diff options
| author | Adrian Reber <areber@redhat.com> | 2020-07-24 19:21:51 +0300 |
|---|---|---|
| committer | Andrei Vagin <avagin@gmail.com> | 2022-10-25 17:26:42 +0300 |
| commit | 8cf8fe884c3ed8d73cfc9ae30722d1b2e4db51cd (patch) | |
| tree | 9e2cceff69a259c07e7202ca2ad14be9ceb88e24 | |
| parent | 0add1b6cdbedaaac93d48ea323beceb7328b69b2 (diff) | |
non-root: add non-root test case to cirrus runs
Run env00 and pthread00 test as non-root as initial proof of concept.
Signed-off-by: Adrian Reber <areber@redhat.com>
| -rw-r--r-- | .cirrus.yml | 21 | ||||
| -rw-r--r-- | scripts/ci/Makefile | 5 | ||||
| -rwxr-xr-x | scripts/ci/vagrant.sh | 12 |
3 files changed, 37 insertions, 1 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index c7ed5027a..bad3a12b4 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -69,6 +69,27 @@ task: make -C scripts/ci vagrant-fedora-rawhide task: + name: Vagrant Fedora based test (non-root) + environment: + HOME: "/root" + CIRRUS_WORKING_DIR: "/tmp/criu" + + compute_engine_instance: + image_project: cirrus-images + image: family/docker-kvm + platform: linux + cpu: 4 + memory: 16G + nested_virtualization: true + + setup_script: | + scripts/ci/apt-install make gcc pkg-config git perl-modules iproute2 kmod wget cpu-checker + sudo kvm-ok + ln -sf /usr/include/google/protobuf/descriptor.proto images/google/protobuf/descriptor.proto + build_script: | + make -C scripts/ci vagrant-fedora-non-root + +task: name: CentOS Stream 8 based test environment: HOME: "/root" diff --git a/scripts/ci/Makefile b/scripts/ci/Makefile index 3a1634fb8..30dd9ebeb 100644 --- a/scripts/ci/Makefile +++ b/scripts/ci/Makefile @@ -97,7 +97,10 @@ vagrant-fedora-no-vdso: setup-vagrant vagrant-fedora-rawhide: setup-vagrant ./vagrant.sh fedora-rawhide -.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-rawhide +vagrant-fedora-non-root: setup-vagrant + ./vagrant.sh fedora-non-root + +.PHONY: setup-vagrant vagrant-fedora-no-vdso vagrant-fedora-rawhide vagrant-fedora-non-root %: $(MAKE) -C ../build $@$(target-suffix) diff --git a/scripts/ci/vagrant.sh b/scripts/ci/vagrant.sh index af0f7335a..e23486f29 100755 --- a/scripts/ci/vagrant.sh +++ b/scripts/ci/vagrant.sh @@ -68,4 +68,16 @@ fedora-rawhide() { ssh default 'cd /vagrant; tar xf criu.tar; cd criu; sudo -E make -C scripts/ci fedora-rawhide CONTAINER_RUNTIME=podman BUILD_OPTIONS="--security-opt seccomp=unconfined"' } +fedora-non-root() { + ssh default uname -a + ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4' + # Setting the capability should be the only line needed to run as non-root on Fedora + # In other environments either set /proc/sys/kernel/yama/ptrace_scope to 0 or grant cap_sys_ptrace to criu + ssh default 'sudo setcap cap_checkpoint_restore+eip /vagrant/criu/criu/criu' + # Run it once as non-root + ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless' + # Run it as root with '--rootless' + ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless' +} + $1 |