[mirror_lxc.git] / src / tests / lxc-test-usernic

#!/bin/bash

# lxc: linux Container library

# Authors:
# Serge Hallyn <serge.hallyn@ubuntu.com>
#
# This is a test script for the lxc-user-nic program

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

DONE=0

cleanup() {
	(
		set +e

		lxc-stop -n usernic-c1 -k
		lxc-destroy -n usernic-c1

		sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
		ifconfig usernic-br0 down
		ifconfig usernic-br1 down
		brctl delbr usernic-br0
		brctl delbr usernic-br1

		run_cmd "lxc-stop -n b1 -k"
		pkill -u $(id -u usernic-user) -9

		rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u usernic-user)

		deluser usernic-user
	) >/dev/null 2>&1

	if [ "$DONE" = "1" ]; then
		echo "PASS"
		exit 0
	fi

	echo "FAIL"
	exit 1
}

run_cmd() {
	sudo -i -u usernic-user env XDG_RUNTIME_DIR=/run/user/$(id -u usernic-user) $*
}

set -eu
trap cleanup EXIT SIGHUP SIGINT SIGTERM

# create a test user
deluser usernic-user || true
useradd usernic-user
sudo mkdir -p /home/usernic-user
sudo chown usernic-user /home/usernic-user
usermod -v 910000-919999 -w 910000-919999 usernic-user

mkdir -p /home/usernic-user/.config/lxc/
cat > /home/usernic-user/.config/lxc/default.conf << EOF
lxc.network.type = empty
lxc.id_map = u 0 910000 10000
lxc.id_map = g 0 910000 10000
EOF

for d in /sys/fs/cgroup/*; do
	[ ! -d $d/lxctest ] && mkdir $d/lxctest
	chown -R usernic-user $d/lxctest
	echo $$ > $d/lxctest/tasks
done

mkdir -p /run/user/$(id -u usernic-user)
chown -R usernic-user /run/user/$(id -u usernic-user) /home/usernic-user

# Create two test bridges
brctl addbr usernic-br0
brctl addbr usernic-br1
ifconfig usernic-br0 0.0.0.0 up
ifconfig usernic-br1 0.0.0.0 up

# Create three containers
run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r trusty -a i386"
run_cmd "lxc-start -n b1 -d"
p1=$(run_cmd "lxc-info -n b1 -p -H")

# Assign one veth, should fail as no allowed entries yet
if run_cmd "lxc-user-nic $p1 veth usernic-br0 xx1"; then
	echo "FAIL: able to create nic with no entries"
	exit 1
fi

# Give him a quota of two
touch /etc/lxc/lxc-usernet
sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet

# Assign one veth to second bridge, should fail
if run_cmd "lxc-user-nic $p1 veth usernic-br1 xx1"; then
	echo "FAIL: able to create nic with no entries"
	exit 1
fi

# Assign two veths, should succeed
if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx2"; then
	echo "FAIL: unable to create first nic"
	exit 1
fi

if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx3"; then
	echo "FAIL: unable to create second nic"
	exit 1
fi

# Assign one more veth, should fail.
if run_cmd "lxc-user-nic $p1 veth usernic-br0 xx4"; then
	echo "FAIL: able to create third nic"
	exit 1
fi

# Shut down and restart the container, should be able to assign more nics
run_cmd "lxc-stop -n b1 -k"
run_cmd "lxc-start -n b1 -d"
p1=$(run_cmd "lxc-info -n b1 -p -H")

if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx5"; then
	echo "FAIL: unable to create nic after destroying the old"
	cleanup 1
fi

run_cmd "lxc-stop -n b1 -k"

# Create a root-owned ns
lxc-create -t busybox -n usernic-c1
lxc-start -n usernic-c1 -d
p2=$(lxc-info -n usernic-c1 -p -H)

# assign veth to it - should fail
if run_cmd "lxc-user-nic $p2 veth usernic-br0 xx6"; then
	echo "FAIL: able to attach nic to root-owned container"
	cleanup 1
fi

