Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

YARN-8538. Fixed memory leaks in container-executor and test cases. 

Contributed by Billie Rinaldi
This commit is contained in:
Eric Yang 2018-07-16 17:38:49 -04:00
parent d2874e0417
commit efb4e274e5
11 changed files with 307 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/configuration.c
View File

@ -58,6 +58,7 @@ void free_section(struct section *section) {
section->name = NULL; section->name = NULL;
} }
section->size = 0; section->size = 0;
free(section);
} }
//clean up method for freeing configuration //clean up method for freeing configuration
@ -466,6 +467,7 @@ static void merge_sections(struct section *section1, struct section *section2, c
section1->size += section2->size; section1->size += section2->size;
if (free_second_section) { if (free_second_section) {
free(section2->name); free(section2->name);
free(section2->kv_pairs);
memset(section2, 0, sizeof(*section2)); memset(section2, 0, sizeof(*section2));
free(section2); free(section2);
} }
@ -708,6 +710,7 @@ char *get_config_path(const char *argv0) {
const char *orig_conf_file = HADOOP_CONF_DIR "/" CONF_FILENAME; const char *orig_conf_file = HADOOP_CONF_DIR "/" CONF_FILENAME;
char *conf_file = resolve_config_path(orig_conf_file, executable_file); char *conf_file = resolve_config_path(orig_conf_file, executable_file);
free(executable_file);
if (conf_file == NULL) { if (conf_file == NULL) {
fprintf(ERRORFILE, "Configuration file %s not found.\n", orig_conf_file); fprintf(ERRORFILE, "Configuration file %s not found.\n", orig_conf_file);
} }

4
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c
View File

@ -128,11 +128,13 @@ static void flush_and_close_log_files() {
LOGFILE = NULL; LOGFILE = NULL;
} }
if (ERRORFILE != NULL) { if (ERRORFILE != NULL) {
fflush(ERRORFILE); fflush(ERRORFILE);
fclose(ERRORFILE); fclose(ERRORFILE);
ERRORFILE = NULL; ERRORFILE = NULL;
} }
free_executor_configurations();
} }
/** Validates the current container-executor setup. Causes program exit /** Validates the current container-executor setup. Causes program exit

2
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/modules/cgroups/cgroups-operations.c
View File

@ -83,6 +83,8 @@ char* get_cgroups_path_to_write(
} }
cleanup: cleanup:
free((void *) cgroups_root);
free((void *) yarn_hierarchy_name);
if (failed) { if (failed) {
if (buffer) { if (buffer) {
free(buffer); free(buffer);

234
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/utils/docker-util.c
View File

