non-root: add non-root test case to cirrus runs

Run env00 and pthread00 test as non-root as initial proof of concept. Signed-off-by: Adrian Reber <[email protected]>
checkpoint-restore · May 3, 2021 · e52f0c5 · e52f0c5
1 parent f895c0e
commit e52f0c5
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 1 deletion.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -19,6 +19,27 @@ task:
   build_script: |
     make -C scripts/ci vagrant-fedora-no-vdso
 
+task:
+  name: Vagrant Fedora based test (non-root)
+  environment:
+    HOME: "/root"
+    CIRRUS_WORKING_DIR: "/tmp/criu"
+
+  compute_engine_instance:
+    image_project: cirrus-images
+    image: family/docker-kvm
+    platform: linux
+    cpu: 4
+    memory: 16G
+    nested_virtualization: true
+
+  setup_script: |
+    scripts/ci/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker
+    sudo kvm-ok
+    ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto
+  build_script: |
+    make -C scripts/ci vagrant-fedora-non-root
+
 task:
   name: CentOS 8 based test
   environment:

diff --git a/scripts/ci/Makefile b/scripts/ci/Makefile
@@ -80,7 +80,10 @@ setup-vagrant:
 vagrant-fedora-no-vdso: setup-vagrant
 	./vagrant.sh fedora-no-vdso
 
-.PHONY: setup-vagrant vagrant-fedora-no-vdso
+vagrant-fedora-non-root: setup-vagrant
+	./vagrant.sh fedora-non-root
+
+.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-non-root
 
 %:
 	$(MAKE) -C ../build $@$(target-suffix)
diff --git a/scripts/ci/vagrant.sh b/scripts/ci/vagrant.sh
@@ -55,4 +55,17 @@ fedora-no-vdso() {
 	ssh default 'cd /vagrant/criu/test; sudo ./zdtm.py run -a --keep-going -x zdtm/static/bpf_hash -x zdtm/static/bpf_array'
 }
 
+fedora-non-root() {
+	# Need a reboot to activate the latest Fedora kernel with CAP_CHECKPOINT_RESTORE
+	vagrant reload
+	ssh default uname -a
+	ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4'
+	# Setting the capability should be the only line needed to run as root
+	ssh default 'sudo setcap cap_checkpoint_restore+eip /vagrant/criu/criu/criu'
+	# Run it once as non-root
+	ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h'
+	# Run it as root with '--rootless'
+	ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless'
+}
+
 $1