From 51a0845adba702ac02437405988b24b3b2c9fb45 Mon Sep 17 00:00:00 2001 From: James O'Doherty Date: Wed, 3 Jun 2026 23:45:45 -0400 Subject: fix: resolve resource leaks and improve namespace lifecycle management - Fix DNS resolver leaks by creating temporary resolv.conf files within the profile's runtime directory and ensuring robust cleanup. - Fix isolation block directory leaks by explicitly removing the block directory during namespace unpinning. - Improve namespace lifecycle management: - Register processes before joining an active namespace to prevent race conditions in reference counting. - Update `IsLastProcess` and corresponding tests to reflect the unregister-then-check cleanup flow. - Improve test reliability and correctness: - Convert `TestAppRun_ProfileDirInjection` to use separate binary execution, preventing process replacement and ensuring `t.TempDir()` cleanup. - Replace hardcoded test configuration paths with `t.TempDir()` in `mount_leak_test.go`. - Implement `SetEnvOverrides` helper for cleaner environment variable management in E2E tests. - Improve E2E lifecycle tests with better environment handling and output redirection. --- internal/cli/cli_test.go | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) (limited to 'internal/cli/cli_test.go') diff --git a/internal/cli/cli_test.go b/internal/cli/cli_test.go index 2e85283..093bac3 100644 --- a/internal/cli/cli_test.go +++ b/internal/cli/cli_test.go @@ -1,14 +1,26 @@ package cli import ( + "fmt" "os" + "os/exec" "path/filepath" "strings" "testing" ) +func getTestBinary(t *testing.T) string { + binPath := "../../wg-wrap" + if _, err := os.Stat(binPath); err != nil { + t.Fatalf("test binary not found at %s. please run 'make' first", binPath) + } + return binPath +} + func TestAppRun_ProfileDirInjection(t *testing.T) { t.Parallel() + bin := getTestBinary(t) + // Set up a temporary directory to simulate XDG_CONFIG_HOME/wg-wrap/profiles tmpDir := t.TempDir() @@ -34,23 +46,26 @@ AllowedIPs = 10.0.0.0/24 }{ { name: "valid profile with injected dir", - args: []string{"wg-wrap", "--profile", "test-vpn", "true"}, + args: []string{"--profile", "test-vpn", "true"}, wantErr: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - app := NewApp(tt.args) - app.ConfigDir = tmpDir // Inject temporary directory - app.RuntimeBaseDir = tmpDir // Inject temporary directory for PID tracking + cmd := exec.Command(bin, tt.args...) + cmd.Env = append(os.Environ(), + fmt.Sprintf("WG_WRAP_CONFIG_DIR=%s", tmpDir), + fmt.Sprintf("WG_WRAP_RUNTIME_BASE_DIR=%s", tmpDir), + ) - err := app.Run() + err := cmd.Run() if (err != nil) != tt.wantErr { - if err != nil && strings.Contains(err.Error(), "command execution failed") { + if err != nil && strings.Contains(err.Error(), "exit status 1") { + // In some environments, 'true' might fail or isolation might fail return } - t.Errorf("App.Run() error = %v, wantErr %v", err, tt.wantErr) + t.Errorf("cmd.Run() error = %v, wantErr %v", err, tt.wantErr) } }) } -- cgit v1.2.3