@ -143,9 +143,9 @@ int check_trusted_image(const struct configuration *command_config, const struct
fprintf(ERRORFILE, "image: %s is not trusted.\n", image_name); fprintf(ERRORFILE, "image: %s is not trusted.\n", image_name);
ret = INVALID_DOCKER_IMAGE_TRUST; ret = INVALID_DOCKER_IMAGE_TRUST;
} }
free(image_name);
free_and_exit: free_and_exit:
free(image_name);
free_values(privileged_registry); free_values(privileged_registry);
return ret; return ret;
} }
@ -195,7 +195,8 @@ static int add_param_to_command_if_allowed(const struct configuration *command_c
if (strcmp(key, "net") != 0) { if (strcmp(key, "net") != 0) {
if (check_trusted_image(command_config, executor_cfg) != 0) { if (check_trusted_image(command_config, executor_cfg) != 0) {
fprintf(ERRORFILE, "Disable %s for untrusted image\n", key); fprintf(ERRORFILE, "Disable %s for untrusted image\n", key);
return INVALID_DOCKER_IMAGE_TRUST; ret = INVALID_DOCKER_IMAGE_TRUST;
goto free_and_exit;
} }
} }
@ -225,13 +226,13 @@ static int add_param_to_command_if_allowed(const struct configuration *command_c
dst = strndup(values[i], tmp_ptr - values[i]); dst = strndup(values[i], tmp_ptr - values[i]);
pattern = strdup(permitted_values[j] + 6); pattern = strdup(permitted_values[j] + 6);
ret = execute_regex_match(pattern, dst); ret = execute_regex_match(pattern, dst);
free(dst);
free(pattern);
} else { } else {
ret = strncmp(values[i], permitted_values[j], tmp_ptr - values[i]); ret = strncmp(values[i], permitted_values[j], tmp_ptr - values[i]);
} }
} }
if (ret == 0) { if (ret == 0) {
free(dst);
free(pattern);
permitted = 1; permitted = 1;
break; break;
} }
@ -259,7 +260,7 @@ static int add_param_to_command_if_allowed(const struct configuration *command_c
} }
} }
free_and_exit: free_and_exit:
free_values(values); free_values(values);
free_values(permitted_values); free_values(permitted_values);
return ret; return ret;
@ -379,6 +380,7 @@ int get_docker_command(const char *command_file, const struct configuration *con
ret = read_config(command_file, &command_config); ret = read_config(command_file, &command_config);
if (ret != 0) { if (ret != 0) {
free_configuration(&command_config);
return INVALID_COMMAND_FILE; return INVALID_COMMAND_FILE;
} }
@ -392,36 +394,41 @@ int get_docker_command(const char *command_file, const struct configuration *con
ret = add_to_args(args, docker); ret = add_to_args(args, docker);
free(docker); free(docker);
if (ret != 0) { if (ret != 0) {
free_configuration(&command_config);
return BUFFER_TOO_SMALL; return BUFFER_TOO_SMALL;
} }
ret = add_docker_config_param(&command_config, args); ret = add_docker_config_param(&command_config, args);
if (ret != 0) { if (ret != 0) {
free_configuration(&command_config);
return BUFFER_TOO_SMALL; return BUFFER_TOO_SMALL;
} }
char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, &command_config); char *command = get_configuration_value("docker-command", DOCKER_COMMAND_FILE_SECTION, &command_config);
free_configuration(&command_config);
if (strcmp(DOCKER_INSPECT_COMMAND, command) == 0) { if (strcmp(DOCKER_INSPECT_COMMAND, command) == 0) {
return get_docker_inspect_command(command_file, conf, args); ret = get_docker_inspect_command(command_file, conf, args);
} else if (strcmp(DOCKER_KILL_COMMAND, command) == 0) { } else if (strcmp(DOCKER_KILL_COMMAND, command) == 0) {
return get_docker_kill_command(command_file, conf, args); ret = get_docker_kill_command(command_file, conf, args);
} else if (strcmp(DOCKER_LOAD_COMMAND, command) == 0) { } else if (strcmp(DOCKER_LOAD_COMMAND, command) == 0) {
return get_docker_load_command(command_file, conf, args); ret = get_docker_load_command(command_file, conf, args);
} else if (strcmp(DOCKER_PULL_COMMAND, command) == 0) { } else if (strcmp(DOCKER_PULL_COMMAND, command) == 0) {
return get_docker_pull_command(command_file, conf, args); ret = get_docker_pull_command(command_file, conf, args);
} else if (strcmp(DOCKER_RM_COMMAND, command) == 0) { } else if (strcmp(DOCKER_RM_COMMAND, command) == 0) {
return get_docker_rm_command(command_file, conf, args); ret = get_docker_rm_command(command_file, conf, args);
} else if (strcmp(DOCKER_RUN_COMMAND, command) == 0) { } else if (strcmp(DOCKER_RUN_COMMAND, command) == 0) {
return get_docker_run_command(command_file, conf, args); ret = get_docker_run_command(command_file, conf, args);
} else if (strcmp(DOCKER_STOP_COMMAND, command) == 0) { } else if (strcmp(DOCKER_STOP_COMMAND, command) == 0) {
return get_docker_stop_command(command_file, conf, args); ret = get_docker_stop_command(command_file, conf, args);
} else if (strcmp(DOCKER_VOLUME_COMMAND, command) == 0) { } else if (strcmp(DOCKER_VOLUME_COMMAND, command) == 0) {
return get_docker_volume_command(command_file, conf, args); ret = get_docker_volume_command(command_file, conf, args);
} else if (strcmp(DOCKER_START_COMMAND, command) == 0) { } else if (strcmp(DOCKER_START_COMMAND, command) == 0) {
return get_docker_start_command(command_file, conf, args); ret = get_docker_start_command(command_file, conf, args);
} else { } else {
return UNKNOWN_DOCKER_COMMAND; ret = UNKNOWN_DOCKER_COMMAND;
} }
free(command);
return ret;
} }
// check if a key is permitted in the configuration // check if a key is permitted in the configuration
@ -456,7 +463,7 @@ int get_docker_volume_command(const char *command_file, const struct configurati
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_VOLUME_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_VOLUME_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto cleanup;
} }
sub_command = get_configuration_value("sub-command", DOCKER_COMMAND_FILE_SECTION, &command_config); sub_command = get_configuration_value("sub-command", DOCKER_COMMAND_FILE_SECTION, &command_config);
@ -533,6 +540,7 @@ int get_docker_volume_command(const char *command_file, const struct configurati
} }
cleanup: cleanup:
free_configuration(&command_config);
free(driver); free(driver);
free(volume_name); free(volume_name);
free(sub_command); free(sub_command);
@ -548,18 +556,19 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_INSPECT_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_INSPECT_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto free_and_exit;
} }
container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config); container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (container_name == NULL || validate_container_name(container_name) != 0) { if (container_name == NULL || validate_container_name(container_name) != 0) {
return INVALID_DOCKER_CONTAINER_NAME; ret = INVALID_DOCKER_CONTAINER_NAME;
goto free_and_exit;
} }
format = get_configuration_value("format", DOCKER_COMMAND_FILE_SECTION, &command_config); format = get_configuration_value("format", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (format == NULL) { if (format == NULL) {
free(container_name); ret = INVALID_DOCKER_INSPECT_FORMAT;
return INVALID_DOCKER_INSPECT_FORMAT; goto free_and_exit;
} }
for (i = 0; i < 2; ++i) { for (i = 0; i < 2; ++i) {
if (strcmp(format, valid_format_strings[i]) == 0) { if (strcmp(format, valid_format_strings[i]) == 0) {
@ -569,9 +578,8 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
} }
if (valid_format != 1) { if (valid_format != 1) {
fprintf(ERRORFILE, "Invalid format option '%s' not permitted\n", format); fprintf(ERRORFILE, "Invalid format option '%s' not permitted\n", format);
free(container_name); ret = INVALID_DOCKER_INSPECT_FORMAT;
free(format); goto free_and_exit;
return INVALID_DOCKER_INSPECT_FORMAT;
} }
ret = add_to_args(args, DOCKER_INSPECT_COMMAND); ret = add_to_args(args, DOCKER_INSPECT_COMMAND);
@ -588,14 +596,12 @@ int get_docker_inspect_command(const char *command_file, const struct configurat
if (ret != 0) { if (ret != 0) {
goto free_and_exit; goto free_and_exit;
} }
free(format);
free(container_name);
return 0;
free_and_exit: free_and_exit:
free_configuration(&command_config);
free(format); free(format);
free(container_name); free(container_name);
return BUFFER_TOO_SMALL; return ret;
} }
int get_docker_load_command(const char *command_file, const struct configuration *conf, args *args) { int get_docker_load_command(const char *command_file, const struct configuration *conf, args *args) {
@ -604,12 +610,13 @@ int get_docker_load_command(const char *command_file, const struct configuration
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_LOAD_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_LOAD_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto free_and_exit;
} }
image_name = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config); image_name = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (image_name == NULL) { if (image_name == NULL) {
return INVALID_DOCKER_IMAGE_NAME; ret = INVALID_DOCKER_IMAGE_NAME;
goto free_and_exit;
} }
ret = add_to_args(args, DOCKER_LOAD_COMMAND); ret = add_to_args(args, DOCKER_LOAD_COMMAND);
@ -617,14 +624,14 @@ int get_docker_load_command(const char *command_file, const struct configuration
char *tmp_buffer = make_string("--i=%s", image_name); char *tmp_buffer = make_string("--i=%s", image_name);
ret = add_to_args(args, tmp_buffer); ret = add_to_args(args, tmp_buffer);
free(tmp_buffer); free(tmp_buffer);
free(image_name);
if (ret != 0) { if (ret != 0) {
return BUFFER_TOO_SMALL; ret = BUFFER_TOO_SMALL;
} }
return 0;
} }
free_and_exit:
free(image_name); free(image_name);
return BUFFER_TOO_SMALL; free_configuration(&command_config);
return ret;
} }
static int validate_docker_image_name(const char *image_name) { static int validate_docker_image_name(const char *image_name) {
@ -638,26 +645,23 @@ int get_docker_pull_command(const char *command_file, const struct configuration
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_PULL_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_PULL_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto free_pull;
} }
image_name = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config); image_name = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (image_name == NULL || validate_docker_image_name(image_name) != 0) { if (image_name == NULL || validate_docker_image_name(image_name) != 0) {
return INVALID_DOCKER_IMAGE_NAME; ret = INVALID_DOCKER_IMAGE_NAME;
goto free_pull;
} }
ret = add_to_args(args, DOCKER_PULL_COMMAND); ret = add_to_args(args, DOCKER_PULL_COMMAND);
if (ret == 0) { if (ret == 0) {
ret = add_to_args(args, image_name); ret = add_to_args(args, image_name);
free(image_name);
if (ret != 0) {
goto free_pull;
} }
return 0; free_pull:
}
free_pull:
free(image_name); free(image_name);
return BUFFER_TOO_SMALL; free_configuration(&command_config);
return ret;
} }
int get_docker_rm_command(const char *command_file, const struct configuration *conf, args *args) { int get_docker_rm_command(const char *command_file, const struct configuration *conf, args *args) {
@ -666,25 +670,26 @@ int get_docker_rm_command(const char *command_file, const struct configuration *
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_RM_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_RM_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto free_and_exit;
} }
container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config); container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (container_name == NULL || validate_container_name(container_name) != 0) { if (container_name == NULL || validate_container_name(container_name) != 0) {
return INVALID_DOCKER_CONTAINER_NAME; ret = INVALID_DOCKER_CONTAINER_NAME;
goto free_and_exit;
} }
ret = add_to_args(args, DOCKER_RM_COMMAND); ret = add_to_args(args, DOCKER_RM_COMMAND);
if (ret == 0) { if (ret == 0) {
ret = add_to_args(args, container_name); ret = add_to_args(args, container_name);
free(container_name);
if (ret != 0) { if (ret != 0) {
return BUFFER_TOO_SMALL; ret = BUFFER_TOO_SMALL;
} }
return 0;
} }
free_and_exit:
free(container_name); free(container_name);
