Open jodh-intel opened 2 years ago
I think you'd need to share that into the guest's rootfs at /usr/share/oci/hooks, not as part of the container rootfs, right?
Agreed - it would be good to have such a test though. AFAIU you'd want to:
1) cp the existing rootfs image to a test version (cp /usr/share/kata-containers/kata-containers.img /tmp/kata-containers.img)
2) mount the tmp/kata-containers .img: ie, mkdir ./mnt && sudo mount -o loop,offset=$((512*6144)) /tmp/kata-containers.img ./mnt/
3) add path/file to /usr/share/oci/hooks/hook.sh ; ie: mkdir -p ./mnt/usr/share/oci/hooks; cp hooks.sh ./mnt/usr/share/oci/hooks/
3) unmount ./mnt
4) Copy /usr/share/defaults/kata-containers/configuration.toml to /etc/kata-containers/configuration.toml (use an override toml)
5) sed the override toml to use image at tmp/kata-containers.img
6) run a container and verify the hook did what we expected.
Also, my fictitious hook.sh should probably write to a file that is readable by the container. Ie, run a container with a known name and have the script wrote to a file within the guest rootfs' source path (ie, something like
/run/kata-containers/foobar/rootfs/tmp/yaaaaa-get-a-hook
if you were running a container container w/ name "foobar"
I think it'd be easiest to write a bats test just using ctr, since you'll want a hardcoded path that the script dumps to which is also accessible to the container.
It seems that guest OCI hooks are broken, but about to be fixed on https://github.com/kata-containers/kata-containers/pull/3351.
We need an explicit (bats?) test for guest hooks that does something like:
/usr/share/oci/hooks/
./tmp/
.guest_hook_path=/usr/share/oci/hooks/
in the config file.cat
's the file the hook should have created in/tmp/
.