From: Frantisek Sumsal Date: Mon, 10 Nov 2025 16:42:06 +0000 (+0100) Subject: test: don't register short-living containers with machined X-Git-Tag: v259-rc1~103 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6a05abb9b49900774bc0323316103dceab0c1a7d;p=thirdparty%2Fsystemd.git test: don't register short-living containers with machined As registering the container creates a scope which might not be cleaned up completely before we run a next command in the same container, causing intermittent test fails: [ 63.424739] TEST-13-NSPAWN.sh[4231]: + systemd-nspawn --directory=/var/lib/machines/TEST-13-NSPAWN.sanity.zH2 bash -xec '[[ $USER == root ]]' [ 63.427504] systemd-nspawn[4381]: ░ Spawning container TEST-13-NSPAWN.sanity.zH2 on /var/lib/machines/TEST-13-NSPAWN.sanity.zH2. [ 63.437154] systemd[1]: Started TEST-13-NSPAWN.sanity.zH2.scope - Container TEST-13-NSPAWN.sanity.zH2. [ 63.437765] systemd-machined[1164]: New machine TEST-13-NSPAWN.sanity.zH2. [ 63.440311] TEST-13-NSPAWN.sh[4381]: + [[ root == root ]] [ 63.442046] systemd[1]: TEST-13-NSPAWN.sanity.zH2.scope: Killed unit cgroup '/machine.slice/TEST-13-NSPAWN.sanity.zH2.scope' with SIGKILL on client request. [ 63.442583] systemd-nspawn[4381]: Container TEST-13-NSPAWN.sanity.zH2 exited successfully. [ 63.443073] systemd-machined[1164]: Machine TEST-13-NSPAWN.sanity.zH2 terminated. [ 63.448728] TEST-13-NSPAWN.sh[4231]: + systemd-nspawn --directory=/var/lib/machines/TEST-13-NSPAWN.sanity.zH2 --user=testuser bash -xec '[[ $USER == testuser ]]' [ 63.451209] systemd-nspawn[4385]: ░ Spawning container TEST-13-NSPAWN.sanity.zH2 on /var/lib/machines/TEST-13-NSPAWN.sanity.zH2. [ 63.455295] systemd-nspawn[4385]: Failed to allocate scope: Unit TEST-13-NSPAWN.sanity.zH2.scope was already loaded or has a fragment file. [ 63.456139] systemd[1]: TEST-13-NSPAWN.sanity.zH2.scope: Deactivated successfully. [ 63.461292] TEST-13-NSPAWN.sh[2839]: + at_exit Since even systemd-nspawn's man page suggests not to register containers with systemd-machined if they don't run a service manager, let's do just that to mitigate the race. Resolves: #39629 --- diff --git a/test/units/TEST-13-NSPAWN.nspawn.sh b/test/units/TEST-13-NSPAWN.nspawn.sh index 2bd3962ffb9..13dc1acdb3b 100755 --- a/test/units/TEST-13-NSPAWN.nspawn.sh +++ b/test/units/TEST-13-NSPAWN.nspawn.sh @@ -90,45 +90,50 @@ testcase_sanity() { # --template= root="$(mktemp -u -d /var/lib/machines/TEST-13-NSPAWN.sanity.XXX)" coverage_create_nspawn_dropin "$root" - (! systemd-nspawn --directory="$root" bash -xec 'echo hello') + (! systemd-nspawn --register=no --directory="$root" bash -xec 'echo hello') # Initialize $root from $template (the $root directory must not exist, hence # the `mktemp -u` above) - systemd-nspawn --directory="$root" --template="$template" bash -xec 'echo hello' - systemd-nspawn --directory="$root" bash -xec 'echo hello; touch /initialized' + systemd-nspawn --register=no --directory="$root" --template="$template" bash -xec 'echo hello' + systemd-nspawn --register=no --directory="$root" bash -xec 'echo hello; touch /initialized' test -e "$root/initialized" # Check if the $root doesn't get re-initialized once it's not empty - systemd-nspawn --directory="$root" --template="$template" bash -xec 'echo hello' + systemd-nspawn --register=no --directory="$root" --template="$template" bash -xec 'echo hello' test -e "$root/initialized" - systemd-nspawn --directory="$root" --ephemeral bash -xec 'touch /ephemeral' + systemd-nspawn --register=no --directory="$root" --ephemeral