utils: handle NULL container passed to libcrun_open_proc_file()
It's possible for this function to be called with a NULL container when
called from run_process_child() -> mark_or_close_fds_ge_than() after
close_range() failed (old kernel or restricted syscall)
Handle this by opening a temporary /proc fd, which can be closed
immediately in libcrun_open_proc_file()
There are no other callers of libcrun_get_cached_proc_fd() at this
point, but such users would not need to worry about this fd potentially
leaking as long as container is a valid pointer, and even if they do
cause a leak in the future it's always better than a segfault.
Add comprehensive tests for crun-specific OCI annotations that were
previously untested:
- run.oci.hooks.stdout/stderr: Test hook output redirection to files
- run.oci.seccomp_fail_unknown_syscall: Test failure on unknown syscalls
- run.oci.systemd.subgroup: Test custom systemd subgroup naming
- run.oci.delegate-cgroup: Test cgroup delegation (cgroup v2 only)
- run.oci.systemd.force_cgroup_v1: Test forcing cgroup v1 on v2 systems
- run.oci.mount_context_type: Test SELinux mount context types
- run.oci.pidfd_receiver: Test pidfd transmission to UNIX socket
All tests include proper skip detection for:
- Nested namespace environments
- Missing root privileges
- Unavailable features (SELinux, systemd, cgroup v2, etc.)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add unit tests for cgroup-related functions:
- test_read_proc_cgroup_v2: Test parsing cgroup v2 content
- test_read_proc_cgroup_v1: Test parsing cgroup v1 content with multiple controllers
- test_read_proc_cgroup_empty: Test with empty content
- test_read_proc_cgroup_named: Test named cgroup controller (name=systemd)
- test_convert_shares_to_weight: Test CPU shares to weight conversion
- test_convert_shares_boundary: Test boundary conditions for conversion
- test_read_proc_cgroup_null_params: Test with NULL output parameters
- test_read_proc_cgroup_selective: Test with selective parameter retrieval
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add additional unit tests for utils.c to improve coverage:
- test_has_prefix: Test has_prefix string function
- test_has_suffix: Test has_suffix string function
- test_str_join_array: Test str_join_array with various inputs
- test_get_current_timestamp: Test timestamp generation
- test_crun_ensure_directory: Test directory creation/existence
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add unit tests for seccomp_notify.c to improve code coverage:
- test_cleanup_null: Test cleanup handler with NULL
- test_free_null_context: Test freeing NULL context
- test_load_invalid_path: Test loading plugin with invalid relative path
- test_load_nonexistent_plugin: Test loading non-existent plugin
- test_notify_no_seccomp: Test notify function without seccomp support
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add unit tests for str2sig() function that uses the gperf-generated
perfect hash table from signals.perf. Tests cover:
- All 62 standard and real-time signals
- Signal names with and without SIG prefix
- Numeric signal strings
- Real-time signals (RTMIN+N, RTMAX-N)
- Invalid inputs and error handling
- Case sensitivity
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add Python integration tests targeting linux.c code paths:
- test_masked_paths: Test masked paths handling
- test_readonly_paths: Test readonly paths handling
- test_process_rlimits: Test rlimit configuration
- test_process_rlimits_multiple: Test multiple rlimits
- test_dev_null_reopen: Test /dev/null setup
- test_mount_proc: Test /proc mount
- test_mount_tmpfs: Test tmpfs mount
- test_pivot_root: Test pivot_root operation
- test_user_namespace_mapping: Test user namespace mappings
- test_safe_chdir: Test safe chdir to workdir
- test_personality_linux32: Test LINUX32 personality
- test_mount_bind: Test bind mounts
- test_keyring_creation: Test keyring creation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add unit tests for src/libcrun/linux.c functions including:
- libcrun_find_namespace()
- path_is_slash_dev()
- libcrun_reopen_dev_null()
Many functions in linux.c are static and cannot be tested directly
from unit tests. Integration tests in test_namespaces.py and
test_error_handling.py provide additional coverage.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: add error handling coverage tests for linux.c
Add integration tests to improve coverage for error handling paths in
src/libcrun/linux.c:
- test_invalid_rlimit: Test invalid rlimit type error handling
- test_rlimit_soft_exceeds_hard: Test rlimit validation when soft > hard
- test_oom_score_adj_out_of_range: Test OOM score adjustment bounds
- test_masked_paths_coverage: Test masked paths configuration
- test_readonly_paths_coverage: Test readonly paths configuration
- test_device_permissions_error: Test device creation error handling
- test_user_namespace_without_mappings: Test user namespace without mappings
- test_keyring_creation: Test session keyring creation paths
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add integration tests to improve coverage for namespace handling in
src/libcrun/linux.c:
- test_multiple_uid_mappings: Test multiple UID/GID mapping ranges
- test_namespace_path_sharing: Test error handling for invalid namespace paths
- test_hostname_without_uts_namespace: Test hostname requires UTS namespace
- test_domainname_with_uts_namespace: Test domainname with UTS namespace
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: add comprehensive tests for custom-handler.c
Add both unit tests and Python integration tests to improve coverage
for src/libcrun/custom-handler.c which is currently at 28.2% coverage.
