non-root: add non-root test case to travis runs

For now the non-root test run on Travis is using CAP_SYS_ADMIN until there is a kernel and a 'setcap' available which understands CAP_CHECKPOINT_RESTORE. Signed-off-by: Adrian Reber <[email protected]>
checkpoint-restore · Aug 7, 2020 · 5571e53 · 5571e53
1 parent fdb337e
commit 5571e53
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 1 deletion.
diff --git a/.travis.yml b/.travis.yml
@@ -13,6 +13,7 @@ env:
   - TR_ARCH=x86_64      CLANG=1
   - TR_ARCH=openj9-test
   - TR_ARCH=vagrant-fedora-no-vdso
+  - TR_ARCH=vagrant-fedora-non-root
 jobs:
   include:
     - os: linux

diff --git a/scripts/travis/Makefile b/scripts/travis/Makefile
@@ -70,7 +70,10 @@ setup-vagrant:
 vagrant-fedora-no-vdso: setup-vagrant
 	./vagrant.sh fedora-no-vdso
 
-.PHONY: setup-vagrant vagrant-fedora-no-vdso
+vagrant-fedora-non-root: setup-vagrant
+	./vagrant.sh fedora-non-root
+
+.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-non-root
 
 %:
 	$(MAKE) -C ../build $@$(target-suffix)
diff --git a/scripts/travis/cap_checkpoint_restore.fix b/scripts/travis/cap_checkpoint_restore.fix
@@ -0,0 +1,15 @@
+diff --git a/libcap/include/uapi/linux/capability.h b/libcap/include/uapi/linux/capability.h
+index 6856f1f..22429ed 100644
+--- a/libcap/include/uapi/linux/capability.h
++++ b/libcap/include/uapi/linux/capability.h
+@@ -405,7 +405,9 @@ struct vfs_ns_cap_data {
+
+ #define CAP_BPF		     39
+
+-#define CAP_LAST_CAP         CAP_BPF
++#define CAP_CHECKPOINT_RESTORE	40
++
++#define CAP_LAST_CAP         CAP_CHECKPOINT_RESTORE
+
+ #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
+
diff --git a/scripts/travis/travis-tests b/scripts/travis/travis-tests
@@ -215,3 +215,12 @@ make -C test/others/libcriu run
 make -C test/others/ns_ext run
 
 make -C test/others/shell-job
+
+# As long as Travis does not know about CAP_CHECKPOINT_RESTORE
+# this test is using CAP_SYS_ADMIN.
+setcap cap_sys_admin+eip ./criu/criu
+# Either writing to ptrace_scope or CAP_SYS_PTRACE is necessary
+echo 0 > /proc/sys/kernel/yama/ptrace_scope
+# Running tests as non-root requires write access to the following directories
+chmod 777 test test/zdtm/static/
+./test/zdtm.py run -t zdtm/static/env00 -f h --user
diff --git a/scripts/travis/vagrant.sh b/scripts/travis/vagrant.sh
@@ -49,4 +49,15 @@ fedora-no-vdso() {
 	ssh default 'cd /vagrant/criu/test; sudo ./zdtm.py run -a --keep-going'
 }
 
+fedora-non-root() {
+	ssh default 'curl -s https://repos.fedorapeople.org/repos/thl/kernel-vanilla.repo | sudo tee /etc/yum.repos.d/kernel-vanilla.repo'
+	ssh default 'sudo dnf -y --enablerepo=kernel-vanilla-mainline update kernel-core; sudo dnf -y install glibc-static'
+	vagrant reload
+	ssh default uname -a
+	ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4'
+	ssh default 'cd /vagrant; git clone https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git; cd libcap; git apply /vagrant/criu/scripts/travis/cap_checkpoint_restore.fix; make -C progs'
+	ssh default 'sudo /vagrant/libcap/progs/setcap cap_checkpoint_restore+eip /vagrant/criu/criu/criu'
+	ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -f h; sudo chmod 777 test test/zdtm/static/; sudo ./test/zdtm.py run -t zdtm/static/env00 -f h --user'
+}
+
 $1