]>
Commit | Line | Data |
---|---|---|
d08363af SH |
1 | #!/bin/bash |
2 | ||
3 | # lxc: linux Container library | |
4 | ||
5 | # Authors: | |
6 | # Serge Hallyn <serge.hallyn@ubuntu.com> | |
7 | # | |
8 | # This is a test script for unprivileged containers | |
9 | ||
10 | # This library is free software; you can redistribute it and/or | |
11 | # modify it under the terms of the GNU Lesser General Public | |
12 | # License as published by the Free Software Foundation; either | |
13 | # version 2.1 of the License, or (at your option) any later version. | |
14 | ||
15 | # This library is distributed in the hope that it will be useful, | |
16 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | # Lesser General Public License for more details. | |
19 | ||
20 | # You should have received a copy of the GNU Lesser General Public | |
21 | # License along with this library; if not, write to the Free Software | |
22 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
23 | ||
061ba5d0 SG |
24 | # This test assumes an Ubuntu host |
25 | ||
d08363af | 26 | if [ $(id -u) -ne 0 ]; then |
c26adb82 | 27 | echo "ERROR: Must run as root." |
d08363af SH |
28 | exit 1 |
29 | fi | |
30 | which newuidmap >/dev/null 2>&1 || { echo "'newuidmap' command is missing" >&2; exit 1; } | |
31 | ||
32 | DONE=0 | |
33 | cleanup() { | |
6ebc0504 | 34 | cd / |
73d3e090 | 35 | |
3ad30ff7 SH |
36 | run_cmd lxc-stop -n c2 -k || true |
37 | run_cmd lxc-stop -n c1 -k || true | |
73d3e090 SG |
38 | pkill -u $(id -u $TUSER) -9 |
39 | ||
061ba5d0 | 40 | sed -i '/lxcunpriv/d' /run/lxc/nics /etc/lxc/lxc-usernet |
d08363af | 41 | sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid |
73d3e090 SG |
42 | |
43 | rm -Rf $HDIR /run/user/$(id -u $TUSER) | |
44 | ||
45 | deluser $TUSER | |
46 | ||
d08363af | 47 | if [ $DONE -eq 0 ]; then |
73d3e090 SG |
48 | echo "FAIL" |
49 | exit 1 | |
d08363af | 50 | fi |
73d3e090 SG |
51 | echo "PASS" |
52 | } | |
53 | ||
54 | run_cmd() { | |
198a3f10 SG |
55 | sudo -i -u $TUSER \ |
56 | env http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \ | |
57 | XDG_RUNTIME_DIR=/run/user/$(id -u $TUSER) $* | |
d08363af SH |
58 | } |
59 | ||
60 | # create a test user | |
61 | TUSER=lxcunpriv | |
62 | HDIR=/home/$TUSER | |
63 | ||
fd2b7320 SG |
64 | ARCH=i386 |
65 | if type dpkg >/dev/null 2>&1; then | |
66 | ARCH=$(dpkg --print-architecture) | |
67 | fi | |
68 | ||
d08363af | 69 | trap cleanup EXIT SIGHUP SIGINT SIGTERM |
73d3e090 | 70 | set -eu |
d08363af | 71 | |
73d3e090 | 72 | deluser $TUSER && rm -Rf $HDIR || true |
d08363af | 73 | useradd $TUSER |
73d3e090 SG |
74 | |
75 | mkdir -p $HDIR | |
9a64d3cf | 76 | echo "$TUSER veth lxcbr0 2" >> /etc/lxc/lxc-usernet |
d08363af | 77 | sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid |
73d3e090 | 78 | |
d08363af | 79 | usermod -v 910000-919999 -w 910000-919999 $TUSER |
d08363af | 80 | |
73d3e090 SG |
81 | mkdir -p $HDIR/.config/lxc/ |
82 | cat > $HDIR/.config/lxc/default.conf << EOF | |
d08363af SH |
83 | lxc.network.type = veth |
84 | lxc.network.link = lxcbr0 | |
85 | lxc.id_map = u 0 910000 9999 | |
86 | lxc.id_map = g 0 910000 9999 | |
87 | EOF | |
79d88b03 | 88 | chown -R $TUSER: $HDIR |
73d3e090 SG |
89 | |
90 | mkdir -p /run/user/$(id -u $TUSER) | |
79d88b03 | 91 | chown -R $TUSER: /run/user/$(id -u $TUSER) |
