opencontainers · mrunalp · Aug 18, 2020 · Aug 9, 2020 · Aug 9, 2020 · Aug 9, 2020
diff --git a/Makefile b/Makefile
@@ -121,6 +121,7 @@ validate:
 	script/validate-gofmt
 	script/validate-c
 	$(GO) vet $(MOD_VENDOR) ./...
+	shellcheck tests/integration/*.bats
 
 ci: validate test release
 

diff --git a/tests/integration/cgroups.bats b/tests/integration/cgroups.bats
@@ -3,7 +3,7 @@
 load helpers
 
 function teardown() {
-    rm -f $BATS_TMPDIR/runc-cgroups-integration-test.json
+    rm -f "$BATS_TMPDIR"/runc-cgroups-integration-test.json
     teardown_running_container test_cgroups_kmem
     teardown_running_container test_cgroups_permissions
     teardown_busybox
@@ -21,10 +21,10 @@ function setup() {
     set_cgroups_path "$BUSYBOX_BUNDLE"
 
     # Set some initial known values
-    update_config '.linux.resources.memory |= {"kernel": 16777216, "kernelTCP": 11534336}' ${BUSYBOX_BUNDLE}
+    update_config '.linux.resources.memory |= {"kernel": 16777216, "kernelTCP": 11534336}' "${BUSYBOX_BUNDLE}"
 
     # run a detached busybox to work with
-    runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_kmem
+    runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_kmem
     [ "$status" -eq 0 ]
 
     check_cgroup_value "memory.kmem.limit_in_bytes" 16777216
@@ -48,14 +48,14 @@ function setup() {
     set_cgroups_path "$BUSYBOX_BUNDLE"
 
     # run a detached busybox to work with
-    runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_kmem
+    runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_kmem
     [ "$status" -eq 0 ]
 
     # update kernel memory limit
     runc update test_cgroups_kmem --kernel-memory 50331648
     # Since kernel 4.6, we can update kernel memory without initialization
     # because it's accounted by default.
-    if [ "$KERNEL_MAJOR" -lt 4 ] || [ "$KERNEL_MAJOR" -eq 4 -a "$KERNEL_MINOR" -le 5 ]; then
+    if [[ "$KERNEL_MAJOR" -lt 4 || ( "$KERNEL_MAJOR" -eq 4 && "$KERNEL_MINOR" -le 5 ) ]]; then
         [ ! "$status" -eq 0 ]
     else
         [ "$status" -eq 0 ]
@@ -64,7 +64,7 @@ function setup() {
 }
 
 @test "runc create (no limits + no cgrouppath + no permission) succeeds" {
-    runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
+    runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_permissions
     [ "$status" -eq 0 ]
 }
 
@@ -76,7 +76,7 @@ function setup() {
 
     set_cgroups_path "$BUSYBOX_BUNDLE"
 
-    runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
+    runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_permissions
     [ "$status" -eq 1 ]
     [[ ${lines[1]} == *"permission denied"* ]]
 }
@@ -89,7 +89,7 @@ function setup() {
 
     set_resources_limit "$BUSYBOX_BUNDLE"
 
-    runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
+    runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_permissions
     [ "$status" -eq 1 ]
     [[ ${lines[1]} == *"rootless needs no limits + no cgrouppath when no permission is granted for cgroups"* ]] || [[ ${lines[1]} == *"cannot set pids limit: container could not join or create cgroup"* ]]
 }
@@ -100,13 +100,14 @@ function setup() {
     set_cgroups_path "$BUSYBOX_BUNDLE"
     set_resources_limit "$BUSYBOX_BUNDLE"
 
-    runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
+    runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_permissions
     [ "$status" -eq 0 ]
     if [ "$CGROUP_UNIFIED" != "no" ]; then
         if [ -n "${RUNC_USE_SYSTEMD}" ] ; then
-            if [ $(id -u) = "0" ]; then
+            if [ "$(id -u)" = "0" ]; then
                 check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/machine.slice/cgroup.controllers)"
             else
+                # shellcheck disable=SC2046
                 check_cgroup_value "cgroup.controllers" "$(cat /sys/fs/cgroup/user.slice/user-$(id -u).slice/cgroup.controllers)"
             fi
         else
@@ -121,7 +122,7 @@ function setup() {
     set_cgroups_path "$BUSYBOX_BUNDLE"
     set_resources_limit "$BUSYBOX_BUNDLE"
 
-    runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_permissions
+    runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_permissions
     [ "$status" -eq 0 ]
 
     runc exec test_cgroups_permissions echo "cgroups_exec"
@@ -135,7 +136,7 @@ function setup() {
     set_cgroups_path "$BUSYBOX_BUNDLE"
     set_cgroup_mount_writable "$BUSYBOX_BUNDLE"
 
