[WIP][RFC] validation: LinuxUIDMapping: fix tests

Don't validate uid mappings and gid mappings separately: containers with
only user mappings or with only group mappings are not usable.

Additionnally, don't rely on the runtime to create the directories to be
mounted. runc mounts them in the easy cases but it does not work with
user namespaces.

Marking as WIP/RFC because this is in discussion in opencontainers/runtime-spec#955

Signed-off-by: Alban Crequy <[email protected]>

Author: alban

validation/linux_gid_mappings.go

@@ -1,14 +1,38 @@
 package main
 
 import (
+	"os"
+	"path/filepath"
+
 	"github.com/opencontainers/runtime-tools/validation/util"
 )
 
+func mkdir(path, subdir string) error {
+	pathName := filepath.Join(path, subdir)
+	err := os.MkdirAll(pathName, 0700)
+	if err != nil {
+		return err
+	}
+	err = os.Chown(pathName, 1000, 1000)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func main() {
 	g := util.GetDefaultGenerator()
 	g.AddOrReplaceLinuxNamespace("user", "")
-	g.AddLinuxUIDMapping(uint32(1000), uint32(0), uint32(3200))
-	err := util.RuntimeInsideValidate(g, nil)
+	g.AddLinuxUIDMapping(uint32(1000), uint32(0), uint32(2000))
+	g.AddLinuxGIDMapping(uint32(1000), uint32(0), uint32(3000))
+	err := util.RuntimeInsideValidate(g, func(path string) error {
+		_ = mkdir(path, "proc")
+		_ = mkdir(path, "dev")
+		_ = mkdir(path, "sys")
+
+		return nil
+	})
 	if err != nil {
 		util.Fatal(err)
 	}