return BUFFER_TOO_SMALL; free_configuration(&command_config);
return ret;
} }
int get_docker_stop_command(const char *command_file, const struct configuration *conf, int get_docker_stop_command(const char *command_file, const struct configuration *conf,
@ -696,12 +701,13 @@ int get_docker_stop_command(const char *command_file, const struct configuration
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_STOP_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_STOP_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto free_and_exit;
} }
container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config); container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (container_name == NULL || validate_container_name(container_name) != 0) { if (container_name == NULL || validate_container_name(container_name) != 0) {
return INVALID_DOCKER_CONTAINER_NAME; ret = INVALID_DOCKER_CONTAINER_NAME;
goto free_and_exit;
} }
ret = add_to_args(args, DOCKER_STOP_COMMAND); ret = add_to_args(args, DOCKER_STOP_COMMAND);
@ -726,7 +732,9 @@ int get_docker_stop_command(const char *command_file, const struct configuration
ret = add_to_args(args, container_name); ret = add_to_args(args, container_name);
} }
free_and_exit: free_and_exit:
free(value);
free(container_name); free(container_name);
free_configuration(&command_config);
return ret; return ret;
} }
@ -739,12 +747,13 @@ int get_docker_kill_command(const char *command_file, const struct configuration
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_KILL_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_KILL_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto free_and_exit;
} }
container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config); container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (container_name == NULL || validate_container_name(container_name) != 0) { if (container_name == NULL || validate_container_name(container_name) != 0) {
return INVALID_DOCKER_CONTAINER_NAME; ret = INVALID_DOCKER_CONTAINER_NAME;
goto free_and_exit;
} }
ret = add_to_args(args, DOCKER_KILL_COMMAND); ret = add_to_args(args, DOCKER_KILL_COMMAND);
@ -770,7 +779,9 @@ int get_docker_kill_command(const char *command_file, const struct configuration
ret = add_to_args(args, container_name); ret = add_to_args(args, container_name);
} }
free_and_exit: free_and_exit:
free(value);
free(container_name); free(container_name);
free_configuration(&command_config);
return ret; return ret;
} }
@ -780,12 +791,13 @@ int get_docker_start_command(const char *command_file, const struct configuratio
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_START_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_START_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto free_and_exit;
} }
container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config); container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (container_name == NULL || validate_container_name(container_name) != 0) { if (container_name == NULL || validate_container_name(container_name) != 0) {
return INVALID_DOCKER_CONTAINER_NAME; ret = INVALID_DOCKER_CONTAINER_NAME;
goto free_and_exit;
} }
ret = add_to_args(args, DOCKER_START_COMMAND); ret = add_to_args(args, DOCKER_START_COMMAND);
@ -795,6 +807,7 @@ int get_docker_start_command(const char *command_file, const struct configuratio
ret = add_to_args(args, container_name); ret = add_to_args(args, container_name);
free_and_exit: free_and_exit:
free(container_name); free(container_name);
free_configuration(&command_config);
return ret; return ret;
} }
@ -1092,7 +1105,9 @@ static int add_mounts(const struct configuration *command_config, const struct c
char **permitted_rw_mounts = get_configuration_values_delimiter("docker.allowed.rw-mounts", char **permitted_rw_mounts = get_configuration_values_delimiter("docker.allowed.rw-mounts",
CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, conf, ","); CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, conf, ",");
char **values = get_configuration_values_delimiter(key, DOCKER_COMMAND_FILE_SECTION, command_config, ","); char **values = get_configuration_values_delimiter(key, DOCKER_COMMAND_FILE_SECTION, command_config, ",");
const char *container_executor_cfg_path = normalize_mount(get_config_path(""), 0); char *config_path = get_config_path("");
const char *container_executor_cfg_path = normalize_mount(config_path, 0);
free(config_path);
int i = 0, permitted_rw = 0, permitted_ro = 0, ret = 0; int i = 0, permitted_rw = 0, permitted_ro = 0, ret = 0;
if (ro != 0) { if (ro != 0) {
ro_suffix = ":ro"; ro_suffix = ":ro";
@ -1172,6 +1187,8 @@ static int add_mounts(const struct configuration *command_config, const struct c
ret = BUFFER_TOO_SMALL; ret = BUFFER_TOO_SMALL;
goto free_and_exit; goto free_and_exit;
} }
free(mount_src);
mount_src = NULL;
} }
} }
@ -1312,7 +1329,7 @@ static int set_privileged(const struct configuration *command_config, const stru
} }
} }
free_and_exit: free_and_exit:
free(value); free(value);
free(privileged_container_enabled); free(privileged_container_enabled);
free(user); free(user);
@ -1325,42 +1342,41 @@ int get_docker_run_command(const char *command_file, const struct configuration
char *tmp_buffer = NULL; char *tmp_buffer = NULL;
char **launch_command = NULL; char **launch_command = NULL;
char *privileged = NULL; char *privileged = NULL;
char *no_new_privileges_enabled = NULL;
struct configuration command_config = {0, NULL}; struct configuration command_config = {0, NULL};
ret = read_and_verify_command_file(command_file, DOCKER_RUN_COMMAND, &command_config); ret = read_and_verify_command_file(command_file, DOCKER_RUN_COMMAND, &command_config);
if (ret != 0) { if (ret != 0) {
return ret; goto free_and_exit;
} }
container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config); container_name = get_configuration_value("name", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (container_name == NULL || validate_container_name(container_name) != 0) { if (container_name == NULL || validate_container_name(container_name) != 0) {
if (container_name != NULL) { ret = INVALID_DOCKER_CONTAINER_NAME;
free(container_name); goto free_and_exit;
}
return INVALID_DOCKER_CONTAINER_NAME;
} }
user = get_configuration_value("user", DOCKER_COMMAND_FILE_SECTION, &command_config); user = get_configuration_value("user", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (user == NULL) { if (user == NULL) {
return INVALID_DOCKER_USER_NAME; ret = INVALID_DOCKER_USER_NAME;
goto free_and_exit;
} }
image = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config); image = get_configuration_value("image", DOCKER_COMMAND_FILE_SECTION, &command_config);
if (image == NULL || validate_docker_image_name(image) != 0) { if (image == NULL || validate_docker_image_name(image) != 0) {
if (image != NULL) { ret = INVALID_DOCKER_IMAGE_NAME;
free(image); goto free_and_exit;
}
return INVALID_DOCKER_IMAGE_NAME;
} }
ret = add_to_args(args, DOCKER_RUN_COMMAND); ret = add_to_args(args, DOCKER_RUN_COMMAND);
if(ret != 0) { if(ret != 0) {
reset_args(args); ret = BUFFER_TOO_SMALL;
return BUFFER_TOO_SMALL; goto free_and_exit;
} }
tmp_buffer = make_string("--name=%s", container_name); tmp_buffer = make_string("--name=%s", container_name);
ret = add_to_args(args, tmp_buffer); ret = add_to_args(args, tmp_buffer);
free(tmp_buffer);
if (ret != 0) { if (ret != 0) {
reset_args(args); ret = BUFFER_TOO_SMALL;
return BUFFER_TOO_SMALL; goto free_and_exit;
} }
privileged = get_configuration_value("privileged", DOCKER_COMMAND_FILE_SECTION, &command_config); privileged = get_configuration_value("privileged", DOCKER_COMMAND_FILE_SECTION, &command_config);
@ -1370,111 +1386,95 @@ int get_docker_run_command(const char *command_file, const struct configuration
ret = add_to_args(args, user_buffer); ret = add_to_args(args, user_buffer);
free(user_buffer); free(user_buffer);
if (ret != 0) { if (ret != 0) {
reset_args(args); ret = BUFFER_TOO_SMALL;
return BUFFER_TOO_SMALL; goto free_and_exit;
} }
char *no_new_privileges_enabled = no_new_privileges_enabled =
get_configuration_value("docker.no-new-privileges.enabled", get_configuration_value("docker.no-new-privileges.enabled",
CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, conf); CONTAINER_EXECUTOR_CFG_DOCKER_SECTION, conf);
if (no_new_privileges_enabled != NULL && if (no_new_privileges_enabled != NULL &&
strcasecmp(no_new_privileges_enabled, "True") == 0) { strcasecmp(no_new_privileges_enabled, "True") == 0) {
ret = add_to_args(args, "--security-opt=no-new-privileges"); ret = add_to_args(args, "--security-opt=no-new-privileges");
if (ret != 0) { if (ret != 0) {
reset_args(args); ret = BUFFER_TOO_SMALL;
return BUFFER_TOO_SMALL; goto free_and_exit;
} }
} }
free(no_new_privileges_enabled);
} }
free(privileged);
ret = detach_container(&command_config, args); ret = detach_container(&command_config, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = rm_container_on_exit(&command_config, args); ret = rm_container_on_exit(&command_config, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_container_workdir(&command_config, args); ret = set_container_workdir(&command_config, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_network(&command_config, conf, args); ret = set_network(&command_config, conf, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_pid_namespace(&command_config, conf, args); ret = set_pid_namespace(&command_config, conf, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = add_ro_mounts(&command_config, conf, args); ret = add_ro_mounts(&command_config, conf, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = add_rw_mounts(&command_config, conf, args); ret = add_rw_mounts(&command_config, conf, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_cgroup_parent(&command_config, args); ret = set_cgroup_parent(&command_config, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_privileged(&command_config, conf, args); ret = set_privileged(&command_config, conf, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_capabilities(&command_config, conf, args); ret = set_capabilities(&command_config, conf, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_hostname(&command_config, args); ret = set_hostname(&command_config, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_group_add(&command_config, args); ret = set_group_add(&command_config, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_devices(&command_config, conf, args); ret = set_devices(&command_config, conf, args);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return ret;
} }
ret = set_env(&command_config, args); ret = set_env(&command_config, args);
if (ret != 0) { if (ret != 0) {
return BUFFER_TOO_SMALL; goto free_and_exit;
} }
ret = add_to_args(args, image); ret = add_to_args(args, image);
if (ret != 0) { if (ret != 0) {
reset_args(args); goto free_and_exit;
return BUFFER_TOO_SMALL;
} }
launch_command = get_configuration_values_delimiter("launch-command", DOCKER_COMMAND_FILE_SECTION, &command_config, launch_command = get_configuration_values_delimiter("launch-command", DOCKER_COMMAND_FILE_SECTION, &command_config,
@ -1483,13 +1483,21 @@ int get_docker_run_command(const char *command_file, const struct configuration
for (i = 0; launch_command[i] != NULL; ++i) { for (i = 0; launch_command[i] != NULL; ++i) {
ret = add_to_args(args, launch_command[i]); ret = add_to_args(args, launch_command[i]);
if (ret != 0) { if (ret != 0) {
free_values(launch_command); ret = BUFFER_TOO_SMALL;
goto free_and_exit;
}
}
}
free_and_exit:
if (ret != 0) {
reset_args(args); reset_args(args);
return BUFFER_TOO_SMALL;
}
} }
free(user);
free(image);
free(privileged);
free(no_new_privileges_enabled);
free(container_name);
free_values(launch_command); free_values(launch_command);
} free_configuration(&command_config);
free(tmp_buffer); return ret;
return 0;
} }