-    runc run -d --console-socket $CONSOLE_SOCKET test_cgroups_group
+    runc run -d --console-socket "$CONSOLE_SOCKET" test_cgroups_group
     [ "$status" -eq 0 ]
 
     runc exec test_cgroups_group cat /sys/fs/cgroup/cgroup.controllers
@@ -169,6 +170,7 @@ function setup() {
     [[ ${lines[0]} == "0::/foo" ]]
 
 # teardown: remove "/foo"
+    # shellcheck disable=SC2016
     runc exec test_cgroups_group sh -uxc 'echo -memory > /sys/fs/cgroup/cgroup.subtree_control; for f in $(cat /sys/fs/cgroup/foo/cgroup.procs); do echo $f > /sys/fs/cgroup/cgroup.procs; done; rmdir /sys/fs/cgroup/foo'
     runc exec test_cgroups_group test ! -d /sys/fs/cgroup/foo
     [ "$status" -eq 0 ]

diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats
@@ -15,7 +15,7 @@ function teardown() {
   local pid fd
 
   for pid in "${PIDS_TO_KILL[@]}"; do
-    kill -9 $pid || true
+    kill -9 "$pid" || true
   done
   PIDS_TO_KILL=()
 
@@ -27,6 +27,7 @@ function teardown() {
 
 function setup_pipes() {
 	# The changes to 'terminal' are needed for running in detached mode
+	# shellcheck disable=SC2016
 	update_config 	' (.. | select(.terminal? != null)) .terminal |= false
 			| (.. | select(.[]? == "sh")) += ["-c", "for i in `seq 10`; do read xxx || continue; echo ponG $xxx; done"]'
 
@@ -41,6 +42,7 @@ function setup_pipes() {
 	exec {in_r}</proc/self/fd/$pipe
 	exec {in_w}>/proc/self/fd/$pipe
 	exec {pipe}>&-
+	# shellcheck disable=SC2206
 	FDS_TO_CLOSE=($in_r $in_w $out_r $out_w)
 }
 
@@ -54,23 +56,24 @@ function check_pipes() {
 }
 
 function simple_cr() {
-  runc run -d --console-socket $CONSOLE_SOCKET test_busybox
+  runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
   [ "$status" -eq 0 ]
 
   testcontainer test_busybox running
 
-  for i in `seq 2`; do
+  # shellcheck disable=SC2034
+  for i in $(seq 2); do
     # checkpoint the running container
     runc --criu "$CRIU" checkpoint --work-path ./work-dir test_busybox
-    cat ./work-dir/dump.log | grep -B 5 Error || true
+    grep -B 5 Error ./work-dir/dump.log || true
     [ "$status" -eq 0 ]
 
     # after checkpoint busybox is no longer running
     testcontainer test_busybox checkpointed
 
     # restore from checkpoint
-    runc --criu "$CRIU" restore -d --work-path ./work-dir --console-socket $CONSOLE_SOCKET test_busybox
-    cat ./work-dir/restore.log | grep -B 5 Error || true
+    runc --criu "$CRIU" restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox
+    grep -B 5 Error ./work-dir/restore.log || true
     [ "$status" -eq 0 ]
 
     # busybox should be back up and running
@@ -112,7 +115,7 @@ function simple_cr() {
   mkdir image-dir
   mkdir work-dir
   runc --criu "$CRIU" checkpoint --parent-path ./parent-dir --work-path ./work-dir --image-path ./image-dir test_busybox
-  cat ./work-dir/dump.log | grep -B 5 Error || true
+  grep -B 5 Error ./work-dir/dump.log || true
   [ "$status" -eq 0 ]
 
   # after checkpoint busybox is no longer running
@@ -121,7 +124,7 @@ function simple_cr() {
   # restore from checkpoint
   ret=0
   __runc --criu "$CRIU" restore -d --work-path ./work-dir --image-path ./image-dir test_busybox <&${in_r} >&${out_w} 2>&${out_w} || ret=$?
-  cat ./work-dir/restore.log | grep -B 5 Error || true
+  grep -B 5 Error ./work-dir/restore.log || true
   [ $ret -eq 0 ]
 
