Conflicting single_process_type and specialized_init_system checks
Closed this issue · 1 comments
Describe the bug
The single_process_type and specialized_init_system checks cannot be passed both in the same (e.g. cert essential) run
To Reproduce
Steps to reproduce the behavior:
$ cnf-testsuite version
CNF TestSuite version: v1.2.0
- Execute the cert essential tests
- See one of the tests failing. Examples for tiny and dumb-init:
🎬 Testing: [single_process_type]
resource: {kind: "Deployment", name: "dns-dserver", namespace: "default"}, pod dns-dserver-b447b56ff-4nmtx and container: dserver has more than one process type (/sbin/tini--/usr/local/bin/dns-app, /usr/local/bin/dns-app)
✖️ 🏆FAILED: [single_process_type] More than one process type used ⚖👀
🎬 Testing: [single_process_type]
resource: {kind: "StatefulSet", name: "dns-drouter", namespace: "default"}, pod dns-drouter-0 and container: drouter has more than one process type (/usr/local/bin/dumb-init--/usr/local/bin/dns-app, /usr/local/bin/dns-app)
✖️ 🏆FAILED: [single_process_type] More than one process type used ⚖👀
Expected behavior
The single process type check shall be made tolerant to the specialized init systems (dumb-init, tiny, s6-overlay) so that both tests can be passed in the same run.
Device (please complete the following information):
Linux ip-10-0-33-150 6.5.0-1020-aws #20 SMP Wed May 1 16:10:50 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Additional context
Note, the s6-overlay init system seems to be starting multiple processes.
There seems to be unfinished implementation in k8s_kernel_introspection's verify_single_proc_tree
https://github.com/cnf-testsuite/k8s_kernel_introspection/blob/main/src/kernel_introspection/k8s.cr#L41
if current_pid == original_parent_pid && ppid != "" &&
status_name != name
# todo exclude tini, init, dumbinit?, from violations
Log.info { "top level parent (i.e. superviser -- first parent with different name): #{status_name}" }
verified = false