Merge pull request #204 from utam0k/improvement/description-of-oci-sp…

…ec-rs

Organize integration tests and add current status to README

.github/workflows/main.yml

@@ -83,6 +83,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             target/
+            integration_test/src/github.com/opencontainers/
           key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
       - uses: actions-rs/toolchain@v1
         with:

README.md

@@ -25,25 +25,29 @@ Here is why I am rewriting a new container runtime in Rust.
 - The development of [railcar](https://github.com/oracle/railcar) has been suspended. This project was very nice but is no longer being developed. This project is inspired by it.
 - I have fun implementing this. In fact, this may be the most important.
 
+# Related project
+
+- [containers/oci-spec-rs](https://github.com/containers/oci-spec-rs) - OCI Runtime and Image Spec in Rust
+
 # Status of youki
 
 youki is not at the practical stage yet. However, it is getting closer to practical use, running with docker and passing all the default tests provided by [opencontainers/runtime-tools](https://github.com/opencontainers/runtime-tools).
 ![youki demo](docs/demo.gif)
 
-## Features
-
-- [x] run with docker
-- [ ] run with podman(WIP on [#24](https://github.com/containers/youki/issues/24))
-- [x] pivot root
-- [x] mount devices
-- [x] namespaces
-- [x] capabilities
-- [x] rlimits
-- [x] cgroups v1
-- [ ] cgroups v2(WIP on [#78](https://github.com/containers/youki/issues/78))
-- [ ] seccomp(WIP on [#25](https://github.com/containers/youki/issues/25))
-- [ ] hooks(WIP on [#13](https://github.com/containers/youki/issues/13))
-- [ ] rootless(WIP on [#77](https://github.com/containers/youki/issues/77))
+|    Feature     |                   Description                   |                                                State                                                |
+| :------------: | :---------------------------------------------: | :-------------------------------------------------------------------------------------------------: |
+|     Docker     |               Running via Docker                |                                                  ✅                                                  |
+|     Podman     |               Running via Podman                | It works, but cgroups isn't supported. WIP on [#24](https://github.com/containers/youki/issues/24)  |
+|   pivot_root   |            Change the root directory            |                                                  ✅                                                  |
+|     Mounts     |    Mount files and directories to container     |                                                  ✅                                                  |
+|   Namespaces   |         Isolation of various resources          |                                                  ✅                                                  |
+|  Capabilities  |            Limiting root privileges             |                                                  ✅                                                  |
+|   Cgroups v1   |            Resource limitations, etc            |                                                  ✅                                                  |
+|   Cgroups v2   |             Improved version of v1              | Support is complete except for devices. WIP on [#78](https://github.com/containers/youki/issues/78) |
+|    Seccomp     |             Filtering system calls              |                     WIP on [#25](https://github.com/containers/youki/issues/25)                     |
+|     Hooks      | Add custom processing during container creation |                                                  ✅                                                  |
+|    Rootless    |   Running a container without root privileges   | It works, but cgroups isn't supported. WIP on [#77](https://github.com/containers/youki/issues/77)  |
+| OCI Compliance |        Compliance with OCI Runtime Spec         |                                   37 out of 57 test cases passing                                   |
 
