Fix tests using user namespaces on kernels that don't have it
Disable various tests if the kernel doesn't support unprivileged user namespaces (e.g. Arch Linux disables them) or disable them via a sysctl (Debian, Ubuntu). Fixes #1521 Fixes #1625
This commit is contained in:
parent
74f75c8558
commit
59086e459c
4 changed files with 33 additions and 16 deletions
|
@ -2,7 +2,7 @@ source common.sh
|
||||||
|
|
||||||
clearStore
|
clearStore
|
||||||
|
|
||||||
if [[ $(uname) != Linux ]]; then exit; fi
|
if ! canUseSandbox; then exit; fi
|
||||||
if [[ ! $SHELL =~ /nix/store ]]; then exit; fi
|
if [[ ! $SHELL =~ /nix/store ]]; then exit; fi
|
||||||
|
|
||||||
chmod -R u+w $TEST_ROOT/store0 || true
|
chmod -R u+w $TEST_ROOT/store0 || true
|
||||||
|
|
|
@ -87,6 +87,24 @@ killDaemon() {
|
||||||
trap "" EXIT
|
trap "" EXIT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
canUseSandbox() {
|
||||||
|
if [[ $(uname) != Linux ]]; then return 1; fi
|
||||||
|
|
||||||
|
if [ ! -L /proc/self/ns/user ]; then
|
||||||
|
echo "Kernel doesn't support user namespaces, skipping this test..."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /proc/sys/kernel/unprivileged_userns_clone ]; then
|
||||||
|
if [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" != 1 ]; then
|
||||||
|
echo "Unprivileged user namespaces disabled by sysctl, skipping this test..."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
fail() {
|
fail() {
|
||||||
echo "$1"
|
echo "$1"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -2,7 +2,7 @@ source common.sh
|
||||||
|
|
||||||
clearStore
|
clearStore
|
||||||
|
|
||||||
if [[ $(uname) != Linux ]]; then exit; fi
|
if ! canUseSandbox; then exit; fi
|
||||||
|
|
||||||
# Note: we need to bind-mount $SHELL into the chroot. Currently we
|
# Note: we need to bind-mount $SHELL into the chroot. Currently we
|
||||||
# only support the case where $SHELL is in the Nix store, because
|
# only support the case where $SHELL is in the Nix store, because
|
||||||
|
|
27
tests/run.sh
27
tests/run.sh
|
@ -6,24 +6,23 @@ clearCache
|
||||||
nix run -f run.nix hello -c hello | grep 'Hello World'
|
nix run -f run.nix hello -c hello | grep 'Hello World'
|
||||||
nix run -f run.nix hello -c hello NixOS | grep 'Hello NixOS'
|
nix run -f run.nix hello -c hello NixOS | grep 'Hello NixOS'
|
||||||
|
|
||||||
if [[ $(uname) = Linux ]]; then
|
if ! canUseSandbox; then exit; fi
|
||||||
|
|
||||||
chmod -R u+w $TEST_ROOT/store0 || true
|
chmod -R u+w $TEST_ROOT/store0 || true
|
||||||
rm -rf $TEST_ROOT/store0
|
rm -rf $TEST_ROOT/store0
|
||||||
|
|
||||||
clearStore
|
clearStore
|
||||||
|
|
||||||
path=$(nix eval --raw -f run.nix hello)
|
path=$(nix eval --raw -f run.nix hello)
|
||||||
|
|
||||||
# Note: we need the sandbox paths to ensure that the shell is
|
# Note: we need the sandbox paths to ensure that the shell is
|
||||||
# visible in the sandbox.
|
# visible in the sandbox.
|
||||||
nix run --sandbox-build-dir /build-tmp \
|
nix run --sandbox-build-dir /build-tmp \
|
||||||
--sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' \
|
--sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' \
|
||||||
--store $TEST_ROOT/store0 -f run.nix hello -c hello | grep 'Hello World'
|
--store $TEST_ROOT/store0 -f run.nix hello -c hello | grep 'Hello World'
|
||||||
|
|
||||||
path2=$(nix run --sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' --store $TEST_ROOT/store0 -f run.nix hello -c $SHELL -c 'type -p hello')
|
path2=$(nix run --sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' --store $TEST_ROOT/store0 -f run.nix hello -c $SHELL -c 'type -p hello')
|
||||||
|
|
||||||
[[ $path/bin/hello = $path2 ]]
|
[[ $path/bin/hello = $path2 ]]
|
||||||
|
|
||||||
[[ -e $TEST_ROOT/store0/nix/store/$(basename $path)/bin/hello ]]
|
[[ -e $TEST_ROOT/store0/nix/store/$(basename $path)/bin/hello ]]
|
||||||
fi
|
|
||||||
|
|
Loading…
Reference in a new issue