mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Silas Snider <swsni...@apple.com>
Subject Re: Review Request 58250: Test that bind-mounted host network configuration is mounted readonly.
Date Wed, 14 Jun 2017 00:28:15 GMT


> On June 14, 2017, 12:02 a.m., Jie Yu wrote:
> > FYI, this test does not pass on my box:
> > ```
> > [==========] Running 1 test from 1 test case.
> > [----------] Global test environment set-up.
> > [----------] 1 test from CniIsolatorTest
> > [ RUN      ] CniIsolatorTest.ROOT_INTERNET_CURL_ReadOnlyBindMounts
> > Executing pre-exec command '{"arguments":["mesos-containerizer","mount","--help=false","--operation=make-rslave","--path=\/"],"shell":false,"value":"\/home\/jie\/workspace\/dist\/mesos\/build\/src\/mesos-containerizer"}'
> > Executing pre-exec command '{"arguments":["mount","-n","--rbind","\/tmp\/CniIsolatorTest_ROOT_INTERNET_CURL_ReadOnlyBindMounts_44c0WS\/slaves\/3fd3e062-7fd7-4a6a-b5c3-f59b4e44fa0c-S0\/frameworks\/3fd3e062-7fd7-4a6a-b5c3-f59b4e44fa0c-0000\/executors\/24b4b6bf-db12-416c-8113-cc4c34af6dcf\/runs\/8d2ef480-b21e-48b1-a140-e585a4762969","\/tmp\/CniIsolatorTest_ROOT_INTERNET_CURL_ReadOnlyBindMounts_44c0WS\/provisioner\/containers\/8d2ef480-b21e-48b1-a140-e585a4762969\/backends\/overlay\/rootfses\/4517faf0-ff27-49d2-8142-96636b8f8475\/mnt\/mesos\/sandbox"],"shell":false,"value":"mount"}'
> > I0613 17:01:42.720935 37571 exec.cpp:162] Version: 1.4.0
> > I0613 17:01:42.733803 37597 exec.cpp:237] Executor registered on agent 3fd3e062-7fd7-4a6a-b5c3-f59b4e44fa0c-S0
> > I0613 17:01:42.738118 37577 executor.cpp:169] Received SUBSCRIBED event
> > I0613 17:01:42.739022 37577 executor.cpp:173] Subscribed executor on core-dev
> > I0613 17:01:42.739261 37577 executor.cpp:169] Received LAUNCH event
> > I0613 17:01:42.739573 37577 executor.cpp:624] Starting task 24b4b6bf-db12-416c-8113-cc4c34af6dcf
> > I0613 17:01:42.741453 37577 executor.cpp:468] Running '/home/jie/workspace/dist/mesos/build/src/mesos-containerizer
launch <POSSIBLY-SENSITIVE-DATA>'
> > I0613 17:01:42.743849 37577 executor.cpp:636] Forked command at 37611
> > Changing root to /tmp/CniIsolatorTest_ROOT_INTERNET_CURL_ReadOnlyBindMounts_44c0WS/provisioner/containers/8d2ef480-b21e-48b1-a140-e585a4762969/backends/overlay/rootfses/4517faf0-ff27-49d2-8142-96636b8f8475
> > c: applet not found
> > I0613 17:01:42.906725 37605 executor.cpp:915] Command exited with status 127 (pid:
37611)
> > /home/jie/workspace/mesos/src/tests/containerizer/cni_isolator_tests.cpp:1526: Failure
> >       Expected: TASK_FINISHED
> > To be equal to: statusFinished->state()
> >       Which is: TASK_FAILED
> > I0613 17:01:42.918128 37585 exec.cpp:435] Executor asked to shutdown
> > I0613 17:01:42.918589 37592 executor.cpp:169] Received SHUTDOWN event
> > I0613 17:01:42.918645 37592 executor.cpp:733] Shutting down
> > [  FAILED  ] CniIsolatorTest.ROOT_INTERNET_CURL_ReadOnlyBindMounts (5056 ms)
> > [----------] 1 test from CniIsolatorTest (5057 ms total)
> > 
> > [----------] Global test environment tear-down
> > [==========] 1 test from 1 test case ran. (5098 ms total)
> > [  PASSED  ] 0 tests.
> > [  FAILED  ] 1 test, listed below:
> > [  FAILED  ] CniIsolatorTest.ROOT_INTERNET_CURL_ReadOnlyBindMounts
> > ```
> 
> Jie Yu wrote:
>     Added a missing argv[0], still failed for me:
>     ```
>     [==========] Running 1 test from 1 test case.
>     [----------] Global test environment set-up.
>     [----------] 1 test from CniIsolatorTest
>     [ RUN      ] CniIsolatorTest.ROOT_INTERNET_CURL_ReadOnlyBindMounts
>     Executing pre-exec command '{"arguments":["mesos-containerizer","mount","--help=false","--operation=make-rslave","--path=\/"],"shell":false,"value":"\/home\/jie\/workspace\/dist\/mesos\/build\/src\/mesos-containerizer"}'