8
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/modules/cgroups/test-cgroups-module.cc
View File

@ -73,6 +73,8 @@ TEST_F(TestCGroupsModule, test_cgroups_get_path_without_define_root) {
char* path = get_cgroups_path_to_write("devices", "deny", "container_1"); char* path = get_cgroups_path_to_write("devices", "deny", "container_1");
ASSERT_TRUE(NULL == path) << "Should fail.\n"; ASSERT_TRUE(NULL == path) << "Should fail.\n";
free_executor_configurations();
} }
TEST_F(TestCGroupsModule, test_cgroups_get_path_without_define_yarn_hierarchy) { TEST_F(TestCGroupsModule, test_cgroups_get_path_without_define_yarn_hierarchy) {
@ -92,6 +94,8 @@ TEST_F(TestCGroupsModule, test_cgroups_get_path_without_define_yarn_hierarchy) {
char* path = get_cgroups_path_to_write("devices", "deny", "container_1"); char* path = get_cgroups_path_to_write("devices", "deny", "container_1");
ASSERT_TRUE(NULL == path) << "Should fail.\n"; ASSERT_TRUE(NULL == path) << "Should fail.\n";
free_executor_configurations();
} }
TEST_F(TestCGroupsModule, test_cgroups_get_path_succeeded) { TEST_F(TestCGroupsModule, test_cgroups_get_path_succeeded) {
@ -117,5 +121,9 @@ TEST_F(TestCGroupsModule, test_cgroups_get_path_succeeded) {
ASSERT_STREQ(EXPECTED, path) ASSERT_STREQ(EXPECTED, path)
<< "Return cgroup-path-to-write is not expected\n"; << "Return cgroup-path-to-write is not expected\n";
free(path);
free_executor_configurations();
} }
} // namespace ContainerExecutor } // namespace ContainerExecutor

24
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/modules/fpga/test-fpga-module.cc
View File

