Add sysctl case for FFI

Test case will execute sysctl inside nested container running on top of QM Jira-URL: https://issues.redhat.com/browse/VROOM-19309 Signed-off-by: weiwang <[email protected]>
containers · May 31, 2024 · e708dea · e708dea
1 parent d5a4668
commit e708dea
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/tests/ffi/sysctl/main.fmf b/tests/ffi/sysctl/main.fmf
@@ -0,0 +1,6 @@
+summary: Executing sysctl inside nested container running on top of QM
+test: /bin/bash ./test.sh
+duration: 20m
+tag: ffi
+framework: shell
+id: f615d356-9bf9-4de2-a007-7a99eca2bc48
diff --git a/tests/ffi/sysctl/test.sh b/tests/ffi/sysctl/test.sh
@@ -0,0 +1,29 @@
+#!/bin/bash -euvx
+
+# shellcheck disable=SC1091
+
+. ../common/prepare.sh
+
+export QM_HOST_REGISTRY_DIR="/var/qm/lib/containers/registry"
+export QM_REGISTRY_DIR="/var/lib/containers/registry"
+
+disk_cleanup
+prepare_test
+reload_config
+
+# Download ffi-tools container and push ffi-tools image into QM registry
+prepare_images
+
+# Run the ffi-tools container in qm vm
+run_container_in_qm ffi-qm
+
+# Get numbers of sysctl permission denied
+sysctl_num=$(podman exec qm /bin/bash -c \
+               "podman run  --replace --name ffi-qm  dir:${QM_REGISTRY_DIR}/ffi-tools:latest \
+               ./setsysctl 2>&1" | grep -c "sysctl: permission denied on key")
+
+# The number should No less than 5.
+if [ $sysctl_num -ge 5 ];then
+   info_message "Attempt to change OS level are denied successfully inside QM container."
+   exit 0
+fi