Create guest OCI hooks tests

[jodh-intel]

It seems that guest OCI hooks are broken, but about to be fixed on https://github.com/kata-containers/kata-containers/pull/3351.

We need an explicit (bats?) test for guest hooks that does something like:

• Share a directory into the contain as /usr/share/oci/hooks/.
• Create a single executable shell script hook in that directory that write a file to /tmp/.
• Enable guest_hook_path=/usr/share/oci/hooks/ in the config file.
• Create a container that cat's the file the hook should have created in /tmp/.
• Fail if the file doesn't exist.

[egernst]

I think you'd need to share that into the guest's rootfs at /usr/share/oci/hooks, not as part of the container rootfs, right?

Agreed - it would be good to have such a test though. AFAIU you'd want to: 1) cp the existing rootfs image to a test version (cp /usr/share/kata-containers/kata-containers.img /tmp/kata-containers.img) 2) mount the tmp/kata-containers .img: ie, mkdir ./mnt && sudo mount -o loop,offset=$((512*6144)) /tmp/kata-containers.img ./mnt/ 3) add path/file to /usr/share/oci/hooks/hook.sh ; ie: mkdir -p ./mnt/usr/share/oci/hooks; cp hooks.sh ./mnt/usr/share/oci/hooks/ 3) unmount ./mnt 4) Copy /usr/share/defaults/kata-containers/configuration.toml to /etc/kata-containers/configuration.toml (use an override toml) 5) sed the override toml to use image at tmp/kata-containers.img 6) run a container and verify the hook did what we expected.

Also, my fictitious hook.sh should probably write to a file that is readable by the container. Ie, run a container with a known name and have the script wrote to a file within the guest rootfs' source path (ie, something like

/run/kata-containers/foobar/rootfs/tmp/yaaaaa-get-a-hook

if you were running a container container w/ name "foobar"

I think it'd be easiest to write a bats test just using ctr, since you'll want a hardcoded path that the script dumps to which is also accessible to the container.