>     Executing pre-exec command '{"arguments":["mount","-n","--rbind","\/tmp\/CniIsolatorTest_ROOT_INTERNET_CURL_ReadOnlyBindMounts_OTI05M\/slaves\/31e24c6c-cb37-4125-9b4c-d1eb95fea3d9-S0\/frameworks\/31e24c6c-cb37-4125-9b4c-d1eb95fea3d9-0000\/executors\/55d299b4-2663-4bd5-980a-2b5df95181a4\/runs\/2798da96-2f37-4e27-b737-aa01fc6b4a5d","\/tmp\/CniIsolatorTest_ROOT_INTERNET_CURL_ReadOnlyBindMounts_OTI05M\/provisioner\/containers\/2798da96-2f37-4e27-b737-aa01fc6b4a5d\/backends\/overlay\/rootfses\/c00bda57-a3eb-435b-9499-2e1c2bfb7a56\/mnt\/mesos\/sandbox"],"shell":false,"value":"mount"}'
>     I0613 17:09:37.193990 36312 exec.cpp:162] Version: 1.4.0
>     I0613 17:09:37.209614 36310 exec.cpp:237] Executor registered on agent 31e24c6c-cb37-4125-9b4c-d1eb95fea3d9-S0
>     I0613 17:09:37.213358 36323 executor.cpp:169] Received SUBSCRIBED event
>     I0613 17:09:37.214424 36323 executor.cpp:173] Subscribed executor on core-dev
>     I0613 17:09:37.214689 36323 executor.cpp:169] Received LAUNCH event
>     I0613 17:09:37.214915 36323 executor.cpp:624] Starting task 55d299b4-2663-4bd5-980a-2b5df95181a4
>     I0613 17:09:37.216902 36323 executor.cpp:468] Running '/home/jie/workspace/dist/mesos/build/src/mesos-containerizer
launch <POSSIBLY-SENSITIVE-DATA>'
>     I0613 17:09:37.219539 36323 executor.cpp:636] Forked command at 36346
>     Changing root to /tmp/CniIsolatorTest_ROOT_INTERNET_CURL_ReadOnlyBindMounts_OTI05M/provisioner/containers/2798da96-2f37-4e27-b737-aa01fc6b4a5d/backends/overlay/rootfses/c00bda57-a3eb-435b-9499-2e1c2bfb7a56
>     /dev/mapper/centos-root on /etc/hosts type xfs (ro,seclabel,relatime,attr2,inode64,logbsize=128k,sunit=256,swidth=512,noquota)
>     I0613 17:09:37.477999 36300 executor.cpp:915] Command exited with status 1 (pid:
36346)
>     /home/jie/workspace/mesos/src/tests/containerizer/cni_isolator_tests.cpp:1526: Failure
>           Expected: TASK_FINISHED
>     To be equal to: statusFinished->state()
>           Which is: TASK_FAILED
>     I0613 17:09:37.492488 36311 exec.cpp:435] Executor asked to shutdown
>     I0613 17:09:37.492908 36306 executor.cpp:169] Received SHUTDOWN event
>     I0613 17:09:37.492959 36306 executor.cpp:733] Shutting down
>     [  FAILED  ] CniIsolatorTest.ROOT_INTERNET_CURL_ReadOnlyBindMounts (6247 ms)
>     [----------] 1 test from CniIsolatorTest (6249 ms total)
>     
>     [----------] Global test environment tear-down
>     [==========] 1 test from 1 test case ran. (6347 ms total)
>     [  PASSED  ] 0 tests.
>     [  FAILED  ] 1 test, listed below:
>     [  FAILED  ] CniIsolatorTest.ROOT_INTERNET_CURL_ReadOnlyBindMounts
>     ```
> 
> Silas Snider wrote:
>     Are you sure that you're running exactly this patch? I'm suspicious about the line
'c: applet not found', since I'm not trying to run a program called 'applet' at all?
> 
> Jie Yu wrote:
>     this is a busybox issue. you didn't set argv[0] to 'sh', i think busybox will complain
like that
>     https://stackoverflow.com/questions/19043700/busybox-in-embedded-linux-shows-applet-not-found

Yeah, I'll fix that (totally forgot that I had fixed it in one working copy but not the other).
It looks like the rest of the test is failing because one (or more) of the mounts is rw --
you're running with my other change, right?


- Silas


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58250/#review177834
-----------------------------------------------------------


On June 13, 2017, 10:14 p.m., Silas Snider wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58250/
> -----------------------------------------------------------
> 
> (Updated June 13, 2017, 10:14 p.m.)
> 
> 
> Review request for mesos and Jie Yu.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Test that bind-mounted host network configuration is mounted readonly.
> 
> 
> Diffs
> -----
> 
>   src/tests/containerizer/cni_isolator_tests.cpp 3a5f4ebd4 
> 
> 
> Diff: https://reviews.apache.org/r/58250/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Silas Snider
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message