Merge pull request #1797 from dezgeg/userns-tests-fix
Fix tests using user namespaces on kernels that don't have it
This commit is contained in:
commit
98f3c75a0e
4 changed files with 33 additions and 16 deletions
|
@ -2,7 +2,7 @@ source common.sh
|
||||||
|
|
||||||
clearStore
|
clearStore
|
||||||
|
|
||||||
if [[ $(uname) != Linux ]]; then exit; fi
|
if ! canUseSandbox; then exit; fi
|
||||||
if [[ ! $SHELL =~ /nix/store ]]; then exit; fi
|
if [[ ! $SHELL =~ /nix/store ]]; then exit; fi
|
||||||
|
|
||||||
chmod -R u+w $TEST_ROOT/store0 || true
|
chmod -R u+w $TEST_ROOT/store0 || true
|
||||||
|
|
|
@ -87,6 +87,24 @@ killDaemon() {
|
||||||
trap "" EXIT
|
trap "" EXIT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
canUseSandbox() {
|
||||||
|
if [[ $(uname) != Linux ]]; then return 1; fi
|
||||||
|
|
||||||
|
if [ ! -L /proc/self/ns/user ]; then
|
||||||
|
echo "Kernel doesn't support user namespaces, skipping this test..."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /proc/sys/kernel/unprivileged_userns_clone ]; then
|
||||||
|
if [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" != 1 ]; then
|
||||||
|
echo "Unprivileged user namespaces disabled by sysctl, skipping this test..."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
fail() {
|
fail() {
|
||||||
echo "$1"
|
echo "$1"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -2,7 +2,7 @@ source common.sh
|
||||||
|
|
||||||
clearStore
|
clearStore
|
||||||
|
|
||||||
if [[ $(uname) != Linux ]]; then exit; fi
|
if ! canUseSandbox; then exit; fi
|
||||||
|
|
||||||
# Note: we need to bind-mount $SHELL into the chroot. Currently we
|
# Note: we need to bind-mount $SHELL into the chroot. Currently we
|
||||||
# only support the case where $SHELL is in the Nix store, because
|
# only support the case where $SHELL is in the Nix store, because
|
||||||
|
|
23
tests/run.sh
23
tests/run.sh
|
@ -6,24 +6,23 @@ clearCache
|
||||||
nix run -f run.nix hello -c hello | grep 'Hello World'
|
nix run -f run.nix hello -c hello | grep 'Hello World'
|
||||||
nix run -f run.nix hello -c hello NixOS | grep 'Hello NixOS'
|
nix run -f run.nix hello -c hello NixOS | grep 'Hello NixOS'
|
||||||
|
|
||||||
if [[ $(uname) = Linux ]]; then
|
if ! canUseSandbox; then exit; fi
|
||||||
|
|
||||||
chmod -R u+w $TEST_ROOT/store0 || true
|
chmod -R u+w $TEST_ROOT/store0 || true
|
||||||
rm -rf $TEST_ROOT/store0
|
rm -rf $TEST_ROOT/store0
|
||||||
|
|
||||||
clearStore
|
clearStore
|
||||||
|
|
||||||
path=$(nix eval --raw -f run.nix hello)
|
path=$(nix eval --raw -f run.nix hello)
|
||||||
|
|
||||||
# Note: we need the sandbox paths to ensure that the shell is
|
# Note: we need the sandbox paths to ensure that the shell is
|
||||||
# visible in the sandbox.
|
# visible in the sandbox.
|
||||||
nix run --sandbox-build-dir /build-tmp \
|
nix run --sandbox-build-dir /build-tmp \
|
||||||
--sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' \
|
--sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' \
|
||||||
--store $TEST_ROOT/store0 -f run.nix hello -c hello | grep 'Hello World'
|
--store $TEST_ROOT/store0 -f run.nix hello -c hello | grep 'Hello World'
|
||||||
|
|
||||||
path2=$(nix run --sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' --store $TEST_ROOT/store0 -f run.nix hello -c $SHELL -c 'type -p hello')
|
path2=$(nix run --sandbox-paths '/nix? /bin? /lib? /lib64? /usr?' --store $TEST_ROOT/store0 -f run.nix hello -c $SHELL -c 'type -p hello')
|
||||||
|
|
||||||
[[ $path/bin/hello = $path2 ]]
|
[[ $path/bin/hello = $path2 ]]
|
||||||
|
|
||||||
[[ -e $TEST_ROOT/store0/nix/store/$(basename $path)/bin/hello ]]
|
[[ -e $TEST_ROOT/store0/nix/store/$(basename $path)/bin/hello ]]
|
||||||
fi
|
|
||||||
|
|
Loading…
Reference in a new issue