# --template=
root="$(mktemp -u -d /var/lib/machines/TEST-13-NSPAWN.sanity.XXX)"
coverage_create_nspawn_dropin "$root"
- (! systemd-nspawn --directory="$root" bash -xec 'echo hello')
+ (! systemd-nspawn --register=no --directory="$root" bash -xec 'echo hello')
# Initialize $root from $template (the $root directory must not exist, hence
# the `mktemp -u` above)
- systemd-nspawn --directory="$root" --template="$template" bash -xec 'echo hello'
- systemd-nspawn --directory="$root" bash -xec 'echo hello; touch /initialized'
+ systemd-nspawn --register=no --directory="$root" --template="$template" bash -xec 'echo hello'
+ systemd-nspawn --register=no --directory="$root" bash -xec 'echo hello; touch /initialized'
test -e "$root/initialized"
# Check if the $root doesn't get re-initialized once it's not empty
- systemd-nspawn --directory="$root" --template="$template" bash -xec 'echo hello'
+ systemd-nspawn --register=no --directory="$root" --template="$template" bash -xec 'echo hello'
test -e "$root/initialized"
- systemd-nspawn --directory="$root" --ephemeral bash -xec 'touch /ephemeral'
+ systemd-nspawn --register=no --directory="$root" --ephemeral bash -xec 'touch /ephemeral'
test ! -e "$root/ephemeral"
- (! systemd-nspawn --directory="$root" \
+ (! systemd-nspawn --register=no \
+ --directory="$root" \
--read-only \
bash -xec 'touch /nope')
test ! -e "$root/nope"
- systemd-nspawn --image="$image" bash -xec 'echo hello'
+ systemd-nspawn --register=no --image="$image" bash -xec 'echo hello'
# --volatile=
touch "$root/usr/has-usr"
# volatile(=yes): rootfs is tmpfs, /usr/ from the OS tree is mounted read only
- systemd-nspawn --directory="$root"\
+ systemd-nspawn --register=no \
+ --directory="$root" \
--volatile \
bash -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope'
test ! -e "$root/nope"
test ! -e "$root/usr/read-only"
- systemd-nspawn --directory="$root"\
+ systemd-nspawn --register=no \
+ --directory="$root" \
--volatile=yes \
bash -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope'
test ! -e "$root/nope"
test ! -e "$root/usr/read-only"
# volatile=state: rootfs is read-only, /var/ is tmpfs
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--volatile=state \
bash -xec 'test -e /usr/has-usr; mountpoint /var; touch /read-only && exit 1; touch /var/nope'
test ! -e "$root/read-only"
test ! -e "$root/var/nope"
# volatile=overlay: tmpfs overlay is mounted over rootfs
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--volatile=overlay \
bash -xec 'test -e /usr/has-usr; touch /nope; touch /var/also-nope; touch /usr/nope-too'
test ! -e "$root/nope"
# --volatile= with -U
touch "$root/usr/has-usr"
# volatile(=yes): rootfs is tmpfs, /usr/ from the OS tree is mounted read only
- systemd-nspawn --directory="$root"\
+ systemd-nspawn --register=no \
+ --directory="$root" \
--volatile \
-U \
bash -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope'
test ! -e "$root/nope"
test ! -e "$root/usr/read-only"
- systemd-nspawn --directory="$root"\
+ systemd-nspawn --register=no \
+ --directory="$root" \
--volatile=yes \
-U \
bash -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope'
test ! -e "$root/nope"
test ! -e "$root/usr/read-only"
# volatile=state: rootfs is read-only, /var/ is tmpfs
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--volatile=state \
-U \
bash -xec 'test -e /usr/has-usr; mountpoint /var; touch /read-only && exit 1; touch /var/nope'
test ! -e "$root/read-only"
test ! -e "$root/var/nope"
# volatile=overlay: tmpfs overlay is mounted over rootfs
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--volatile=overlay \
-U \
bash -xec 'test -e /usr/has-usr; touch /nope; touch /var/also-nope; touch /usr/nope-too'
test ! -e "$root/usr/nope-too"
# --machine=, --hostname=
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--machine="foo-bar.baz" \
bash -xec '[[ $(hostname) == foo-bar.baz ]]'
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--hostname="hello.world.tld" \
bash -xec '[[ $(hostname) == hello.world.tld ]]'
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--machine="foo-bar.baz" \
--hostname="hello.world.tld" \
bash -xec '[[ $(hostname) == hello.world.tld ]]'
# --uuid=
rm -f "$root/etc/machine-id"
uuid="deadbeef-dead-dead-beef-000000000000"
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--uuid="$uuid" \
bash -xec "[[ \$container_uuid == $uuid ]]"
# --as-pid2
- systemd-nspawn --directory="$root" bash -xec '[[ $$ -eq 1 ]]'
- systemd-nspawn --directory="$root" --as-pid2 bash -xec '[[ $$ -eq 2 ]]'
+ systemd-nspawn --register=no --directory="$root" bash -xec '[[ $$ -eq 1 ]]'
+ systemd-nspawn --register=no --directory="$root" --as-pid2 bash -xec '[[ $$ -eq 2 ]]'
# --user=
# "Fake" getent passwd's bare minimum, so we don't have to pull it in
# bash will end up loading libnss_systemd.so which breaks when libnss_systemd.so is built with sanitizers
# as bash isn't invoked with the necessary environment variables for that.
useradd --root="$root" --uid 1000 --user-group --create-home testuser
- systemd-nspawn --directory="$root" bash -xec '[[ $USER == root ]]'
- systemd-nspawn --directory="$root" --user=testuser bash -xec '[[ $USER == testuser ]]'
+ systemd-nspawn --register=no --directory="$root" bash -xec '[[ $USER == root ]]'
+ systemd-nspawn --register=no --directory="$root" --user=testuser bash -xec '[[ $USER == testuser ]]'
# --settings= + .nspawn files
mkdir -p /run/systemd/nspawn/
uuid="deadbeef-dead-dead-beef-000000000000"
echo -ne "[Exec]\nMachineID=deadbeef-dead-dead-beef-111111111111" >/run/systemd/nspawn/foo-bar.nspawn
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--machine=foo-bar \
--settings=yes \
bash -xec '[[ $container_uuid == deadbeef-dead-dead-beef-111111111111 ]]'
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--machine=foo-bar \
--uuid="$uuid" \
--settings=yes \
bash -xec "[[ \$container_uuid == $uuid ]]"
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--machine=foo-bar \
--uuid="$uuid" \
--settings=override \
bash -xec '[[ $container_uuid == deadbeef-dead-dead-beef-111111111111 ]]'
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--machine=foo-bar \
--uuid="$uuid" \
--settings=trusted \
touch "$tmpdir/1/one" "$tmpdir/2/two" "$tmpdir/3/three"
touch "$tmpdir/foo"
# --bind=
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
${COVERAGE_BUILD_DIR:+--bind="$COVERAGE_BUILD_DIR"} \
--bind="$tmpdir:/foo" \
--bind="$tmpdir:/also-foo:noidmap,norbind" \
# --bind= recursive
rm -f "$tmpdir/bar"
mount --bind "$tmpdir/1" "$tmpdir/2"
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
${COVERAGE_BUILD_DIR:+--bind="$COVERAGE_BUILD_DIR"} \
--bind="$tmpdir:/foo" \
--bind="$tmpdir:/also-foo:noidmap,norbind" \
umount "$tmpdir/2"
test -e "$tmpdir/bar"
# --bind-ro=
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--bind-ro="$tmpdir:/foo" \
--bind-ro="$tmpdir:/bar:noidmap,norbind" \
bash -xec 'test -e /foo/foo; touch /foo/baz && exit 1; touch /bar && exit 1; true'
# --inaccessible=
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--inaccessible=/var \
bash -xec 'touch /var/foo && exit 1; true'
# --tmpfs=
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--tmpfs=/var:rw,nosuid,noexec \
bash -xec 'touch /var/nope'
test ! -e "$root/var/nope"
# --overlay=
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--overlay="$tmpdir/1:$tmpdir/2:$tmpdir/3:/var" \
bash -xec 'test -e /var/one; test -e /var/two; test -e /var/three; touch /var/foo'
test -e "$tmpdir/3/foo"
# --overlay-ro=
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--overlay-ro="$tmpdir/1:$tmpdir/2:$tmpdir/3:/var" \
bash -xec 'test -e /var/one; test -e /var/two; test -e /var/three; touch /var/nope && exit 1; true'
test ! -e "$tmpdir/3/nope"
rm -fr "$tmpdir"
# --port (sanity only)
- systemd-nspawn --network-veth --directory="$root" --port=80 --port=90 true
- systemd-nspawn --network-veth --directory="$root" --port=80:8080 true
- systemd-nspawn --network-veth --directory="$root" --port=tcp:80 true
- systemd-nspawn --network-veth --directory="$root" --port=tcp:80:8080 true
- systemd-nspawn --network-veth --directory="$root" --port=udp:80 true
- systemd-nspawn --network-veth --directory="$root" --port=udp:80:8080 --port=tcp:80:8080 true
- (! systemd-nspawn --network-veth --directory="$root" --port= true)
- (! systemd-nspawn --network-veth --directory="$root" --port=-1 true)
- (! systemd-nspawn --network-veth --directory="$root" --port=: true)
- (! systemd-nspawn --network-veth --directory="$root" --port=icmp:80:8080 true)
- (! systemd-nspawn --network-veth --directory="$root" --port=tcp::8080 true)
- (! systemd-nspawn --network-veth --directory="$root" --port=8080: true)
+ systemd-nspawn --register=no --network-veth --directory="$root" --port=80 --port=90 true
+ systemd-nspawn --register=no --network-veth --directory="$root" --port=80:8080 true
+ systemd-nspawn --register=no --network-veth --directory="$root" --port=tcp:80 true
+ systemd-nspawn --register=no --network-veth --directory="$root" --port=tcp:80:8080 true
+ systemd-nspawn --register=no --network-veth --directory="$root" --port=udp:80 true
+ systemd-nspawn --register=no --network-veth --directory="$root" --port=udp:80:8080 --port=tcp:80:8080 true
+ (! systemd-nspawn --register=no --network-veth --directory="$root" --port= true)
+ (! systemd-nspawn --register=no --network-veth --directory="$root" --port=-1 true)
+ (! systemd-nspawn --register=no --network-veth --directory="$root" --port=: true)
+ (! systemd-nspawn --register=no --network-veth --directory="$root" --port=icmp:80:8080 true)
+ (! systemd-nspawn --register=no --network-veth --directory="$root" --port=tcp::8080 true)
+ (! systemd-nspawn --register=no --network-veth --directory="$root" --port=8080: true)
# Exercise adding/removing ports from an interface
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--network-veth \
--port=6667 \
--port=80:8080 \
# --load-credential=, --set-credential=
echo "foo bar" >/tmp/cred.path
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--load-credential=cred.path:/tmp/cred.path \
--set-credential="cred.set:hello world" \
bash -xec '[[ "$(</run/host/credentials/cred.path)" == "foo bar" ]]; [[ "$(</run/host/credentials/cred.set)" == "hello world" ]]'
# Combine with --user to ensure creds are still readable
- systemd-nspawn --directory="$root" \
+ systemd-nspawn --register=no \
+ --directory="$root" \
--user=testuser \
--no-new-privileges=yes \
--load-credential=cred.path:/tmp/cred.path \
rm -f /tmp/cred.path
# Assorted tests
- systemd-nspawn --directory="$root" --suppress-sync=yes bash -xec 'echo hello'
+ systemd-nspawn --register=no --directory="$root" --suppress-sync=yes bash -xec 'echo hello'
systemd-nspawn --capability=help
- systemd-nspawn --directory="$root" --capability=all bash -xec 'echo hello'
+ systemd-nspawn --register=no --directory="$root" --capability=all bash -xec 'echo hello'
systemd-nspawn --resolv-conf=help
systemd-nspawn --timezone=help
# "cat: -: Operation not permitted" # pass the test; opened but not read
# "bash: line 1: /dev/fuse: Operation not permitted" # fail the test; could not open
# "" # fail the test; reading worked
- [[ "$(systemd-nspawn --pipe --directory="$root" \
+ [[ "$(systemd-nspawn --register=no --pipe --directory="$root" \
bash -c 'cat <>/dev/fuse' 2>&1)" == 'cat: -: Operation not permitted' ]]
rm -fr "$root"
}
test_tun() {
- systemd-nspawn "$@" bash -xec '[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]'
+ systemd-nspawn --register=no "$@" bash -xec '[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]'
# check if the owner of the host device is unchanged, see issue #34243.
[[ "$(stat /dev/net/tun --format=%u)" == 0 ]]
# Without DeviceAllow= for /dev/net/tun, see issue #35116.
systemd-run \
--wait -p Environment=SYSTEMD_LOG_LEVEL=debug -p DevicePolicy=closed -p DeviceAllow="char-pts rw" \
- systemd-nspawn "$@" bash -xec '[[ ! -e /dev/net/tun ]]'
+ systemd-nspawn --register=no "$@" bash -xec '[[ ! -e /dev/net/tun ]]'
[[ "$(stat /dev/net/tun --format=%u)" == 0 ]]
[[ "$(stat /dev/net/tun --format=%g)" == 0 ]]
for i in no yes pick; do
systemd-nspawn \
- --directory="$root" --private-users="$i" --link-journal=host \
+ --register=no --directory="$root" --private-users="$i" --link-journal=host \
bash -xec 'p="/var/log/journal/$(cat /etc/machine-id)"; mountpoint "$p"; [[ "$(stat "$p" --format=%u)" == 0 ]]; touch "$p/hoge"'
[[ "$(stat "${hoge}/hoge" --format=%u)" == 0 ]]
projects / thirdparty / systemd.git / commitdiff
