tests: fix broken disk emulation in test_jbod_ha

The problem with chmod 000 is that it is simply ignored for the owner of the namespace (verified with kprobe for security_capable [1]), previously it worked only cause there was a check for uid explicitly in FS::canRead/canWrite. [1]: cat-10561 [001] 1340776.172944: security_capable_retprobe: (capable_wrt_inode_uidgid+0x40/0x70 <- security_capable) arg1=0xffffffff 0xffffffff is -1 and it is EPERM Signed-off-by: Azat Khuzhin <a.khuzhin@semrush.com>
2024-11-10 01:25:21 +00:00 · 2022-11-30 16:39:49 +01:00 · 2022-11-30 16:39:49 +01:00 · 3903b442fb
commit 3903b442fb
parent e6695196aa
1 changed files with 18 additions and 4 deletions
--- a/tests/integration/test_jbod_ha/test.py
+++ b/tests/integration/test_jbod_ha/test.py
@ -72,9 +72,21 @@ def test_jbod_ha(start_cluster):

        node2.query("SYSTEM SYNC REPLICA tbl", timeout=10)

-        # mimic disk failure
+        # Mimic disk failure
+        #
+        # NOTE: you cannot do one of the following:
+        # - chmod 000 - this will not block access to the owner of the namespace,
+        #   and running clickhouse from non-root user is very tricky in this
+        #   sandbox.
+        # - unmount it, to replace with something else because in this case you
+        #   will loose tmpfs and besides clickhouse works from root, so it will
+        #   still be able to write/read from/to it.
+        #
+        # So it simply mounts over tmpfs, proc, and this will throw exception
+        # for read, because there is no such file and does not allows writes
+        # either.
        node1.exec_in_container(
-            ["bash", "-c", "chmod -R 000 /jbod1"], privileged=True, user="root"
+            ["bash", "-c", "mount -t proc proc /jbod1"], privileged=True, user="root"
        )

        time.sleep(3)
@ -91,9 +103,11 @@ def test_jbod_ha(start_cluster):

        assert int(node1.query("select count(p) from tbl")) == 2500

-        # mimic disk recovery
+        # Mimic disk recovery
+        #
+        # NOTE: this will unmount only proc from /jbod1 and leave tmpfs
        node1.exec_in_container(
-            ["bash", "-c", "chmod -R 755 /jbod1"],
+            ["bash", "-c", "umount  /jbod1"],
            privileged=True,
            user="root",
        )