@ -84,6 +84,13 @@ static int mock_update_cgroups_parameters(
return 0; return 0;
} }
static void clear_cgroups_parameters_invoked() {
for (std::vector<const char*>::size_type i = 0; i < cgroups_parameters_invoked.size(); i++) {
free((void *) cgroups_parameters_invoked[i]);
}
cgroups_parameters_invoked.clear();
}
static void verify_param_updated_to_cgroups( static void verify_param_updated_to_cgroups(
int argc, const char** argv) { int argc, const char** argv) {
ASSERT_EQ(argc, cgroups_parameters_invoked.size()); ASSERT_EQ(argc, cgroups_parameters_invoked.size());
@ -133,6 +140,9 @@ static void test_fpga_module_enabled_disabled(int enabled) {
EXPECTED_RC = -1; EXPECTED_RC = -1;
} }
ASSERT_EQ(EXPECTED_RC, rc); ASSERT_EQ(EXPECTED_RC, rc);
clear_cgroups_parameters_invoked();
free_executor_configurations();
} }
TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) { TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
@ -146,7 +156,7 @@ TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
container_id }; container_id };
/* Test case 1: block 2 devices */ /* Test case 1: block 2 devices */
cgroups_parameters_invoked.clear(); clear_cgroups_parameters_invoked();
int rc = handle_fpga_request(&mock_update_cgroups_parameters, int rc = handle_fpga_request(&mock_update_cgroups_parameters,
"fpga", 5, argv); "fpga", 5, argv);
ASSERT_EQ(0, rc) << "Should success.\n"; ASSERT_EQ(0, rc) << "Should success.\n";
@ -157,7 +167,7 @@ TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
verify_param_updated_to_cgroups(8, expected_cgroups_argv); verify_param_updated_to_cgroups(8, expected_cgroups_argv);
/* Test case 2: block 0 devices */ /* Test case 2: block 0 devices */
cgroups_parameters_invoked.clear(); clear_cgroups_parameters_invoked();
char* argv_1[] = { (char*) "--module-fpga", (char*) "--container_id", container_id }; char* argv_1[] = { (char*) "--module-fpga", (char*) "--container_id", container_id };
rc = handle_fpga_request(&mock_update_cgroups_parameters, rc = handle_fpga_request(&mock_update_cgroups_parameters,
"fpga", 3, argv_1); "fpga", 3, argv_1);
@ -167,7 +177,7 @@ TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
verify_param_updated_to_cgroups(0, NULL); verify_param_updated_to_cgroups(0, NULL);
/* Test case 3: block 2 non-sequential devices */ /* Test case 3: block 2 non-sequential devices */
cgroups_parameters_invoked.clear(); clear_cgroups_parameters_invoked();
char* argv_2[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "1,3", char* argv_2[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "1,3",
(char*) "--container_id", container_id }; (char*) "--container_id", container_id };
rc = handle_fpga_request(&mock_update_cgroups_parameters, rc = handle_fpga_request(&mock_update_cgroups_parameters,
@ -178,6 +188,9 @@ TEST_F(TestFpgaModule, test_verify_fpga_module_calls_cgroup_parameter) {
const char* expected_cgroups_argv_2[] = { "devices", "deny", container_id, "c 246:1 rwm", const char* expected_cgroups_argv_2[] = { "devices", "deny", container_id, "c 246:1 rwm",
"devices", "deny", container_id, "c 246:3 rwm"}; "devices", "deny", container_id, "c 246:3 rwm"};
verify_param_updated_to_cgroups(8, expected_cgroups_argv_2); verify_param_updated_to_cgroups(8, expected_cgroups_argv_2);
clear_cgroups_parameters_invoked();
free_executor_configurations();
} }
TEST_F(TestFpgaModule, test_illegal_cli_parameters) { TEST_F(TestFpgaModule, test_illegal_cli_parameters) {
@ -193,6 +206,7 @@ TEST_F(TestFpgaModule, test_illegal_cli_parameters) {
ASSERT_NE(0, rc) << "Should fail.\n"; ASSERT_NE(0, rc) << "Should fail.\n";
// Illegal container id - 2 // Illegal container id - 2
clear_cgroups_parameters_invoked();
char* argv_1[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "0,1", char* argv_1[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "0,1",
(char*) "--container_id", (char*) "container_1" }; (char*) "--container_id", (char*) "container_1" };
rc = handle_fpga_request(&mock_update_cgroups_parameters, rc = handle_fpga_request(&mock_update_cgroups_parameters,
@ -200,10 +214,14 @@ TEST_F(TestFpgaModule, test_illegal_cli_parameters) {
ASSERT_NE(0, rc) << "Should fail.\n"; ASSERT_NE(0, rc) << "Should fail.\n";
// Illegal container id - 3 // Illegal container id - 3
clear_cgroups_parameters_invoked();
char* argv_2[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "0,1" }; char* argv_2[] = { (char*) "--module-fpga", (char*) "--excluded_fpgas", (char*) "0,1" };
rc = handle_fpga_request(&mock_update_cgroups_parameters, rc = handle_fpga_request(&mock_update_cgroups_parameters,
"fpga", 3, argv_2); "fpga", 3, argv_2);
ASSERT_NE(0, rc) << "Should fail.\n"; ASSERT_NE(0, rc) << "Should fail.\n";
clear_cgroups_parameters_invoked();
free_executor_configurations();
} }
TEST_F(TestFpgaModule, test_fpga_module_disabled) { TEST_F(TestFpgaModule, test_fpga_module_disabled) {

24
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/modules/gpu/test-gpu-module.cc
View File

@ -84,6 +84,13 @@ static int mock_update_cgroups_parameters(
return 0; return 0;
} }
static void clear_cgroups_parameters_invoked() {
for (std::vector<const char*>::size_type i = 0; i < cgroups_parameters_invoked.size(); i++) {
free((void *) cgroups_parameters_invoked[i]);
}
cgroups_parameters_invoked.clear();
}
static void verify_param_updated_to_cgroups( static void verify_param_updated_to_cgroups(
int argc, const char** argv) { int argc, const char** argv) {
ASSERT_EQ(argc, cgroups_parameters_invoked.size()); ASSERT_EQ(argc, cgroups_parameters_invoked.size());
@ -133,6 +140,9 @@ static void test_gpu_module_enabled_disabled(int enabled) {
EXPECTED_RC = -1; EXPECTED_RC = -1;
} }
ASSERT_EQ(EXPECTED_RC, rc); ASSERT_EQ(EXPECTED_RC, rc);
clear_cgroups_parameters_invoked();
free_executor_configurations();
} }
TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) { TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
@ -146,7 +156,7 @@ TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
container_id }; container_id };
/* Test case 1: block 2 devices */ /* Test case 1: block 2 devices */
cgroups_parameters_invoked.clear(); clear_cgroups_parameters_invoked();
int rc = handle_gpu_request(&mock_update_cgroups_parameters, int rc = handle_gpu_request(&mock_update_cgroups_parameters,
"gpu", 5, argv); "gpu", 5, argv);
ASSERT_EQ(0, rc) << "Should success.\n"; ASSERT_EQ(0, rc) << "Should success.\n";
@ -157,7 +167,7 @@ TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
verify_param_updated_to_cgroups(8, expected_cgroups_argv); verify_param_updated_to_cgroups(8, expected_cgroups_argv);
/* Test case 2: block 0 devices */ /* Test case 2: block 0 devices */
cgroups_parameters_invoked.clear(); clear_cgroups_parameters_invoked();
char* argv_1[] = { (char*) "--module-gpu", (char*) "--container_id", container_id }; char* argv_1[] = { (char*) "--module-gpu", (char*) "--container_id", container_id };
rc = handle_gpu_request(&mock_update_cgroups_parameters, rc = handle_gpu_request(&mock_update_cgroups_parameters,
"gpu", 3, argv_1); "gpu", 3, argv_1);
@ -167,7 +177,7 @@ TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
verify_param_updated_to_cgroups(0, NULL); verify_param_updated_to_cgroups(0, NULL);
/* Test case 3: block 2 non-sequential devices */ /* Test case 3: block 2 non-sequential devices */
cgroups_parameters_invoked.clear(); clear_cgroups_parameters_invoked();
char* argv_2[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "1,3", char* argv_2[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "1,3",
(char*) "--container_id", container_id }; (char*) "--container_id", container_id };
rc = handle_gpu_request(&mock_update_cgroups_parameters, rc = handle_gpu_request(&mock_update_cgroups_parameters,
@ -178,6 +188,9 @@ TEST_F(TestGpuModule, test_verify_gpu_module_calls_cgroup_parameter) {
const char* expected_cgroups_argv_2[] = { "devices", "deny", container_id, "c 195:1 rwm", const char* expected_cgroups_argv_2[] = { "devices", "deny", container_id, "c 195:1 rwm",
"devices", "deny", container_id, "c 195:3 rwm"}; "devices", "deny", container_id, "c 195:3 rwm"};
verify_param_updated_to_cgroups(8, expected_cgroups_argv_2); verify_param_updated_to_cgroups(8, expected_cgroups_argv_2);
clear_cgroups_parameters_invoked();
free_executor_configurations();
} }
TEST_F(TestGpuModule, test_illegal_cli_parameters) { TEST_F(TestGpuModule, test_illegal_cli_parameters) {
@ -193,6 +206,7 @@ TEST_F(TestGpuModule, test_illegal_cli_parameters) {
ASSERT_NE(0, rc) << "Should fail.\n"; ASSERT_NE(0, rc) << "Should fail.\n";
// Illegal container id - 2 // Illegal container id - 2
clear_cgroups_parameters_invoked();
char* argv_1[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "0,1", char* argv_1[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "0,1",
(char*) "--container_id", (char*) "container_1" }; (char*) "--container_id", (char*) "container_1" };
rc = handle_gpu_request(&mock_update_cgroups_parameters, rc = handle_gpu_request(&mock_update_cgroups_parameters,
@ -200,10 +214,14 @@ TEST_F(TestGpuModule, test_illegal_cli_parameters) {
ASSERT_NE(0, rc) << "Should fail.\n"; ASSERT_NE(0, rc) << "Should fail.\n";
// Illegal container id - 3 // Illegal container id - 3
clear_cgroups_parameters_invoked();
char* argv_2[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "0,1" }; char* argv_2[] = { (char*) "--module-gpu", (char*) "--excluded_gpus", (char*) "0,1" };
rc = handle_gpu_request(&mock_update_cgroups_parameters, rc = handle_gpu_request(&mock_update_cgroups_parameters,
"gpu", 3, argv_2); "gpu", 3, argv_2);
ASSERT_NE(0, rc) << "Should fail.\n"; ASSERT_NE(0, rc) << "Should fail.\n";
clear_cgroups_parameters_invoked();
free_executor_configurations();
} }
TEST_F(TestGpuModule, test_gpu_module_disabled) { TEST_F(TestGpuModule, test_gpu_module_disabled) {