bash -xec 'touch /ephemeral' test ! -e "$root/ephemeral" - (! systemd-nspawn --directory="$root" \ + (! systemd-nspawn --register=no \ + --directory="$root" \ --read-only \ bash -xec 'touch /nope') test ! -e "$root/nope" - systemd-nspawn --image="$image" bash -xec 'echo hello' + systemd-nspawn --register=no --image="$image" bash -xec 'echo hello' # --volatile= touch "$root/usr/has-usr" # volatile(=yes): rootfs is tmpfs, /usr/ from the OS tree is mounted read only - systemd-nspawn --directory="$root"\ + systemd-nspawn --register=no \ + --directory="$root" \ --volatile \ bash -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope' test ! -e "$root/nope" test ! -e "$root/usr/read-only" - systemd-nspawn --directory="$root"\ + systemd-nspawn --register=no \ + --directory="$root" \ --volatile=yes \ bash -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope' test ! -e "$root/nope" test ! -e "$root/usr/read-only" # volatile=state: rootfs is read-only, /var/ is tmpfs - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --volatile=state \ bash -xec 'test -e /usr/has-usr; mountpoint /var; touch /read-only && exit 1; touch /var/nope' test ! -e "$root/read-only" test ! -e "$root/var/nope" # volatile=overlay: tmpfs overlay is mounted over rootfs - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --volatile=overlay \ bash -xec 'test -e /usr/has-usr; touch /nope; touch /var/also-nope; touch /usr/nope-too' test ! -e "$root/nope" @@ -138,27 +143,31 @@ testcase_sanity() { # --volatile= with -U touch "$root/usr/has-usr" # volatile(=yes): rootfs is tmpfs, /usr/ from the OS tree is mounted read only - systemd-nspawn --directory="$root"\ + systemd-nspawn --register=no \ + --directory="$root" \ --volatile \ -U \ bash -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope' test ! -e "$root/nope" test ! -e "$root/usr/read-only" - systemd-nspawn --directory="$root"\ + systemd-nspawn --register=no \ + --directory="$root" \ --volatile=yes \ -U \ bash -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope' test ! -e "$root/nope" test ! -e "$root/usr/read-only" # volatile=state: rootfs is read-only, /var/ is tmpfs - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --volatile=state \ -U \ bash -xec 'test -e /usr/has-usr; mountpoint /var; touch /read-only && exit 1; touch /var/nope' test ! -e "$root/read-only" test ! -e "$root/var/nope" # volatile=overlay: tmpfs overlay is mounted over rootfs - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --volatile=overlay \ -U \ bash -xec 'test -e /usr/has-usr; touch /nope; touch /var/also-nope; touch /usr/nope-too' @@ -167,13 +176,16 @@ testcase_sanity() { test ! -e "$root/usr/nope-too" # --machine=, --hostname= - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --machine="foo-bar.baz" \ bash -xec '[[ $(hostname) == foo-bar.baz ]]' - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --hostname="hello.world.tld" \ bash -xec '[[ $(hostname) == hello.world.tld ]]' - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --machine="foo-bar.baz" \ --hostname="hello.world.tld" \ bash -xec '[[ $(hostname) == hello.world.tld ]]' @@ -181,13 +193,14 @@ testcase_sanity() { # --uuid= rm -f "$root/etc/machine-id" uuid="deadbeef-dead-dead-beef-000000000000" - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --uuid="$uuid" \ bash -xec "[[ \$container_uuid == $uuid ]]" # --as-pid2 - systemd-nspawn --directory="$root" bash -xec '[[ $$ -eq 1 ]]' - systemd-nspawn --directory="$root" --as-pid2 bash -xec '[[ $$ -eq 2 ]]' + systemd-nspawn --register=no --directory="$root" bash -xec '[[ $$ -eq 1 ]]' + systemd-nspawn --register=no --directory="$root" --as-pid2 bash -xec '[[ $$ -eq 2 ]]' # --user= # "Fake" getent passwd's bare minimum, so we don't have to pull it in @@ -208,28 +221,32 @@ EOF # bash will end up loading libnss_systemd.so which breaks when libnss_systemd.so is built with sanitizers # as bash isn't invoked with the necessary environment variables for that. useradd --root="$root" --uid 1000 --user-group --create-home testuser - systemd-nspawn --directory="$root" bash -xec '[[ $USER == root ]]' - systemd-nspawn --directory="$root" --user=testuser bash -xec '[[ $USER == testuser ]]' + systemd-nspawn --register=no --directory="$root" bash -xec '[[ $USER == root ]]' + systemd-nspawn --register=no --directory="$root" --user=testuser bash -xec '[[ $USER == testuser ]]' # --settings= + .nspawn files mkdir -p /run/systemd/nspawn/ uuid="deadbeef-dead-dead-beef-000000000000" echo -ne "[Exec]\nMachineID=deadbeef-dead-dead-beef-111111111111" >/run/systemd/nspawn/foo-bar.nspawn - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --machine=foo-bar \ --settings=yes \ bash -xec '[[ $container_uuid == deadbeef-dead-dead-beef-111111111111 ]]' - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --machine=foo-bar \ --uuid="$uuid" \ --settings=yes \ bash -xec "[[ \$container_uuid == $uuid ]]" - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --machine=foo-bar \ --uuid="$uuid" \ --settings=override \ bash -xec '[[ $container_uuid == deadbeef-dead-dead-beef-111111111111 ]]' - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --machine=foo-bar \ --uuid="$uuid" \ --settings=trusted \ @@ -240,7 +257,8 @@ EOF touch "$tmpdir/1/one" "$tmpdir/2/two" "$tmpdir/3/three" touch "$tmpdir/foo" # --bind= - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ ${COVERAGE_BUILD_DIR:+--bind="$COVERAGE_BUILD_DIR"} \ --bind="$tmpdir:/foo" \ --bind="$tmpdir:/also-foo:noidmap,norbind" \ @@ -248,7 +266,8 @@ EOF # --bind= recursive rm -f "$tmpdir/bar" mount --bind "$tmpdir/1" "$tmpdir/2" - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ ${COVERAGE_BUILD_DIR:+--bind="$COVERAGE_BUILD_DIR"} \ --bind="$tmpdir:/foo" \ --bind="$tmpdir:/also-foo:noidmap,norbind" \ @@ -256,46 +275,52 @@ EOF umount "$tmpdir/2" test -e "$tmpdir/bar" # --bind-ro= - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --bind-ro="$tmpdir:/foo" \ --bind-ro="$tmpdir:/bar:noidmap,norbind" \ bash -xec 'test -e /foo/foo; touch /foo/baz && exit 1; touch /bar && exit 1; true' # --inaccessible= - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --inaccessible=/var \ bash -xec 'touch /var/foo && exit 1; true' # --tmpfs= - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --tmpfs=/var:rw,nosuid,noexec \ bash -xec 'touch /var/nope' test ! -e "$root/var/nope" # --overlay= - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --overlay="$tmpdir/1:$tmpdir/2:$tmpdir/3:/var" \ bash -xec 'test -e /var/one; test -e /var/two; test -e /var/three; touch /var/foo' test -e "$tmpdir/3/foo" # --overlay-ro= - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --overlay-ro="$tmpdir/1:$tmpdir/2:$tmpdir/3:/var" \ bash -xec 'test -e /var/one; test -e /var/two; test -e /var/three; touch /var/nope && exit 1; true' test ! -e "$tmpdir/3/nope" rm -fr "$tmpdir" # --port (sanity only) - systemd-nspawn --network-veth --directory="$root" --port=80 --port=90 true - systemd-nspawn --network-veth --directory="$root" --port=80:8080 true - systemd-nspawn --network-veth --directory="$root" --port=tcp:80 true - systemd-nspawn --network-veth --directory="$root" --port=tcp:80:8080 true - systemd-nspawn --network-veth --directory="$root" --port=udp:80 true - systemd-nspawn --network-veth --directory="$root" --port=udp:80:8080 --port=tcp:80:8080 true - (! systemd-nspawn --network-veth --directory="$root" --port= true) - (! systemd-nspawn --network-veth --directory="$root" --port=-1 true) - (! systemd-nspawn --network-veth --directory="$root" --port=: true) - (! systemd-nspawn --network-veth --directory="$root" --port=icmp:80:8080 true) - (! systemd-nspawn --network-veth --directory="$root" --port=tcp::8080 true) - (! systemd-nspawn --network-veth --directory="$root" --port=8080: true) + systemd-nspawn --register=no --network-veth --directory="$root" --port=80 --port=90 true + systemd-nspawn --register=no --network-veth --directory="$root" --port=80:8080 true + systemd-nspawn --register=no --network-veth --directory="$root" --port=tcp:80 true + systemd-nspawn --register=no --network-veth --directory="$root" --port=tcp:80:8080 true + systemd-nspawn --register=no --network-veth --directory="$root" --port=udp:80 true + systemd-nspawn --register=no --network-veth --directory="$root" --port=udp:80:8080 --port=tcp:80:8080 true + (! systemd-nspawn --register=no --network-veth --directory="$root" --port= true) + (! systemd-nspawn --register=no --network-veth --directory="$root" --port=-1 true) + (! systemd-nspawn --register=no --network-veth --directory="$root" --port=: true) + (! systemd-nspawn --register=no --network-veth --directory="$root" --port=icmp:80:8080 true) + (! systemd-nspawn --register=no --network-veth --directory="$root" --port=tcp::8080 true) + (! systemd-nspawn --register=no --network-veth --directory="$root" --port=8080: true) # Exercise adding/removing ports from an interface - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --network-veth \ --port=6667 \ --port=80:8080 \ @@ -305,12 +330,14 @@ EOF # --load-credential=, --set-credential= echo "foo bar" >/tmp/cred.path - systemd-nspawn --directory="$root" \ + systemd-nspawn --register=no \ + --directory="$root" \ --load-credential=cred.path:/tmp/cred.path \ --set-credential="cred.set:hello world" \ bash -xec '[[ "$(/dev/fuse' 2>&1)" == 'cat: -: Operation not permitted' ]] rm -fr "$root" @@ -1351,7 +1378,7 @@ testcase_unpriv_fuse() { } test_tun() { - systemd-nspawn "$@" bash -xec '[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]' + systemd-nspawn --register=no "$@" bash -xec '[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]' # check if the owner of the host device is unchanged, see issue #34243. [[ "$(stat /dev/net/tun --format=%u)" == 0 ]] @@ -1360,7 +1387,7 @@ test_tun() { # Without DeviceAllow= for /dev/net/tun, see issue #35116. systemd-run \ --wait -p Environment=SYSTEMD_LOG_LEVEL=debug -p DevicePolicy=closed -p DeviceAllow="char-pts rw" \ - systemd-nspawn "$@" bash -xec '[[ ! -e /dev/net/tun ]]' + systemd-nspawn --register=no "$@" bash -xec '[[ ! -e /dev/net/tun ]]' [[ "$(stat /dev/net/tun --format=%u)" == 0 ]] [[ "$(stat /dev/net/tun --format=%g)" == 0 ]] @@ -1440,7 +1467,7 @@ testcase_link_journal_host() { for i in no yes pick; do systemd-nspawn \ - --directory="$root" --private-users="$i" --link-journal=host \ + --register=no --directory="$root" --private-users="$i" --link-journal=host \ bash -xec 'p="/var/log/journal/$(cat /etc/machine-id)"; mountpoint "$p"; [[ "$(stat "$p" --format=%u)" == 0 ]]; touch "$p/hoge"' [[ "$(stat "${hoge}/hoge" --format=%u)" == 0 ]]