Add mock'able unit tests and move package to `internal`

This adds internal strucutres and fakes to be able to mock the former `isSupproted` function. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-19 10:19:01 +02:00 · 2020-08-19 10:19:01 +02:00 · fa66b56024
parent 29747623fd
commit fa66b56024
6 changed files with 507 additions and 30 deletions
--- a/common/go.mod
+++ b/common/go.mod
@ -10,6 +10,7 @@ require (
 	github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f
 	github.com/docker/go-units v0.4.0
 	github.com/hashicorp/go-multierror v1.1.0
+	github.com/maxbrunsfeld/counterfeiter/v6 v6.2.3 // indirect
 	github.com/onsi/ginkgo v1.14.0
 	github.com/onsi/gomega v1.10.1
 	github.com/opencontainers/runc v1.0.0-rc91
--- a/common/go.sum
+++ b/common/go.sum
@ -121,6 +121,7 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
@ -151,6 +152,8 @@ github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvO
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/maxbrunsfeld/counterfeiter/v6 v6.2.3 h1:z1lXirM9f9WTcdmzSZahKh/t+LCqPiiwK2/DB1kLlI4=
+github.com/maxbrunsfeld/counterfeiter/v6 v6.2.3/go.mod h1:1ftk08SazyElaaNvmqAfZWGwJzshjCfBXDLoQtPAMNk=
 github.com/mistifyio/go-zfs v2.1.1+incompatible h1:gAMO1HM9xBRONLHHYnu5iFsOJUiJdNZo6oqSENd4eW8=
 github.com/mistifyio/go-zfs v2.1.1+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
 github.com/moby/sys/mountinfo v0.1.3 h1:KIrhRO14+AkwKvG/g2yIpNMOUVZ02xNhOw8KY1WsLOI=
@ -166,11 +169,13 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@ -222,6 +227,8 @@ github.com/prometheus/procfs v0.0.3 h1:CTwfnzjQ+8dS6MhHHu4YswVAD99sL2wjPqP+VkURm
 github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
+github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM=
 github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
@ -273,12 +280,15 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
 golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee h1:WG0RUwxtNT4qqaXX3DPA8zHFNm/D9xaBpxzHt1WcA/E=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -288,6 +298,8 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@ -310,6 +322,7 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -336,6 +349,10 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20200301222351-066e0c02454c h1:FD7jysxM+EJqg5UYYy3XYDsAiUickFsn4UiaanJkf8c=
+golang.org/x/tools v0.0.0-20200301222351-066e0c02454c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
--- a/common/pkg/apparmor/apparmor_linux.go
+++ b/common/pkg/apparmor/apparmor_linux.go
@ -9,7 +9,6 @@ import (
 	"os"
 	"os/exec"
 	"path"
-	"path/filepath"
 	"strconv"
 	"strings"
 	"text/template"
@ -25,35 +24,7 @@ var profileDirectory = "/etc/apparmor.d"

 // IsEnabled returns true if AppArmor is enabled on the host.
 func IsEnabled() bool {
-	if unshare.IsRootless() {
-		logrus.Debug("AppAmor is not supported on rootless containers")
-		return false
-	}
-	if !runcaa.IsEnabled() {
-		logrus.Debug("AppArmor not supported by the host system")
-		return false
-	}
-
-	const (
-		binary = "apparmor_parser"
-		sbin   = "/sbin"
-	)
-
-	// `/sbin` is not always in `$PATH`, so we check it explicitly
-	sbinBinaryPath := filepath.Join(sbin, binary)
-	if _, err := os.Stat(sbinBinaryPath); err == nil {
-		logrus.Debugf("AppAmor is supported by the host. Found %s binary in %s", binary, sbinBinaryPath)
-		return true
-	}
-
-	// Fallback to checking $PATH
-	if path, err := exec.LookPath(binary); err == nil {
-		logrus.Debugf("AppAmor is supported by the host. Found %s binary in %s", binary, path)
-		return true
-	}
-
-	logrus.Debugf("AppAmor requirements not met: %s binary neither found in %s nor $PATH", binary, sbin)
-	return false
+	return newAppArmorVerifier().isSupported() == nil
 }

 // profileData holds information about the given profile for generation.
