From d721509ba6be6574457cc35e4404227d5888c768 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Sat, 1 Jul 2023 10:06:43 -0700 Subject: [PATCH 1/2] Fix flakey testSecurityModeSysfs Signed-off-by: Tibor Vass --- client/client_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/client/client_test.go b/client/client_test.go index a6542dc2140d..c04be058ed46 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -1055,15 +1055,15 @@ func testSecurityModeSysfs(t *testing.T, sb integration.Sandbox) { require.NoError(t, err) defer c.Close() - cg := "/sys/fs/cgroup/cpuset/securitytest" // cgroup v1 + cg := "/sys/fs/cgroup/cpuset" // cgroup v1 if _, err := os.Stat("/sys/fs/cgroup/cpuset"); errors.Is(err, os.ErrNotExist) { - cg = "/sys/fs/cgroup/securitytest" // cgroup v2 + cg = "/sys/fs/cgroup" // cgroup v2 } - command := "mkdir " + cg + // create temporary directory in cgroupfs to not interfere with subsequent runs + command := fmt.Sprintf("mktemp -d -p %s securitytest.XXXXXX", cg) st := llb.Image("busybox:latest"). - Run(llb.Shlex(command), - llb.Security(mode)) + Run(llb.Shlex(command), llb.Security(mode)) def, err := st.Marshal(sb.Context()) require.NoError(t, err) From f6715254a84bdf7725df70e6766868bd55c07ecd Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Sat, 1 Jul 2023 10:24:30 -0700 Subject: [PATCH 2/2] debug Signed-off-by: Tibor Vass --- client/client_test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/client/client_test.go b/client/client_test.go index c04be058ed46..c90e8d88c104 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -13,6 +13,7 @@ import ( "encoding/pem" "fmt" "io" + "io/ioutil" "net" "net/http" "net/url" @@ -1063,6 +1064,7 @@ func testSecurityModeSysfs(t *testing.T, sb integration.Sandbox) { // create temporary directory in cgroupfs to not interfere with subsequent runs command := fmt.Sprintf("mktemp -d -p %s securitytest.XXXXXX", cg) st := llb.Image("busybox:latest"). + Run(llb.Shlex("sh -c 'ls -l /sys/fs/cgroup | grep securitytest > /out || true'")). Run(llb.Shlex(command), llb.Security(mode)) def, err := st.Marshal(sb.Context()) @@ -1070,7 +1072,10 @@ func testSecurityModeSysfs(t *testing.T, sb integration.Sandbox) { _, err = c.Solve(sb.Context(), def, SolveOpt{ AllowedEntitlements: allowedEntitlements, + Exports: []ExportEntry{{Type: "local", OutputDir: "/tmp/out"}}, }, nil) + b, _ := ioutil.ReadFile("/tmp/out/out") + t.Logf("FOOBAR %s", b) if secMode == securitySandbox { require.Error(t, err)