maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1797 from dezgeg/userns-tests-fix

Browse source 
Fix tests using user namespaces on kernels that don't have it
This commit is contained in:
Eelco Dolstra 2018-01-24 17:17:48 +01:00 committed by GitHub
commit 98f3c75a0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 33 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/build-remote.sh
View file

@ -2,7 +2,7 @@ source common.sh
clearStore clearStore
if [[ $(uname) != Linux ]]; then exit; fi if ! canUseSandbox; then exit; fi
if [[ ! $SHELL =~ /nix/store ]]; then exit; fi if [[ ! $SHELL =~ /nix/store ]]; then exit; fi
chmod -R u+w $TEST_ROOT/store0 || true chmod -R u+w $TEST_ROOT/store0 || true

18
tests/common.sh.in
View file

@ -87,6 +87,24 @@ killDaemon() {
trap "" EXIT trap "" EXIT
} }
canUseSandbox() {
if [[ $(uname) != Linux ]]; then return 1; fi
if [ ! -L /proc/self/ns/user ]; then
echo "Kernel doesn't support user namespaces, skipping this test..."
return 1
fi
if [ -e /proc/sys/kernel/unprivileged_userns_clone ]; then
if [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" != 1 ]; then
echo "Unprivileged user namespaces disabled by sysctl, skipping this test..."
return 1
fi
fi
return 0
}
fail() { fail() {
echo "$1" echo "$1"
exit 1 exit 1

2
tests/linux-sandbox.sh
View file

@ -2,7 +2,7 @@ source common.sh
clearStore clearStore
if [[ $(uname) != Linux ]]; then exit; fi if ! canUseSandbox; then exit; fi
# Note: we need to bind-mount $SHELL into the chroot. Currently we # Note: we need to bind-mount $SHELL into the chroot. Currently we
# only support the case where $SHELL is in the Nix store, because # only support the case where $SHELL is in the Nix store, because

23
tests/run.sh
View file

@ -6,24 +6,23 @@ clearCache
nix run -f run.nix hello -c hello | grep 'Hello World' nix run -f run.nix hello -c hello | grep 'Hello World'
nix run -f run.nix hello -c hello NixOS | grep 'Hello NixOS' nix run -f run.nix hello -c hello NixOS | grep 'Hello NixOS'
if [[ $(uname) = Linux ]]; then if ! canUseSandbox; then exit; fi
chmod -R u+w $TEST_ROOT/store0 || true chmod -R u+w $TEST_ROOT/store0 || true
rm -rf $TEST_ROOT/store0 rm -rf $TEST_ROOT/store0
clearStore clearStore
path=$(nix eval --raw -f run.nix hello) path=$(nix eval --raw -f run.nix hello)
# Note: we need the sandbox paths to ensure that the shell is # Note: we need the sandbox paths to ensure that the shell is
# visible in the sandbox. # visible in the sandbox.
nix run --sandbox-build-dir /build-tmp \ nix run --sandbox-build-dir /build-tmp \
--sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' \ --sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' \
--store $TEST_ROOT/store0 -f run.nix hello -c hello | grep 'Hello World' --store $TEST_ROOT/store0 -f run.nix hello -c hello | grep 'Hello World'
path2=$(nix run --sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' --store $TEST_ROOT/store0 -f run.nix hello -c $SHELL -c 'type -p hello') path2=$(nix run --sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' --store $TEST_ROOT/store0 -f run.nix hello -c $SHELL -c 'type -p hello')
[[ $path/bin/hello = $path2 ]] [[ $path/bin/hello = $path2 ]]
[[ -e $TEST_ROOT/store0/nix/store/$(basename $path)/bin/hello ]] [[ -e $TEST_ROOT/store0/nix/store/$(basename $path)/bin/hello ]]
fi