Add a Github workflow for executing the tests in Qemu on actual kernels. #23
Conversation
We can optimize the Qemu command yes, I'll create a repo with some scripts.
I'm using Qemu for tests too, but I have a patch to enable it on User-Mode Linux, which makes testing easier. Actually it is trivial to enable it on UML but it is incompatible with hostfs (for which I have a patch almost ready to be send). I think UML should be enough for the Go and Rust libraries. I can provide the kernel configuration and some scripts to deal with UML. Your use of initramfs is neat for Qemu but may not be required with UML and hostfs. Let me sketch something next week. What would be great is a way to build the kernels from source but cache the result. Do you know a "standard" way to do that with GitHub? |
|
|
||
| - name: build initramfs | ||
| run: | | ||
| go install github.com/florianl/bluebox@latest |
There was a problem hiding this comment.
Let's use a pinned commit to avoid unexpected behavior. We'll have to update it from time to time but I think it's worth it.
I'd prefer to not use external tools though. Why is bluebox required? What about using a base file (e.g. from ubuntu-latest) and append the required test files to the cpio archive?
Sounds good to me too.
No idea, I'm also a beginner at that. I met florianl@ (author of bluebox) at a local Go meetup a few weeks ago, and he showed me that the existing users also have large repos with precompiled kernels on Github. I'm not sure whether it's worth investing that much effort. bluebox has the advantage of producing very small cpio images, and due to Go compiling everything statically, there are not many more requirements than the test binaries themselves. It works well for Go, and I use it for running the kernel selftests on qemu as well: https://github.com/gnoack/landlock-selftests-runner This is all not very urgent, we can also attempt the UML-based approach if you can get that working on Github actions. |
| @@ -0,0 +1,68 @@ | |||
| name: 'Kernel Integration Tests' | |||
|
|
|||
There was a problem hiding this comment.
You should add permissions: {}, cf. https://github.com/landlock-lsm/rust-landlock/blob/main/.github/workflows/rust.yml
| push: | ||
| branches: [ main ] | ||
| pull_request: | ||
| branches: [ '**' ] |
There was a problem hiding this comment.
It should be "main", the branch to merge against.
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| kernel-version: ["5.12.0-plus", "5.15", "5.19-rc4"] |
There was a problem hiding this comment.
Oh nice, I didn't know about the matrix strategy.
| - name: get kernel | ||
| # Fetch the public kernel image that will be used in this test run. | ||
| run: | | ||
| curl -s -L -o bzImage.${{ matrix.kernel-version }} --fail https://github.com/gnoack/linux-kernel-images/blob/main/bzImage.${{ matrix.kernel-version }}?raw=true |
There was a problem hiding this comment.
Do you need to download whereas it is in a GitHub repository?
Anyway, I would prefer to download this bzImage from a bleeding-edge distro package.
There is actions/cache: https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows |
@l0kod, could you share some more info on this? I'm considering to use UML to test landlock-hs, but due to |
diff --git a/arch/um/Kconfig b/arch/um/Kconfig
index 78de31ac1da7..98f1228b7de2 100644
--- a/arch/um/Kconfig
+++ b/arch/um/Kconfig
@@ -5,7 +5,6 @@ menu "UML-specific options"
config UML
bool
default y
- select ARCH_EPHEMERAL_INODES
select ARCH_HAS_GCOV_PROFILE_ALL
select ARCH_HAS_KCOV
select ARCH_HAS_STRNCPY_FROM_USERI'll send this patch and the hostfs fix (with tests) in the coming weeks, but you can still use this one to create a standalone UML binary. |
|
I need to create a repository with the required kernel files to test Landlock, but in the meantime here is a minimal UML configuration for Landlock. You can build a (5.19) kernel with |
|
Thanks @l0kod. I'll need to fall-back to using Qemu instead of UML though in my project, since the GHC Haskell RTS' memory allocation subsystem does things in a way that work fine on "regular" Linux systems, but not in UML, because of how the behaviour of its |
|
I'd recommend using https://github.com/hugelgupf/vmtest as you can do a proper integration test suite through |
FYI, this repository is here: https://github.com/landlock-lsm/landlock-test-tools Too bad Haskell doesn't work on UML. |
This looks good, but last time I checked, GitHub CI doesn't allow to run a VM with Qemu, and then it's not possible to run tests on a specific kernel. That's why I created these UML configs/scripts. It's also handy for development. |
Ah, this isn't true anymore I believe. I have full integration testing with qemu+vmtest+github ci in my Secure Boot/UEFI projects. See: Code I'm running. Note I'm vendoring a kernel for simplicity but you can easily fetch it out-of-tree. https://github.com/Foxboron/sbctl/blob/master/tests/integration_test.go#L25-L43 |
@l0kod This is running the go-landlock tests as Github actions on qemu... (It's based on the example at https://github.com/florianl/bluebox/blob/main/.github/workflows/example.yml by @florianl)
Some unsolved logistics problems: