Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runtimetest: fix root readonly check #599

Merged
merged 1 commit into from
Mar 14, 2018
Merged

runtimetest: fix root readonly check #599

merged 1 commit into from
Mar 14, 2018

Conversation

alban
Copy link
Contributor

@alban alban commented Mar 9, 2018

Instead of trying to write a file on the rootfs, check the "ro"
per-mount option on the root mountpoint. The rootfs might not be
readable despite spec.Root.Readonly being false. Example: the rootfs
belong to an unmapped uid.

Signed-off-by: Alban Crequy [email protected]

@alban alban mentioned this pull request Mar 9, 2018
Merged
@wking
Copy link
Contributor

wking commented Mar 9, 2018

The rootfs might not be readable despite spec.Root.Readonly being false. Example: the rootfs belong to an unmapped uid.

Checking the spec again, it doesn't actually say anything about how the runtime should handle the readonly false and unset cases. So I'm in favor of something like:

if spec.Root.Readonly {
  err := testWriteAccess("/")
  if err == nil {
    return specerror.NewError(specerror.RootReadonlyImplement, fmt.Errorf("rootfs must be readonly"), rspec.Version)
} else {
  err := testWriteAccess("/")
  if err != nil {
    // print a Skip-level warning, which may depend on #594 or other *tap.T passing
  }
}

That way we don't have to have an opinion on unspecified implementation details (perhaps the runtime doesn't bother with a ro mount if it knows the ID mapping will cover read-only-ness?).

@alban alban force-pushed the alban/rootfs-readonly branch from 913f12d to c08563d Compare March 13, 2018 10:20
@alban
Copy link
Contributor Author

alban commented Mar 13, 2018

@wking what about this updated patch? I just skip the test on userns if spec.Root.Readonly == false, but still execute the test for validation/root_readonly_{false,true}.go.

I don't think I need to use *tap.T from #594 right now, it will just t.Pass() when err == nil. Do we actually have a "Skip-level warning"? Do you mean using "OPTIONAL"?

@wking
Copy link
Contributor

wking commented Mar 13, 2018

I just skip the test on userns if spec.Root.Readonly == false...

I agree that the unmapped user-namespace situation should not be a spec violation. But I don't see a need for special handling there, because I don't see spec grounds for this error at all. Do you?

I don't think I need to use *tap.T from #594 right now, it will just t.Pass() when err == nil. Do we actually have a "Skip-level warning"? Do you mean using "OPTIONAL"?

I don't think we can use OPTIONAL, or even MAY, unless we're quoting spec wording, and the spec has nothing in that line for unset/false readonly. So I'd be ok with just:

if spec.Root.Readonly {
   // what's in master now
} // no need to check the else case

But I also think that users may find this surprising, and a TAP skip or stderr log are places where we can warn the user "hey, you might have expected setting readonly false would give you a writeable root, but yours isn't writeable. This isn't a spec volation, but we wanted to let you know anyway.".

@alban
runtimetest: fix root readonly check
9e919c6 
The rootfs might not be readable despite spec.Root.Readonly being false
and that's not a spec violation. Example: the rootfs belong to an
unmapped uid.

This test is useful for validation/root_readonly_true.go

Delete validation/root_readonly_false.go since that's not a spec
violation.

Signed-off-by: Alban Crequy <[email protected]>
@alban alban force-pushed the alban/rootfs-readonly branch from c08563d to 9e919c6 Compare March 13, 2018 13:38
@alban
Copy link
Contributor Author

alban commented Mar 13, 2018

I agree that the unmapped user-namespace situation should not be a spec violation. But I don't see a need for special handling there, because I don't see spec grounds for this error at all. Do you?

No, I don't.

I don't think we can use OPTIONAL, or even MAY, unless we're quoting spec wording, and the spec has nothing in that line for unset/false readonly. So I'd be ok with just:

Ok, I updated the patch that way. I also deleted validation/root_readonly_false.go since that would not test anything.

But I also think that users may find this surprising, and a TAP skip or stderr log are places where we can warn the user "hey, you might have expected setting readonly false would give you a writeable root, but yours isn't writeable. This isn't a spec volation, but we wanted to let you know anyway.".

That would be good indeed. I didn't do that in this PR because that would need more changes for the TAP skip.

@liangchenye
Copy link
Member

liangchenye commented Mar 14, 2018
edited by caniszczyk
Loading

LGTM

Approved with PullApprove

@liangchenye liangchenye merged commit cc1aa34 into opencontainers:master Mar 14, 2018
@alban alban deleted the alban/rootfs-readonly branch March 14, 2018 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wking wking wking approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alban @wking @liangchenye