Skip to content

Commit

Permalink
ci: Add maps00 test in unprivileged mode in user namespace
Browse files Browse the repository at this point in the history
CAP_CHECKPOINT_RESTORE does not give access to /proc/$pid/map_files in
user namespaces. In order to test that CRIU in unprivileged mode can
dump and restore anonymous shared memory pages we will run the maps00
tests in a user namespace.

Signed-off-by: Younes Manton <[email protected]>
  • Loading branch information
ymanton committed Feb 3, 2023
1 parent ebb1513 commit e885358
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions scripts/ci/vagrant.sh
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ fedora-non-root() {
ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless'
# Run it as root with '--rootless'
ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless'
# Run it as non-root in a user namespace. Since CAP_CHECKPOINT_RESTORE behaves differently in non-user namespaces (e.g. no access to map_files) this tests that we can dump and restore
# under those conditions. Note that the "... && true" part is necessary; we need at least one statement after the tests so that bash can reap zombies in the user namespace,
# otherwise it will exec the last statement and get replaced and nobody will be left to reap our zombies.
ssh default 'cd /vagrant/criu; unshare -Ucfpm --mount-proc bash -c "./test/zdtm.py run -t zdtm/static/maps00 -f h --rootless && true'
}

$1

0 comments on commit e885358

Please sign in to comment.