Unit tests (tests_libcrun_custom_handler.c):
- Test handler manager creation and cleanup
- Test handler lookup by name
- Test feature tag printing
- Test handler configuration with various scenarios
- Test error paths and edge cases
Python tests (test_custom_handler.py):
- Test sandbox annotation handling
- Test non-existent handler requests
- Test --handler command line option
- Test annotation and context handler conflicts
- Test feature tag output in --version
- Test empty and invalid handler annotations
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add unit tests for error handling functions:
- test_crun_error_wrap: Test error wrapping functionality
- test_crun_error_get_errno: Test errno extraction from errors
- test_libcrun_verbosity: Test verbosity get/set functions
- test_libcrun_set_log_format: Test log format validation
- test_crun_error_release_null: Test NULL handling in error release
These unit tests directly exercise error.c functions for better
coverage without needing to spawn containers.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: improve error logging and add more coverage tests
Improve error logging:
- Add test environment context (uid, rootless, cgroup_v2, cgroup_manager)
when tests fail, helping diagnose environment-specific issues
Add new command tests:
- test_state_created_container: Test state on created but not started container
- test_state_stopped_container: Test state on stopped container
- test_features_command: Test features command returns valid JSON
- test_ps_json_format: Test ps with JSON format
- test_delete_force: Test force delete on running container
- test_start_command: Test start on created container
- test_version_command: Test version output
- test_help_command: Test help output
Add new exec tests:
- test_exec_cwd: Test exec with working directory
- test_exec_process_json: Test exec with process.json file
- test_exec_detach: Test exec with detach option
- test_exec_multiple: Test multiple exec calls
- test_exec_exit_code: Test exit code propagation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: fix memory-high test to use unified resources
The memory.high OCI property is only handled by the systemd cgroup
manager. Use the unified map instead, which writes directly to the
cgroup file and works with both cgroupfs and systemd managers.
Also add better debugging output for failures.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add additional seccomp tests to improve code coverage:
- test_seccomp_kill_action: Test SCMP_ACT_KILL action
- test_seccomp_syscall_args: Test syscall argument filtering
- test_seccomp_multiple_syscalls: Test multiple syscalls in one rule
- test_seccomp_errno_default: Test SCMP_ACT_ERRNO as default action
- test_seccomp_comparison_ops: Test different comparison operators
- test_seccomp_flags: Test seccomp filter flags
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: improve sd-notify-proxy test error handling
- Add proper socket timeout handling in notify server thread
- Add logging to show actual received datagram on failure
- Add timeouts to thread joins to prevent hangs
- Show stderr output for better debugging
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
- Remove time namespace from external namespace test as CRIU doesn't
support checkpoint/restore with external time namespaces
- Add better error handling and logging to pre-dump test
- Handle FileNotFoundError in pre-dump size calculation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
C unit tests (tests_libcrun_terminal.c) using isolated pty:
- test_cleanup_terminalp_null: NULL cleanup should not crash
- test_terminal_setup_size_invalid_fd: Invalid fd error handling
- test_terminal_setup_size_pty: Set size on isolated pty
- test_set_raw_invalid_fd: Invalid fd error handling
- test_set_raw_pty: Set raw mode on isolated pty
- test_set_raw_no_status: Set raw without saving status
- test_new_terminal: Verify pty creation
Add test_terminal.py to test terminal allocation code in
src/libcrun/terminal.c.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: fix variable names in test_bpf_devices logger calls
Fix incorrect variable names in logger.info calls that were introduced
when converting from sys.stderr.write to logger.info:
- prop_value -> output
- prog_file -> bpf_path
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add get_cgroup_manager() that reads the CGROUP_MANAGER environment
variable, defaulting to 'cgroupfs'. This allows running the entire
test suite with a different cgroup manager without modifying tests.