34
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test_configuration.cc
View File

@ -51,6 +51,7 @@ namespace ContainerExecutor {
virtual void TearDown() { virtual void TearDown() {
free_configuration(&new_config_format); free_configuration(&new_config_format);
free_configuration(&old_config_format); free_configuration(&old_config_format);
free_configuration(&mixed_config_format);
return; return;
} }
@ -84,12 +85,12 @@ namespace ContainerExecutor {
ASSERT_STREQ("/var/run/yarn", split_values[0]); ASSERT_STREQ("/var/run/yarn", split_values[0]);
ASSERT_STREQ("/tmp/mydir", split_values[1]); ASSERT_STREQ("/tmp/mydir", split_values[1]);
ASSERT_EQ(NULL, split_values[2]); ASSERT_EQ(NULL, split_values[2]);
free(split_values); free_values(split_values);
split_values = get_configuration_values_delimiter("allowed.system.users", split_values = get_configuration_values_delimiter("allowed.system.users",
"", &old_config_format, "%"); "", &old_config_format, "%");
ASSERT_STREQ("nobody,daemon", split_values[0]); ASSERT_STREQ("nobody,daemon", split_values[0]);
ASSERT_EQ(NULL, split_values[1]); ASSERT_EQ(NULL, split_values[1]);
free(split_values); free_values(split_values);
} }
TEST_F(TestConfiguration, test_get_configuration_values) { TEST_F(TestConfiguration, test_get_configuration_values) {
@ -105,13 +106,13 @@ namespace ContainerExecutor {
split_values = get_configuration_values("yarn.local.dirs", "", &old_config_format); split_values = get_configuration_values("yarn.local.dirs", "", &old_config_format);
ASSERT_STREQ("/var/run/yarn%/tmp/mydir", split_values[0]); ASSERT_STREQ("/var/run/yarn%/tmp/mydir", split_values[0]);
ASSERT_EQ(NULL, split_values[1]); ASSERT_EQ(NULL, split_values[1]);
free(split_values); free_values(split_values);
split_values = get_configuration_values("allowed.system.users", "", split_values = get_configuration_values("allowed.system.users", "",
&old_config_format); &old_config_format);
ASSERT_STREQ("nobody", split_values[0]); ASSERT_STREQ("nobody", split_values[0]);
ASSERT_STREQ("daemon", split_values[1]); ASSERT_STREQ("daemon", split_values[1]);
ASSERT_EQ(NULL, split_values[2]); ASSERT_EQ(NULL, split_values[2]);
free(split_values); free_values(split_values);
} }
TEST_F(TestConfiguration, test_get_configuration_value) { TEST_F(TestConfiguration, test_get_configuration_value) {
@ -149,21 +150,28 @@ namespace ContainerExecutor {
char *value = NULL; char *value = NULL;
value = get_section_value("yarn.nodemanager.linux-container-executor.group", executor_cfg); value = get_section_value("yarn.nodemanager.linux-container-executor.group", executor_cfg);
ASSERT_STREQ("yarn", value); ASSERT_STREQ("yarn", value);
free(value);
value = get_section_value("feature.docker.enabled", executor_cfg); value = get_section_value("feature.docker.enabled", executor_cfg);
ASSERT_STREQ("1", value); ASSERT_STREQ("1", value);
free(value);
value = get_section_value("feature.tc.enabled", executor_cfg); value = get_section_value("feature.tc.enabled", executor_cfg);
ASSERT_STREQ("0", value); ASSERT_STREQ("0", value);
free(value);
value = get_section_value("min.user.id", executor_cfg); value = get_section_value("min.user.id", executor_cfg);
ASSERT_STREQ("1000", value); ASSERT_STREQ("1000", value);
free(value);
value = get_section_value("docker.binary", executor_cfg); value = get_section_value("docker.binary", executor_cfg);
ASSERT_STREQ("/usr/bin/docker", value); ASSERT_STREQ("/usr/bin/docker", value);
free(value);
char **list = get_section_values("allowed.system.users", executor_cfg); char **list = get_section_values("allowed.system.users", executor_cfg);
ASSERT_STREQ("nobody", list[0]); ASSERT_STREQ("nobody", list[0]);
ASSERT_STREQ("daemon", list[1]); ASSERT_STREQ("daemon", list[1]);
free_values(list);
list = get_section_values("banned.users", executor_cfg); list = get_section_values("banned.users", executor_cfg);
ASSERT_STREQ("root", list[0]); ASSERT_STREQ("root", list[0]);
ASSERT_STREQ("testuser1", list[1]); ASSERT_STREQ("testuser1", list[1]);
ASSERT_STREQ("testuser2", list[2]); ASSERT_STREQ("testuser2", list[2]);
free_values(list);
} }
TEST_F(TestConfiguration, test_get_section_values_delimiter) { TEST_F(TestConfiguration, test_get_section_values_delimiter) {
@ -176,12 +184,16 @@ namespace ContainerExecutor {
free(value); free(value);
value = get_section_value("key2", section); value = get_section_value("key2", section);
ASSERT_EQ(NULL, value); ASSERT_EQ(NULL, value);
free(value);
split_values = get_section_values_delimiter(NULL, section, "%"); split_values = get_section_values_delimiter(NULL, section, "%");
ASSERT_EQ(NULL, split_values); ASSERT_EQ(NULL, split_values);
free_values(split_values);
split_values = get_section_values_delimiter("split-key", NULL, "%"); split_values = get_section_values_delimiter("split-key", NULL, "%");
ASSERT_EQ(NULL, split_values); ASSERT_EQ(NULL, split_values);
free_values(split_values);
split_values = get_section_values_delimiter("split-key", section, NULL); split_values = get_section_values_delimiter("split-key", section, NULL);
ASSERT_EQ(NULL, split_values); ASSERT_EQ(NULL, split_values);
free_values(split_values);
split_values = get_section_values_delimiter("split-key", section, "%"); split_values = get_section_values_delimiter("split-key", section, "%");
ASSERT_FALSE(split_values == NULL); ASSERT_FALSE(split_values == NULL);
ASSERT_STREQ("val1,val2,val3", split_values[0]); ASSERT_STREQ("val1,val2,val3", split_values[0]);
@ -192,6 +204,7 @@ namespace ContainerExecutor {
ASSERT_STREQ("perc-val1", split_values[0]); ASSERT_STREQ("perc-val1", split_values[0]);
ASSERT_STREQ("perc-val2", split_values[1]); ASSERT_STREQ("perc-val2", split_values[1]);
ASSERT_TRUE(split_values[2] == NULL); ASSERT_TRUE(split_values[2] == NULL);
free_values(split_values);
} }
TEST_F(TestConfiguration, test_get_section_values) { TEST_F(TestConfiguration, test_get_section_values) {
@ -201,13 +214,16 @@ namespace ContainerExecutor {
section = get_configuration_section("section-1", &new_config_format); section = get_configuration_section("section-1", &new_config_format);
value = get_section_value(NULL, section); value = get_section_value(NULL, section);
ASSERT_EQ(NULL, value); ASSERT_EQ(NULL, value);
free(value);
value = get_section_value("key1", NULL); value = get_section_value("key1", NULL);
ASSERT_EQ(NULL, value); ASSERT_EQ(NULL, value);
free(value);
value = get_section_value("key1", section); value = get_section_value("key1", section);
ASSERT_STREQ("value1", value); ASSERT_STREQ("value1", value);
free(value); free(value);
value = get_section_value("key2", section); value = get_section_value("key2", section);
ASSERT_EQ(NULL, value); ASSERT_EQ(NULL, value);
free(value);
split_values = get_section_values("split-key", section); split_values = get_section_values("split-key", section);
ASSERT_FALSE(split_values == NULL); ASSERT_FALSE(split_values == NULL);
ASSERT_STREQ("val1", split_values[0]); ASSERT_STREQ("val1", split_values[0]);
@ -235,14 +251,16 @@ namespace ContainerExecutor {
section = get_configuration_section("split-section", &new_config_format); section = get_configuration_section("split-section", &new_config_format);
value = get_section_value(NULL, section); value = get_section_value(NULL, section);
ASSERT_EQ(NULL, value); ASSERT_EQ(NULL, value);
free(value);
value = get_section_value("key3", NULL); value = get_section_value("key3", NULL);
ASSERT_EQ(NULL, value); ASSERT_EQ(NULL, value);
free(value);
value = get_section_value("key3", section); value = get_section_value("key3", section);
ASSERT_STREQ("value3", value); ASSERT_STREQ("value3", value);
free(value); free(value);
value = get_section_value("key4", section); value = get_section_value("key4", section);
ASSERT_STREQ("value4", value); ASSERT_STREQ("value4", value);
free(value);
} }
TEST_F(TestConfiguration, test_get_configuration_section) { TEST_F(TestConfiguration, test_get_configuration_section) {
@ -343,6 +361,7 @@ namespace ContainerExecutor {
oss.str(""); oss.str("");
oss << "value" << i; oss << "value" << i;
ASSERT_STREQ(oss.str().c_str(), value); ASSERT_STREQ(oss.str().c_str(), value);
free((void *) value);
} }
remove(sample_file_name.c_str()); remove(sample_file_name.c_str());
free_configuration(&cfg); free_configuration(&cfg);
@ -372,6 +391,7 @@ namespace ContainerExecutor {
oss.str(""); oss.str("");
oss << "value" << i; oss << "value" << i;
ASSERT_STREQ(oss.str().c_str(), value); ASSERT_STREQ(oss.str().c_str(), value);
free((void *) value);
} }
remove(sample_file_name.c_str()); remove(sample_file_name.c_str());
free_configuration(&cfg); free_configuration(&cfg);
@ -415,18 +435,22 @@ namespace ContainerExecutor {
char *value = NULL; char *value = NULL;
value = get_section_value("key1", executor_cfg); value = get_section_value("key1", executor_cfg);
ASSERT_STREQ("value1", value); ASSERT_STREQ("value1", value);
free(value);
value = get_section_value("key2", executor_cfg); value = get_section_value("key2", executor_cfg);
ASSERT_STREQ("value2", value); ASSERT_STREQ("value2", value);
ASSERT_EQ(2, executor_cfg->size); ASSERT_EQ(2, executor_cfg->size);
free(value);
executor_cfg = get_configuration_section("section-1", executor_cfg = get_configuration_section("section-1",
&mixed_config_format); &mixed_config_format);
value = get_section_value("key3", executor_cfg); value = get_section_value("key3", executor_cfg);
ASSERT_STREQ("value3", value); ASSERT_STREQ("value3", value);
free(value);
value = get_section_value("key1", executor_cfg); value = get_section_value("key1", executor_cfg);
ASSERT_STREQ("value4", value); ASSERT_STREQ("value4", value);
ASSERT_EQ(2, executor_cfg->size); ASSERT_EQ(2, executor_cfg->size);
ASSERT_EQ(2, mixed_config_format.size); ASSERT_EQ(2, mixed_config_format.size);
ASSERT_STREQ("", mixed_config_format.sections[0]->name); ASSERT_STREQ("", mixed_config_format.sections[0]->name);
ASSERT_STREQ("section-1", mixed_config_format.sections[1]->name); ASSERT_STREQ("section-1", mixed_config_format.sections[1]->name);
free(value);
} }
} }

