From 13aac8a55352b0fbbbc5cf62edec5bd4af35b6d1 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Fri, 24 Jul 2020 16:21:51 +0000 Subject: [PATCH] non-root: add non-root test case to cirrus runs Run env00 and pthread00 test as non-root as initial proof of concept. Signed-off-by: Adrian Reber --- .cirrus.yml | 21 +++++++++++++++++++++ scripts/ci/Makefile | 5 ++++- scripts/ci/vagrant.sh | 11 +++++++++++ 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 03ed797480..9721def60e 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -68,6 +68,27 @@ task: build_script: | make -C scripts/ci vagrant-fedora-rawhide +task: + name: Vagrant Fedora based test (non-root) + environment: + HOME: "/root" + CIRRUS_WORKING_DIR: "/tmp/criu" + + compute_engine_instance: + image_project: cirrus-images + image: family/docker-kvm + platform: linux + cpu: 4 + memory: 16G + nested_virtualization: true + + setup_script: | + scripts/ci/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker + sudo kvm-ok + ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto + build_script: | + make -C scripts/ci vagrant-fedora-non-root + task: name: CentOS Stream 8 based test environment: diff --git a/scripts/ci/Makefile b/scripts/ci/Makefile index 120f561e48..a5cc434638 100644 --- a/scripts/ci/Makefile +++ b/scripts/ci/Makefile @@ -97,7 +97,10 @@ vagrant-fedora-no-vdso: setup-vagrant vagrant-fedora-rawhide: setup-vagrant ./vagrant.sh fedora-rawhide -.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-rawhide +vagrant-fedora-non-root: setup-vagrant + ./vagrant.sh fedora-non-root + +.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-rawhide vagrant-fedora-non-root %: $(MAKE) -C ../build $@$(target-suffix) diff --git a/scripts/ci/vagrant.sh b/scripts/ci/vagrant.sh index af0f7335ad..0eda1a3486 100755 --- a/scripts/ci/vagrant.sh +++ b/scripts/ci/vagrant.sh @@ -68,4 +68,15 @@ fedora-rawhide() { ssh default 'cd /vagrant; tar xf criu.tar; cd criu; sudo -E make -C scripts/ci fedora-rawhide CONTAINER_RUNTIME=podman BUILD_OPTIONS="--security-opt seccomp=unconfined"' } +fedora-non-root() { + ssh default uname -a + ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4' + # Setting the capability should be the only line needed to run as root + ssh default 'sudo setcap cap_checkpoint_restore+eip /vagrant/criu/criu/criu' + # Run it once as non-root + ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h' + # Run it as root with '--rootless' + ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless' +} + $1