]>
Commit | Line | Data |
---|---|---|
c7934185 | 1 | #!/bin/bash |
818567fc | 2 | set -e |
c7934185 | 3 | TEST_DESCRIPTION="systemd-nspawn smoke test" |
054ee249 | 4 | TEST_NO_NSPAWN=1 |
c2d4da00 | 5 | |
c7934185 EV |
6 | . $TEST_BASE_DIR/test-functions |
7 | ||
c7934185 EV |
8 | test_setup() { |
9 | create_empty_image | |
10 | mkdir -p $TESTDIR/root | |
11 | mount ${LOOPDEV}p1 $TESTDIR/root | |
12 | ||
13 | # Create what will eventually be our root filesystem onto an overlay | |
14 | ( | |
15 | LOG_LEVEL=5 | |
16 | eval $(udevadm info --export --query=env --name=${LOOPDEV}p2) | |
17 | ||
18 | setup_basic_environment | |
67f5c0c7 | 19 | dracut_install busybox chmod rmdir unshare ip sysctl |
c7934185 | 20 | |
056ae881 YW |
21 | # mask some services that we do not want to run in these tests |
22 | ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service | |
23 | ln -fs /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service | |
24 | ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.service | |
25 | ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.socket | |
26 | ln -fs /dev/null $initdir/etc/systemd/system/systemd-resolved.service | |
27 | ln -fs /dev/null $initdir/etc/systemd/system/systemd-machined.service | |
28 | ||
c7934185 EV |
29 | cp create-busybox-container $initdir/ |
30 | ||
9bcef206 | 31 | ./create-busybox-container $initdir/nc-container |
f3d33947 | 32 | initdir="$initdir/nc-container" dracut_install nc ip |
9bcef206 | 33 | |
c7934185 EV |
34 | # setup the testsuite service |
35 | cat >$initdir/etc/systemd/system/testsuite.service <<EOF | |
36 | [Unit] | |
37 | Description=Testsuite service | |
c7934185 EV |
38 | |
39 | [Service] | |
40 | ExecStart=/test-nspawn.sh | |
41 | Type=oneshot | |
f3d33947 ILG |
42 | StandardOutput=tty |
43 | StandardError=tty | |
c7934185 EV |
44 | EOF |
45 | ||
46 | cat >$initdir/test-nspawn.sh <<'EOF' | |
47 | #!/bin/bash | |
48 | set -x | |
49 | set -e | |
50 | set -u | |
51 | set -o pipefail | |
52 | ||
53 | export SYSTEMD_LOG_LEVEL=debug | |
54 | ||
55 | # check cgroup-v2 | |
56 | is_v2_supported=no | |
57 | mkdir -p /tmp/cgroup2 | |
58 | if mount -t cgroup2 cgroup2 /tmp/cgroup2; then | |
59 | is_v2_supported=yes | |
60 | umount /tmp/cgroup2 | |
61 | fi | |
62 | rmdir /tmp/cgroup2 | |
63 | ||
64 | # check cgroup namespaces | |
65 | is_cgns_supported=no | |
66 | if [[ -f /proc/1/ns/cgroup ]]; then | |
67 | is_cgns_supported=yes | |
68 | fi | |
69 | ||
8e391ada | 70 | is_user_ns_supported=no |
67f5c0c7 FS |
71 | # On some systems (e.g. CentOS 7) the default limit for user namespaces |
72 | # is set to 0, which causes the following unshare syscall to fail, even | |
73 | # with enabled user namespaces support. By setting this value explicitly | |
74 | # we can ensure the user namespaces support to be detected correctly. | |
75 | sysctl -w user.max_user_namespaces=10000 | |
8e391ada EV |
76 | if unshare -U sh -c :; then |
77 | is_user_ns_supported=yes | |
78 | fi | |
79 | ||
c9fd9872 EV |
80 | function check_bind_tmp_path { |
81 | # https://github.com/systemd/systemd/issues/4789 | |
82 | local _root="/var/lib/machines/bind-tmp-path" | |
83 | /create-busybox-container "$_root" | |
84 | >/tmp/bind | |
85 | systemd-nspawn --register=no -D "$_root" --bind=/tmp/bind /bin/sh -c 'test -e /tmp/bind' | |
86 | } | |
87 | ||
9bcef206 EV |
88 | function check_notification_socket { |
89 | # https://github.com/systemd/systemd/issues/4944 | |
90 | local _cmd='echo a | $(busybox which nc) -U -u -w 1 /run/systemd/nspawn/notify' | |
91 | systemd-nspawn --register=no -D /nc-container /bin/sh -x -c "$_cmd" | |
92 | systemd-nspawn --register=no -D /nc-container -U /bin/sh -x -c "$_cmd" | |
93 | } | |
94 | ||