5
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/test_util.cc
View File

@ -51,6 +51,7 @@ namespace ContainerExecutor {
ASSERT_STREQ(oss.str().c_str(), splits[i-1]); ASSERT_STREQ(oss.str().c_str(), splits[i-1]);
} }
ASSERT_EQ(NULL, splits[count]); ASSERT_EQ(NULL, splits[count]);
free(split_string);
free_values(splits); free_values(splits);
split_string = (char *) calloc(str.length() + 1, sizeof(char)); split_string = (char *) calloc(str.length() + 1, sizeof(char));
@ -59,6 +60,7 @@ namespace ContainerExecutor {
ASSERT_TRUE(splits != NULL); ASSERT_TRUE(splits != NULL);
ASSERT_TRUE(splits[1] == NULL); ASSERT_TRUE(splits[1] == NULL);
ASSERT_STREQ(str.c_str(), splits[0]); ASSERT_STREQ(str.c_str(), splits[0]);
free(split_string);
free_values(splits); free_values(splits);
splits = split_delimiter(NULL, ","); splits = split_delimiter(NULL, ",");
@ -82,6 +84,7 @@ namespace ContainerExecutor {
ASSERT_STREQ(oss.str().c_str(), splits[i-1]); ASSERT_STREQ(oss.str().c_str(), splits[i-1]);
} }
ASSERT_EQ(NULL, splits[count]); ASSERT_EQ(NULL, splits[count]);
free(split_string);
free_values(splits); free_values(splits);
str = "1,2,3,4,5,6,7,8,9,10,11"; str = "1,2,3,4,5,6,7,8,9,10,11";
@ -91,6 +94,8 @@ namespace ContainerExecutor {
ASSERT_TRUE(splits != NULL); ASSERT_TRUE(splits != NULL);
ASSERT_TRUE(splits[1] == NULL); ASSERT_TRUE(splits[1] == NULL);
ASSERT_STREQ(str.c_str(), splits[0]); ASSERT_STREQ(str.c_str(), splits[0]);
free(split_string);
free_values(splits);
return; return;
} }

6
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test-string-utils.cc
View File

@ -59,6 +59,7 @@
ASSERT_EQ(1, numbers[0]); ASSERT_EQ(1, numbers[0]);
ASSERT_EQ(-1, numbers[3]); ASSERT_EQ(-1, numbers[3]);
ASSERT_EQ(0, numbers[5]); ASSERT_EQ(0, numbers[5]);
free(numbers);
input = "3"; input = "3";
rc = get_numbers_split_by_comma(input, &numbers, &n_numbers); rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
@ -66,28 +67,33 @@
ASSERT_EQ(0, rc) << "Should succeeded\n"; ASSERT_EQ(0, rc) << "Should succeeded\n";
ASSERT_EQ(1, n_numbers); ASSERT_EQ(1, n_numbers);
ASSERT_EQ(3, numbers[0]); ASSERT_EQ(3, numbers[0]);
free(numbers);
input = ""; input = "";
rc = get_numbers_split_by_comma(input, &numbers, &n_numbers); rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
std::cout << "Testing input=" << input << "\n"; std::cout << "Testing input=" << input << "\n";
ASSERT_EQ(0, rc) << "Should succeeded\n"; ASSERT_EQ(0, rc) << "Should succeeded\n";
ASSERT_EQ(0, n_numbers); ASSERT_EQ(0, n_numbers);
free(numbers);
input = ",,"; input = ",,";
rc = get_numbers_split_by_comma(input, &numbers, &n_numbers); rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
std::cout << "Testing input=" << input << "\n"; std::cout << "Testing input=" << input << "\n";
ASSERT_EQ(0, rc) << "Should succeeded\n"; ASSERT_EQ(0, rc) << "Should succeeded\n";
ASSERT_EQ(0, n_numbers); ASSERT_EQ(0, n_numbers);
free(numbers);
input = "1,2,aa,bb"; input = "1,2,aa,bb";
rc = get_numbers_split_by_comma(input, &numbers, &n_numbers); rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
std::cout << "Testing input=" << input << "\n"; std::cout << "Testing input=" << input << "\n";
ASSERT_TRUE(0 != rc) << "Should failed\n"; ASSERT_TRUE(0 != rc) << "Should failed\n";
free(numbers);
input = "1,2,3,-12312312312312312312321311231231231"; input = "1,2,3,-12312312312312312312321311231231231";
rc = get_numbers_split_by_comma(input, &numbers, &n_numbers); rc = get_numbers_split_by_comma(input, &numbers, &n_numbers);
std::cout << "Testing input=" << input << "\n"; std::cout << "Testing input=" << input << "\n";
ASSERT_TRUE(0 != rc) << "Should failed\n"; ASSERT_TRUE(0 != rc) << "Should failed\n";
free(numbers);
} }
TEST_F(TestStringUtils, test_validate_container_id) { TEST_F(TestStringUtils, test_validate_container_id) {

