From e885358681b73848ec34b27e1540821463824f6f Mon Sep 17 00:00:00 2001 From: Younes Manton Date: Thu, 2 Feb 2023 09:43:37 -0800 Subject: [PATCH] ci: Add maps00 test in unprivileged mode in user namespace CAP_CHECKPOINT_RESTORE does not give access to /proc/$pid/map_files in user namespaces. In order to test that CRIU in unprivileged mode can dump and restore anonymous shared memory pages we will run the maps00 tests in a user namespace. Signed-off-by: Younes Manton --- scripts/ci/vagrant.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/ci/vagrant.sh b/scripts/ci/vagrant.sh index a3e4b6937ed..ceedc9080fe 100755 --- a/scripts/ci/vagrant.sh +++ b/scripts/ci/vagrant.sh @@ -78,6 +78,10 @@ fedora-non-root() { ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless' # Run it as root with '--rootless' ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless' + # Run it as non-root in a user namespace. Since CAP_CHECKPOINT_RESTORE behaves differently in non-user namespaces (e.g. no access to map_files) this tests that we can dump and restore + # under those conditions. Note that the "... && true" part is necessary; we need at least one statement after the tests so that bash can reap zombies in the user namespace, + # otherwise it will exec the last statement and get replaced and nobody will be left to reap our zombies. + ssh default 'cd /vagrant/criu; unshare -Ucfpm --mount-proc bash -c "./test/zdtm.py run -t zdtm/static/maps00 -f h --rootless && true' } $1