tools/testing/testrunner/nsjail_test.go - fuchsia - Git at Google

 // Copyright 2021 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 package testrunner

 import (
 	"testing"

 	"github.com/google/go-cmp/cmp"
 )

 func TestBuild(t *testing.T) {
 	cmdStart := []string{
 		"/path/to/nsjail",
 		"--disable_clone_newcgroup",
 		"--quiet",
 		"--rlimit_as", "soft",
 		"--rlimit_fsize", "soft",
 		"--rlimit_nofile", "soft",
 		"--rlimit_nproc", "soft",
 	}

 	testCases := []struct {
 		name       string
 		cmdBuilder *NsJailCmdBuilder
 		subcmd     []string
 		want       []string
 		wantErr    bool
 	}{
 		{
 			name:       "Test that missing binary returns error",
 			cmdBuilder: &NsJailCmdBuilder{},
 			wantErr:    true,
 		},
 		{
 			name: "Test that missing subcmd returns error",
 			cmdBuilder: &NsJailCmdBuilder{
 				Bin: "/path/to/nsjail",
 			},
 			wantErr: true,
 		},
 		{
 			name: "Test enabling network isolation",
 			cmdBuilder: &NsJailCmdBuilder{
 				Bin:            "/path/to/nsjail",
 				IsolateNetwork: true,
 			},
 			subcmd: []string{"/foo/bar"},
 			want: append(
 				cmdStart,
 				"--",
 				"/foo/bar",
 			),
 		},
 		{
 			name: "Test disabling network isolation",
 			cmdBuilder: &NsJailCmdBuilder{
 				Bin: "/path/to/nsjail",
 			},
 			subcmd: []string{"/foo/bar"},
 			want: append(
 				cmdStart,
 				"--disable_clone_newnet",
 				"--",
 				"/foo/bar",
 			),
 		},
 		{
 			name: "Test mount points",
 			cmdBuilder: &NsJailCmdBuilder{
 				Bin: "/path/to/nsjail",
 				MountPoints: []*MountPt{
 					{
 						Src: "/readonly",
 					},
 					{
 						Src:      "/readwrite",
 						Writable: true,
 					},
 					{
 						Src:      "/root/name",
 						Dst:      "/jail/name",
 						Writable: false,
 					},
 					{
 						Dst:      "/i/am/temporary",
 						UseTmpfs: true,
 					},
 				},
 			},
 			subcmd: []string{"/foo/bar"},
 			want: append(
 				cmdStart,
 				"--disable_clone_newnet",
 				"--tmpfsmount", "/i/am/temporary",
 				"--bindmount_ro", "/root/name:/jail/name",
 				"--bindmount_ro", "/readonly:/readonly",
 				"--bindmount", "/readwrite:/readwrite",
 				"--",
 				"/foo/bar",
 			),
 		},
 		{
 			name: "Test current working directory",
 			cmdBuilder: &NsJailCmdBuilder{
 				Bin: "/path/to/nsjail",
 				Cwd: "/cwd",
 			},
 			subcmd: []string{"/foo/bar"},
 			want: append(
 				cmdStart,
 				"--disable_clone_newnet",
 				"--cwd", "/cwd",
 				"--",
 				"/foo/bar",
 			),
 		},
 		{
 			name: "Test environment variables",
 			cmdBuilder: &NsJailCmdBuilder{
 				Bin: "/path/to/nsjail",
 				Env: map[string]string{
 					"FOO":  "bar=baz",
 					"TEST": "test",
 				},
 			},
 			subcmd: []string{"/foo/bar"},
 			want: append(
 				cmdStart,
 				"--disable_clone_newnet",
 				"--env", "FOO=bar=baz", "--env", "TEST=test",
 				"--",
 				"/foo/bar",
 			),
 		},
 		{
 			name: "Test symlinks",
 			cmdBuilder: &NsJailCmdBuilder{
 				Bin: "/path/to/nsjail",
 				Symlinks: map[string]string{
 					"/bin/bash": "/bin/sh",
 				},
 			},
 			subcmd: []string{"/foo/bar"},
 			want: append(
 				cmdStart,
 				"--disable_clone_newnet",
 				"--symlink", "/bin/bash:/bin/sh",
 				"--",
 				"/foo/bar",
 			),
 		},
 	}
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			got, err := tc.cmdBuilder.Build(tc.subcmd)
 			if err != nil && !tc.wantErr {
 				t.Errorf("NsJailCmdBuilder.Build(%v) failed; got %s, want <nil> error", tc.subcmd, err)
 			} else if err == nil && tc.wantErr {
 				t.Errorf("NsJailCmdBuilder.Build(%v) succeeded unexpectedly", tc.subcmd)
 			}
 			if diff := cmp.Diff(tc.want, got); diff != "" {
 				t.Errorf("NsJailCmdBuilder.Build(%v) returned unexpected command (-want +got):\n%s", tc.subcmd, diff)
 			}
 		})
 	}
 }
	// Copyright 2021 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	package testrunner

	import (
	"testing"

