src/tests/lxc-test-usernic.in

   1 #!/bin/bash
   2
   3 # lxc: linux Container library
   4
   5 # Authors:
   6 # Serge Hallyn <serge.hallyn@ubuntu.com>
   7 #
   8 # This is a test script for the lxc-user-nic program
   9
  10 # This library is free software; you can redistribute it and/or
  11 # modify it under the terms of the GNU Lesser General Public
  12 # License as published by the Free Software Foundation; either
  13 # version 2.1 of the License, or (at your option) any later version.
  14
  15 # This library is distributed in the hope that it will be useful,
  16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  18 # Lesser General Public License for more details.
  19
  20 # You should have received a copy of the GNU Lesser General Public
  21 # License along with this library; if not, write to the Free Software
  22 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  23
  24 # This test assumes an Ubuntu host
  25
  26 DONE=0
  27 KNOWN_RELEASES="precise trusty xenial yakkety zesty"
  28 LXC_USER_NIC="@LIBEXECDIR@/lxc/lxc-user-nic"
  29
  30 cleanup() {
  31         (
  32                 set +e
  33
  34                 lxc-stop -n usernic-c1 -k
  35                 lxc-destroy -n usernic-c1
  36
  37                 sed -i '/usernic-user/d' /run/lxc/nics /etc/lxc/lxc-usernet
  38                 ifconfig usernic-br0 down
  39                 ifconfig usernic-br1 down
  40                 brctl delbr usernic-br0
  41                 brctl delbr usernic-br1
  42
  43                 run_cmd "lxc-stop -n b1 -k"
  44                 pkill -u $(id -u usernic-user) -9
  45
  46                 rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u usernic-user)
  47
  48                 deluser usernic-user
  49         ) >/dev/null 2>&1
  50
  51         if [ "$DONE" = "1" ]; then
  52                 echo "PASS"
  53                 exit 0
  54         fi
  55
  56         echo "FAIL"
  57         exit 1
  58 }
  59
  60 run_cmd() {
  61         sudo -i -u usernic-user \
  62             env http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
  63                 XDG_RUNTIME_DIR=/run/user/$(id -u usernic-user) $*
  64 }
  65
  66 ARCH=i386
  67 if type dpkg >/dev/null 2>&1; then
  68         ARCH=$(dpkg --print-architecture)
  69 fi
  70
  71 set -eu
  72 trap cleanup EXIT SIGHUP SIGINT SIGTERM
  73
  74 # create a test user
  75 deluser usernic-user || true
  76 useradd usernic-user
  77 sudo mkdir -p /home/usernic-user
  78 sudo chown usernic-user: /home/usernic-user
  79 usermod -v 910000-919999 -w 910000-919999 usernic-user
  80
  81 mkdir -p /home/usernic-user/.config/lxc/
  82 cat > /home/usernic-user/.config/lxc/default.conf << EOF
  83 lxc.network.type = empty
  84 lxc.id_map = u 0 910000 10000
  85 lxc.id_map = g 0 910000 10000
  86 EOF
  87
  88 if which cgm >/dev/null 2>&1; then
  89         cgm create all usernic-user
  90         cgm chown all usernic-user $(id -u usernic-user) $(id -g usernic-user)
  91         cgm movepid all usernic-user $$
  92 elif [ -e /sys/fs/cgroup/cgmanager/sock ]; then
  93         for d in $(cut -d : -f 2 /proc/self/cgroup); do
  94                 dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
  95                         --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Create \
  96                         string:$d string:usernic-user >/dev/null
  97
  98                 dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
  99                         --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Chown \
 100                         string:$d string:usernic-user int32:$(id -u usernic-user) int32:$(id -g usernic-user) >/dev/null
 101
 102                 dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
 103                         --type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.MovePid \
 104                         string:$d string:usernic-user int32:$$ >/dev/null
 105         done
 106 else
 107         for d in /sys/fs/cgroup/*; do
 108                 [ -f $d/cgroup.clone_children ] && echo 1 > $d/cgroup.clone_children
 109                 [ ! -d $d/lxctest ] && mkdir $d/lxctest
 110                 chown -R usernic-user: $d/lxctest
 111                 echo $$ > $d/lxctest/tasks
 112         done
 113 fi
 114
 115 mkdir -p /run/user/$(id -u usernic-user)
 116 chown -R usernic-user: /run/user/$(id -u usernic-user) /home/usernic-user
 117
 118 # Copy the download template cache if available
 119 run_cmd "mkdir -p /home/usernic-user/.cache/lxc"
 120 [ -d /var/cache/lxc/download ] && \
 121     cp -R /var/cache/lxc/download /home/usernic-user/.cache/lxc && \
 122     chown -R usernic-user: /home/usernic-user/.cache/lxc
 123
 124
 125 # Create two test bridges
 126 brctl addbr usernic-br0
 127 brctl addbr usernic-br1
 128 ifconfig usernic-br0 0.0.0.0 up
 129 ifconfig usernic-br1 0.0.0.0 up
 130
 131 ARCH=i386
 132 if type dpkg >/dev/null 2>&1; then
 133         ARCH=$(dpkg --print-architecture)
 134 fi
 135
 136 # default release is trusty, or the systems release if recognized
 137 release=trusty
 138 if [ -f /etc/lsb-release ]; then
 139     . /etc/lsb-release
 140     rels=$(ubuntu-distro-info --supported 2>/dev/null) ||
 141         rels="$KNOWN_RELEASES"
 142     for r in $rels; do
 143         [ "$DISTRIB_CODENAME" = "$r" ] && release="$r"
 144     done
 145 fi
 146
 147 # Create three containers
 148 run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
 149 run_cmd "lxc-start -n b1 -d"
 150 p1=$(run_cmd "lxc-info -n b1 -p -H")
 151
 152 lxcpath=/home/usernic-user/.local/share/lxc
 153 lxcname=b1
 154
 155 # Assign one veth, should fail as no allowed entries yet
 156 if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then
 157         echo "FAIL: able to create nic with no entries"
 158         exit 1
 159 fi
 160
 161 # Give him a quota of two
 162 touch /etc/lxc/lxc-usernet
 163 sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
 164 echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet
 165
 166 # Assign one veth to second bridge, should fail
 167 if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then
 168         echo "FAIL: able to create nic with no entries"
 169         exit 1
 170 fi
 171
 172 # Assign two veths, should succeed
 173 if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then
 174         echo "FAIL: unable to create first nic"
 175         exit 1
 176 fi
 177
 178 if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then
 179         echo "FAIL: unable to create second nic"
 180         exit 1
 181 fi
 182
 183 # Assign one more veth, should fail.
 184 if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then
 185         echo "FAIL: able to create third nic"
 186         exit 1
 187 fi
 188
 189 # Shut down and restart the container, should be able to assign more nics
 190 run_cmd "lxc-stop -n b1 -k"
 191 run_cmd "lxc-start -n b1 -d"
 192 p1=$(run_cmd "lxc-info -n b1 -p -H")
 193
 194 if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then
 195         echo "FAIL: unable to create nic after destroying the old"
 196         cleanup 1
 197 fi
 198
 199 run_cmd "lxc-stop -n b1 -k"
 200
 201 # Create a root-owned ns
 202 lxc-create -t busybox -n usernic-c1
 203 lxc-start -n usernic-c1 -d
 204 p2=$(lxc-info -n usernic-c1 -p -H)
 205
 206 # assign veth to it - should fail
 207 if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then
 208         echo "FAIL: able to attach nic to root-owned container"
 209         cleanup 1
 210 fi
 211
 212 echo "All tests passed"
 213 DONE=1