73d3e090 SG |
92 | |
93 | cd $HDIR | |
d08363af | 94 | |
42e5c987 SG |
95 | if which cgm >/dev/null 2>&1; then |
96 | cgm create all $TUSER | |
97 | cgm chown all $TUSER $(id -u $TUSER) $(id -g $TUSER) | |
98 | cgm movepid all $TUSER $$ | |
99 | elif [ -e /sys/fs/cgroup/cgmanager/sock ]; then | |
ef4deb7f | 100 | for d in $(cut -d : -f 2 /proc/self/cgroup); do |
3f458ed0 SG |
101 | dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \ |
102 | --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Create \ | |
103 | string:$d string:$TUSER >/dev/null | |
104 | ||
105 | dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \ | |
106 | --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Chown \ | |
107 | string:$d string:$TUSER int32:$(id -u $TUSER) int32:$(id -g $TUSER) >/dev/null | |
108 | ||
109 | dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \ | |
110 | --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.MovePid \ | |
111 | string:$d string:$TUSER int32:$$ >/dev/null | |
112 | done | |
113 | else | |
114 | for d in /sys/fs/cgroup/*; do | |
177f793a | 115 | [ -f $d/cgroup.clone_children ] && echo 1 > $d/cgroup.clone_children |
3f458ed0 | 116 | [ ! -d $d/lxctest ] && mkdir $d/lxctest |
79d88b03 | 117 | chown -R $TUSER: $d/lxctest |
3f458ed0 SG |
118 | echo $$ > $d/lxctest/tasks |
119 | done | |
120 | fi | |
73d3e090 | 121 | |
57221f67 SG |
122 | # Copy the download template cache if available |
123 | run_cmd mkdir -p $HDIR/.cache/lxc | |
124 | [ -d /var/cache/lxc/download ] && \ | |
125 | cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \ | |
126 | chown -R $TUSER: $HDIR/.cache/lxc | |
127 | ||
fd2b7320 | 128 | run_cmd lxc-create -t download -n c1 -- -d ubuntu -r trusty -a $ARCH |
73d3e090 | 129 | |
a17d94a5 | 130 | # Make sure we can start it - twice |
d08363af | 131 | |
a17d94a5 SH |
132 | for count in `seq 1 2`; do |
133 | run_cmd lxc-start -n c1 -d | |
134 | ||
135 | p1=$(run_cmd lxc-info -n c1 -p -H) | |
136 | [ "$p1" != "-1" ] || { echo "Failed to start container c1 (run $count)"; false; } | |
137 | ||
138 | run_cmd lxc-info -n c1 | |
139 | run_cmd lxc-attach -n c1 -- /bin/true | |
140 | ||
141 | run_cmd lxc-stop -n c1 | |
142 | done | |
73d3e090 | 143 | |
d0a6bd39 | 144 | run_cmd lxc-copy -s -n c1 -N c2 |
3ad30ff7 SH |
145 | run_cmd lxc-start -n c2 -d |
146 | p1=$(run_cmd lxc-info -n c2 -p -H) | |
147 | [ "$p1" != "-1" ] || { echo "Failed to start container c2"; false; } | |
148 | ||
149 | run_cmd lxc-stop -n c2 | |
150 | ||
e2ef635e SH |
151 | if which cgm >/dev/null 2>&1; then |
152 | echo "Testing containers under different cgroups per subsystem" | |
153 | run_cmd cgm create freezer x1/x2 | |
154 | cgm movepid freezer x1 $$ | |
155 | run_cmd lxc-start -n c1 -d | |
156 | p1=$(run_cmd lxc-info -n c1 -p -H) | |
157 | [ "$p1" != "-1" ] || { echo "Failed to start container c1"; false; } | |
158 | run_cmd lxc-info -n c1 | |
159 | run_cmd lxc-attach -n c1 -- /bin/true | |
160 | run_cmd lxc-cgroup -n c1 freezer.state | |
161 | ||
162 | echo "Testing lxc-attach and lxc-cgroup from different cgroup" | |
163 | cgm movepid freezer x2 $$ | |
164 | run_cmd lxc-attach -n c1 -- /bin/true | |
165 | run_cmd lxc-cgroup -n c1 freezer.state | |
166 | run_cmd lxc-cgroup -n c1 memory.limit_in_bytes | |
167 | fi | |
168 | ||
d08363af | 169 | DONE=1 |