From fbcf519884d2a889959ab9642211bb045a1ac079 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 20 Jun 2017 19:48:45 +0100 Subject: [PATCH 29/49] test/containers: Exercise the various ways to stop a container Signed-off-by: Simon McVittie --- test/containers.c | 301 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 301 insertions(+) diff --git a/test/containers.c b/test/containers.c index ad473c63..26e851dc 100644 --- a/test/containers.c +++ b/test/containers.c @@ -54,6 +54,34 @@ typedef struct { GDBusConnection *confined_conn; } Fixture; +typedef struct +{ + enum + { + STOP_SERVER_EXPLICITLY, + STOP_SERVER_DISCONNECT_FIRST, + STOP_SERVER_NEVER_CONNECTED, + STOP_SERVER_FORCE, + STOP_SERVER_WITH_MANAGER + } + stop_server; +} Config; + +#ifdef DBUS_ENABLE_CONTAINERS +/* A GDBusNameVanishedCallback that sets a boolean flag. */ +static void +name_gone_set_boolean_cb (GDBusConnection *conn, + const gchar *name, + gpointer user_data) +{ + gboolean *gone_p = user_data; + + g_assert_nonnull (gone_p); + g_assert_false (*gone_p); + *gone_p = TRUE; +} +#endif + static void setup (Fixture *f, gconstpointer context) @@ -209,6 +237,248 @@ test_basic (Fixture *f, #endif /* !HAVE_CONTAINERS_TEST */ } +/* + * With config->stop_server == STOP_SERVER_WITH_MANAGER: + * Assert that without special parameters, when the container manager + * disappears from the bus, so does the confined server. + * + * With config->stop_server == STOP_SERVER_EXPLICITLY or + * config->stop_server == STOP_SERVER_DISCONNECT_FIRST: + * Test StopContainerListening(), which just closes the listening socket. + * + * With config->stop_server == STOP_SERVER_FORCE: + * Test StopContainerInstance(), which closes the listening socket and + * disconnects all its clients. + */ +static void +test_stop_server (Fixture *f, + gconstpointer context) +{ +#ifdef HAVE_CONTAINERS_TEST + const Config *config = context; + GDBusConnection *second_confined_conn; + GSocket *client_socket; + GSocketAddress *socket_address; + GVariant *tuple; + GVariant *parameters; + gchar *path; + gchar *socket_path; + const gchar *confined_unique_name; + const gchar *manager_unique_name; + const gchar *name_owner; + gboolean gone = FALSE; + guint name_watch; + guint i; + + g_assert_nonnull (config); + + if (f->skip) + return; + + f->proxy = g_dbus_proxy_new_sync (f->unconfined_conn, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES, + NULL, DBUS_SERVICE_DBUS, + DBUS_PATH_DBUS, DBUS_INTERFACE_CONTAINERS1, + NULL, &f->error); + g_assert_no_error (f->error); + + /* Floating reference, call_..._sync takes ownership */ + parameters = g_variant_new ("(ssa{sv}a{sv})", + "com.example.NotFlatpak", + "sample-app", + NULL, /* no metadata */ + NULL); /* no named arguments */ + + g_test_message ("Calling AddContainerServer..."); + tuple = g_dbus_proxy_call_sync (f->proxy, "AddContainerServer", parameters, + G_DBUS_CALL_FLAGS_NONE, -1, NULL, &f->error); + + g_assert_no_error (f->error); + g_assert_nonnull (tuple); + g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(oays)"); + g_variant_get (tuple, "(o^ays)", &path, &socket_path, + &f->socket_dbus_address); + socket_address = g_unix_socket_address_new (socket_path); + + if (config->stop_server != STOP_SERVER_NEVER_CONNECTED) + { + g_test_message ("Connecting to %s...", f->socket_dbus_address); + f->confined_conn = g_dbus_connection_new_for_address_sync ( + f->socket_dbus_address, + (G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION | + G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT), + NULL, NULL, &f->error); + g_assert_no_error (f->error); + + if (config->stop_server == STOP_SERVER_DISCONNECT_FIRST) + { + g_test_message ("Disconnecting confined connection..."); + gone = FALSE; + confined_unique_name = g_dbus_connection_get_unique_name ( + f->confined_conn); + name_watch = g_bus_watch_name_on_connection (f->unconfined_conn, + confined_unique_name, + G_BUS_NAME_WATCHER_FLAGS_NONE, + NULL, + name_gone_set_boolean_cb, + &gone, NULL); + g_dbus_connection_close_sync (f->confined_conn, NULL, &f->error); + g_assert_no_error (f->error); + + g_test_message ("Waiting for confined app bus name to disappear..."); + + while (!gone) + g_main_context_iteration (NULL, TRUE); + + g_bus_unwatch_name (name_watch); + } + } + + switch (config->stop_server) + { + case STOP_SERVER_WITH_MANAGER: + /* Close the unconfined connection (the container manager) and wait + * for it to go away */ + g_test_message ("Closing container manager..."); + manager_unique_name = g_dbus_connection_get_unique_name (f->unconfined_conn); + name_watch = g_bus_watch_name_on_connection (f->confined_conn, + manager_unique_name, + G_BUS_NAME_WATCHER_FLAGS_NONE, + NULL, + name_gone_set_boolean_cb, + &gone, NULL); + g_dbus_connection_close_sync (f->unconfined_conn, NULL, &f->error); + g_assert_no_error (f->error); + + g_test_message ("Waiting for container manager bus name to disappear..."); + + while (!gone) + g_main_context_iteration (NULL, TRUE); + + g_bus_unwatch_name (name_watch); + break; + + case STOP_SERVER_EXPLICITLY: + case STOP_SERVER_DISCONNECT_FIRST: + case STOP_SERVER_NEVER_CONNECTED: + g_test_message ("Stopping server (but not confined connection)..."); + tuple = g_dbus_proxy_call_sync (f->proxy, "StopContainerListening", + g_variant_new ("(o)", path), + G_DBUS_CALL_FLAGS_NONE, -1, NULL, + &f->error); + g_assert_no_error (f->error); + g_variant_unref (tuple); + break; + + case STOP_SERVER_FORCE: + g_test_message ("Stopping server and all confined connections..."); + tuple = g_dbus_proxy_call_sync (f->proxy, "StopContainerInstance", + g_variant_new ("(o)", path), + G_DBUS_CALL_FLAGS_NONE, -1, NULL, + &f->error); + g_assert_no_error (f->error); + g_variant_unref (tuple); + break; + + default: + g_assert_not_reached (); + } + + /* Now if we try to connect to the server again, it will fail (eventually - + * closing the socket is not synchronous with respect to the name owner + * change, so try a few times) */ + for (i = 0; i < 50; i++) + { + g_test_message ("Trying to connect to %s again...", socket_path); + client_socket = g_socket_new (G_SOCKET_FAMILY_UNIX, G_SOCKET_TYPE_STREAM, + G_SOCKET_PROTOCOL_DEFAULT, &f->error); + g_assert_no_error (f->error); + + if (!g_socket_connect (client_socket, socket_address, NULL, &f->error)) + { + g_assert_cmpstr (g_quark_to_string (f->error->domain), ==, + g_quark_to_string (G_IO_ERROR)); + + if (f->error->code != G_IO_ERROR_CONNECTION_REFUSED && + f->error->code != G_IO_ERROR_NOT_FOUND) + g_error ("Unexpected error code %d", f->error->code); + + g_clear_error (&f->error); + g_clear_object (&client_socket); + break; + } + + g_clear_object (&client_socket); + g_usleep (G_USEC_PER_SEC / 10); + } + + /* The same thing happens for a D-Bus connection */ + g_test_message ("Trying to connect to %s again...", f->socket_dbus_address); + second_confined_conn = g_dbus_connection_new_for_address_sync ( + f->socket_dbus_address, + (G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION | + G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT), + NULL, NULL, &f->error); + g_assert_cmpstr (g_quark_to_string (f->error->domain), ==, + g_quark_to_string (G_IO_ERROR)); + + if (f->error->code != G_IO_ERROR_CONNECTION_REFUSED && + f->error->code != G_IO_ERROR_NOT_FOUND) + g_error ("Unexpected error code %d", f->error->code); + + g_clear_error (&f->error); + g_assert_null (second_confined_conn); + + /* The socket has been deleted */ + g_assert_false (g_file_test (socket_path, G_FILE_TEST_EXISTS)); + + switch (config->stop_server) + { + case STOP_SERVER_FORCE: + g_test_message ("Checking that the confined app gets disconnected..."); + + while (!g_dbus_connection_is_closed (f->confined_conn)) + g_main_context_iteration (NULL, TRUE); + break; + + case STOP_SERVER_DISCONNECT_FIRST: + case STOP_SERVER_NEVER_CONNECTED: + /* Nothing to be done here, no confined app is connected */ + break; + + case STOP_SERVER_EXPLICITLY: + case STOP_SERVER_WITH_MANAGER: + g_test_message ("Checking that the confined app still works..."); + tuple = g_dbus_connection_call_sync (f->confined_conn, + DBUS_SERVICE_DBUS, + DBUS_PATH_DBUS, + DBUS_INTERFACE_DBUS, + "GetNameOwner", + g_variant_new ("(s)", + DBUS_SERVICE_DBUS), + G_VARIANT_TYPE ("(s)"), + G_DBUS_CALL_FLAGS_NONE, -1, + NULL, &f->error); + g_assert_no_error (f->error); + g_assert_nonnull (tuple); + g_assert_cmpstr (g_variant_get_type_string (tuple), ==, "(s)"); + g_variant_get (tuple, "(&s)", &name_owner); + g_assert_cmpstr (name_owner, ==, DBUS_SERVICE_DBUS); + g_clear_pointer (&tuple, g_variant_unref); + break; + + default: + g_assert_not_reached (); + } + + g_free (path); + g_free (socket_path); + +#else /* !HAVE_CONTAINERS_TEST */ + g_test_skip ("Containers or gio-unix-2.0 not supported"); +#endif /* !HAVE_CONTAINERS_TEST */ +} + static void test_unsupported_parameter (Fixture *f, gconstpointer context) @@ -332,6 +602,27 @@ teardown (Fixture *f, g_clear_error (&f->error); } +static const Config stop_server_explicitly = +{ + STOP_SERVER_EXPLICITLY +}; +static const Config stop_server_disconnect_first = +{ + STOP_SERVER_DISCONNECT_FIRST +}; +static const Config stop_server_never_connected = +{ + STOP_SERVER_NEVER_CONNECTED +}; +static const Config stop_server_force = +{ + STOP_SERVER_FORCE +}; +static const Config stop_server_with_manager = +{ + STOP_SERVER_WITH_MANAGER +}; + int main (int argc, char **argv) @@ -342,6 +633,16 @@ main (int argc, setup, test_get_supported_arguments, teardown); g_test_add ("/containers/basic", Fixture, NULL, setup, test_basic, teardown); + g_test_add ("/containers/stop-server/explicitly", Fixture, + &stop_server_explicitly, setup, test_stop_server, teardown); + g_test_add ("/containers/stop-server/disconnect-first", Fixture, + &stop_server_disconnect_first, setup, test_stop_server, teardown); + g_test_add ("/containers/stop-server/never-connected", Fixture, + &stop_server_never_connected, setup, test_stop_server, teardown); + g_test_add ("/containers/stop-server/force", Fixture, + &stop_server_force, setup, test_stop_server, teardown); + g_test_add ("/containers/stop-server/with-manager", Fixture, + &stop_server_with_manager, setup, test_stop_server, teardown); g_test_add ("/containers/unsupported-parameter", Fixture, NULL, setup, test_unsupported_parameter, teardown); g_test_add ("/containers/invalid-type-name", Fixture, NULL, -- 2.11.0