In this test, the following steps are taken:
- Declare a relative path named
masked-relpath and set it in masked_path.
- Before creating the container, check whether
masked-relpath exists.
func checkMaskedRelPaths(t *tap.T) error {
g, err := util.GetDefaultGenerator()
if err != nil {
return err
}
// Deliberately set a relative path to be masked, and expect an error
maskedRelPath := "masked-relpath"
g.AddLinuxMaskedPaths(maskedRelPath)
g.AddAnnotation("TestName", "check masked relative paths")
err = util.RuntimeInsideValidate(g, t, func(path string) error {
testFile := filepath.Join(path, maskedRelPath)
if _, err := os.Stat(testFile); err != nil && os.IsNotExist(err) {
return err
}
return nil
})
if err != nil {
return nil
}
return fmt.Errorf("expected: err != nil, actual: err == nil")
}
https://github.com/opencontainers/runtime-tools/blob/master/validation/linux_masked_paths/linux_masked_paths.go#L67-L90
Since masked-relpath does not exist, this check will fail at this point. This test seems unnecessary, as it would succeed with any container runtime. What is the intended purpose of this test, and what exactly is it trying to verify?
In this test, the following steps are taken:
masked-relpathand set it inmasked_path.masked-relpathexists.https://github.com/opencontainers/runtime-tools/blob/master/validation/linux_masked_paths/linux_masked_paths.go#L67-L90
Since
masked-relpathdoes not exist, this check will fail at this point. This test seems unnecessary, as it would succeed with any container runtime. What is the intended purpose of this test, and what exactly is it trying to verify?