echo "All tests passed"
DONE=1
Commit	Line	Data
20ab58c7 SH	1	#!/bin/bash
	2
	3	# lxc: linux Container library
	4
	5	# Authors:
	6	# Serge Hallyn <serge.hallyn@ubuntu.com>
	7	#
	8	# This is a test script for the lxc-user-nic program
	9
	10	# This library is free software; you can redistribute it and/or
	11	# modify it under the terms of the GNU Lesser General Public
	12	# License as published by the Free Software Foundation; either
	13	# version 2.1 of the License, or (at your option) any later version.
	14
	15	# This library is distributed in the hope that it will be useful,
	16	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	# Lesser General Public License for more details.
	19
	20	# You should have received a copy of the GNU Lesser General Public
	21	# License along with this library; if not, write to the Free Software
250b1eec	22	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20ab58c7	23
0e17b9c6 SG	24	DONE=0
0e17b9c6 SG	25
8befa924	26	cleanup() {
0e17b9c6 SG	27	(
	28	set +e
	29
c85a40bc	30	lxc-stop -n usernic-c1 -k
0e17b9c6 SG	31	lxc-destroy -n usernic-c1
	32
	33	sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
	34	ifconfig usernic-br0 down
	35	ifconfig usernic-br1 down
	36	brctl delbr usernic-br0
	37	brctl delbr usernic-br1
	38
c85a40bc	39	run_cmd "lxc-stop -n b1 -k"
0e17b9c6 SG	40	pkill -u $(id -u usernic-user) -9
	41
	42	rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u usernic-user)
	43
	44	deluser usernic-user
	45	) >/dev/null 2>&1
	46
	47	if [ "$DONE" = "1" ]; then
	48	echo "PASS"
	49	exit 0
	50	fi
	51
	52	echo "FAIL"
	53	exit 1
	54	}
	55
	56	run_cmd() {
	57	sudo -i -u usernic-user env XDG_RUNTIME_DIR=/run/user/$(id -u usernic-user) $*
8befa924	58	}
20ab58c7	59
0e17b9c6 SG	60	set -eu
	61	trap cleanup EXIT SIGHUP SIGINT SIGTERM
	62
8befa924 SH	63	# create a test user
	64	deluser usernic-user \|\| true
	65	useradd usernic-user
	66	sudo mkdir -p /home/usernic-user
	67	sudo chown usernic-user /home/usernic-user
	68	usermod -v 910000-919999 -w 910000-919999 usernic-user
8befa924	69
0e17b9c6 SG	70	mkdir -p /home/usernic-user/.config/lxc/
0e17b9c6 SG	71	cat > /home/usernic-user/.config/lxc/default.conf << EOF
8befa924	72	lxc.network.type = empty
0e17b9c6 SG	73	lxc.id_map = u 0 910000 10000
0e17b9c6 SG	74	lxc.id_map = g 0 910000 10000
8befa924	75	EOF
20ab58c7	76
0e17b9c6 SG	77	for d in /sys/fs/cgroup/*; do
	78	[ ! -d $d/lxctest ] && mkdir $d/lxctest
	79	chown -R usernic-user $d/lxctest
	80	echo $$ > $d/lxctest/tasks
	81	done
	82
	83	mkdir -p /run/user/$(id -u usernic-user)
	84	chown -R usernic-user /run/user/$(id -u usernic-user) /home/usernic-user
20ab58c7	85
0e17b9c6	86	# Create two test bridges
8befa924 SH	87	brctl addbr usernic-br0
	88	brctl addbr usernic-br1
	89	ifconfig usernic-br0 0.0.0.0 up
	90	ifconfig usernic-br1 0.0.0.0 up
	91
	92	# Create three containers
0e17b9c6 SG	93	run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r trusty -a i386"
	94	run_cmd "lxc-start -n b1 -d"
	95	p1=$(run_cmd "lxc-info -n b1 -p -H")
8befa924 SH	96
8befa924 SH	97	# Assign one veth, should fail as no allowed entries yet
0e17b9c6	98	if run_cmd "lxc-user-nic $p1 veth usernic-br0 xx1"; then
8befa924	99	echo "FAIL: able to create nic with no entries"
0e17b9c6	100	exit 1
20ab58c7 SH	101	fi
20ab58c7 SH	102
8befa924	103	# Give him a quota of two
d08363af	104	touch /etc/lxc/lxc-usernet
0e17b9c6 SG	105	sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
0e17b9c6 SG	106	echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet
8befa924 SH	107
8befa924 SH	108	# Assign one veth to second bridge, should fail
0e17b9c6	109	if run_cmd "lxc-user-nic $p1 veth usernic-br1 xx1"; then
8befa924	110	echo "FAIL: able to create nic with no entries"
0e17b9c6	111	exit 1
8befa924	112	fi
20ab58c7	113
8befa924	114	# Assign two veths, should succeed
0e17b9c6	115	if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx2"; then
8befa924	116	echo "FAIL: unable to create first nic"
0e17b9c6	117	exit 1
8befa924	118	fi
0e17b9c6 SG	119
0e17b9c6 SG	120	if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx3"; then
8befa924	121	echo "FAIL: unable to create second nic"
0e17b9c6	122	exit 1
20ab58c7 SH	123	fi
20ab58c7 SH	124
8befa924	125	# Assign one more veth, should fail.
0e17b9c6	126	if run_cmd "lxc-user-nic $p1 veth usernic-br0 xx4"; then
8befa924	127	echo "FAIL: able to create third nic"
0e17b9c6	128	exit 1
20ab58c7 SH	129	fi
20ab58c7 SH	130
8befa924	131	# Shut down and restart the container, should be able to assign more nics
c85a40bc	132	run_cmd "lxc-stop -n b1 -k"
0e17b9c6 SG	133	run_cmd "lxc-start -n b1 -d"
	134	p1=$(run_cmd "lxc-info -n b1 -p -H")
	135
	136	if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx5"; then
8befa924 SH	137	echo "FAIL: unable to create nic after destroying the old"
	138	cleanup 1
	139	fi
	140
c85a40bc	141	run_cmd "lxc-stop -n b1 -k"
8befa924 SH	142
	143	# Create a root-owned ns
	144	lxc-create -t busybox -n usernic-c1
	145	lxc-start -n usernic-c1 -d
0e17b9c6	146	p2=$(lxc-info -n usernic-c1 -p -H)
8befa924 SH	147
8befa924 SH	148	# assign veth to it - should fail
0e17b9c6	149	if run_cmd "lxc-user-nic $p2 veth usernic-br0 xx6"; then
8befa924 SH	150	echo "FAIL: able to attach nic to root-owned container"
8befa924 SH	151	cleanup 1
20ab58c7 SH	152	fi
	153
	154	echo "All tests passed"
0e17b9c6	155	DONE=1