 # Getting Started
 

integration_test.sh

@@ -2,40 +2,77 @@
 
 ROOT=$(pwd)
 RUNTIME=${ROOT}/youki
+
 cd integration_test/src/github.com/opencontainers/runtime-tools
-GOPATH=${ROOT}/integration_test make runtimetest validation-executables
+
 test_cases=(
+  "create/create.t"
   "default/default.t"
+  "delete/delete.t"
+  "delete_only_create_resources/delete_only_create_resources.t"
+  "delete_resources/delete_resources.t"
+  "hooks/hooks.t"
+  "hooks_stdin/hooks_stdin.t"
+  "hostname/hostname.t"
+  "kill/kill.t"
+  "kill_no_effect/kill_no_effect.t"
+  "killsig/killsig.t"
+  # "linux_cgroups_blkio/linux_cgroups_blkio.t"
+  "linux_cgroups_cpus/linux_cgroups_cpus.t"
   "linux_cgroups_devices/linux_cgroups_devices.t"
-  "linux_cgroups_hugetlb/linux_cgroups_hugetlb.t" 
-  "linux_cgroups_pids/linux_cgroups_pids.t"
+  "linux_cgroups_hugetlb/linux_cgroups_hugetlb.t"
   "linux_cgroups_memory/linux_cgroups_memory.t"
   "linux_cgroups_network/linux_cgroups_network.t"
-  "linux_cgroups_cpus/linux_cgroups_cpus.t"
+  "linux_cgroups_pids/linux_cgroups_pids.t"
+  # "linux_cgroups_relative_blkio/linux_cgroups_relative_blkio.t"
   "linux_cgroups_relative_cpus/linux_cgroups_relative_cpus.t" 
   "linux_cgroups_relative_devices/linux_cgroups_relative_devices.t"
-  "linux_cgroups_relative_hugetlb/linux_cgroups_relative_hugetlb.t" 
+  "linux_cgroups_relative_hugetlb/linux_cgroups_relative_hugetlb.t"
   "linux_cgroups_relative_memory/linux_cgroups_relative_memory.t"
-  "linux_cgroups_relative_network/linux_cgroups_relative_network.t" 
+  "linux_cgroups_relative_network/linux_cgroups_relative_network.t"
   "linux_cgroups_relative_pids/linux_cgroups_relative_pids.t"
-  "create/create.t"
-  "kill/kill.t"
-  "delete/delete.t"
-  "state/state.t"
+  "linux_devices/linux_devices.t"
+  # "linux_masked_paths/linux_masked_paths.t"
+  "linux_mount_label/linux_mount_label.t"
+  # "linux_ns_itype/linux_ns_itype.t"
+  # "linux_ns_nopath/linux_ns_nopath.t"
+  # "linux_ns_path/linux_ns_path.t"
+  # "linux_ns_path_type/linux_ns_path_type.t"
+  # "linux_process_apparmor_profile/linux_process_apparmor_profile.t"
+  # "linux_readonly_paths/linux_readonly_paths.t"
+  # "linux_rootfs_propagation/linux_rootfs_propagation.t"
+  # "linux_seccomp/linux_seccomp.t"
   "linux_sysctl/linux_sysctl.t"
-  "hooks/hooks.t"
-  "prestart/prestart.t"
+  # "linux_uid_mappings/linux_uid_mappings.t"
+  # "misc_props/misc_props.t"
+  # "mounts/mounts.t"
+  # "pidfile/pidfile.t"
   "poststart/poststart.t"
-  "prestart_fail/prestart_fail.t"
   "poststart_fail/poststart_fail.t"
   "poststop/poststop.t"
-  "hooks_stdin/hooks_stdin.t"
+  "poststop_fail/poststop_fail.t"
+  "prestart/prestart.t"
+  "prestart_fail/prestart_fail.t"
+  # "process/process.t"
+  "process_capabilities/process_capabilities.t"
+  "process_capabilities_fail/process_capabilities_fail.t"
+  # "process_oom_score_adj/process_oom_score_adj.t"
+  "process_rlimits/process_rlimits.t"
+  "process_rlimits_fail/process_rlimits_fail.t"
+  # "process_user/process_user.t"
+  # "root_readonly_true/root_readonly_true.t"
+  # Record the tests that runc also fails to pass below, maybe we will fix this by origin integration test, issue: https://github.com/containers/youki/issues/56
+  # "start/start.t"
+  "state/state.t"
 )
+for case in "${test_cases[@]}"; do
+  if [[ ! -e "${ROOT}/integration_test/src/github.com/opencontainers/runtime-tools/validation/$case" ]]; then
+    GOPATH=${ROOT}/integration_test make runtimetest validation-executables
+    break
+  fi
+done
+
 
-# Record the tests that runc also fails to pass below, maybe we will fix this by origin integration test, issue: https://github.com/containers/youki/issues/56
-# no_paas_test_case=(
-#   "start/start.t" 
-# )
 for case in "${test_cases[@]}"; do
   echo "Running $case"
   if [ 0 -ne $(sudo RUST_BACKTRACE=1 YOUKI_LOG_LEVEL=debug RUNTIME=${RUNTIME} ${ROOT}/integration_test/src/github.com/opencontainers/runtime-tools/validation/$case | grep "not ok" | wc -l) ]; then