Files
wehub-resource-sync e0e362d700
SDK Tests / changes (push) Successful in 2m29s
Real E2E Tests / changes (push) Successful in 2m29s
Deploy Docs Pages / build (push) Has been cancelled
Deploy Docs Pages / deploy (push) Has been cancelled
Real E2E Tests / JavaScript E2E (docker bridge) (push) Has been cancelled
Real E2E Tests / Python E2E (docker bridge) (push) Has been cancelled
Real E2E Tests / Java E2E (docker bridge) (push) Has been cancelled
Real E2E Tests / C# E2E (docker bridge) (push) Has been cancelled
Real E2E Tests / Go E2E (docker bridge) (push) Has been cancelled
Real E2E Tests / Real E2E CI (push) Has been cancelled
SDK Tests / SDK CI (push) Has been cancelled
SDK Tests / CLI Tests (push) Has been cancelled
SDK Tests / Python SDK Quality (code-interpreter) (push) Has been cancelled
SDK Tests / Python SDK Quality (sandbox) (push) Has been cancelled
SDK Tests / Python SDK Tests (code-interpreter) (push) Has been cancelled
SDK Tests / JavaScript SDK Quality And Tests (code-interpreter) (push) Has been cancelled
SDK Tests / JavaScript SDK Quality And Tests (sandbox) (push) Has been cancelled
SDK Tests / Python SDK Tests (sandbox) (push) Has been cancelled
SDK Tests / CLI Quality (push) Has been cancelled
SDK Tests / Kotlin SDK Quality And Tests (sandbox) (push) Has been cancelled
SDK Tests / Kotlin SDK Quality And Tests (code-interpreter) (push) Has been cancelled
SDK Tests / C# SDK Quality And Tests (code-interpreter) (push) Has been cancelled
SDK Tests / C# SDK Quality And Tests (sandbox) (push) Has been cancelled
SDK Tests / Go SDK Quality And Tests (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:39:33 +08:00

296 lines
9.4 KiB
Go

// Copyright 2026 Alibaba Group Holding Ltd.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//go:build linux && bwrap
package bwrap_test
import (
"context"
"os"
"path/filepath"
"strings"
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/alibaba/opensandbox/execd/pkg/isolation"
"github.com/alibaba/opensandbox/execd/pkg/runtime"
)
func TestSeccompFilterActive(t *testing.T) {
r := newRunner(t)
opts := &runtime.IsolatedSessionOptions{
Profile: "strict",
WorkspacePath: t.TempDir(),
WorkspaceMode: "rw",
}
id, err := r.CreateIsolatedSession(opts)
require.NoError(t, err)
defer r.DeleteIsolatedSession(id)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
// Check /proc/self/status for seccomp mode. Mode 2 = SECCOMP_MODE_FILTER.
var lines []string
err = r.RunInIsolatedSession(ctx, id,
`grep Seccomp: /proc/self/status`, nil,
func(line string) { lines = append(lines, line) })
require.NoError(t, err)
require.NotEmpty(t, lines, "should have Seccomp line in /proc/self/status")
t.Logf("Seccomp status: %s", lines[0])
assert.Contains(t, strings.TrimSpace(lines[0]), "2",
"Seccomp should be mode 2 (SECCOMP_MODE_FILTER)")
}
func TestSeccompAllowsNormalSyscalls(t *testing.T) {
r := newRunner(t)
opts := &runtime.IsolatedSessionOptions{
Profile: "balanced",
WorkspacePath: t.TempDir(),
WorkspaceMode: "rw",
}
id, err := r.CreateIsolatedSession(opts)
require.NoError(t, err)
defer r.DeleteIsolatedSession(id)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
// Common operations that exercise various syscalls: open, read, write,
// fork, exec, waitpid, stat, getdents, etc. All must work.
