non-root: add non-root test case to cirrus runs

Run env00 and pthread00 test as non-root as initial proof of concept. Signed-off-by: Adrian Reber <areber@redhat.com>
checkpoint-restore · Aug 15, 2022 · 13aac8a · 13aac8a
1 parent 9196999
commit 13aac8a
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -68,6 +68,27 @@ task:
   build_script: |
     make -C scripts/ci vagrant-fedora-rawhide
 
+task:
+  name: Vagrant Fedora based test (non-root)
+  environment:
+    HOME: "/root"
+    CIRRUS_WORKING_DIR: "/tmp/criu"
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    cpu: 4
+    memory: 16G
+    nested_virtualization: true
+
+  setup_script: |
+    scripts/ci/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    sudo kvm-ok
+    ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto
+  build_script: |
+    make -C scripts/ci vagrant-fedora-non-root
+
 task:
   name: CentOS Stream 8 based test
   environment:

diff --git a/scripts/ci/Makefile b/scripts/ci/Makefile
@@ -97,7 +97,10 @@ vagrant-fedora-no-vdso: setup-vagrant
 vagrant-fedora-rawhide: setup-vagrant
 	./vagrant.sh fedora-rawhide
 
-.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-rawhide
+vagrant-fedora-non-root: setup-vagrant
+	./vagrant.sh fedora-non-root
+
+.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-rawhide vagrant-fedora-non-root
 
 %:
 	$(MAKE) -C ../build $@$(target-suffix)
diff --git a/scripts/ci/vagrant.sh b/scripts/ci/vagrant.sh
@@ -68,4 +68,15 @@ fedora-rawhide() {
 	ssh default 'cd /vagrant; tar xf criu.tar; cd criu; sudo -E make -C scripts/ci fedora-rawhide CONTAINER_RUNTIME=podman BUILD_OPTIONS="--security-opt seccomp=unconfined"'
 }
 
+fedora-non-root() {
+	ssh default uname -a
+	ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4'
+	# Setting the capability should be the only line needed to run as root
+	ssh default 'sudo setcap cap_checkpoint_restore+eip /vagrant/criu/criu/criu'
+	# Run it once as non-root
+	ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h'
+	# Run it as root with '--rootless'
+	ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless'
+}
+
 $1