update/add some tests for rlimit

issues:
opencontainers#4195
opencontainers#4265 (comment)

Signed-off-by: lifubang <lifubang@acmcoder.com>

libcontainer/integration/exec_test.go

@@ -136,11 +136,13 @@ func testRlimit(t *testing.T, userns bool) {
 
 	config := newTemplateConfig(t, &tParam{userns: userns})
 
-	// ensure limit is lower than what the config requests to test that in a user namespace
+	// Ensure limit is lower than what the config requests to test that in a user namespace
 	// the Setrlimit call happens early enough that we still have permissions to raise the limit.
+	// Do not change the Cur value to be equal to the Max value, please see:
+	// https://github.com/opencontainers/runc/pull/4265#discussion_r1589666444
 	ok(t, unix.Setrlimit(unix.RLIMIT_NOFILE, &unix.Rlimit{
 		Max: 1024,
-		Cur: 1024,
+		Cur: 512,
 	}))
 
 	out := runContainerOk(t, config, "/bin/sh", "-c", "ulimit -n")

tests/integration/rlimits.bats

@@ -0,0 +1,91 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function setup() {
+	# Do not change the Cur value to be equal to the Max value
+	# Because in some environments, the soft and hard nofile limit have the same value.
+	[ $EUID -eq 0 ] && prlimit --nofile=1024:65536 -p $$
+	setup_busybox
+}
+
+function teardown() {
+	teardown_bundle
+}
+
+@test "runc run with RLIMIT_NOFILE(The same as system's hard value)" {
+	# https://github.com/opencontainers/runc/pull/4265#discussion_r1588599809
+	hard=$(ulimit -n -H)
+	soft="$hard"
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${hard}, \"soft\": ${soft}}]"
+	update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'
+
+	runc run test_ulimit
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${soft}" ]]
+}
+
+@test "runc run with RLIMIT_NOFILE(Bigger than system's hard value)" {
+	requires root
+	# https://github.com/opencontainers/runc/pull/4265#discussion_r1588599809
+	hard=$(ulimit -n -H)
+	soft=$((hard + 1))
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${soft}, \"soft\": ${soft}}]"
+	update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'
+
+	runc run test_ulimit
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${soft}" ]]
+}
+
+@test "runc run with RLIMIT_NOFILE(Smaller than system's hard value)" {
+	hard=$(ulimit -n -H)
+	soft=$((hard - 1))
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${soft}, \"soft\": ${soft}}]"
+	update_config '.process.args = ["/bin/sh", "-c", "ulimit -n"]'
+
+	runc run test_ulimit
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${soft}" ]]
+}
+
+@test "runc exec with RLIMIT_NOFILE(The same as system's hard value)" {
+	hard=$(ulimit -n -H)
+	soft="$hard"
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${hard}, \"soft\": ${soft}}]"
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
+	[ "$status" -eq 0 ]
+
+	runc exec test_busybox /bin/sh -c "ulimit -n"
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${soft}" ]]
+}
+
+@test "runc exec with RLIMIT_NOFILE(Bigger than system's hard value)" {
+	requires root
+	hard=$(ulimit -n -H)
+	soft=$((hard + 1))
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${soft}, \"soft\": ${soft}}]"
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
+	[ "$status" -eq 0 ]
+
+	runc exec test_busybox /bin/sh -c "ulimit -n"
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${soft}" ]]
+}
+
+@test "runc exec with RLIMIT_NOFILE(Smaller than system's hard value)" {
+	hard=$(ulimit -n -H)
+	soft=$((hard - 1))
+	update_config ".process.rlimits = [{\"type\": \"RLIMIT_NOFILE\", \"hard\": ${soft}, \"soft\": ${soft}}]"
+
+	runc run -d --console-socket "$CONSOLE_SOCKET" test_busybox
+	[ "$status" -eq 0 ]
+
+	# issue: https://github.com/opencontainers/runc/issues/4195
+	runc exec test_busybox /bin/sh -c "ulimit -n"
+	[ "$status" -eq 0 ]
+	[[ "${output}" == "${soft}" ]]
+}