--- a/common/pkg/apparmor/internal/supported/supported.go
+++ b/common/pkg/apparmor/internal/supported/supported.go
@ -0,0 +1,81 @@
+package supported
+
+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/containers/storage/pkg/unshare"
+	runcaa "github.com/opencontainers/runc/libcontainer/apparmor"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+)
+
+//go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 -generate
+
+type ApparmorVerifier struct {
+	impl verifierImpl
+}
+
+func NewAppArmorVerifier() *ApparmorVerifier {
+	return &ApparmorVerifier{impl: &defaultVerifier{}}
+}
+
+// IsSupported returns nil if AppAmor is supported by the host system,
+// otherwise an error
+func (a *ApparmorVerifier) IsSupported() error {
+	if a.impl.UnshareIsRootless() {
+		return errors.New("AppAmor is not supported on rootless containers")
+	}
+	if !a.impl.RuncIsEnabled() {
+		return errors.New("AppArmor not supported by the host system")
+	}
+
+	const (
+		binary = "apparmor_parser"
+		sbin   = "/sbin"
+	)
+
+	// `/sbin` is not always in `$PATH`, so we check it explicitly
+	sbinBinaryPath := filepath.Join(sbin, binary)
+	if _, err := a.impl.OsStat(sbinBinaryPath); err == nil {
+		logrus.Debugf("Found %s binary in %s", binary, sbinBinaryPath)
+		return nil
+	}
+
+	// Fallback to checking $PATH
+	if path, err := a.impl.ExecLookPath(binary); err == nil {
+		logrus.Debugf("Found %s binary in %s", binary, path)
+		return nil
+	}
+
+	return errors.Errorf(
+		"%s binary neither found in %s nor $PATH", binary, sbin,
+	)
+}
+
+//counterfeiter:generate . verifierImpl
+type verifierImpl interface {
+	UnshareIsRootless() bool
+	RuncIsEnabled() bool
+	OsStat(name string) (os.FileInfo, error)
+	ExecLookPath(file string) (string, error)
+}
+
+type defaultVerifier struct{}
+
+func (d *defaultVerifier) UnshareIsRootless() bool {
+	return unshare.IsRootless()
+}
+
+func (d *defaultVerifier) RuncIsEnabled() bool {
+	return runcaa.IsEnabled()
+}
+
+func (d *defaultVerifier) OsStat(name string) (os.FileInfo, error) {
+	return os.Stat(name)
+}
+
+func (d *defaultVerifier) ExecLookPath(file string) (string, error) {
+	return exec.LookPath(file)
+}
--- a/common/pkg/apparmor/internal/supported/supported_test.go
+++ b/common/pkg/apparmor/internal/supported/supported_test.go
@ -0,0 +1,89 @@
+package supported
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/containers/common/pkg/apparmor/internal/supported/supportedfakes"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/require"
+)
+
+func TestIsSupported(t *testing.T) {
+	for _, tc := range []struct {
+		prepare   func(*supportedfakes.FakeVerifierImpl) func()
+		shoulderr bool
+	}{
+		{ // success with binary in /sbin
+			prepare: func(mock *supportedfakes.FakeVerifierImpl) func() {
+				mock.UnshareIsRootlessReturns(false)
+				mock.RuncIsEnabledReturns(true)
+
+				file, err := ioutil.TempFile("", "")
+				require.Nil(t, err)
+				fileInfo, err := file.Stat()
+				require.Nil(t, err)
+				mock.OsStatReturns(fileInfo, nil)
+
+				return func() {
+					require.Nil(t, os.RemoveAll(file.Name()))
+				}
+			},
+			shoulderr: false,
+		},
+		{ // success with binary in $PATH
+			prepare: func(mock *supportedfakes.FakeVerifierImpl) func() {
+				mock.UnshareIsRootlessReturns(false)
+				mock.RuncIsEnabledReturns(true)
+				mock.OsStatReturns(nil, errors.New(""))
+				mock.ExecLookPathReturns("", nil)
+
+				return func() {}
+			},
+			shoulderr: false,
+		},
+		{ // error binary not in /sbin or $PATH
+			prepare: func(mock *supportedfakes.FakeVerifierImpl) func() {
+				mock.UnshareIsRootlessReturns(false)
+				mock.RuncIsEnabledReturns(true)
+				mock.OsStatReturns(nil, errors.New(""))
+				mock.ExecLookPathReturns("", errors.New(""))
+				return func() {}
+			},
+			shoulderr: true,
+		},
+		{ // error runc AppAmor not enabled
+			prepare: func(mock *supportedfakes.FakeVerifierImpl) func() {
+				mock.UnshareIsRootlessReturns(false)
+				mock.RuncIsEnabledReturns(false)
+				return func() {}
+			},
+			shoulderr: true,
+		},
+		{ // error rootless
+			prepare: func(mock *supportedfakes.FakeVerifierImpl) func() {
+				mock.UnshareIsRootlessReturns(true)
+				return func() {}
+			},
+			shoulderr: true,
+		},
+	} {
+		// Given
+		sut := NewAppArmorVerifier()
+		mock := &supportedfakes.FakeVerifierImpl{}
+		cleanup := tc.prepare(mock)
+		defer cleanup()
+		sut.impl = mock
+
+		// When
+		err := sut.IsSupported()
+
+		// Then
+		if tc.shoulderr {
+			require.NotNil(t, err)
+		} else {
+			require.Nil(t, err)
+		}
+	}
+}
--- a/common/pkg/apparmor/internal/supported/supportedfakes/fake_verifier_impl.go
+++ b/common/pkg/apparmor/internal/supported/supportedfakes/fake_verifier_impl.go
@ -0,0 +1,318 @@
+// Code generated by counterfeiter. DO NOT EDIT.
+package supportedfakes
+
+import (
+	"os"
+	"sync"
+)
+
+type FakeVerifierImpl struct {
+	ExecLookPathStub        func(string) (string, error)
+	execLookPathMutex       sync.RWMutex
+	execLookPathArgsForCall []struct {
+		arg1 string
+	}
+	execLookPathReturns struct {
+		result1 string
+		result2 error
+	}
+	execLookPathReturnsOnCall map[int]struct {
+		result1 string
+		result2 error
+	}
+	OsStatStub        func(string) (os.FileInfo, error)
+	osStatMutex       sync.RWMutex
+	osStatArgsForCall []struct {
+		arg1 string
+	}
+	osStatReturns struct {
+		result1 os.FileInfo
+		result2 error
+	}
+	osStatReturnsOnCall map[int]struct {
+		result1 os.FileInfo
+		result2 error
+	}
+	RuncIsEnabledStub        func() bool
+	runcIsEnabledMutex       sync.RWMutex
+	runcIsEnabledArgsForCall []struct {
+	}
+	runcIsEnabledReturns struct {
+		result1 bool
+	}
+	runcIsEnabledReturnsOnCall map[int]struct {
+		result1 bool
+	}
+	UnshareIsRootlessStub        func() bool
+	unshareIsRootlessMutex       sync.RWMutex
+	unshareIsRootlessArgsForCall []struct {
+	}
+	unshareIsRootlessReturns struct {
+		result1 bool
+	}
+	unshareIsRootlessReturnsOnCall map[int]struct {
+		result1 bool
+	}
+	invocations      map[string][][]interface{}
+	invocationsMutex sync.RWMutex
+}
+
+func (fake *FakeVerifierImpl) ExecLookPath(arg1 string) (string, error) {
+	fake.execLookPathMutex.Lock()
+	ret, specificReturn := fake.execLookPathReturnsOnCall[len(fake.execLookPathArgsForCall)]
+	fake.execLookPathArgsForCall = append(fake.execLookPathArgsForCall, struct {
+		arg1 string
+	}{arg1})
+	fake.recordInvocation("ExecLookPath", []interface{}{arg1})
+	fake.execLookPathMutex.Unlock()
+	if fake.ExecLookPathStub != nil {
+		return fake.ExecLookPathStub(arg1)
+	}
+	if specificReturn {
+		return ret.result1, ret.result2
+	}
+	fakeReturns := fake.execLookPathReturns
+	return fakeReturns.result1, fakeReturns.result2
+}
+
+func (fake *FakeVerifierImpl) ExecLookPathCallCount() int {
+	fake.execLookPathMutex.RLock()
+	defer fake.execLookPathMutex.RUnlock()
+	return len(fake.execLookPathArgsForCall)
+}
+
+func (fake *FakeVerifierImpl) ExecLookPathCalls(stub func(string) (string, error)) {
+	fake.execLookPathMutex.Lock()
+	defer fake.execLookPathMutex.Unlock()
+	fake.ExecLookPathStub = stub
+}
+
+func (fake *FakeVerifierImpl) ExecLookPathArgsForCall(i int) string {
+	fake.execLookPathMutex.RLock()
+	defer fake.execLookPathMutex.RUnlock()
+	argsForCall := fake.execLookPathArgsForCall[i]
+	return argsForCall.arg1
+}
+
+func (fake *FakeVerifierImpl) ExecLookPathReturns(result1 string, result2 error) {
+	fake.execLookPathMutex.Lock()
+	defer fake.execLookPathMutex.Unlock()
+	fake.ExecLookPathStub = nil
+	fake.execLookPathReturns = struct {
+		result1 string
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *FakeVerifierImpl) ExecLookPathReturnsOnCall(i int, result1 string, result2 error) {
+	fake.execLookPathMutex.Lock()
+	defer fake.execLookPathMutex.Unlock()
+	fake.ExecLookPathStub = nil
+	if fake.execLookPathReturnsOnCall == nil {
+		fake.execLookPathReturnsOnCall = make(map[int]struct {
+			result1 string