128
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc
View File

@ -119,23 +119,22 @@ namespace ContainerExecutor {
struct args tmp = ARGS_INITIAL_VALUE; struct args tmp = ARGS_INITIAL_VALUE;
std::vector<std::pair<std::string, std::string> >::const_iterator itr; std::vector<std::pair<std::string, std::string> >::const_iterator itr;
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
reset_args(&tmp);
write_command_file(itr->first); write_command_file(itr->first);
int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp); int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp);
ASSERT_EQ(0, ret) << "error message: " << get_docker_error_message(ret) << " for input " << itr->first; ASSERT_EQ(0, ret) << "error message: " << get_docker_error_message(ret) << " for input " << itr->first;
char *actual = flatten(&tmp); char *actual = flatten(&tmp);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&tmp);
free(actual); free(actual);
} }
std::vector<std::pair<std::string, int> >::const_iterator itr2; std::vector<std::pair<std::string, int> >::const_iterator itr2;
for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) { for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
reset_args(&tmp);
write_command_file(itr2->first); write_command_file(itr2->first);
int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp); int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp);
ASSERT_EQ(itr2->second, ret) << " for " << itr2->first << std::endl; ASSERT_EQ(itr2->second, ret) << " for " << itr2->first << std::endl;
}
reset_args(&tmp); reset_args(&tmp);
}
int ret = (*docker_func)("unknown-file", &container_executor_cfg, &tmp); int ret = (*docker_func)("unknown-file", &container_executor_cfg, &tmp);
ASSERT_EQ(static_cast<int>(INVALID_COMMAND_FILE), ret); ASSERT_EQ(static_cast<int>(INVALID_COMMAND_FILE), ret);
reset_args(&tmp); reset_args(&tmp);
@ -147,7 +146,6 @@ namespace ContainerExecutor {
for(itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for(itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
struct configuration cfg; struct configuration cfg;
struct args buff = ARGS_INITIAL_VALUE; struct args buff = ARGS_INITIAL_VALUE;
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
int ret = read_config(docker_command_file.c_str(), &cfg); int ret = read_config(docker_command_file.c_str(), &cfg);
if(ret == 0) { if(ret == 0) {
@ -155,7 +153,9 @@ namespace ContainerExecutor {
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cfg);
} }
} }
} }
@ -445,7 +445,6 @@ namespace ContainerExecutor {
TEST_F(TestDockerUtil, test_set_network) { TEST_F(TestDockerUtil, test_set_network) {
struct configuration container_cfg; struct configuration container_cfg;
struct args buff = ARGS_INITIAL_VALUE; struct args buff = ARGS_INITIAL_VALUE;
reset_args(&buff);
int ret = 0; int ret = 0;
std::string container_executor_cfg_contents = "[docker]\n docker.allowed.networks=sdn1,bridge"; std::string container_executor_cfg_contents = "[docker]\n docker.allowed.networks=sdn1,bridge";
std::vector<std::pair<std::string, std::string> > file_cmd_vec; std::vector<std::pair<std::string, std::string> > file_cmd_vec;
@ -464,7 +463,6 @@ namespace ContainerExecutor {
} }
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
struct configuration cmd_cfg; struct configuration cmd_cfg;
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -474,7 +472,9 @@ namespace ContainerExecutor {
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
struct configuration cmd_cfg_1; struct configuration cmd_cfg_1;
write_command_file("[docker-command-execution]\n docker-command=run\n net=sdn2"); write_command_file("[docker-command-execution]\n docker-command=run\n net=sdn2");
@ -482,10 +482,11 @@ namespace ContainerExecutor {
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_network(&cmd_cfg_1, &container_cfg, &buff); ret = set_network(&cmd_cfg_1, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_NETWORK, ret); ASSERT_EQ(INVALID_DOCKER_NETWORK, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&container_cfg);
container_executor_cfg_contents = "[docker]\n"; container_executor_cfg_contents = "[docker]\n";
write_container_executor_cfg(container_executor_cfg_contents); write_container_executor_cfg(container_executor_cfg_contents);
@ -493,10 +494,12 @@ namespace ContainerExecutor {
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_network(&cmd_cfg_1, &container_cfg, &buff); ret = set_network(&cmd_cfg_1, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_NETWORK, ret); ASSERT_EQ(INVALID_DOCKER_NETWORK, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg_1);
free_configuration(&container_cfg);
} }
TEST_F(TestDockerUtil, test_set_pid_namespace) { TEST_F(TestDockerUtil, test_set_pid_namespace) {
@ -529,7 +532,6 @@ namespace ContainerExecutor {
FAIL(); FAIL();
} }
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -539,10 +541,11 @@ namespace ContainerExecutor {
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) { for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
reset_args(&buff);
write_command_file(itr2->first); write_command_file(itr2->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -551,7 +554,10 @@ namespace ContainerExecutor {
ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff); ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(itr2->second, ret); ASSERT_EQ(itr2->second, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
} }
free_configuration(&container_cfg);
} }
// check default case and when it's turned off // check default case and when it's turned off
@ -575,6 +581,7 @@ namespace ContainerExecutor {
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
bad_file_cmd_vec.clear(); bad_file_cmd_vec.clear();
bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( bad_file_cmd_vec.push_back(std::make_pair<std::string, int>(
@ -584,7 +591,6 @@ namespace ContainerExecutor {
"[docker-command-execution]\n docker-command=run\n pid=host", "[docker-command-execution]\n docker-command=run\n pid=host",
static_cast<int>(PID_HOST_DISABLED))); static_cast<int>(PID_HOST_DISABLED)));
for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) { for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) {
reset_args(&buff);
write_command_file(itr2->first); write_command_file(itr2->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -593,7 +599,10 @@ namespace ContainerExecutor {
ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff); ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(itr2->second, ret); ASSERT_EQ(itr2->second, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
} }
free_configuration(&container_cfg);
} }
} }
@ -633,6 +642,7 @@ namespace ContainerExecutor {
for (int i = 0; i < entries; ++i) { for (int i = 0; i < entries; ++i) {
ASSERT_STREQ(expected[i], ptr[i]); ASSERT_STREQ(expected[i], ptr[i]);
} }
free_values(ptr);
} }
TEST_F(TestDockerUtil, test_set_privileged) { TEST_F(TestDockerUtil, test_set_privileged) {
@ -665,7 +675,6 @@ namespace ContainerExecutor {
FAIL(); FAIL();
} }
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -674,19 +683,22 @@ namespace ContainerExecutor {
ret = set_privileged(&cmd_cfg, &container_cfg, &buff); ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(6, ret); ASSERT_EQ(6, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
} }
write_command_file("[docker-command-execution]\n docker-command=run\n user=nobody\n privileged=true\n image=nothadoop/image"); write_command_file("[docker-command-execution]\n docker-command=run\n user=nobody\n privileged=true\n image=nothadoop/image");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_privileged(&cmd_cfg, &container_cfg, &buff); ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret); ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
free_configuration(&container_cfg);
} }
// check default case and when it's turned off // check default case and when it's turned off
for (int i = 3; i < 6; ++i) { for (int i = 3; i < 6; ++i) {
write_container_executor_cfg(container_executor_cfg_contents[i]); write_container_executor_cfg(container_executor_cfg_contents[i]);
@ -698,7 +710,6 @@ namespace ContainerExecutor {
file_cmd_vec.push_back(std::make_pair<std::string, std::string>( file_cmd_vec.push_back(std::make_pair<std::string, std::string>(
"[docker-command-execution]\n docker-command=run\n user=root\n privileged=false", "")); "[docker-command-execution]\n docker-command=run\n user=root\n privileged=false", ""));
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -708,7 +719,9 @@ namespace ContainerExecutor {
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
write_command_file("[docker-command-execution]\n docker-command=run\n user=root\n privileged=true"); write_command_file("[docker-command-execution]\n docker-command=run\n user=root\n privileged=true");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
@ -718,6 +731,9 @@ namespace ContainerExecutor {
ret = set_privileged(&cmd_cfg, &container_cfg, &buff); ret = set_privileged(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret); ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
free_configuration(&container_cfg);
} }
} }
@ -752,7 +768,6 @@ namespace ContainerExecutor {
FAIL(); FAIL();
} }
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -762,16 +777,19 @@ namespace ContainerExecutor {
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n cap-add=SETGID"); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n cap-add=SETGID");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_capabilities(&cmd_cfg, &container_cfg, &buff); ret = set_capabilities(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret); ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret);
reset_args(&buff);
free_configuration(&container_cfg);
container_executor_cfg_contents = "[docker]\n docker.trusted.registries=hadoop\n"; container_executor_cfg_contents = "[docker]\n docker.trusted.registries=hadoop\n";
write_container_executor_cfg(container_executor_cfg_contents); write_container_executor_cfg(container_executor_cfg_contents);
@ -779,15 +797,16 @@ namespace ContainerExecutor {
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_capabilities(&cmd_cfg, &container_cfg, &buff); ret = set_capabilities(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret); ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret);
reset_args(&buff);
free_configuration(&cmd_cfg);
free_configuration(&container_cfg);
} }
TEST_F(TestDockerUtil, test_set_devices) { TEST_F(TestDockerUtil, test_set_devices) {
struct configuration container_cfg, cmd_cfg; struct configuration container_cfg, cmd_cfg;
struct args buff = ARGS_INITIAL_VALUE; struct args buff = ARGS_INITIAL_VALUE;
reset_args(&buff);
int ret = 0; int ret = 0;
std::string container_executor_cfg_contents = "[docker]\n" std::string container_executor_cfg_contents = "[docker]\n"
" docker.trusted.registries=hadoop\n" " docker.trusted.registries=hadoop\n"
@ -821,7 +840,6 @@ namespace ContainerExecutor {
FAIL(); FAIL();
} }
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -831,67 +849,75 @@ namespace ContainerExecutor {
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
write_command_file("[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n devices=/dev/test-device:/dev/test-device"); write_command_file("[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n devices=/dev/test-device:/dev/test-device");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_devices(&cmd_cfg, &container_cfg, &buff); ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device3:/dev/device3"); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device3:/dev/device3");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_devices(&cmd_cfg, &container_cfg, &buff); ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device1"); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device1");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_devices(&cmd_cfg, &container_cfg, &buff); ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/testnvidia:/dev/testnvidia"); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/testnvidia:/dev/testnvidia");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_devices(&cmd_cfg, &container_cfg, &buff); ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/gpu-nvidia-uvm:/dev/gpu-nvidia-uvm"); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/gpu-nvidia-uvm:/dev/gpu-nvidia-uvm");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_devices(&cmd_cfg, &container_cfg, &buff); ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device1"); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device1");
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_devices(&cmd_cfg, &container_cfg, &buff); ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&container_cfg);
container_executor_cfg_contents = "[docker]\n"; container_executor_cfg_contents = "[docker]\n";
write_container_executor_cfg(container_executor_cfg_contents); write_container_executor_cfg(container_executor_cfg_contents);
@ -899,10 +925,12 @@ namespace ContainerExecutor {
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = set_devices(&cmd_cfg, &container_cfg, &buff); ret = set_devices(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
free_configuration(&container_cfg);
} }
@ -951,7 +979,6 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> >::const_iterator itr; std::vector<std::pair<std::string, std::string> >::const_iterator itr;
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -961,7 +988,9 @@ namespace ContainerExecutor {
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
std::vector<std::pair<std::string, int> > bad_file_cmds_vec; std::vector<std::pair<std::string, int> > bad_file_cmds_vec;
@ -978,18 +1007,18 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, int> >::const_iterator itr2; std::vector<std::pair<std::string, int> >::const_iterator itr2;
for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) { for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) {
reset_args(&buff);
write_command_file(itr2->first); write_command_file(itr2->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff); ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(itr2->second, ret); ASSERT_EQ(itr2->second, ret);
ASSERT_STREQ("", actual); ASSERT_STREQ("", actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
// verify that you can't mount any directory in the container-executor.cfg path // verify that you can't mount any directory in the container-executor.cfg path
@ -997,17 +1026,17 @@ namespace ContainerExecutor {
while (strlen(ce_path) != 0) { while (strlen(ce_path) != 0) {
std::string cmd_file_contents = "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts="; std::string cmd_file_contents = "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=";
cmd_file_contents.append(ce_path).append(":").append("/etc/hadoop"); cmd_file_contents.append(ce_path).append(":").append("/etc/hadoop");
reset_args(&buff);
write_command_file(cmd_file_contents); write_command_file(cmd_file_contents);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff); ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_RW_MOUNT, ret) << " for input " << cmd_file_contents; ASSERT_EQ(INVALID_DOCKER_RW_MOUNT, ret) << " for input " << cmd_file_contents;
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_STREQ("", actual); ASSERT_STREQ("", actual);
reset_args(&buff);
free_configuration(&cmd_cfg);
free(actual); free(actual);
char *tmp = strrchr(ce_path, '/'); char *tmp = strrchr(ce_path, '/');
if (tmp != NULL) { if (tmp != NULL) {
@ -1015,6 +1044,7 @@ namespace ContainerExecutor {
} }
} }
free(ce_path); free(ce_path);
free_configuration(&container_cfg);
// For untrusted image, container add_rw_mounts will pass through // For untrusted image, container add_rw_mounts will pass through
// without mounting or report error code. // without mounting or report error code.
@ -1024,12 +1054,13 @@ namespace ContainerExecutor {
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff); ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff);
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ("", actual); ASSERT_STREQ("", actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&container_cfg);
} }
TEST_F(TestDockerUtil, test_add_ro_mounts) { TEST_F(TestDockerUtil, test_add_ro_mounts) {
@ -1080,7 +1111,6 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, std::string> >::const_iterator itr; std::vector<std::pair<std::string, std::string> >::const_iterator itr;
for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) {
reset_args(&buff);
write_command_file(itr->first); write_command_file(itr->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
@ -1090,7 +1120,9 @@ namespace ContainerExecutor {
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(0, ret); ASSERT_EQ(0, ret);
ASSERT_STREQ(itr->second.c_str(), actual); ASSERT_STREQ(itr->second.c_str(), actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
std::vector<std::pair<std::string, int> > bad_file_cmds_vec; std::vector<std::pair<std::string, int> > bad_file_cmds_vec;
@ -1104,19 +1136,20 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, int> >::const_iterator itr2; std::vector<std::pair<std::string, int> >::const_iterator itr2;
for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) { for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) {
reset_args(&buff);
write_command_file(itr2->first); write_command_file(itr2->first);
ret = read_config(docker_command_file.c_str(), &cmd_cfg); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) { if (ret != 0) {
FAIL(); FAIL();
} }
reset_args(&buff);
ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff); ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff);
char *actual = flatten(&buff); char *actual = flatten(&buff);
ASSERT_EQ(itr2->second, ret); ASSERT_EQ(itr2->second, ret);
ASSERT_STREQ("", actual); ASSERT_STREQ("", actual);
reset_args(&buff);
free(actual); free(actual);
free_configuration(&cmd_cfg);
} }
free_configuration(&container_cfg);
container_executor_cfg_contents = "[docker]\n docker.trusted.registries=hadoop\n"; container_executor_cfg_contents = "[docker]\n docker.trusted.registries=hadoop\n";
write_container_executor_cfg(container_executor_cfg_contents); write_container_executor_cfg(container_executor_cfg_contents);
@ -1125,10 +1158,16 @@ namespace ContainerExecutor {
FAIL(); FAIL();
} }
write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home:/home"); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home:/home");
reset_args(&buff); ret = read_config(docker_command_file.c_str(), &cmd_cfg);
if (ret != 0) {
FAIL();
}
ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff); ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff);
ASSERT_EQ(INVALID_DOCKER_RO_MOUNT, ret); ASSERT_EQ(INVALID_DOCKER_RO_MOUNT, ret);
ASSERT_EQ(0, buff.length); ASSERT_EQ(0, buff.length);
reset_args(&buff);
free_configuration(&cmd_cfg);
free_configuration(&container_cfg);
} }
TEST_F(TestDockerUtil, test_docker_run_privileged) { TEST_F(TestDockerUtil, test_docker_run_privileged) {
@ -1310,6 +1349,7 @@ namespace ContainerExecutor {
static_cast<int>(INVALID_DOCKER_NETWORK))); static_cast<int>(INVALID_DOCKER_NETWORK)));
run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command); run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
free_configuration(&container_executor_cfg);
} }
TEST_F(TestDockerUtil, test_docker_run_entry_point) { TEST_F(TestDockerUtil, test_docker_run_entry_point) {
@ -1352,6 +1392,7 @@ namespace ContainerExecutor {
static_cast<int>(INVALID_DOCKER_CONTAINER_NAME))); static_cast<int>(INVALID_DOCKER_CONTAINER_NAME)));
run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command); run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
free_configuration(&container_executor_cfg);
} }
TEST_F(TestDockerUtil, test_docker_run_no_privileged) { TEST_F(TestDockerUtil, test_docker_run_no_privileged) {
@ -1441,6 +1482,7 @@ namespace ContainerExecutor {
static_cast<int>(PRIVILEGED_CONTAINERS_DISABLED))); static_cast<int>(PRIVILEGED_CONTAINERS_DISABLED)));
run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command); run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
free_configuration(&container_executor_cfg);
} }
} }
@ -1471,13 +1513,14 @@ namespace ContainerExecutor {
struct args buffer = ARGS_INITIAL_VALUE; struct args buffer = ARGS_INITIAL_VALUE;
struct configuration cfg = {0, NULL}; struct configuration cfg = {0, NULL};
for (itr = input_output_map.begin(); itr != input_output_map.end(); ++itr) { for (itr = input_output_map.begin(); itr != input_output_map.end(); ++itr) {
reset_args(&buffer);
write_command_file(itr->first); write_command_file(itr->first);
int ret = get_docker_command(docker_command_file.c_str(), &cfg, &buffer); int ret = get_docker_command(docker_command_file.c_str(), &cfg, &buffer);
char *actual = flatten(&buffer);
ASSERT_EQ(0, ret) << "for input " << itr->first; ASSERT_EQ(0, ret) << "for input " << itr->first;
ASSERT_STREQ(itr->second.c_str(), flatten(&buffer)); ASSERT_STREQ(itr->second.c_str(), actual);
}
reset_args(&buffer); reset_args(&buffer);
free(actual);
}
} }
TEST_F(TestDockerUtil, test_docker_module_enabled) { TEST_F(TestDockerUtil, test_docker_module_enabled) {
@ -1497,6 +1540,7 @@ namespace ContainerExecutor {
ret = docker_module_enabled(&container_executor_cfg); ret = docker_module_enabled(&container_executor_cfg);
ASSERT_EQ(input_out_vec[i].second, ret) << " incorrect output for " ASSERT_EQ(input_out_vec[i].second, ret) << " incorrect output for "
<< input_out_vec[i].first; << input_out_vec[i].first;
free_configuration(&container_executor_cfg);
} }
} }
@ -1544,6 +1588,7 @@ namespace ContainerExecutor {
static_cast<int>(INVALID_DOCKER_VOLUME_DRIVER))); static_cast<int>(INVALID_DOCKER_VOLUME_DRIVER)));
run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_volume_command); run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_volume_command);
free_configuration(&container_executor_cfg);
} }
TEST_F(TestDockerUtil, test_docker_no_new_privileges) { TEST_F(TestDockerUtil, test_docker_no_new_privileges) {
@ -1589,6 +1634,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command); run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
free_configuration(&container_executor_cfg);
} }
for (int i = 2; i < 3; ++i) { for (int i = 2; i < 3; ++i) {
@ -1611,6 +1657,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command); run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
free_configuration(&container_executor_cfg);
} }
for (int i = 3; i < 5; ++i) { for (int i = 3; i < 5; ++i) {
@ -1633,6 +1680,7 @@ namespace ContainerExecutor {
std::vector<std::pair<std::string, int> > bad_file_cmd_vec; std::vector<std::pair<std::string, int> > bad_file_cmd_vec;
run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command); run_docker_command_test(file_cmd_vec, bad_file_cmd_vec, get_docker_run_command);
free_configuration(&container_executor_cfg);
} }
} }
} }