   # busybox should be back up and running
@@ -136,7 +139,7 @@ function simple_cr() {
 
 @test "checkpoint --lazy-pages and restore" {
   # check if lazy-pages is supported
-  run ${CRIU} check --feature uffd-noncoop
+  run "${CRIU}" check --feature uffd-noncoop
   if [ "$status" -eq 1 ]; then
     skip "this criu does not support lazy migration"
   fi
@@ -158,17 +161,21 @@ function simple_cr() {
   # For lazy migration we need to know when CRIU is ready to serve
   # the memory pages via TCP.
   exec {pipe}<> <(:)
+  # shellcheck disable=SC2094
   exec {lazy_r}</proc/self/fd/$pipe {lazy_w}>/proc/self/fd/$pipe
   exec {pipe}>&-
+  # shellcheck disable=SC2206
   FDS_TO_CLOSE+=($lazy_r $lazy_w)
 
   __runc --criu "$CRIU" checkpoint --lazy-pages --page-server 0.0.0.0:${port} --status-fd ${lazy_w} --work-path ./work-dir --image-path ./image-dir test_busybox &
   cpt_pid=$!
+  # shellcheck disable=SC2206
   PIDS_TO_KILL=($cpt_pid)
 
   # wait for lazy page server to be ready
   out=$(timeout 2 dd if=/proc/self/fd/${lazy_r} bs=1 count=1 2>/dev/null | od)
   exec {lazy_w}>&-
+  # shellcheck disable=SC2116,SC2086
   out=$(echo $out) # rm newlines
   # show errors if there are any before we fail
   grep -B5 Error ./work-dir/dump.log || true
@@ -181,6 +188,7 @@ function simple_cr() {
   # Start CRIU in lazy-daemon mode
   ${CRIU} lazy-pages --page-server --address 127.0.0.1 --port ${port} -D image-dir &
   lp_pid=$!
+  # shellcheck disable=SC2206
   PIDS_TO_KILL+=($lp_pid)
 
   # Restore lazily from checkpoint.
@@ -191,7 +199,7 @@ function simple_cr() {
   # continue to run if the migration failed at some point.
   ret=0
   __runc --criu "$CRIU" restore -d --work-path ./image-dir --image-path ./image-dir --lazy-pages test_busybox_restore <&${in_r} >&${out_w} 2>&${out_w} || ret=$?
-  cat ./work-dir/restore.log | grep -B 5 Error || true
+  grep -B 5 Error ./work-dir/restore.log || true
   [ $ret -eq 0 ]
 
   # busybox should be back up and running
@@ -211,70 +219,69 @@ function simple_cr() {
 
 @test "checkpoint and restore in external network namespace" {
   # check if external_net_ns is supported; only with criu 3.10++
-  run ${CRIU} check --feature external_net_ns
+  run "${CRIU}" check --feature external_net_ns
   if [ "$status" -eq 1 ]; then
     # this criu does not support external_net_ns; skip the test
     skip "this criu does not support external network namespaces"
   fi
 
   # create a temporary name for the test network namespace
-  tmp=`mktemp`
-  rm -f $tmp
-  ns_name=`basename $tmp`
+  tmp=$(mktemp)
+  rm -f "$tmp"
+  ns_name=$(basename "$tmp")
   # create network namespace
-  ip netns add $ns_name
-  ns_path=`ip netns add $ns_name 2>&1 | sed -e 's/.*"\(.*\)".*/\1/'`
-
-  ns_inode=`ls -iL $ns_path | awk '{ print $1 }'`
+  ip netns add "$ns_name"
+  ns_path=$(ip netns add "$ns_name" 2>&1 | sed -e 's/.*"\(.*\)".*/\1/')
+  # shellcheck disable=SC2012
+  ns_inode=$(ls -iL "$ns_path" | awk '{ print $1 }')
 
   # tell runc which network namespace to use
   update_config '(.. | select(.type? == "network")) .path |= "'"$ns_path"'"'
 
-  runc run -d --console-socket $CONSOLE_SOCKET test_busybox
+  runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
   [ "$status" -eq 0 ]
 
   testcontainer test_busybox running
 
-  for i in `seq 2`; do
+  # shellcheck disable=SC2034
+  for i in $(seq 2); do
     # checkpoint the running container; this automatically tells CRIU to
     # handle the network namespace defined in config.json as an external
     runc --criu "$CRIU" checkpoint --work-path ./work-dir test_busybox
-    # if you are having problems getting criu to work uncomment the following dump:
-    #cat /run/opencontainer/containers/test_busybox/criu.work/dump.log
-    cat ./work-dir/dump.log | grep -B 5 Error || true
+    grep -B 5 Error ./work-dir/dump.log || true
     [ "$status" -eq 0 ]
 
