diff options
Diffstat (limited to 'test/testdata')
22 files changed, 1189 insertions, 0 deletions
diff --git a/test/testdata/README.md b/test/testdata/README.md new file mode 100644 index 000000000..afc6b32f0 --- /dev/null +++ b/test/testdata/README.md @@ -0,0 +1,15 @@ +In terminal 1: +``` +sudo ./crio +``` + +In terminal 2: +``` +sudo ./crioctl runtimeversion + +sudo rm -rf /var/lib/containers/storage/sandboxes/podsandbox1 +sudo ./crioctl pod run --config testdata/sandbox_config.json + +sudo rm -rf /var/lib/containers/storage/containers/container1 +sudo ./crioctl container create --pod podsandbox1 --config testdata/container_config.json +``` diff --git a/test/testdata/apparmor_test_deny_write b/test/testdata/apparmor_test_deny_write new file mode 100644 index 000000000..55311aaf5 --- /dev/null +++ b/test/testdata/apparmor_test_deny_write @@ -0,0 +1,10 @@ +#include <tunables/global> + +profile apparmor-test-deny-write flags=(attach_disconnected) { + #include <abstractions/base> + + file, + + # Deny all file writes. + deny /** w, +} diff --git a/test/testdata/container_config.json b/test/testdata/container_config.json new file mode 100644 index 000000000..d8ef76a56 --- /dev/null +++ b/test/testdata/container_config.json @@ -0,0 +1,70 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "redis:alpine" + }, + "command": [ + "/bin/ls" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": false, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + }, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + } + } + } +} diff --git a/test/testdata/container_config_by_imageid.json b/test/testdata/container_config_by_imageid.json new file mode 100644 index 000000000..d953efb3c --- /dev/null +++ b/test/testdata/container_config_by_imageid.json @@ -0,0 +1,70 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "%VALUE%" + }, + "command": [ + "/bin/ls" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_hostport.json b/test/testdata/container_config_hostport.json new file mode 100644 index 000000000..e5a0ca67a --- /dev/null +++ b/test/testdata/container_config_hostport.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "busybox:latest" + }, + "command": [ + "/bin/nc", "-ll", "-p", "80", "-e" + ], + "args": [ + "/bin/hostname" + ], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_logging.json b/test/testdata/container_config_logging.json new file mode 100644 index 000000000..8e8d0da44 --- /dev/null +++ b/test/testdata/container_config_logging.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "busybox:latest" + }, + "command": [ + "/bin/sh", "-c" + ], + "args": [ + "%shellcommand%" + ], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_resolvconf.json b/test/testdata/container_config_resolvconf.json new file mode 100644 index 000000000..52b77e082 --- /dev/null +++ b/test/testdata/container_config_resolvconf.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "redis:alpine" + }, + "command": [ + "sh", + "-c", + "echo test >> /etc/resolv.conf" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": false, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_resolvconf_ro.json b/test/testdata/container_config_resolvconf_ro.json new file mode 100644 index 000000000..7e121c079 --- /dev/null +++ b/test/testdata/container_config_resolvconf_ro.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "redis:alpine" + }, + "command": [ + "sh", + "-c", + "echo test >> /etc/resolv.conf" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": true, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_seccomp.json b/test/testdata/container_config_seccomp.json new file mode 100644 index 000000000..582132b0e --- /dev/null +++ b/test/testdata/container_config_seccomp.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "redis:alpine" + }, + "command": [ + "/bin/bash" + ], + "args": [ + "/bin/chmod", "777", "." + ], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_sleep.json b/test/testdata/container_config_sleep.json new file mode 100644 index 000000000..c86ff7011 --- /dev/null +++ b/test/testdata/container_config_sleep.json @@ -0,0 +1,71 @@ +{ + "metadata": { + "name": "container999", + "attempt": 1 + }, + "image": { + "image": "docker.io/library/busybox:latest" + }, + "command": [ + "sleep", + "9999" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": false, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + }, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + } + } + } +} diff --git a/test/testdata/container_exit_test.json b/test/testdata/container_exit_test.json new file mode 100644 index 000000000..6ead905a6 --- /dev/null +++ b/test/testdata/container_exit_test.json @@ -0,0 +1,22 @@ +{ + "metadata": { + "name": "podsandbox1-exit-test" + }, + "image": { + "image": "docker://mrunalp/exit_test:latest" + }, + "args": [ + "/exit_test" + ], + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + } + ], + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false +} diff --git a/test/testdata/container_redis.json b/test/testdata/container_redis.json new file mode 100644 index 000000000..638aba4fc --- /dev/null +++ b/test/testdata/container_redis.json @@ -0,0 +1,61 @@ +{ + "metadata": { + "name": "podsandbox1-redis" + }, + "image": { + "image": "redis:alpine" + }, + "args": [ + "docker-entrypoint.sh", + "redis-server" + ], + "working_dir": "/data", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "REDIS_VERSION", + "value": "3.2.3" + }, + { + "key": "REDIS_DOWNLOAD_URL", + "value": "http://download.redis.io/releases/redis-3.2.3.tar.gz" + }, + { + "key": "REDIS_DOWNLOAD_SHA1", + "value": "92d6d93ef2efc91e595c8bf578bf72baff397507" + } + ], + "labels": { + "tier": "backend" + }, + "annotations": { + "pod": "podsandbox1" + }, + "readonly_rootfs": false, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "sys_admin" + ] + } + } + } +} diff --git a/test/testdata/container_redis_default_mounts.json b/test/testdata/container_redis_default_mounts.json new file mode 100644 index 000000000..dff3db5a7 --- /dev/null +++ b/test/testdata/container_redis_default_mounts.json @@ -0,0 +1,67 @@ +{ + "metadata": { + "name": "podsandbox1-redis" + }, + "image": { + "image": "redis:alpine" + }, + "args": [ + "docker-entrypoint.sh", + "redis-server" + ], + "mounts": [ + { + "container_path": "%CPATH%", + "host_path": "%HPATH%" + } + ], + "working_dir": "/data", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "REDIS_VERSION", + "value": "3.2.3" + }, + { + "key": "REDIS_DOWNLOAD_URL", + "value": "http://download.redis.io/releases/redis-3.2.3.tar.gz" + }, + { + "key": "REDIS_DOWNLOAD_SHA1", + "value": "92d6d93ef2efc91e595c8bf578bf72baff397507" + } + ], + "labels": { + "tier": "backend" + }, + "annotations": { + "pod": "podsandbox1" + }, + "readonly_rootfs": false, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "sys_admin" + ] + } + } + } +} diff --git a/test/testdata/container_redis_device.json b/test/testdata/container_redis_device.json new file mode 100644 index 000000000..2a2495515 --- /dev/null +++ b/test/testdata/container_redis_device.json @@ -0,0 +1,68 @@ +{ + "metadata": { + "name": "podsandbox1-redis" + }, + "image": { + "image": "redis:alpine" + }, + "args": [ + "docker-entrypoint.sh", + "redis-server" + ], + "working_dir": "/data", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "REDIS_VERSION", + "value": "3.2.3" + }, + { + "key": "REDIS_DOWNLOAD_URL", + "value": "http://download.redis.io/releases/redis-3.2.3.tar.gz" + }, + { + "key": "REDIS_DOWNLOAD_SHA1", + "value": "92d6d93ef2efc91e595c8bf578bf72baff397507" + } + ], + "devices": [ + { + "host_path": "/dev/null", + "container_path": "/dev/mynull", + "permissions": "rwm" + } + ], + "labels": { + "tier": "backend" + }, + "annotations": { + "pod": "podsandbox1" + }, + "readonly_rootfs": false, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "sys_admin" + ] + } + } + } +} diff --git a/test/testdata/fake_ocid_default b/test/testdata/fake_ocid_default new file mode 100644 index 000000000..915fb17dd --- /dev/null +++ b/test/testdata/fake_ocid_default @@ -0,0 +1 @@ +profile crio-default flags=(attach_disconnected) {} diff --git a/test/testdata/sandbox_config.json b/test/testdata/sandbox_config.json new file mode 100644 index 000000000..57e211bd6 --- /dev/null +++ b/test/testdata/sandbox_config.json @@ -0,0 +1,51 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_config": { + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/sandbox_config_hostnet.json b/test/testdata/sandbox_config_hostnet.json new file mode 100644 index 000000000..99a7560dc --- /dev/null +++ b/test/testdata/sandbox_config_hostnet.json @@ -0,0 +1,48 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_options": { + "servers": [ + "server1.redhat.com", + "server2.redhat.com" + ], + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": true, + "host_pid": false, + "host_ipc": false + } + } + } +} diff --git a/test/testdata/sandbox_config_hostport.json b/test/testdata/sandbox_config_hostport.json new file mode 100644 index 000000000..5feda8668 --- /dev/null +++ b/test/testdata/sandbox_config_hostport.json @@ -0,0 +1,55 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_options": { + "servers": [ + "server1.redhat.com", + "server2.redhat.com" + ], + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [ + { + "protocol": 0, + "container_port": 80, + "host_port": 4888 + } + ], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + } + } + } +} diff --git a/test/testdata/sandbox_config_seccomp.json b/test/testdata/sandbox_config_seccomp.json new file mode 100644 index 000000000..8e440b164 --- /dev/null +++ b/test/testdata/sandbox_config_seccomp.json @@ -0,0 +1,53 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_options": { + "servers": [ + "server1.redhat.com", + "server2.redhat.com" + ], + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng" + %VALUE% + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/sandbox_config_selinux.json b/test/testdata/sandbox_config_selinux.json new file mode 100644 index 000000000..916a10ecd --- /dev/null +++ b/test/testdata/sandbox_config_selinux.json @@ -0,0 +1,48 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_config": { + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + }, + "selinux_options": { + "level": "s0" + } + } + } +} diff --git a/test/testdata/template_container_config.json b/test/testdata/template_container_config.json new file mode 100644 index 000000000..a770a7c9d --- /dev/null +++ b/test/testdata/template_container_config.json @@ -0,0 +1,68 @@ +{ + "metadata": { + "name": "${NAME}", + "attempt": 1 + }, + "image": { + "image": "${IMAGE}" + }, + "command": ${COMMAND}, + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": false, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + }, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + } + } + } +} diff --git a/test/testdata/template_sandbox_config.json b/test/testdata/template_sandbox_config.json new file mode 100644 index 000000000..f43ffb0d6 --- /dev/null +++ b/test/testdata/template_sandbox_config.json @@ -0,0 +1,51 @@ +{ + "metadata": { + "name": "${NAME}", + "uid": "${CUID}", + "namespace": "${NAMESPACE}", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_config": { + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} |