+			result2 error
+		})
+	}
+	fake.execLookPathReturnsOnCall[i] = struct {
+		result1 string
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *FakeVerifierImpl) OsStat(arg1 string) (os.FileInfo, error) {
+	fake.osStatMutex.Lock()
+	ret, specificReturn := fake.osStatReturnsOnCall[len(fake.osStatArgsForCall)]
+	fake.osStatArgsForCall = append(fake.osStatArgsForCall, struct {
+		arg1 string
+	}{arg1})
+	fake.recordInvocation("OsStat", []interface{}{arg1})
+	fake.osStatMutex.Unlock()
+	if fake.OsStatStub != nil {
+		return fake.OsStatStub(arg1)
+	}
+	if specificReturn {
+		return ret.result1, ret.result2
+	}
+	fakeReturns := fake.osStatReturns
+	return fakeReturns.result1, fakeReturns.result2
+}
+
+func (fake *FakeVerifierImpl) OsStatCallCount() int {
+	fake.osStatMutex.RLock()
+	defer fake.osStatMutex.RUnlock()
+	return len(fake.osStatArgsForCall)
+}
+
+func (fake *FakeVerifierImpl) OsStatCalls(stub func(string) (os.FileInfo, error)) {
+	fake.osStatMutex.Lock()
+	defer fake.osStatMutex.Unlock()
+	fake.OsStatStub = stub
+}
+
+func (fake *FakeVerifierImpl) OsStatArgsForCall(i int) string {
+	fake.osStatMutex.RLock()
+	defer fake.osStatMutex.RUnlock()
+	argsForCall := fake.osStatArgsForCall[i]
+	return argsForCall.arg1
+}
+
+func (fake *FakeVerifierImpl) OsStatReturns(result1 os.FileInfo, result2 error) {
+	fake.osStatMutex.Lock()
+	defer fake.osStatMutex.Unlock()
+	fake.OsStatStub = nil
+	fake.osStatReturns = struct {
+		result1 os.FileInfo
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *FakeVerifierImpl) OsStatReturnsOnCall(i int, result1 os.FileInfo, result2 error) {
+	fake.osStatMutex.Lock()
+	defer fake.osStatMutex.Unlock()
+	fake.OsStatStub = nil
+	if fake.osStatReturnsOnCall == nil {
+		fake.osStatReturnsOnCall = make(map[int]struct {
+			result1 os.FileInfo
+			result2 error
+		})
+	}
+	fake.osStatReturnsOnCall[i] = struct {
+		result1 os.FileInfo
+		result2 error
+	}{result1, result2}
+}
+
+func (fake *FakeVerifierImpl) RuncIsEnabled() bool {
+	fake.runcIsEnabledMutex.Lock()
+	ret, specificReturn := fake.runcIsEnabledReturnsOnCall[len(fake.runcIsEnabledArgsForCall)]
+	fake.runcIsEnabledArgsForCall = append(fake.runcIsEnabledArgsForCall, struct {
+	}{})
+	fake.recordInvocation("RuncIsEnabled", []interface{}{})
+	fake.runcIsEnabledMutex.Unlock()
+	if fake.RuncIsEnabledStub != nil {
+		return fake.RuncIsEnabledStub()
+	}
+	if specificReturn {
+		return ret.result1
+	}
+	fakeReturns := fake.runcIsEnabledReturns
+	return fakeReturns.result1
+}
+
+func (fake *FakeVerifierImpl) RuncIsEnabledCallCount() int {
+	fake.runcIsEnabledMutex.RLock()
+	defer fake.runcIsEnabledMutex.RUnlock()
+	return len(fake.runcIsEnabledArgsForCall)
+}
+
+func (fake *FakeVerifierImpl) RuncIsEnabledCalls(stub func() bool) {
+	fake.runcIsEnabledMutex.Lock()
+	defer fake.runcIsEnabledMutex.Unlock()
+	fake.RuncIsEnabledStub = stub
+}
+
+func (fake *FakeVerifierImpl) RuncIsEnabledReturns(result1 bool) {
+	fake.runcIsEnabledMutex.Lock()
+	defer fake.runcIsEnabledMutex.Unlock()
+	fake.RuncIsEnabledStub = nil
+	fake.runcIsEnabledReturns = struct {
+		result1 bool
+	}{result1}