c7934185 EV |
95 | function run { |
96 | if [[ "$1" = "yes" && "$is_v2_supported" = "no" ]]; then | |
97 | printf "Unified cgroup hierarchy is not supported. Skipping.\n" >&2 | |
98 | return 0 | |
99 | fi | |
100 | if [[ "$2" = "yes" && "$is_cgns_supported" = "no" ]]; then | |
101 | printf "Cgroup namespaces are not supported. Skipping.\n" >&2 | |
102 | return 0 | |
103 | fi | |
104 | ||
8e391ada | 105 | local _root="/var/lib/machines/unified-$1-cgns-$2-api-vfs-writable-$3" |
c7934185 | 106 | /create-busybox-container "$_root" |
8e391ada EV |
107 | UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" -b |
108 | UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" --private-network -b | |
109 | ||
110 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" -U -b; then | |
111 | [[ "$is_user_ns_supported" = "yes" && "$3" = "network" ]] && return 1 | |
112 | else | |
113 | [[ "$is_user_ns_supported" = "no" && "$3" = "network" ]] && return 1 | |
114 | fi | |
115 | ||
116 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" --private-network -U -b; then | |
117 | [[ "$is_user_ns_supported" = "yes" && "$3" = "yes" ]] && return 1 | |
118 | else | |
119 | [[ "$is_user_ns_supported" = "no" && "$3" = "yes" ]] && return 1 | |
120 | fi | |
c7934185 | 121 | |
25fd8143 DP |
122 | local _netns_opt="--network-namespace-path=/proc/self/ns/net" |
123 | ||
124 | # --network-namespace-path and network-related options cannot be used together | |
125 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" --network-interface=lo -b; then | |
126 | return 1 | |
127 | fi | |
128 | ||
129 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" --network-macvlan=lo -b; then | |
130 | return 1 | |
131 | fi | |
132 | ||
133 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" --network-ipvlan=lo -b; then | |
134 | return 1 | |
135 | fi | |
136 | ||
137 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" --network-veth -b; then | |
138 | return 1 | |
139 | fi | |
140 | ||
141 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" --network-veth-extra=lo -b; then | |
142 | return 1 | |
143 | fi | |
144 | ||
145 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" --network-bridge=lo -b; then | |
146 | return 1 | |
147 | fi | |
148 | ||
149 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" --network-zone=zone -b; then | |
150 | return 1 | |
151 | fi | |
152 | ||
153 | if UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" --private-network -b; then | |
154 | return 1 | |
155 | fi | |
156 | ||
f3d33947 ILG |
157 | # test --network-namespace-path works with a network namespace created by "ip netns" |
158 | ip netns add nspawn_test | |
159 | _netns_opt="--network-namespace-path=/run/netns/nspawn_test" | |
c4b0c459 | 160 | UNIFIED_CGROUP_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" /bin/ip a | grep -v -E '^1: lo.*UP' |
f3d33947 ILG |
161 | local r=$? |
162 | ip netns del nspawn_test | |
163 | ||
164 | if [ $r -ne 0 ]; then | |
165 | return 1 | |
166 | fi | |
167 | ||
c7934185 EV |
168 | return 0 |
169 | } | |
170 | ||
c9fd9872 EV |
171 | check_bind_tmp_path |
172 | ||
9bcef206 EV |
173 | check_notification_socket |
174 | ||
8e391ada EV |
175 | for api_vfs_writable in yes no network; do |
176 | run no no $api_vfs_writable | |
177 | run yes no $api_vfs_writable | |
178 | run no yes $api_vfs_writable | |
179 | run yes yes $api_vfs_writable | |
180 | done | |
c7934185 EV |
181 | |
182 | touch /testok | |
183 | EOF | |
184 | ||
185 | chmod 0755 $initdir/test-nspawn.sh | |
186 | setup_testsuite | |
187 | ) || return 1 | |
188 | ||
189 | ddebug "umount $TESTDIR/root" | |
190 | umount $TESTDIR/root | |
191 | } | |
192 | ||
c7934185 | 193 | do_test "$@" |