src/tests/lxc-test-usernic.in

   1 #!/bin/bash
   2
   3 # lxc: linux Container library
   4
   5 # Authors:
   6 # Serge Hallyn <serge.hallyn@ubuntu.com>
   7 #
   8 # This is a test script for the lxc-user-nic program
   9
  10 # This library is free software; you can redistribute it and/or
  11 # modify it under the terms of the GNU Lesser General Public
  12 # License as published by the Free Software Foundation; either
  13 # version 2.1 of the License, or (at your option) any later version.
  14
  15 # This library is distributed in the hope that it will be useful,
  16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  18 # Lesser General Public License for more details.
  19
  20 # You should have received a copy of the GNU Lesser General Public
  21 # License along with this library; if not, write to the Free Software
  22 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  23
  24 # This test assumes an Ubuntu host
  25
  26 DONE=0
  27 LXC_USER_NIC="@LIBEXECDIR@/lxc/lxc-user-nic"
  28
  29 cleanup() {
  30         (
  31                 set +e
  32
  33                 lxc-stop -n usernic-c1 -k
  34                 lxc-destroy -n usernic-c1
  35
  36                 sed -i '/usernic-user/d' /run/lxc/nics /etc/lxc/lxc-usernet
  37                 ifconfig usernic-br0 down
  38                 ifconfig usernic-br1 down
  39                 brctl delbr usernic-br0
  40                 brctl delbr usernic-br1
  41
  42                 run_cmd "lxc-stop -n b1 -k"
  43                 pkill -u $(id -u usernic-user) -9
  44
  45                 rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u usernic-user)
  46
  47                 deluser usernic-user
  48         ) >/dev/null 2>&1
  49
  50         if [ "$DONE" = "1" ]; then
  51                 echo "PASS"
  52                 exit 0
  53         fi
  54
  55         echo "FAIL"
  56         exit 1
  57 }
  58
  59 run_cmd() {
  60         sudo -i -u usernic-user \
  61             env http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
  62                 XDG_RUNTIME_DIR=/run/user/$(id -u usernic-user) $*
  63 }
  64
  65 ARCH=i386
  66 if type dpkg >/dev/null 2>&1; then
  67         ARCH=$(dpkg --print-architecture)
  68 fi
  69
  70 set -eu
  71 trap cleanup EXIT SIGHUP SIGINT SIGTERM
  72
  73 # create a test user
  74 deluser usernic-user || true
  75 useradd usernic-user
  76 sudo mkdir -p /home/usernic-user
  77 sudo chown usernic-user: /home/usernic-user
  78 usermod -v 910000-919999 -w 910000-919999 usernic-user
  79
  80 mkdir -p /home/usernic-user/.config/lxc/
  81 cat > /home/usernic-user/.config/lxc/default.conf << EOF
  82 lxc.network.type = empty
  83 lxc.id_map = u 0 910000 10000
  84 lxc.id_map = g 0 910000 10000
  85 EOF
  86
  87 if which cgm >/dev/null 2>&1; then
  88         cgm create all usernic-user
  89         cgm chown all usernic-user $(id -u usernic-user) $(id -g usernic-user)
  90         cgm movepid all usernic-user $$
  91 elif [ -e /sys/fs/cgroup/cgmanager/sock ]; then
  92         for d in $(cut -d : -f 2 /proc/self/cgroup); do
  93                 dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
  94                         --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Create \
  95                         string:$d string:usernic-user >/dev/null
  96
  97                 dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
  98                         --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Chown \
  99                         string:$d string:usernic-user int32:$(id -u usernic-user) int32:$(id -g usernic-user) >/dev/null
 100
 101                 dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
 102                         --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.MovePid \
 103                         string:$d string:usernic-user int32:$$ >/dev/null
 104         done
 105 else
 106         for d in /sys/fs/cgroup/*; do
 107                 [ -f $d/cgroup.clone_children ] && echo 1 > $d/cgroup.clone_children
 108                 [ ! -d $d/lxctest ] && mkdir $d/lxctest
 109                 chown -R usernic-user: $d/lxctest
 110                 echo $$ > $d/lxctest/tasks
 111         done
 112 fi
 113
 114 mkdir -p /run/user/$(id -u usernic-user)
 115 chown -R usernic-user: /run/user/$(id -u usernic-user) /home/usernic-user
 116
 117 # Copy the download template cache if available
 118 run_cmd "mkdir -p /home/usernic-user/.cache/lxc"
 119 [ -d /var/cache/lxc/download ] && \
 120     cp -R /var/cache/lxc/download /home/usernic-user/.cache/lxc && \
 121     chown -R usernic-user: /home/usernic-user/.cache/lxc
 122
 123
 124 # Create two test bridges
 125 brctl addbr usernic-br0
 126 brctl addbr usernic-br1
 127 ifconfig usernic-br0 0.0.0.0 up
 128 ifconfig usernic-br1 0.0.0.0 up
 129
 130 ARCH=i386
 131 if type dpkg >/dev/null 2>&1; then
 132         ARCH=$(dpkg --print-architecture)
 133 fi
 134
 135 # Create three containers
 136 run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r trusty -a $ARCH"
 137 run_cmd "lxc-start -n b1 -d"
 138 p1=$(run_cmd "lxc-info -n b1 -p -H")
 139
 140 lxcpath=/home/usernic-user/.local/share/lxc
 141 lxcname=b1
 142
 143 # Assign one veth, should fail as no allowed entries yet
 144 if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then
 145         echo "FAIL: able to create nic with no entries"
 146         exit 1
 147 fi
 148
 149 # Give him a quota of two
 150 touch /etc/lxc/lxc-usernet
 151 sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
 152 echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet
 153
 154 # Assign one veth to second bridge, should fail
 155 if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then
 156         echo "FAIL: able to create nic with no entries"
 157         exit 1
 158 fi
 159
 160 # Assign two veths, should succeed
 161 if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then
 162         echo "FAIL: unable to create first nic"
 163         exit 1
 164 fi
 165
 166 if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then
 167         echo "FAIL: unable to create second nic"
 168         exit 1
 169 fi
 170
 171 # Assign one more veth, should fail.
 172 if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then
 173         echo "FAIL: able to create third nic"
 174         exit 1
 175 fi
 176
 177 # Shut down and restart the container, should be able to assign more nics
 178 run_cmd "lxc-stop -n b1 -k"
 179 run_cmd "lxc-start -n b1 -d"
 180 p1=$(run_cmd "lxc-info -n b1 -p -H")
 181
 182 if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then
 183         echo "FAIL: unable to create nic after destroying the old"
 184         cleanup 1
 185 fi
 186
 187 run_cmd "lxc-stop -n b1 -k"
 188
 189 # Create a root-owned ns
 190 lxc-create -t busybox -n usernic-c1
 191 lxc-start -n usernic-c1 -d
 192 p2=$(lxc-info -n usernic-c1 -p -H)
 193
 194 # assign veth to it - should fail
 195 if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then
 196         echo "FAIL: able to attach nic to root-owned container"
 197         cleanup 1
 198 fi
 199
 200 echo "All tests passed"
 201 DONE=1