runtimetest: fix root readonly check

Instead of trying to write a file on the rootfs, check the "ro"
per-mount option on the root mountpoint. The rootfs might not be
readable despite spec.Root.Readonly being false. Example: the rootfs
belong to an unmapped uid.

Signed-off-by: Alban Crequy <alban@kinvolk.io>

Author: alban

cmd/runtimetest/main.go

@@ -323,14 +323,37 @@ func validateRootFS(spec *rspec.Spec) error {
 		return nil
 	}
 
+	// We don't use testWriteAccess() because the rootfs might not be readable
+	// despite spec.Root.Readonly being false. Example: the rootfs belong to an
+	// unmapped uid.
+
+	mountInfos, err := mount.GetMounts()
+	if err != nil {
+		return err
+	}
+
+	optRO := false
+	for _, mountInfo := range mountInfos {
+		if mountInfo.Mountpoint != "/" {
+			continue
+		}
+
+		// Check the per-mount options rather than the per-sb options
+		optsList := strings.Split(mountInfo.Opts, ",")
+		for _, opt := range optsList {
+			if opt == "ro" {
+				optRO = true
+				break
+			}
+		}
+	}
+
 	if spec.Root.Readonly {
-		err := testWriteAccess("/")
-		if err == nil {
+		if !optRO {
 			return specerror.NewError(specerror.RootReadonlyImplement, fmt.Errorf("rootfs must be readonly"), rspec.Version)
 		}
 	} else {
-		err := testWriteAccess("/")
-		if err != nil {
+		if optRO {
 			return specerror.NewError(specerror.RootReadonlyImplement, fmt.Errorf("rootfs must not be readonly"), rspec.Version)
 		}
 	}