From e52f0c51615bb91a4a14932a3fd6e12e35584c32 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Fri, 24 Jul 2020 16:21:51 +0000 Subject: [PATCH] non-root: add non-root test case to cirrus runs Run env00 and pthread00 test as non-root as initial proof of concept. Signed-off-by: Adrian Reber --- .cirrus.yml | 21 +++++++++++++++++++++ scripts/ci/Makefile | 5 ++++- scripts/ci/vagrant.sh | 13 +++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index 5574b15835..1fafeb5ea0 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -19,6 +19,27 @@ task: build_script: | make -C scripts/ci vagrant-fedora-no-vdso +task: + name: Vagrant Fedora based test (non-root) + environment: + HOME: "/root" + CIRRUS_WORKING_DIR: "/tmp/criu" + + compute_engine_instance: + image_project: cirrus-images + image: family/docker-kvm + platform: linux + cpu: 4 + memory: 16G + nested_virtualization: true + + setup_script: | + scripts/ci/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker + sudo kvm-ok + ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto + build_script: | + make -C scripts/ci vagrant-fedora-non-root + task: name: CentOS 8 based test environment: diff --git a/scripts/ci/Makefile b/scripts/ci/Makefile index 79637db0b3..27f26006d0 100644 --- a/scripts/ci/Makefile +++ b/scripts/ci/Makefile @@ -80,7 +80,10 @@ setup-vagrant: vagrant-fedora-no-vdso: setup-vagrant ./vagrant.sh fedora-no-vdso -.PHONY: setup-vagrant vagrant-fedora-no-vdso +vagrant-fedora-non-root: setup-vagrant + ./vagrant.sh fedora-non-root + +.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-non-root %: $(MAKE) -C ../build $@$(target-suffix) diff --git a/scripts/ci/vagrant.sh b/scripts/ci/vagrant.sh index 3ed1a26754..464c68501c 100755 --- a/scripts/ci/vagrant.sh +++ b/scripts/ci/vagrant.sh @@ -55,4 +55,17 @@ fedora-no-vdso() { ssh default 'cd /vagrant/criu/test; sudo ./zdtm.py run -a --keep-going -x zdtm/static/bpf_hash -x zdtm/static/bpf_array' } +fedora-non-root() { + # Need a reboot to activate the latest Fedora kernel with CAP_CHECKPOINT_RESTORE + vagrant reload + ssh default uname -a + ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4' + # Setting the capability should be the only line needed to run as root + ssh default 'sudo setcap cap_checkpoint_restore+eip /vagrant/criu/criu/criu' + # Run it once as non-root + ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h' + # Run it as root with '--rootless' + ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless' +} + $1