	"github.com/google/go-cmp/cmp"
	)

	func TestBuild(t *testing.T) {
	cmdStart := []string{
	"/path/to/nsjail",
	"--disable_clone_newcgroup",
	"--quiet",
	"--rlimit_as", "soft",
	"--rlimit_fsize", "soft",
	"--rlimit_nofile", "soft",
	"--rlimit_nproc", "soft",
	}

	testCases := []struct {
	name string
	cmdBuilder *NsJailCmdBuilder
	subcmd []string
	want []string
	wantErr bool
	}{
	{
	name: "Test that missing binary returns error",
	cmdBuilder: &NsJailCmdBuilder{},
	wantErr: true,
	},
	{
	name: "Test that missing subcmd returns error",
	cmdBuilder: &NsJailCmdBuilder{
	Bin: "/path/to/nsjail",
	},
	wantErr: true,
	},
	{
	name: "Test enabling network isolation",
	cmdBuilder: &NsJailCmdBuilder{
	Bin: "/path/to/nsjail",
	IsolateNetwork: true,
	},
	subcmd: []string{"/foo/bar"},
	want: append(
	cmdStart,
	"--",
	"/foo/bar",
	),
	},
	{
	name: "Test disabling network isolation",
	cmdBuilder: &NsJailCmdBuilder{
	Bin: "/path/to/nsjail",
	},
	subcmd: []string{"/foo/bar"},
	want: append(
	cmdStart,
	"--disable_clone_newnet",
	"--",
	"/foo/bar",
	),
	},
	{
	name: "Test mount points",
	cmdBuilder: &NsJailCmdBuilder{
	Bin: "/path/to/nsjail",
	MountPoints: []*MountPt{
	{
	Src: "/readonly",
	},
	{
	Src: "/readwrite",
	Writable: true,
	},
	{
	Src: "/root/name",
	Dst: "/jail/name",
	Writable: false,
	},
	{
	Dst: "/i/am/temporary",
	UseTmpfs: true,
	},
	},
	},
	subcmd: []string{"/foo/bar"},
	want: append(
	cmdStart,
	"--disable_clone_newnet",
	"--tmpfsmount", "/i/am/temporary",
	"--bindmount_ro", "/root/name:/jail/name",
	"--bindmount_ro", "/readonly:/readonly",
	"--bindmount", "/readwrite:/readwrite",
	"--",
	"/foo/bar",
	),
	},
	{
	name: "Test current working directory",
	cmdBuilder: &NsJailCmdBuilder{
	Bin: "/path/to/nsjail",
	Cwd: "/cwd",
	},
	subcmd: []string{"/foo/bar"},
	want: append(
	cmdStart,
	"--disable_clone_newnet",
	"--cwd", "/cwd",
	"--",
	"/foo/bar",
	),
	},
	{
	name: "Test environment variables",
	cmdBuilder: &NsJailCmdBuilder{
	Bin: "/path/to/nsjail",
	Env: map[string]string{
	"FOO": "bar=baz",
	"TEST": "test",
	},
	},
	subcmd: []string{"/foo/bar"},
	want: append(
	cmdStart,
	"--disable_clone_newnet",
	"--env", "FOO=bar=baz", "--env", "TEST=test",
	"--",
	"/foo/bar",
	),
	},
	{
	name: "Test symlinks",
	cmdBuilder: &NsJailCmdBuilder{
	Bin: "/path/to/nsjail",
	Symlinks: map[string]string{
	"/bin/bash": "/bin/sh",
	},
	},
	subcmd: []string{"/foo/bar"},
	want: append(
	cmdStart,
	"--disable_clone_newnet",
	"--symlink", "/bin/bash:/bin/sh",
	"--",
	"/foo/bar",
	),
	},
	}
	for _, tc := range testCases {
	t.Run(tc.name, func(t *testing.T) {
	got, err := tc.cmdBuilder.Build(tc.subcmd)
	if err != nil && !tc.wantErr {
	t.Errorf("NsJailCmdBuilder.Build(%v) failed; got %s, want <nil> error", tc.subcmd, err)
	} else if err == nil && tc.wantErr {
	t.Errorf("NsJailCmdBuilder.Build(%v) succeeded unexpectedly", tc.subcmd)
	}
	if diff := cmp.Diff(tc.want, got); diff != "" {
	t.Errorf("NsJailCmdBuilder.Build(%v) returned unexpected command (-want +got):\n%s", tc.subcmd, diff)
	}
	})
	}
	}