tests := []struct {
name string
code string
want string
}{
{"echo", `echo hello-seccomp`, "hello-seccomp"},
{"stat", `stat -c %s /proc/self/exe`, ""}, // any non-zero output is fine
{"readdir", `ls /proc/self >/dev/null && echo ok`, "ok"}, // getdents
{"fork_exec", `sh -c 'echo child-ok'`, "child-ok"},
{"pipe", `echo pipe-test | cat`, "pipe-test"},
{"env", `export FOO=bar && echo $FOO`, "bar"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
var lines []string
err := r.RunInIsolatedSession(ctx, id, tt.code, nil,
func(line string) { lines = append(lines, line) })
require.NoError(t, err, "command should succeed: %s", tt.code)
if tt.want != "" {
require.NotEmpty(t, lines)
assert.Equal(t, tt.want, lines[0])
}
})
}
}
func TestSeccompBlocksPtrace(t *testing.T) {
r := newRunner(t)
opts := &runtime.IsolatedSessionOptions{
Profile: "strict",
WorkspacePath: t.TempDir(),
WorkspaceMode: "rw",
}
id, err := r.CreateIsolatedSession(opts)
require.NoError(t, err)
defer r.DeleteIsolatedSession(id)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
// Attempt to ptrace-attach to init (PID 1 in the bwrap namespace).
// This should fail with EACCES from seccomp.
// Use bash -c to capture exit code — strace/ptrace isn't a bash builtin,
// but we can use Python if available, or check the exit code of a
// command that uses ptrace.
//
// strace is the easiest way: strace -p 1 should fail before even starting.
// If strace isn't installed, we skip with a clear message.
var lines []string
err = r.RunInIsolatedSession(ctx, id,
`if command -v strace >/dev/null 2>&1; then strace -p 1 2>&1 | head -1; else echo 'strace-not-installed'; fi`, nil,
func(line string) { lines = append(lines, line) })
if len(lines) > 0 && lines[0] == "strace-not-installed" {
t.Skip("strace not available in sandbox")
}
// If strace is available, the seccomp filter blocks ptrace and strace
// should report "Permission denied" (EACCES) rather than "Operation
// not permitted" (EPERM from capabilities).
require.NoError(t, err)
t.Logf("strace/ptrace result: %v", lines)
if len(lines) > 0 {
combined := strings.Join(lines, " ")
assert.True(t,
strings.Contains(strings.ToLower(combined), "permission denied") ||
strings.Contains(strings.ToLower(combined), "operation not permitted"),
"ptrace should be blocked, got: %s", combined)
}
}
func TestSeccompBlocksMount(t *testing.T) {
r := newRunner(t)
opts := &runtime.IsolatedSessionOptions{
Profile: "strict",
WorkspacePath: t.TempDir(),
WorkspaceMode: "rw",
}
id, err := r.CreateIsolatedSession(opts)
require.NoError(t, err)
defer r.DeleteIsolatedSession(id)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
// Attempt a real mount syscall. bwrap namespace init (PID 1) has full
// capabilities inside the non-user namespace, so mount would succeed
// if seccomp didn't block it at the syscall level with EACCES.
err = r.RunInIsolatedSession(ctx, id,
`mkdir -p /tmp/mnt && mount -t tmpfs tmpfs /tmp/mnt 2>&1`, nil,
nil)
require.Error(t, err, "mount should be blocked by seccomp")
t.Logf("mount error: %v", err)
}
func TestSeccompPersistsAcrossRuns(t *testing.T) {
r := newRunner(t)
opts := &runtime.IsolatedSessionOptions{
Profile: "strict",
WorkspacePath: t.TempDir(),
WorkspaceMode: "rw",
}
id, err := r.CreateIsolatedSession(opts)
require.NoError(t, err)
defer r.DeleteIsolatedSession(id)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
// Run 1: check seccomp is active.