Also add get_test_environment() helper that returns a dict describing
the current test environment (uid, rootless, systemd, cgroup_v2, etc.)
for debugging purposes.
The run_and_get_output() function now uses the env var when the
cgroup_manager parameter is not explicitly specified, allowing tests
to inherit the environment setting while still supporting explicit
overrides.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add run_coverage_multi_env.sh that runs the test suite in multiple
environments to maximize code coverage:
1. Root with cgroupfs cgroup manager
2. Root with systemd cgroup manager (if available)
3. User namespace via unshare --user --map-root-user
4. Non-root user via unshare --user --map-user=1000
Coverage data accumulates across all runs since lcov merges .gcda
files automatically. This helps exercise code paths that are only
reachable under specific conditions (rootless, systemd, etc.).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
coverage: add _safe_exit macro to flush gcov data before _exit
When code coverage is enabled (--enable-coverage), forked child
processes that call _exit() do not flush their gcov coverage data,
resulting in incomplete coverage reports.
This patch:
- Adds HAVE_COVERAGE define when --enable-coverage is used
- Introduces _safe_exit() macro in error.h that calls __gcov_dump()
before _exit() when coverage is enabled
- Replaces all _exit() calls with _safe_exit() across the codebase
This ensures coverage data from forked processes (container setup,
namespace configuration, etc.) is properly captured.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit adds support for specifying a CRIU RPC configuration file.
This config file allows users to overwrite the default CRIU options
used by the container runtime, for example, to specify options such as
`--tcp-established` or `--tcp-close` when checkpointing containers
with TCP connections in Kubernetes.
For compatibility with runc, the default config file path is set to
`/etc/criu/runc.conf`. We also introduce support for crun.conf
that will be used instead of runc.conf when the file is available.
`criu_set_config_file()` was added to libcriu in version 4.2
tests: use hide_stderr=True to avoid coverage output interference
When running tests with --enable-coverage, gcov writes diagnostic
messages to stderr which get mixed with program output due to
stderr=subprocess.STDOUT in run_and_get_output(). This causes
test failures as the TAP parser encounters unexpected output.
Add hide_stderr=True to most run_and_get_output() calls to discard
coverage diagnostics while preserving the actual program output
needed for test validation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: replace all sys.stderr.write calls with proper logging
Implement clean logging infrastructure using Python's standard library:
Infrastructure Changes:
- Add simple logging setup in tests_utils.py using logging.basicConfig()
- Configure logger with TAP diagnostic format ('# %(message)s')
- Export logger through __all__ for use in test files
- Set default level to WARNING for production use
Comprehensive Replacement:
- Replace all sys.stderr.write() calls in tests_utils.py with logger calls
- Replace all sys.stderr.write() calls across 15+ test files
- Use appropriate log levels (warning, error, info) based on message type
- Clean up format strings for proper logger parameter passing
Benefits:
- Consistent diagnostic output with TAP '#' prefix
- Standard library only - no external dependencies
- Configurable log levels via logging module
- Proper format string handling with logger parameters
- Cleaner code without manual string formatting
All test files automatically import logger via 'from tests_utils import *'
maintaining backward compatibility while improving logging infrastructure.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: improve TAP skip reason reporting with specific explanations
Enhance the TAP test framework to support and display specific skip reasons:
- Modify run_all_tests() to handle (return_code, reason) tuples
- Update tests to return (77, reason) instead of just 77
- Add descriptive skip reasons like "requires root privileges"
- Show skip reasons in TAP output as "#SKIP reason"
This makes test output more informative by explaining why tests
were skipped rather than showing generic skip messages.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: enhance TAP error reporting with more diagnostic information
Add enhanced diagnostic output for test failures including:
- Exception type and detailed messages
- Process return codes and failed commands
- Process output and stderr
- Working directory and test environment info
This improves debugging of test failures by providing more context
about what went wrong during test execution.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
tests: add writable /tmp tmpfs mount to base test configuration
This fixes CRIU checkpoint/restore failures that occur when CRIU tries
to create temporary directories for mount namespace reconstruction but
encounters a read-only filesystem.
The error was:
Error (criu/mount.c:2955): mnt: Can't create a temporary directory: Read-only file system
Error (criu/mount.c:3700): mnt: Can't remove the directory /tmp/.criu.mntns.Y96TTI: Device or resource busy
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
projects / 0xmirror / crun.git / log