2016-10-14 21:42:46 +03:00
#!/bin/bash
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
2017-08-07 22:09:21 +03:00
set -e
2016-10-14 21:42:46 +03:00
TEST_DESCRIPTION = "systemd-nspawn smoke test"
2017-08-04 15:34:14 +03:00
TEST_NO_NSPAWN = 1
2018-07-16 12:27:44 +03:00
2016-10-14 21:42:46 +03:00
. $TEST_BASE_DIR /test-functions
test_setup( ) {
create_empty_image
mkdir -p $TESTDIR /root
mount ${ LOOPDEV } p1 $TESTDIR /root
# Create what will eventually be our root filesystem onto an overlay
(
LOG_LEVEL = 5
eval $( udevadm info --export --query= env --name= ${ LOOPDEV } p2)
setup_basic_environment
2018-12-15 22:22:31 +03:00
dracut_install busybox chmod rmdir unshare ip sysctl
2016-10-14 21:42:46 +03:00
2018-11-01 11:26:36 +03:00
# mask some services that we do not want to run in these tests
ln -fs /dev/null $initdir /etc/systemd/system/systemd-hwdb-update.service
ln -fs /dev/null $initdir /etc/systemd/system/systemd-journal-catalog-update.service
ln -fs /dev/null $initdir /etc/systemd/system/systemd-networkd.service
ln -fs /dev/null $initdir /etc/systemd/system/systemd-networkd.socket
ln -fs /dev/null $initdir /etc/systemd/system/systemd-resolved.service
ln -fs /dev/null $initdir /etc/systemd/system/systemd-machined.service
2016-10-14 21:42:46 +03:00
cp create-busybox-container $initdir /
2017-01-17 04:37:05 +03:00
./create-busybox-container $initdir /nc-container
2017-12-12 19:47:41 +03:00
initdir = " $initdir /nc-container " dracut_install nc ip
2017-01-17 04:37:05 +03:00
2016-10-14 21:42:46 +03:00
# setup the testsuite service
cat >$initdir /etc/systemd/system/testsuite.service <<EOF
[ Unit]
Description = Testsuite service
[ Service]
ExecStart = /test-nspawn.sh
Type = oneshot
2017-12-12 19:47:41 +03:00
StandardOutput = tty
StandardError = tty
2016-10-14 21:42:46 +03:00
EOF
cat >$initdir /test-nspawn.sh <<'EOF'
#!/bin/bash
set -x
set -e
set -u
set -o pipefail
export SYSTEMD_LOG_LEVEL = debug
# check cgroup-v2
is_v2_supported = no
mkdir -p /tmp/cgroup2
if mount -t cgroup2 cgroup2 /tmp/cgroup2; then
is_v2_supported = yes
umount /tmp/cgroup2
fi
rmdir /tmp/cgroup2
# check cgroup namespaces
is_cgns_supported = no
if [ [ -f /proc/1/ns/cgroup ] ] ; then
is_cgns_supported = yes
fi
2016-11-05 05:46:22 +03:00
is_user_ns_supported = no
2018-12-15 22:22:31 +03:00
# On some systems (e.g. CentOS 7) the default limit for user namespaces
# is set to 0, which causes the following unshare syscall to fail, even
# with enabled user namespaces support. By setting this value explicitly
# we can ensure the user namespaces support to be detected correctly.
sysctl -w user.max_user_namespaces= 10000
2016-11-05 05:46:22 +03:00
if unshare -U sh -c :; then
is_user_ns_supported = yes
fi
2016-12-05 20:14:05 +03:00
function check_bind_tmp_path {
# https://github.com/systemd/systemd/issues/4789
local _root = "/var/lib/machines/bind-tmp-path"
/create-busybox-container " $_root "
>/tmp/bind
systemd-nspawn --register= no -D " $_root " --bind= /tmp/bind /bin/sh -c 'test -e /tmp/bind'
}
2017-01-17 04:37:05 +03:00
function check_notification_socket {
# https://github.com/systemd/systemd/issues/4944
local _cmd = 'echo a | $(busybox which nc) -U -u -w 1 /run/systemd/nspawn/notify'
systemd-nspawn --register= no -D /nc-container /bin/sh -x -c " $_cmd "
systemd-nspawn --register= no -D /nc-container -U /bin/sh -x -c " $_cmd "
}
2016-10-14 21:42:46 +03:00
function run {
if [ [ " $1 " = "yes" && " $is_v2_supported " = "no" ] ] ; then
printf "Unified cgroup hierarchy is not supported. Skipping.\n" >& 2
return 0
fi
if [ [ " $2 " = "yes" && " $is_cgns_supported " = "no" ] ] ; then
printf "Cgroup namespaces are not supported. Skipping.\n" >& 2
return 0
fi
2016-11-05 05:46:22 +03:00
local _root = " /var/lib/machines/unified- $1 -cgns- $2 -api-vfs-writable- $3 "
2016-10-14 21:42:46 +03:00
/create-busybox-container " $_root "
2016-11-05 05:46:22 +03:00
UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " -b
UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " --private-network -b
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " -U -b; then
[ [ " $is_user_ns_supported " = "yes" && " $3 " = "network" ] ] && return 1
else
[ [ " $is_user_ns_supported " = "no" && " $3 " = "network" ] ] && return 1
fi
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " --private-network -U -b; then
[ [ " $is_user_ns_supported " = "yes" && " $3 " = "yes" ] ] && return 1
else
[ [ " $is_user_ns_supported " = "no" && " $3 " = "yes" ] ] && return 1
fi
2016-10-14 21:42:46 +03:00
2017-11-25 21:39:37 +03:00
local _netns_opt = "--network-namespace-path=/proc/self/ns/net"
# --network-namespace-path and network-related options cannot be used together
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " --network-interface= lo -b; then
return 1
fi
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " --network-macvlan= lo -b; then
return 1
fi
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " --network-ipvlan= lo -b; then
return 1
fi
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " --network-veth -b; then
return 1
fi
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " --network-veth-extra= lo -b; then
return 1
fi
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " --network-bridge= lo -b; then
return 1
fi
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " --network-zone= zone -b; then
return 1
fi
if UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " --private-network -b; then
return 1
fi
2017-12-12 19:47:41 +03:00
# test --network-namespace-path works with a network namespace created by "ip netns"
ip netns add nspawn_test
_netns_opt = "--network-namespace-path=/run/netns/nspawn_test"
2017-12-15 22:49:11 +03:00
UNIFIED_CGROUP_HIERARCHY = " $1 " SYSTEMD_NSPAWN_USE_CGNS = " $2 " SYSTEMD_NSPAWN_API_VFS_WRITABLE = " $3 " systemd-nspawn --register= no -D " $_root " " $_netns_opt " /bin/ip a | grep -v -E '^1: lo.*UP'
2017-12-12 19:47:41 +03:00
local r = $?
ip netns del nspawn_test
if [ $r -ne 0 ] ; then
return 1
fi
2016-10-14 21:42:46 +03:00
return 0
}
2016-12-05 20:14:05 +03:00
check_bind_tmp_path
2017-01-17 04:37:05 +03:00
check_notification_socket
2016-11-05 05:46:22 +03:00
for api_vfs_writable in yes no network; do
run no no $api_vfs_writable
run yes no $api_vfs_writable
run no yes $api_vfs_writable
run yes yes $api_vfs_writable
done
2016-10-14 21:42:46 +03:00
touch /testok
EOF
chmod 0755 $initdir /test-nspawn.sh
setup_testsuite
) || return 1
ddebug " umount $TESTDIR /root "
umount $TESTDIR /root
}
do_test " $@ "