.e. superviser -- first parent with different name): #{status_name}" }
verified = false
Describe the bug The single_process_type and specialized_init_system checks cannot be passed both in the same (e.g. cert essential) run
To Reproduce Steps to reproduce the behavior:
$ cnf-testsuite version CNF TestSuite version: v1.2.0
๐ฌ Testing: [single_process_type] resource: {kind: "Deployment", name: "dns-dserver", namespace: "default"}, pod dns-dserver-b447b56ff-4nmtx and container: dserver has more than one process type (/sbin/tini--/usr/local/bin/dns-app, /usr/local/bin/dns-app) โ๏ธ ๐FAILED: [single_process_type] More than one process type used โ๐
๐ฌ Testing: [single_process_type] resource: {kind: "StatefulSet", name: "dns-drouter", namespace: "default"}, pod dns-drouter-0 and container: drouter has more than one process type (/usr/local/bin/dumb-init--/usr/local/bin/dns-app, /usr/local/bin/dns-app) โ๏ธ ๐FAILED: [single_process_type] More than one process type used โ๐
Expected behavior The single process type check shall be made tolerant to the specialized init systems (dumb-init, tiny, s6-overlay) so that both tests can be passed in the same run.
Device (please complete the following information): Linux ip-10-0-33-150 6.5.0-1020-aws https://github.com/cnti-testcatalog/testsuite/issues/20~22.04.1-Ubuntu SMP Wed May 1 16:10:50 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Additional context Note, the s6-overlay init system seems to be starting multiple processes.