search

containers / qm

QM is a containerized environment for running Functional Safety qm (Quality Management) software
https://github.com/containers/qm
GNU General Public License v2.0
20 stars 20 forks source link

ffi: Adding sysctl test case. #448

Closed weiwang-linda closed 1 month ago

weiwang-linda commented 1 month ago

Adding a ffi test to execute sysctl inside nested container running on top of QM
resolve #370

Verify attempts to change OS level are denied inside QM container, like below

Setting sysctl parameters...
sysctl: permission denied on key "net.ipv4.ip_forward"
sysctl: permission denied on key "net.ipv4.conf.all.rp_filter"
sysctl: permission denied on key "net.ipv4.tcp_max_syn_backlog"
sysctl: permission denied on key "vm.swappiness"
sysctl: permission denied on key "vm.overcommit_memory"
Yarboa commented 1 month ago

Adding a ffi test to execute sysctl inside nested container running on top of QM. Test with PACKIT_COPR_PROJECT="packit/containers-qm-443", the case run passed.

                out: sysctl: permission denied on key "net.ipv4.ip_forward"
                out: sysctl: permission denied on key "net.ipv4.conf.all.rp_filter"
                out: sysctl: permission denied on key "net.ipv4.tcp_max_syn_backlog"
                out: sysctl: permission denied on key "vm.swappiness"
                out: sysctl: permission denied on key "vm.overcommit_memory"
                out: Shared connection to xx.xx.xx.xxx closed.
        Copy '/var/tmp/tmt/run-003/plans/e2e/ffi/execute/data/guest/default-0/tests/ffi/sysctl-1' from the guest to '/'.
        Extract results of '/tests/ffi/sysctl'.
        Copy '/var/tmp/tmt/run-003/plans/e2e/ffi/execute/data/guest/default-0/tests/ffi/sysctl-1' from the guest to '/'.
                00:02:49 pass /tests/ffi/sysctl (on default-0) [1/1]

        Copy '/var/tmp/tmt/run-003/plans/e2e/ffi/data' from the guest to '/'.

        summary: 1 test executed

@weiwang-linda Please add in the description resolve issue_id

weiwang-linda commented 1 month ago

Adding a ffi test to execute sysctl inside nested container running on top of QM. Test with PACKIT_COPR_PROJECT="packit/containers-qm-443", the case run passed.

                out: sysctl: permission denied on key "net.ipv4.ip_forward"
                out: sysctl: permission denied on key "net.ipv4.conf.all.rp_filter"
                out: sysctl: permission denied on key "net.ipv4.tcp_max_syn_backlog"
                out: sysctl: permission denied on key "vm.swappiness"
                out: sysctl: permission denied on key "vm.overcommit_memory"
                out: Shared connection to xx.xx.xx.xxx closed.
        Copy '/var/tmp/tmt/run-003/plans/e2e/ffi/execute/data/guest/default-0/tests/ffi/sysctl-1' from the guest to '/'.
        Extract results of '/tests/ffi/sysctl'.
        Copy '/var/tmp/tmt/run-003/plans/e2e/ffi/execute/data/guest/default-0/tests/ffi/sysctl-1' from the guest to '/'.
                00:02:49 pass /tests/ffi/sysctl (on default-0) [1/1]

        Copy '/var/tmp/tmt/run-003/plans/e2e/ffi/data' from the guest to '/'.

        summary: 1 test executed

@weiwang-linda Please add in the description resolve issue_id

Done

weiwang-linda commented 1 month ago

I do not understand what needed to be tested. It should be in description

Done!

Yarboa commented 1 month ago

/packit tests --identifier e2e-ffi

Yarboa commented 1 month ago

/packit test --identifier e2e-ffi

Yarboa commented 1 month ago

/packit test --identifier e2e-tiers