var lines []string
require.NoError(t, r.RunInIsolatedSession(ctx, id,
`grep Seccomp: /proc/self/status`, nil,
func(line string) { lines = append(lines, line) }))
require.NotEmpty(t, lines)
assert.Contains(t, strings.TrimSpace(lines[0]), "2", "first run: seccomp should be mode 2")
// Run 2: seccomp should still be active (not a one-shot).
lines = nil
require.NoError(t, r.RunInIsolatedSession(ctx, id,
`grep Seccomp: /proc/self/status`, nil,
func(line string) { lines = append(lines, line) }))
require.NotEmpty(t, lines)
assert.Contains(t, strings.TrimSpace(lines[0]), "2", "second run: seccomp should still be mode 2")
}
// TestSeccompConfigOverride_E2E verifies the full path:
// TOML config → LoadConfig → NewBwrap(cfg) → generateSeccompDenyBPF → bwrap session.
// Uses a custom denylist that blocks "unshare" but does NOT block "mount",
// then verifies mount succeeds (it would fail with the default denylist).
func TestSeccompConfigOverride_E2E(t *testing.T) {
// Write a TOML config with a custom seccomp denylist.
cfgPath := filepath.Join(t.TempDir(), "isolation.toml")
tomlContent := `
upper_root = "` + t.TempDir() + `"
upper_max_bytes = 1073741824
allowed_writable = ["/tmp"]
[seccomp]
# Only block unshare — notably does NOT block mount.
deny = ["unshare"]
`
require.NoError(t, os.WriteFile(cfgPath, []byte(tomlContent), 0o644))
cfg, err := isolation.LoadConfig(cfgPath)
require.NoError(t, err)
require.NotNil(t, cfg.Seccomp, "config should have seccomp override")
assert.Equal(t, []string{"unshare"}, cfg.Seccomp.Deny)
r := newRunnerWithConfig(t, cfg)
opts := &runtime.IsolatedSessionOptions{
Profile: "strict",
WorkspacePath: t.TempDir(),
WorkspaceMode: "rw",
}
id, err := r.CreateIsolatedSession(opts)
require.NoError(t, err)
defer r.DeleteIsolatedSession(id)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
// Seccomp should still be active (mode 2).
var lines []string
require.NoError(t, r.RunInIsolatedSession(ctx, id,
`grep Seccomp: /proc/self/status`, nil,
func(line string) { lines = append(lines, line) }))
require.NotEmpty(t, lines)
assert.Contains(t, strings.TrimSpace(lines[0]), "2")
// mount should succeed — it's NOT in our custom denylist.
err = r.RunInIsolatedSession(ctx, id,
`mkdir -p /tmp/test-mnt && mount -t tmpfs tmpfs /tmp/test-mnt && echo mount-ok && umount /tmp/test-mnt`, nil,
func(line string) { lines = append(lines, line) })
require.NoError(t, err, "mount should succeed with custom seccomp that doesn't block it")
}
// TestSeccompConfigDefault_E2E verifies that nil Seccomp (no [seccomp]
// section) uses the built-in denylist — mount is blocked.
func TestSeccompConfigDefault_E2E(t *testing.T) {
cfg := isolation.Config{
UpperRoot: t.TempDir(),
UpperMaxBytes: 1 << 30,
AllowedWritable: []string{"/tmp"},
Seccomp: nil, // use built-in denylist
}
r := newRunnerWithConfig(t, cfg)
opts := &runtime.IsolatedSessionOptions{
Profile: "strict",
WorkspacePath: t.TempDir(),
WorkspaceMode: "rw",
}
id, err := r.CreateIsolatedSession(opts)
require.NoError(t, err)
defer r.DeleteIsolatedSession(id)
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
// mount should fail — blocked by built-in seccomp denylist.
err = r.RunInIsolatedSession(ctx, id,
`mkdir -p /tmp/mnt2 && mount -t tmpfs tmpfs /tmp/mnt2 2>&1`, nil,
nil)
require.Error(t, err, "mount should be blocked by default seccomp denylist")
}