     # after checkpoint busybox is no longer running
     testcontainer test_busybox checkpointed
 
     # restore from checkpoint; this should restore the container into the existing network namespace
-    runc --criu "$CRIU" restore -d --work-path ./work-dir --console-socket $CONSOLE_SOCKET test_busybox
-    cat ./work-dir/restore.log | grep -B 5 Error || true
+    runc --criu "$CRIU" restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox
+    grep -B 5 Error ./work-dir/restore.log || true
     [ "$status" -eq 0 ]
 
     # busybox should be back up and running
     testcontainer test_busybox running
 
     # container should be running in same network namespace as before
-    pid=`__runc state test_busybox | jq '.pid'`
-    ns_inode_new=`readlink /proc/$pid/ns/net | sed -e 's/.*\[\(.*\)\]/\1/'`
+    pid=$(__runc state test_busybox | jq '.pid')
+    ns_inode_new=$(readlink /proc/"$pid"/ns/net | sed -e 's/.*\[\(.*\)\]/\1/')
     echo "old network namespace inode $ns_inode"
     echo "new network namespace inode $ns_inode_new"
     [ "$ns_inode" -eq "$ns_inode_new" ]
   done
-  ip netns del $ns_name
+  ip netns del "$ns_name"
 }
 
 @test "checkpoint and restore with container specific CRIU config" {
-  tmp=`mktemp /tmp/runc-criu-XXXXXX.conf`
+  tmp=$(mktemp /tmp/runc-criu-XXXXXX.conf)
   # This is the file we write to /etc/criu/default.conf
-  tmplog1=`mktemp /tmp/runc-criu-log-XXXXXX.log`
-  unlink $tmplog1
-  tmplog1=`basename $tmplog1`
+  tmplog1=$(mktemp /tmp/runc-criu-log-XXXXXX.log)
+  unlink "$tmplog1"
+  tmplog1=$(basename "$tmplog1")
   # That is the actual configuration file to be used
-  tmplog2=`mktemp /tmp/runc-criu-log-XXXXXX.log`
-  unlink $tmplog2
-  tmplog2=`basename $tmplog2`
+  tmplog2=$(mktemp /tmp/runc-criu-log-XXXXXX.log)
+  unlink "$tmplog2"
+  tmplog2=$(basename "$tmplog2")
   # This adds the annotation 'org.criu.config' to set a container
   # specific CRIU config file.
   update_config '.annotations += {"org.criu.config": "'"$tmp"'"}'
@@ -283,34 +290,34 @@ function simple_cr() {
   mkdir -p /etc/criu
   echo "log-file=$tmplog1" > /etc/criu/default.conf
   # Make sure the RPC defined configuration file overwrites the previous
-  echo "log-file=$tmplog2" > $tmp
+  echo "log-file=$tmplog2" > "$tmp"
 
-  runc run -d --console-socket $CONSOLE_SOCKET test_busybox
+  runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
   [ "$status" -eq 0 ]
 
   testcontainer test_busybox running
 
   # checkpoint the running container
   runc --criu "$CRIU" checkpoint --work-path ./work-dir test_busybox
-  cat ./work-dir/dump.log | grep -B 5 Error || true
+  grep -B 5 Error ./work-dir/dump.log || true
   [ "$status" -eq 0 ]
-  ! test -f ./work-dir/$tmplog1
-  test -f ./work-dir/$tmplog2
+  ! test -f ./work-dir/"$tmplog1"
+  test -f ./work-dir/"$tmplog2"
 
   # after checkpoint busybox is no longer running
   testcontainer test_busybox checkpointed
 
-  test -f ./work-dir/$tmplog2 && unlink ./work-dir/$tmplog2
+  test -f ./work-dir/"$tmplog2" && unlink ./work-dir/"$tmplog2"
   # restore from checkpoint
-  runc --criu "$CRIU" restore -d --work-path ./work-dir --console-socket $CONSOLE_SOCKET test_busybox
-  cat ./work-dir/restore.log | grep -B 5 Error || true
+  runc --criu "$CRIU" restore -d --work-path ./work-dir --console-socket "$CONSOLE_SOCKET" test_busybox
+  grep -B 5 Error ./work-dir/restore.log || true
   [ "$status" -eq 0 ]
-  ! test -f ./work-dir/$tmplog1
-  test -f ./work-dir/$tmplog2
+  ! test -f ./work-dir/"$tmplog1"
+  test -f ./work-dir/"$tmplog2"
 
   # busybox should be back up and running
   testcontainer test_busybox running
-  unlink $tmp
-  test -f ./work-dir/$tmplog2 && unlink ./work-dir/$tmplog2
+  unlink "$tmp"
+  test -f ./work-dir/"$tmplog2" && unlink ./work-dir/"$tmplog2"
 }