+}
+
+func (fake *FakeVerifierImpl) RuncIsEnabledReturnsOnCall(i int, result1 bool) {
+	fake.runcIsEnabledMutex.Lock()
+	defer fake.runcIsEnabledMutex.Unlock()
+	fake.RuncIsEnabledStub = nil
+	if fake.runcIsEnabledReturnsOnCall == nil {
+		fake.runcIsEnabledReturnsOnCall = make(map[int]struct {
+			result1 bool
+		})
+	}
+	fake.runcIsEnabledReturnsOnCall[i] = struct {
+		result1 bool
+	}{result1}
+}
+
+func (fake *FakeVerifierImpl) UnshareIsRootless() bool {
+	fake.unshareIsRootlessMutex.Lock()
+	ret, specificReturn := fake.unshareIsRootlessReturnsOnCall[len(fake.unshareIsRootlessArgsForCall)]
+	fake.unshareIsRootlessArgsForCall = append(fake.unshareIsRootlessArgsForCall, struct {
+	}{})
+	fake.recordInvocation("UnshareIsRootless", []interface{}{})
+	fake.unshareIsRootlessMutex.Unlock()
+	if fake.UnshareIsRootlessStub != nil {
+		return fake.UnshareIsRootlessStub()
+	}
+	if specificReturn {
+		return ret.result1
+	}
+	fakeReturns := fake.unshareIsRootlessReturns
+	return fakeReturns.result1
+}
+
+func (fake *FakeVerifierImpl) UnshareIsRootlessCallCount() int {
+	fake.unshareIsRootlessMutex.RLock()
+	defer fake.unshareIsRootlessMutex.RUnlock()
+	return len(fake.unshareIsRootlessArgsForCall)
+}
+
+func (fake *FakeVerifierImpl) UnshareIsRootlessCalls(stub func() bool) {
+	fake.unshareIsRootlessMutex.Lock()
+	defer fake.unshareIsRootlessMutex.Unlock()
+	fake.UnshareIsRootlessStub = stub
+}
+
+func (fake *FakeVerifierImpl) UnshareIsRootlessReturns(result1 bool) {
+	fake.unshareIsRootlessMutex.Lock()
+	defer fake.unshareIsRootlessMutex.Unlock()
+	fake.UnshareIsRootlessStub = nil
+	fake.unshareIsRootlessReturns = struct {
+		result1 bool
+	}{result1}
+}
+
+func (fake *FakeVerifierImpl) UnshareIsRootlessReturnsOnCall(i int, result1 bool) {
+	fake.unshareIsRootlessMutex.Lock()
+	defer fake.unshareIsRootlessMutex.Unlock()
+	fake.UnshareIsRootlessStub = nil
+	if fake.unshareIsRootlessReturnsOnCall == nil {
+		fake.unshareIsRootlessReturnsOnCall = make(map[int]struct {
+			result1 bool
+		})
+	}
+	fake.unshareIsRootlessReturnsOnCall[i] = struct {
+		result1 bool
+	}{result1}
+}
+
+func (fake *FakeVerifierImpl) Invocations() map[string][][]interface{} {
+	fake.invocationsMutex.RLock()
+	defer fake.invocationsMutex.RUnlock()
+	fake.execLookPathMutex.RLock()
+	defer fake.execLookPathMutex.RUnlock()
+	fake.osStatMutex.RLock()
+	defer fake.osStatMutex.RUnlock()
+	fake.runcIsEnabledMutex.RLock()
+	defer fake.runcIsEnabledMutex.RUnlock()
+	fake.unshareIsRootlessMutex.RLock()
+	defer fake.unshareIsRootlessMutex.RUnlock()
+	copiedInvocations := map[string][][]interface{}{}
+	for key, value := range fake.invocations {
+		copiedInvocations[key] = value
+	}
+	return copiedInvocations
+}
+
+func (fake *FakeVerifierImpl) recordInvocation(key string, args []interface{}) {
+	fake.invocationsMutex.Lock()
+	defer fake.invocationsMutex.Unlock()
+	if fake.invocations == nil {
+		fake.invocations = map[string][][]interface{}{}
+	}
+	if fake.invocations[key] == nil {
+		fake.invocations[key] = [][]interface{}{}
+	}
+	fake.invocations[key] = append(fake.invocations[key], args)
+}